diff options
Diffstat (limited to 'lib/puppet')
-rw-r--r-- | lib/puppet/provider/mysql_database/mysql.rb | 100 | ||||
-rw-r--r-- | lib/puppet/provider/mysql_grant/mysql.rb | 280 | ||||
-rw-r--r-- | lib/puppet/provider/mysql_user/mysql.rb | 118 | ||||
-rw-r--r-- | lib/puppet/type/mysql_database.rb | 15 | ||||
-rw-r--r-- | lib/puppet/type/mysql_grant.rb | 134 | ||||
-rw-r--r-- | lib/puppet/type/mysql_user.rb | 3 |
6 files changed, 329 insertions, 321 deletions
diff --git a/lib/puppet/provider/mysql_database/mysql.rb b/lib/puppet/provider/mysql_database/mysql.rb index 2b70e04..18b0a5a 100644 --- a/lib/puppet/provider/mysql_database/mysql.rb +++ b/lib/puppet/provider/mysql_database/mysql.rb @@ -1,55 +1,55 @@ require 'puppet/provider/package' Puppet::Type.type(:mysql_database).provide(:mysql, - :parent => Puppet::Provider::Package) do - - desc "Use mysql as database." - commands :mysqladmin => '/usr/bin/mysqladmin' - commands :mysql => '/usr/bin/mysql' - - # retrieve the current set of mysql users - def self.instances - dbs = [] - - cmd = "#{command(:mysql)} mysql -NBe 'show databases'" - execpipe(cmd) do |process| - process.each do |line| - dbs << new( { :ensure => :present, :name => line.chomp } ) - end - end - return dbs - end - - def query - result = { - :name => @resource[:name], - :ensure => :absent - } - - cmd = "#{command(:mysql)} mysql -NBe 'show databases'" - execpipe(cmd) do |process| - process.each do |line| - if line.chomp.eql?(@resource[:name]) - result[:ensure] = :present - end - end - end - result - end - - def create - mysqladmin "create", @resource[:name] - end - def destroy - mysqladmin "-f", "drop", @resource[:name] - end - - def exists? - if mysql("mysql", "-NBe", "show databases").match(/^#{@resource[:name]}$/) - true - else - false - end - end + :parent => Puppet::Provider::Package) do + + desc "Use mysql as database." + commands :mysqladmin => '/usr/bin/mysqladmin' + commands :mysql => '/usr/bin/mysql' + + # retrieve the current set of mysql users + def self.instances + dbs = [] + + cmd = "#{command(:mysql)} mysql -NBe 'show databases'" + execpipe(cmd) do |process| + process.each do |line| + dbs << new( { :ensure => :present, :name => line.chomp } ) + end + end + return dbs + end + + def query + result = { + :name => @resource[:name], + :ensure => :absent + } + + cmd = "#{command(:mysql)} mysql -NBe 'show databases'" + execpipe(cmd) do |process| + process.each do |line| + if line.chomp.eql?(@resource[:name]) + result[:ensure] = :present + end + end + end + result + end + + def create + mysqladmin "create", @resource[:name] + end + def destroy + mysqladmin "-f", "drop", @resource[:name] + end + + def exists? + if mysql("mysql", "-NBe", "show databases").match(/^#{@resource[:name]}$/) + true + else + false + end + end end diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb index 61c32d9..2c44e0b 100644 --- a/lib/puppet/provider/mysql_grant/mysql.rb +++ b/lib/puppet/provider/mysql_grant/mysql.rb @@ -1,155 +1,155 @@ # A grant is either global or per-db. This can be distinguished by the syntax # of the name: -# user@host => global -# user@host/db => per-db +# user@host => global +# user@host/db => per-db require 'puppet/provider/package' MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, - :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, - :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, - :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, - :create_user_priv + :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv, + :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv, + :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv, + :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, + :create_user_priv ] MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv, - :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, - :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, - :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv + :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv, + :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv, + :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv ] Puppet::Type.type(:mysql_grant).provide(:mysql) do - desc "Uses mysql as database." - - commands :mysql => '/usr/bin/mysql' - commands :mysqladmin => '/usr/bin/mysqladmin' - - def mysql_flush - mysqladmin "flush-privileges" - end - - # this parses the - def split_name(string) - matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact - case matches.length - when 2 - { - :type => :user, - :user => matches[0], - :host => matches[1] - } - when 4 - { - :type => :db, - :user => matches[0], - :host => matches[1], - :db => matches[3] - } - end - end - - def create_row - unless @resource.should(:privileges).empty? - name = split_name(@resource[:name]) - case name[:type] - when :user - mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ - name[:host], name[:user], - ] - when :db - mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ - name[:host], name[:user], name[:db], - ] - end - mysql_flush - end - end - - def destroy - mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] - end - - def row_exists? - name = split_name(@resource[:name]) - fields = [:user, :host] - if name[:type] == :db - fields << :db - end - not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? - end - - def all_privs_set? - all_privs = case split_name(@resource[:name])[:type] - when :user - MYSQL_USER_PRIVS - when :db - MYSQL_DB_PRIVS - end - all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") - privs = privileges.collect do |p| p.to_s end.sort.join("|") - - all_privs == privs - end - - def privileges - name = split_name(@resource[:name]) - privs = "" - - case name[:type] - when :user - privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] - when :db - privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] - end - - if privs.match(/^$/) - privs = [] # no result, no privs - else - # returns a line with field names and a line with values, each tab-separated - privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end - # transpose the lines, so we have key/value pairs - privs = privs[0].zip(privs[1]) - privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end - end - - privs.collect do |p| symbolize(p[0].downcase) end - end - - def privileges=(privs) - unless row_exists? - create_row - end - - # puts "Setting privs: ", privs.join(", ") - name = split_name(@resource[:name]) - stmt = '' - where = '' - all_privs = [] - case name[:type] - when :user - stmt = 'update user set ' - where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = MYSQL_USER_PRIVS - when :db - stmt = 'update db set ' - where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] - all_privs = MYSQL_DB_PRIVS - end - - if privs[0] == :all - privs = all_privs - end - - # puts "stmt:", stmt - set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') - # puts "set:", set - stmt = stmt << set << where - - mysql "mysql", "-Be", stmt - mysql_flush - end + desc "Uses mysql as database." + + commands :mysql => '/usr/bin/mysql' + commands :mysqladmin => '/usr/bin/mysqladmin' + + def mysql_flush + mysqladmin "flush-privileges" + end + + # this parses the + def split_name(string) + matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact + case matches.length + when 2 + { + :type => :user, + :user => matches[0], + :host => matches[1] + } + when 4 + { + :type => :db, + :user => matches[0], + :host => matches[1], + :db => matches[3] + } + end + end + + def create_row + unless @resource.should(:privileges).empty? + name = split_name(@resource[:name]) + case name[:type] + when :user + mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ + name[:host], name[:user], + ] + when :db + mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ + name[:host], name[:user], name[:db], + ] + end + mysql_flush + end + end + + def destroy + mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] + end + + def row_exists? + name = split_name(@resource[:name]) + fields = [:user, :host] + if name[:type] == :db + fields << :db + end + not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? + end + + def all_privs_set? + all_privs = case split_name(@resource[:name])[:type] + when :user + MYSQL_USER_PRIVS + when :db + MYSQL_DB_PRIVS + end + all_privs = all_privs.collect do |p| p.to_s end.sort.join("|") + privs = privileges.collect do |p| p.to_s end.sort.join("|") + + all_privs == privs + end + + def privileges + name = split_name(@resource[:name]) + privs = "" + + case name[:type] + when :user + privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] + when :db + privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] + end + + if privs.match(/^$/) + privs = [] # no result, no privs + else + # returns a line with field names and a line with values, each tab-separated + privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end + # transpose