Merge branch '__mysql' into 'master'

rewrite __mysql_database, add types __mysql_user and __mysql_privileges

See merge request ungleich-public/cdist!827
This commit is contained in:
poljakowski 2020-01-04 13:45:15 +01:00
commit 1fc845480e
21 changed files with 463 additions and 46 deletions

View file

@ -0,0 +1,33 @@
#!/bin/sh -e
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -f "$__object/parameter/name" ]
then
name="$( cat "$__object/parameter/name" )"
else
name="$__object_id"
fi
if [ -n "$( mysql -B -N -e "show databases like '$name'" )" ]
then
echo 'present'
else
echo 'absent'
fi

View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#
# 2012 Benedikt Koeppel (code@benediktkoeppel.ch)
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
@ -17,38 +17,30 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# if --database was specified
if [ -f "$__object/parameter/name" ]; then
database="$(cat "$__object/parameter/name")"
else # otherwise use the object id as database name
database="$__object_id"
state_is="$( cat "$__object/explorer/state" )"
state_should="$( cat "$__object/parameter/state" )"
if [ "$state_is" = "$state_should" ]
then
exit 0
fi
cat <<-EOFF
mysql -u root <<-EOF
CREATE DATABASE IF NOT EXISTS $database
EOF
EOFF
# if --user was specified
if [ -f "$__object/parameter/user" ]; then
user="$(cat "$__object/parameter/user")"
# if --password was specified
if [ -f "$__object/parameter/password" ]; then
password="$(cat "$__object/parameter/password")"
cat <<-EOFF
mysql -u root <<-EOF
GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost' IDENTIFIED BY '$password';
EOF
EOFF
if [ -f "$__object/parameter/name" ]
then
name="$( cat "$__object/parameter/name" )"
else
cat <<-EOFF
mysql -u root <<-EOF
GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost';
EOF
EOFF
fi
name="$__object_id"
fi
case "$state_should" in
present)
echo "mysql -e 'create database \`$name\`'"
echo "create database $name" >> "$__messages_out"
;;
absent)
echo "mysql -e 'drop database \`$name\`'"
echo "drop database $name" >> "$__messages_out"
;;
esac

View file

@ -8,24 +8,24 @@ cdist-type__mysql_database - Manage a MySQL database
DESCRIPTION
-----------
This cdist type allows you to install a MySQL database.
Create MySQL database and optionally user with all privileges.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
name
The name of the database to install
defaults to the object id
Name of database. Defaults to object id.
user
A user that should have access to the database
Create user and give all privileges to database.
password
The password for the user who manages the database
Password for user.
state
Defaults to present.
If absent and user is also set, both will be removed (with privileges).
EXAMPLES
@ -33,17 +33,23 @@ EXAMPLES
.. code-block:: sh
__mysql_database "cdist" --name "cdist" --user "myuser" --password "mypwd"
# just create database
__mysql_database foo
# create database with respective user with all privileges to database
__mysql_database bar \
--user name \
--password secret
AUTHORS
-------
Benedikt Koeppel <code@benediktkoeppel.ch>
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2012 Benedikt Koeppel. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any
later version.

View file

@ -0,0 +1,52 @@
#!/bin/sh -e
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -f "$__object/parameter/user" ]
then
user="$( cat "$__object/parameter/user" )"
fi
if [ -f "$__object/parameter/password" ]
then
password="$( cat "$__object/parameter/password" )"
fi
if [ -n "$user" ] && [ -n "$password" ]
then
if [ -f "$__object/parameter/name" ]
then
database="$( cat "$__object/parameter/name" )"
else
database="$__object_id"
fi
state_should="$( cat "$__object/parameter/state" )"
__mysql_user "$user" \
--password "$password" \
--state "$state_should"
# removing user should remove all user's privileges
require="__mysql_user/$user" \
__mysql_privileges "$database/$user" \
--database "$database" \
--user "$user" \
--state "$state_should"
fi

View file

@ -0,0 +1 @@
present

View file

@ -1,3 +1,4 @@
name
user
password
state

View file

@ -0,0 +1,40 @@
#!/bin/sh -e
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
privileges="$( cat "$__object/parameter/privileges" )"
database="$( cat "$__object/parameter/database" )"
table="$( cat "$__object/parameter/table" )"
user="$( cat "$__object/parameter/user" )"
host="$( cat "$__object/parameter/host" )"
check_privileges="$(
mysql -B -N -e "show grants for '$user'@'$host'" \
| grep -Ei "^grant $privileges on .$database.\..$table. to " || true )"
if [ -n "$check_privileges" ]
then
echo 'present'
else
echo 'absent'
fi

