Hi folks,
I've been staring for a long time now at this issue in the
PostgreSQL puppet module, discussing whether to
"Implement database, database_user, and database_grant provider"
https://github.com/puppetlabs/puppetlabs-postgresql/issues/27
The bug has been closed and that's a little unsatisfying.
database, database_user and database_grant are resources internal
to puppet, but only puppetlabs-mysql implements them.
It's clear to me that one might have to break compatibility
with the current *mysql* module to be able to introduce these
resources into puppetlabs-postgresql.
I'll explain my patch below, but I'd first like to know if there's
any interest in this happening from either puppetlabs-mysql or
puppetlabs-postgresql users and developers! I am generally more
concerned with puppetlabs-mysql here, because its development seems
to have stagnated, judging from the bug reports and the pull requests:
http://projects.puppetlabs.com/projects/modules/issues?utf8=%E2%9C%93&set_filter=1&f[]=status_id&op[status_id]=o&f[]=category_id&op[category_id]=%3D&v[category_id][]=234&f[]=&c[]=tracker&c[]=status&c[]=priority&c[]=subject&c[]=assigned_to&c[]=fixed_version&group_by=
https://github.com/puppetlabs/puppetlabs-mysql/pulls
* * * *
My take on this (see attachment or this paste: http://apaste.info/jH0C )
is to first add the ability to use "host/netmask" or "network/netmask"
as mysql $host that the mysql user is connecting.
This is something that mysql can do, even though it's not often
used, it seems, but it's pretty much standard in PostgreSQL land's
pg_hba.conf. I'm using the # as new seperator instead of /
That's where I break compatibility, but that's also what makes the regex
instantly more readable, because I avoid the dreaded toothpicks.
That's all from me. I ♥ly welcome your comments,
-- i
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
diff --git Modulefile Modulefile
index dc5b34a..be99591 100644
--- Modulefile
+++ Modulefile
@@ -1,5 +1,5 @@
name 'puppetlabs-mysql'
-version '0.6.1'
+version '0.7.0'
source 'git://github.com/puppetlabs/puppetlabs-mysql.git'
author 'Puppet Labs'
license 'Apache 2.0'
diff --git README.md README.md
index 90f7151..33063f7 100644
--- README.md
+++ README.md
@@ -123,7 +123,9 @@ The custom resources can be used in any other manifests:
password_hash => mysql_password('foo')
}
- database_grant { 'user@localhost/database':
+ database_grant { 'user@host/netmask#database':
+ # note that /netmask is optional. This is also a backwards-incompatible to 0.6.x and lower
+ # It was done to create, instead, compatibility with PostgreSQL's database_grant resource.
privileges => ['all'] ,
# Or specify individual privileges with columns from the mysql.db table:
# privileges => ['Select_priv', 'Insert_priv', 'Update_priv', 'Delete_priv']
diff --git lib/puppet/provider/database_grant/mysql.rb lib/puppet/provider/database_grant/mysql.rb
index 3989e1f..564dfc7 100644
--- lib/puppet/provider/database_grant/mysql.rb
+++ lib/puppet/provider/database_grant/mysql.rb
@@ -1,7 +1,10 @@
# A grant is either global or per-db. This can be distinguished by the syntax
# of the name:
# user@host => global
-# user@host/db => per-db
+# user@host#db => per-db
+# n.b.: host can have an optional /network part:
+# user@host/32 => global
+# user@host/24#db => per-db
Puppet::Type.type(:database_grant).provide(:mysql) do
@@ -51,7 +54,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
# this parses the
def split_name(string)
- matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact
+ matches = /^([^@]*)@([^#]*)(#(.*))?$/.match(string).captures.compact
case matches.length
when 2
{
diff --git lib/puppet/type/database_grant.rb lib/puppet/type/database_grant.rb
index 965695b..6bb35a7 100644
--- lib/puppet/type/database_grant.rb
+++ lib/puppet/type/database_grant.rb
@@ -6,7 +6,7 @@ Puppet::Type.newtype(:database_grant) do
autorequire :database do
# puts "Starting db autoreq for %s" % self[:name]
reqs = []
- matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/)
+ matches = self[:name].match(/^([^@]+)@([^#]+)#(.+)$/)
unless matches.nil?
reqs << matches[3]
end
@@ -17,7 +17,7 @@ Puppet::Type.newtype(:database_grant) do
autorequire :database_user do
# puts "Starting user autoreq for %s" % self[:name]
reqs = []
- matches = self[:name].match(/^([^@]+)@([^\/]+).*$/)
+ matches = self[:name].match(/^([^@]+)@([^#]+).*$/)
unless matches.nil?
reqs << "%s@%s" % [ matches[1], matches[2] ]
end
diff --git manifests/db.pp manifests/db.pp
index 6363b80..eb60f63 100644
--- manifests/db.pp
+++ manifests/db.pp
@@ -12,7 +12,7 @@
# [*user*] - username to create and grant access.
# [*password*] - user's password.
# [*charset*] - database charset.
-# [*host*] - host for assigning privileges to user.
+# [*host*] - host or network with optional netmask for assigning privileges to user: 127.0.0.1/8
# [*grant*] - array of privileges to grant user.
# [*enforce_sql*] - whether to enforce or conditionally run sql on creation.
# [*sql*] - sql statement to run.
@@ -76,7 +76,7 @@ define mysql::db (
command => "/usr/bin/mysql ${name} < ${sql}",
logoutput => true,
refreshonly => $refresh,
- require => Database_grant["${user}@${host}/${name}"],
+ require => Database_grant["${user}@${host}#${name}"],
subscribe => Database[$name],
}
}
diff --git tests/mysql_grant.pp tests/mysql_grant.pp
index 8d96547..2a649b1 100644
--- tests/mysql_grant.pp
+++ tests/mysql_grant.pp
@@ -1,3 +1,3 @@
-database_grant{'test1@localhost/redmine':
+database_grant{'test1@localhost#redmine':
privileges => [update],
}
diff --git tests/mysql_user.pp tests/mysql_user.pp
index f639084..c8527ac 100644
--- tests/mysql_user.pp
+++ tests/mysql_user.pp
@@ -21,3 +21,8 @@ database_user{ 'dan@%':
ensure => present,
password_hash => mysql_password('blah'),
}
+
+database_user{ 'zoe@192.168.122.0/24':
+ ensure => present,
+ password_hash => mysql_password('blah')
+}