the lines, so we have key/value pairs + privs = privs[0].zip(privs[1]) + privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end + end + + privs.collect do |p| symbolize(p[0].downcase) end + end + + def privileges=(privs) + unless row_exists? + create_row + end + + # puts "Setting privs: ", privs.join(", ") + name = split_name(@resource[:name]) + stmt = '' + where = '' + all_privs = [] + case name[:type] + when :user + stmt = 'update user set ' + where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] + all_privs = MYSQL_USER_PRIVS + when :db + stmt = 'update db set ' + where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ] + all_privs = MYSQL_DB_PRIVS + end + + if privs[0] == :all + privs = all_privs + end + + # puts "stmt:", stmt + set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ? 'Y' : 'N'] end.join(', ') + # puts "set:", set + stmt = stmt << set << where + + mysql "mysql", "-Be", stmt + mysql_flush + end end diff --git a/lib/puppet/provider/mysql_user/mysql.rb b/lib/puppet/provider/mysql_user/mysql.rb index adc46c3..e3908be 100644 --- a/lib/puppet/provider/mysql_user/mysql.rb +++ b/lib/puppet/provider/mysql_user/mysql.rb @@ -1,76 +1,76 @@ require 'puppet/provider/package' Puppet::Type.type(:mysql_user).provide(:mysql, - # T'is funny business, this code is quite generic - :parent => Puppet::Provider::Package) do + # T'is funny business, this code is quite generic + :parent => Puppet::Provider::Package) do - desc "Use mysql as database." - commands :mysql => '/usr/bin/mysql' - commands :mysqladmin => '/usr/bin/mysqladmin' + desc "Use mysql as database." + commands :mysql => '/usr/bin/mysql' + commands :mysqladmin => '/usr/bin/mysqladmin' - # retrieve the current set of mysql users - def self.instances - users = [] + # retrieve the current set of mysql users + def self.instances + users = [] - cmd = "#{command(:mysql)} mysql -NBe 'select concat(user, \"@\", host), password from user'" - execpipe(cmd) do |process| - process.each do |line| - users << new( query_line_to_hash(line) ) - end - end - return users - end + cmd = "#{command(:mysql)} mysql -NBe 'select concat(user, \"@\", host), password from user'" + execpipe(cmd) do |process| + process.each do |line| + users << new( query_line_to_hash(line) ) + end + end + return users + end - def self.query_line_to_hash(line) - fields = line.chomp.split(/\t/) - { - :name => fields[0], - :password_hash => fields[1], - :ensure => :present - } - end + def self.query_line_to_hash(line) + fields = line.chomp.split(/\t/) + { + :name => fields[0], + :password_hash => fields[1], + :ensure => :present + } + end - def mysql_flush - mysqladmin "flush-privileges" - end + def mysql_flush + mysqladmin "flush-privileges" + end - def query - result = {} + def query + result = {} - cmd = "#{command(:mysql)} -NBe 'select concat(user, \"@\", host), password from user where concat(user, \"@\", host) = \"%s\"'" % @resource[:name] - execpipe(cmd) do |process| - process.each do |line| - unless result.empty? - raise Puppet::Error, - "Got multiple results for user '%s'" % @resource[:name] - end - result = query_line_to_hash(line) - end - end - result - end + cmd = "#{command(:mysql)} -NBe 'select concat(user, \"@\", host), password from user where concat(user, \"@\", host) = \"%s\"'" % @resource[:name] + execpipe(cmd) do |process| + process.each do |line| + unless result.empty? + raise Puppet::Error, + "Got multiple results for user '%s'" % @resource[:name] + end + result = query_line_to_hash(line) + end + end + result + end - def create - mysql "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.should(:password_hash) ] - mysql_flush - end + def create + mysql "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.should(:password_hash) ] + mysql_flush + end - def destroy - mysql "mysql", "-e", "drop user '%s'" % @resource[:name].sub("@", "'@'") - mysql_flush - end + def destroy + mysql "mysql", "-e", "drop user '%s'" % @resource[:name].sub("@", "'@'") + mysql_flush + end - def exists? - not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource[:name]).empty? - end + def exists? + not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource[:name]).empty? + end - def password_hash - @property_hash[:password_hash] - end + def password_hash + @property_hash[:password_hash] + end - def password_hash=(string) - mysql "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] - mysql_flush - end + def password_hash=(string) + mysql "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] + mysql_flush + end end diff --git a/lib/puppet/type/mysql_database.rb b/lib/puppet/type/mysql_database.rb index bb25ffa..0ba929f 100644 --- a/lib/puppet/type/mysql_database.rb +++ b/lib/puppet/type/mysql_database.rb @@ -1,11 +1,14 @@ # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_database) do - @doc = "Manage a database." - ensurable - newparam(:name) do - desc "The name of the database." + @doc = "Manage a database." - # TODO: only [[:alnum:]_] allowed - end + ensurable + autorequire(:service) { 'mysql' } + + newparam(:name) do + desc "The name of the database." + + # TODO: only [[:alnum:]_] allowed + end end diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb index 415f5aa..6bc7533 100644 --- a/lib/puppet/type/mysql_grant.rb +++ b/lib/puppet/type/mysql_grant.rb @@ -1,77 +1,79 @@ # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_grant) do - @doc = "Manage a database user's rights." - #ensurable + @doc = "Manage a database user's rights." - autorequire :mysql_db do - # puts "Starting db autoreq for %s" % self[:name] - reqs = [] - matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) - unless matches.nil? - reqs << matches[3] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + #ensurable + autorequire(:service) { 'mysqld' } - autorequire :mysql_user do - # puts "Starting user autoreq for %s" % self[:name] - reqs = [] - matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) - unless matches.nil? - reqs << "%s@%s" % [ matches[1], matches[2] ] - end - # puts "Autoreq: '%s'" % reqs.join(" ") - reqs - end + autorequire :mysql_db do + # puts "Starting db autoreq for %s" % self[:name] + reqs = [] + matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) + unless matches.nil? + reqs << matches[3] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - newparam(:name) do - desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" - end - newproperty(:privileges, :array_matching => :all) do - desc "The privileges the user should have. The possible values are implementation dependent." - munge do |v| - symbolize(v) - end + autorequire :mysql_user do + # puts "Starting user autoreq for %s" % self[:name] + reqs = [] + matches = self[:name].match(/^([^@]+)@([^\/]+).*$/) + unless matches.nil? + reqs << "%s@%s" % [ matches[1], matches[2] ] + end + # puts "Autoreq: '%s'" % reqs.join(" ") + reqs + end - def should_to_s(newvalue = @should) - if newvalue - unless newvalue.is_a?(Array) - newvalue = [ newvalue ] - end - newvalue.collect do |v| v.to_s end.sort.join ", " - else - nil - end - end + newparam(:name) do + desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges" + end + newproperty(:privileges, :array_matching => :all) do + desc "The privileges the user should have. The possible values are implementation dependent." + munge do |v| + symbolize(v) + end - def is_to_s(currentvalue = @is) - if currentvalue - unless currentvalue.is_a?(Array) - currentvalue = [ currentvalue ] - end - currentvalue.collect do |v| v.to_s end.sort.join ", " - else - nil - end - end + def should_to_s(newvalue = @should) + if newvalue + unless newvalue.is_a?(Array) + newvalue = [ newvalue ] + end + newvalue.collect do |v| v.to_s end.sort.join ", " + else + nil + end + end - # use the sorted outputs for comparison - def insync?(is) - if defined? @should and @should - case self.should_to_s - when "all" - self.provider.all_privs_set? - when self.is_to_s(is) - true - else - false - end - else - true - end - end + def is_to_s(currentvalue = @is) + if currentvalue + unless currentvalue.is_a?(Array) + currentvalue = [ currentvalue ] + end + currentvalue.collect do |v| v.to_s end.sort.join ", " + else + nil + end + end - end + # use the sorted outputs for comparison + def insync?(is) + if defined? @should and @should + case self.should_to_s + when "all" + self.provider.all_privs_set? + when self.is_to_s(is) + true + else + false + end + else + true + end + end + + end end diff --git a/lib/puppet/type/mysql_user.rb b/lib/puppet/type/mysql_user.rb index 55d97b6..0b7e9af 100644 --- a/lib/puppet/type/mysql_user.rb +++ b/lib/puppet/type/mysql_user.rb @@ -1,7 +1,10 @@ # This has to be a separate type to enable collecting Puppet::Type.newtype(:mysql_user) do @doc = "Manage a database user." + ensurable + autorequire(:service) { 'mysqld' } + newparam(:name) do desc "The name of the user. This uses the 'username@hostname' form." |