Add ability to skip mysql user/grants

Previously if you wanted to use the openstack::db::mysql for to create a database and use the same user for multiple databases, the catalog would fail due to a duplicate mysql_user definition. This change adds the ability to disable the user creation as well as the grant if the user does not need it. Change-Id: Id04a622cc900254fe60bc257a9e42d16c676bf40 Related-Bug: 1649341
2016-12-12 14:46:07 -07:00
parent efe3cd52d7
commit d91a4c7b36
5 changed files with 170 additions and 22 deletions
--- a/manifests/db/mysql.pp
+++ b/manifests/db/mysql.pp
@@ -35,7 +35,17 @@
 #  [*privileges*]
 #    Privileges given to the database user;
 #    string or array of strings; optional; default to 'ALL'
-
+#
 #  [*create_user*]
 #    Flag to allow for the skipping of the user as part of the database setup.
 #    Set to false to skip the user creation.
 #    Defaults to true.
 #
 #  [*create_grant*]
 #    Flag to allow for the skipping of the user grants as part of the database
 #    setup. Set to false to skip the user creation.
 #    Defaults to true.
 #
 define openstacklib::db::mysql (
  $password_hash,
  $dbname         = $title,
@@ -45,6 +55,8 @@ define openstacklib::db::mysql (
  $collate        = 'utf8_general_ci',
  $allowed_hosts  = [],
  $privileges     = 'ALL',
  $create_user    = true,
  $create_grant   = true,
 ) {
  include ::mysql::server
@@ -57,13 +69,17 @@ define openstacklib::db::mysql (
    require => [ Class['mysql::server'], Class['mysql::client'] ],
  }
-  $allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host]))
+  if $create_user or $create_grant {
-  $real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_")
+    $allowed_hosts_list = unique(concat(any2array($allowed_hosts), [$host]))
    $real_allowed_hosts = prefix($allowed_hosts_list, "${dbname}_")
-  openstacklib::db::mysql::host_access { $real_allowed_hosts:
+    openstacklib::db::mysql::host_access { $real_allowed_hosts:
-    user          => $user,
+      user          => $user,
-    password_hash => $password_hash,
+      password_hash => $password_hash,
-    database      => $dbname,
+      database      => $dbname,
-    privileges    => $privileges,
+      privileges    => $privileges,
      create_user   => $create_user,
      create_grant  => $create_grant,
    }
  }
 }
--- a/manifests/db/mysql/host_access.pp
+++ b/manifests/db/mysql/host_access.pp
@@ -17,25 +17,41 @@
 #  [*privileges*]
 #    the privileges to grant to this user
 #
 #  [*create_user*]
 #    Flag to allow for the skipping of the user as part of the database setup.
 #    Set to false to skip the user creation.
 #    Defaults to true.
 #
 #  [*create_grant*]
 #    Flag to allow for the skipping of the user grants as part of the database
 #    setup. Set to false to skip the user creation.
 #    Defaults to true.
 #
 define openstacklib::db::mysql::host_access (
  $user,
  $password_hash,
  $database,
  $privileges,
  $create_user  = true,
  $create_grant = true,
 ) {
  validate_re($title, '_', 'Title must be $dbname_$host')
  $host = inline_template('<%= @title.split("_").last.downcase %>')
-  mysql_user { "${user}@${host}":
+  if $create_user {
-    password_hash => $password_hash,
+    mysql_user { "${user}@${host}":
-    require       => Mysql_database[$database],
+      password_hash => $password_hash,
      require       => Mysql_database[$database],
    }
  }
-  mysql_grant { "${user}@${host}/${database}.*":
+  if $create_grant {
-    privileges => $privileges,
+    mysql_grant { "${user}@${host}/${database}.*":
-    table      => "${database}.*",
+      privileges => $privileges,
-    require    => Mysql_user["${user}@${host}"],
+      table      => "${database}.*",
-    user       => "${user}@${host}",
+      require    => Mysql_user["${user}@${host}"],
      user       => "${user}@${host}",
    }
  }
 }
--- a/releasenotes/notes/mysql-user-and-grants-optional-fd34f4686d44aec3.yaml
+++ b/releasenotes/notes/mysql-user-and-grants-optional-fd34f4686d44aec3.yaml
@@ -0,0 +1,9 @@
 ---
 features:
  - Add the ability to skip the mysql user and/or grant creation as part of the
    openstack::db::mysql resource.
 fixes:
  - openstack::db::mysql could not be used to create multiple databases
    with the same user/password for access due to a duplicate mysql_user
    resource declaration. Now the user and/or grant creation process can be
    skipped if they already exist.
