diff options
| author | Micah Anderson <micah@riseup.net> | 2012-01-01 15:43:47 -0500 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2012-01-01 15:43:47 -0500 |
| commit | 2fc384981886eeb33b262c443c05bb0c7dff0528 (patch) | |
| tree | f1e7e4e25702f7b73b4247aec677d47771d59cb3 | |
| parent | 7f10702c5a12fe8e098ab62f22d13eb322a2ad43 (diff) | |
Instead of doing an update table_priv, we need to do GRANT/REVOKE statements
When we are working with tables_priv we need to first get a downcased array of the currently set privileges, and a downcased array of the desired permissions.
Then we make a list of the permissions to revoke by subtracting the requested permissions from the currently set ones.
If the list of permissions to revoke is not empty, then we issue a REVOKE.
Then we make a list of the permissions to add by subtracting the requested permissions from the current set (no need to add select again if it is already there).
Then if the set of permissions to add is not empty, then we actually execute the statement.
| -rw-r--r-- | lib/puppet/provider/mysql_grant/mysql.rb | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb index 2d474d0..e1bdc07 100644 --- a/lib/puppet/provider/mysql_grant/mysql.rb +++ b/lib/puppet/provider/mysql_grant/mysql.rb @@ -183,10 +183,21 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do stmt = 'update db set ' where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] all_privs = MYSQL_DB_PRIVS - when :table - stmt = 'update table_priv set ' - where = ' where user="%s" and host="%s" and Db="%s"' % [ name[:user], name[:host], name[:db] ] - all_privs = MYSQL_DB_PRIVS + when :tables_priv + currently_set = privileges + currently_set = currently_set.scan(/\w+/) + privs.map! {|i| i.to_s.downcase} + revoke = currently_set - privs + + if !revoke.empty? + #puts "Revoking table privs: ", revoke + mysql "mysql", "-e", "REVOKE %s ON %s.%s FROM '%s'@'%s'" % [ revoke.join(", "), name[:db], name[:table_name], name[:user], name[:host] ] + end + + set = privs - currently_set + stmt = 'GRANT ' + where = ' ON %s.%s TO "%s"@"%s"' % [ name[:db], name[:table_name], name[:user], name[:host] ] + all_privs = MYSQL_TABLE_PRIVS when :column stmt = 'update columns_priv set ' where = ' where user="%s" and host="%s" and Db="%s" and Table="%s"' % [ name[:user], name[:host], name[:db], name[:table] ] @@ -197,13 +208,23 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do privs = all_privs end - # puts "stmt:", stmt - set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') - # puts "set:", set + #puts "stmt:", stmt + case name[:type] + when :user + set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') + when :db + set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') + when :tables_priv + set = set.join(', ') + end + + #puts "set:", set stmt = stmt << set << where - mysql "mysql", "-Be", stmt - mysql_flush + if !set.empty? + mysql "mysql", "-Be", stmt + mysql_flush + end end end |