View file

@ -0,0 +1,49 @@
#!/bin/sh -e
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
state_is="$( cat "$__object/explorer/state" )"
state_should="$( cat "$__object/parameter/state" )"
if [ "$state_is" = "$state_should" ]
then
exit 0
fi
privileges="$( cat "$__object/parameter/privileges" )"
database="$( cat "$__object/parameter/database" )"
table="$( cat "$__object/parameter/table" )"
user="$( cat "$__object/parameter/user" )"
host="$( cat "$__object/parameter/host" )"
case "$state_should" in
present)
echo "mysql -e 'grant $privileges on \`$database\`.\`$table\` to \`$user\`@\`$host\`'"
echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
;;
absent)
echo "mysql -e 'revoke $privileges on \`$database\`.\`$table\` from \`$user\`@\`$host\`'"
echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
;;
esac

View file

@ -0,0 +1,57 @@
cdist-type__mysql_privileges(7)
===============================
NAME
----
cdist-type__mysql_privileges - Manage MySQL privileges
DESCRIPTION
-----------
Grant and revoke privileges of MySQL user.
REQUIRED PARAMETERS
-------------------
database
Name of database.
User
Name of user.
OPTIONAL PARAMETERS
-------------------
privileges
Defaults to "all".
table
Defaults to "*".
host
Defaults to localhost.
state
"present" grants and "absent" revokes. Defaults to present.
EXAMPLES
--------
.. code-block:: sh
__mysql_privileges user-to-db --database db --user user
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any
later version.

View file

@ -0,0 +1 @@
localhost

View file

@ -0,0 +1 @@
all privileges

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
*

View file

@ -0,0 +1,4 @@
privileges
table
host
state

View file

@ -0,0 +1,2 @@
database
user

View file

@ -0,0 +1,54 @@
#!/bin/sh -e
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -f "$__object/parameter/name" ]
then
name="$( cat "$__object/parameter/name" )"
else
name="$__object_id"
fi
if [ -f "$__object/parameter/password" ]
then
password="$( cat "$__object/parameter/password" )"
else
password=''
fi
host="$( cat "$__object/parameter/host" )"
check_user="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host'" )"
if [ -n "$check_user" ]
then
if [ -n "$password" ]
then
check_password="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host' and password = password( '$password' )" )"
fi
if [ -n "$password" ] && [ -z "$check_password" ]
then
echo 'change-password'
else
echo 'present'
fi
else
echo 'absent'
fi

View file

@ -0,0 +1,68 @@
#!/bin/sh -e
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
state_is="$( cat "$__object/explorer/state" )"
state_should="$( cat "$__object/parameter/state" )"
if [ "$state_is" = "$state_should" ]
then
exit 0
fi
if [ -f "$__object/parameter/name" ]
then
name="$( cat "$__object/parameter/name" )"
else
name="$__object_id"
fi
host="$( cat "$__object/parameter/host" )"
if [ -f "$__object/parameter/password" ]
then
password="$( cat "$__object/parameter/password" )"
else
if [ "$state_should" = 'present' ]
then
echo '--password needed' >&2
exit 1
else
password=''
fi
fi
if [ "$state_is" = 'absent' ] && [ "$state_should" = 'present' ]
then
echo "mysql -e 'create user \`$name\`@\`$host\` identified by \"$password\"'"
echo "create user $name@$host" >> "$__messages_out"
elif [ "$state_is" != 'absent' ] && [ "$state_should" = 'absent' ]
then
echo "mysql -e 'drop user \`$name\`@\`$host\`'"
echo "drop user $name@$host" >> "$__messages_out"
elif [ "$state_is" = 'change-password' ]
then
# this only works with MySQL 5.7.6 and later or MariaDB 10.1.20 and later
echo "mysql -e 'alter user \`$name\`@\`$host\` identified by \"$password\"'"
echo "mysql -e 'flush privileges'"
echo "change password $name@$host" >> "$__messages_out"
fi

View file

@ -0,0 +1,48 @@
cdist-type__mysql_user(7)
=========================
NAME
----
cdist-type__mysql_user - Manage a MySQL user
DESCRIPTION
-----------
Create MySQL user or change password for the user.
OPTIONAL PARAMETERS
-------------------
name
Name of user. Defaults to object id.
host
Host of user. Defaults to localhost.
password
Password of user.
state
Defaults to present.
EXAMPLES
--------
.. code-block:: sh
__mysql_user user --password secret
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any
later version.

View file

@ -0,0 +1 @@
localhost

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,4 @@
name
host
password
state