--- a/spec/defines/openstacklib_db_mysql_host_access_spec.rb
+++ b/spec/defines/openstacklib_db_mysql_host_access_spec.rb
@@ -30,6 +30,60 @@ describe 'openstacklib::db::mysql::host_access' do
      )}
    end
    context 'with skipping user creation' do
      let (:title) { 'nova_10.0.0.1' }
      let :params do
        { :user          => 'foobar',
          :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
          :database      => 'nova',
          :privileges    => 'ALL',
          :create_user   => false,
        }
      end
      it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") }
      it { is_expected.to contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*").with(
        :user       => "#{params[:user]}@10.0.0.1",
        :privileges => 'ALL',
        :table      => "#{params[:database]}.*"
      )}
    end
    context 'with skipping grant creation' do
      let (:title) { 'nova_10.0.0.1' }
      let :params do
        { :user          => 'foobar',
          :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
          :database      => 'nova',
          :privileges    => 'ALL',
          :create_grant  => false,
        }
      end
      it { is_expected.to contain_mysql_user("#{params[:user]}@10.0.0.1").with(
        :password_hash => params[:password_hash]
      )}
      it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") }
    end
    context 'with skipping user and grant creation' do
      let (:title) { 'nova_10.0.0.1' }
      let :params do
        { :user          => 'foobar',
          :password_hash => 'AA1420F182E88B9E5F874F6FBE7459291E8F4601',
          :database      => 'nova',
          :privileges    => 'ALL',
          :create_user   => false,
          :create_grant  => false,
        }
      end
      it { is_expected.to_not contain_mysql_user("#{params[:user]}@10.0.0.1") }
      it { is_expected.to_not contain_mysql_grant("#{params[:user]}@10.0.0.1/#{params[:database]}.*") }
    end
  end
  on_supported_os({
--- a/spec/defines/openstacklib_db_mysql_spec.rb
+++ b/spec/defines/openstacklib_db_mysql_spec.rb
@@ -40,9 +40,11 @@ describe 'openstacklib::db::mysql' do
        :collate => 'utf8_general_ci'
      )}
      it { is_expected.to contain_openstacklib__db__mysql__host_access("#{params[:dbname]}_127.0.0.1").with(
-        :user       => title,
+        :user         => title,
-        :database   => params[:dbname],
+        :database     => params[:dbname],
-        :privileges => 'ALL'
+        :privileges   => 'ALL',
        :create_user  => true,
        :create_grant => true,
      )}
    end
@@ -56,9 +58,11 @@ describe 'openstacklib::db::mysql' do
        :collate => 'utf8_general_ci'
      )}
      it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
-        :user       => params[:user],
+        :user         => params[:user],
-        :database   => title,
+        :database     => title,
-        :privileges => 'ALL',
+        :privileges   => 'ALL',
        :create_user  => true,
        :create_grant => true,
      )}
    end
@@ -143,6 +147,55 @@ describe 'openstacklib::db::mysql' do
      )}
    end
    context 'with skipping user creation' do
      let :params do
        { :create_user => false }.merge(required_params)
      end
      it { is_expected.to contain_mysql_database(title).with(
        :charset => 'utf8',
        :collate => 'utf8_general_ci'
      )}
      it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
        :user         => title,
        :database     => title,
        :privileges   => 'ALL',
        :create_user  => false,
        :create_grant => true,
      )}
    end
    context 'with skipping grant creation' do
      let :params do
        { :create_grant => false }.merge(required_params)
      end
      it { is_expected.to contain_mysql_database(title).with(
        :charset => 'utf8',
        :collate => 'utf8_general_ci'
      )}
      it { is_expected.to contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1").with(
        :user         => title,
        :database     => title,
        :privileges   => 'ALL',
        :create_user  => true,
        :create_grant => false,
      )}
    end
    context 'with skipping user and grant creation' do
      let :params do
        { :create_user => false,
          :create_grant => false }.merge(required_params)
      end
      it { is_expected.to contain_mysql_database(title).with(
        :charset => 'utf8',
        :collate => 'utf8_general_ci'
      )}
      it { is_expected.to_not contain_openstacklib__db__mysql__host_access("#{title}_127.0.0.1") }
    end
  end
  on_supported_os({