Merge branch '__mysql' into 'master'
rewrite __mysql_database, add types __mysql_user and __mysql_privileges See merge request ungleich-public/cdist!827
This commit is contained in:
commit
1fc845480e
21 changed files with 463 additions and 46 deletions
33
cdist/conf/type/__mysql_database/explorer/state
Executable file
33
cdist/conf/type/__mysql_database/explorer/state
Executable file
|
@ -0,0 +1,33 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
if [ -f "$__object/parameter/name" ]
|
||||
then
|
||||
name="$( cat "$__object/parameter/name" )"
|
||||
else
|
||||
name="$__object_id"
|
||||
fi
|
||||
|
||||
if [ -n "$( mysql -B -N -e "show databases like '$name'" )" ]
|
||||
then
|
||||
echo 'present'
|
||||
else
|
||||
echo 'absent'
|
||||
fi
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2012 Benedikt Koeppel (code@benediktkoeppel.ch)
|
||||
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -17,38 +17,30 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
|
||||
# if --database was specified
|
||||
if [ -f "$__object/parameter/name" ]; then
|
||||
database="$(cat "$__object/parameter/name")"
|
||||
else # otherwise use the object id as database name
|
||||
database="$__object_id"
|
||||
state_is="$( cat "$__object/explorer/state" )"
|
||||
|
||||
state_should="$( cat "$__object/parameter/state" )"
|
||||
|
||||
if [ "$state_is" = "$state_should" ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cat <<-EOFF
|
||||
mysql -u root <<-EOF
|
||||
CREATE DATABASE IF NOT EXISTS $database
|
||||
EOF
|
||||
EOFF
|
||||
|
||||
# if --user was specified
|
||||
if [ -f "$__object/parameter/user" ]; then
|
||||
user="$(cat "$__object/parameter/user")"
|
||||
|
||||
# if --password was specified
|
||||
if [ -f "$__object/parameter/password" ]; then
|
||||
password="$(cat "$__object/parameter/password")"
|
||||
cat <<-EOFF
|
||||
mysql -u root <<-EOF
|
||||
GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost' IDENTIFIED BY '$password';
|
||||
EOF
|
||||
EOFF
|
||||
if [ -f "$__object/parameter/name" ]
|
||||
then
|
||||
name="$( cat "$__object/parameter/name" )"
|
||||
else
|
||||
cat <<-EOFF
|
||||
mysql -u root <<-EOF
|
||||
GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost';
|
||||
EOF
|
||||
EOFF
|
||||
fi
|
||||
name="$__object_id"
|
||||
fi
|
||||
|
||||
case "$state_should" in
|
||||
present)
|
||||
echo "mysql -e 'create database \`$name\`'"
|
||||
echo "create database $name" >> "$__messages_out"
|
||||
;;
|
||||
absent)
|
||||
echo "mysql -e 'drop database \`$name\`'"
|
||||
echo "drop database $name" >> "$__messages_out"
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -8,24 +8,24 @@ cdist-type__mysql_database - Manage a MySQL database
|
|||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This cdist type allows you to install a MySQL database.
|
||||
|
||||
Create MySQL database and optionally user with all privileges.
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
None.
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
name
|
||||
The name of the database to install
|
||||
defaults to the object id
|
||||
Name of database. Defaults to object id.
|
||||
|
||||
user
|
||||
A user that should have access to the database
|
||||
Create user and give all privileges to database.
|
||||
|
||||
password
|
||||
The password for the user who manages the database
|
||||
Password for user.
|
||||
|
||||
state
|
||||
Defaults to present.
|
||||
If absent and user is also set, both will be removed (with privileges).
|
||||
|
||||
|
||||
EXAMPLES
|
||||
|
@ -33,17 +33,23 @@ EXAMPLES
|
|||
|
||||
.. code-block:: sh
|
||||
|
||||
__mysql_database "cdist" --name "cdist" --user "myuser" --password "mypwd"
|
||||
# just create database
|
||||
__mysql_database foo
|
||||
|
||||
# create database with respective user with all privileges to database
|
||||
__mysql_database bar \
|
||||
--user name \
|
||||
--password secret
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Benedikt Koeppel <code@benediktkoeppel.ch>
|
||||
Ander Punnar <ander-at-kvlt-dot-ee>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2012 Benedikt Koeppel. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
|
||||
under the terms of the GNU General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option) any
|
||||
later version.
|
||||
|
|
52
cdist/conf/type/__mysql_database/manifest
Executable file
52
cdist/conf/type/__mysql_database/manifest
Executable file
|
@ -0,0 +1,52 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
if [ -f "$__object/parameter/user" ]
|
||||
then
|
||||
user="$( cat "$__object/parameter/user" )"
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/password" ]
|
||||
then
|
||||
password="$( cat "$__object/parameter/password" )"
|
||||
fi
|
||||
|
||||
if [ -n "$user" ] && [ -n "$password" ]
|
||||
then
|
||||
if [ -f "$__object/parameter/name" ]
|
||||
then
|
||||
database="$( cat "$__object/parameter/name" )"
|
||||
else
|
||||
database="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$( cat "$__object/parameter/state" )"
|
||||
|
||||
__mysql_user "$user" \
|
||||
--password "$password" \
|
||||
--state "$state_should"
|
||||
|
||||
# removing user should remove all user's privileges
|
||||
require="__mysql_user/$user" \
|
||||
__mysql_privileges "$database/$user" \
|
||||
--database "$database" \
|
||||
--user "$user" \
|
||||
--state "$state_should"
|
||||
fi
|
1
cdist/conf/type/__mysql_database/parameter/default/state
Normal file
1
cdist/conf/type/__mysql_database/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
|||
present
|
|
@ -1,3 +1,4 @@
|
|||
name
|
||||
user
|
||||
password
|
||||
state
|
||||
|
|
40
cdist/conf/type/__mysql_privileges/explorer/state
Executable file
40
cdist/conf/type/__mysql_privileges/explorer/state
Executable file
|
@ -0,0 +1,40 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
privileges="$( cat "$__object/parameter/privileges" )"
|
||||
|
||||
database="$( cat "$__object/parameter/database" )"
|
||||
|
||||
table="$( cat "$__object/parameter/table" )"
|
||||
|
||||
user="$( cat "$__object/parameter/user" )"
|
||||
|
||||
host="$( cat "$__object/parameter/host" )"
|
||||
|
||||
check_privileges="$(
|
||||
mysql -B -N -e "show grants for '$user'@'$host'" \
|
||||
| grep -Ei "^grant $privileges on .$database.\..$table. to " || true )"
|
||||
|
||||
if [ -n "$check_privileges" ]
|
||||
then
|
||||
echo 'present'
|
||||
else
|
||||
echo 'absent'
|
||||
fi
|
49
cdist/conf/type/__mysql_privileges/gencode-remote
Executable file
49
cdist/conf/type/__mysql_privileges/gencode-remote
Executable file
|
@ -0,0 +1,49 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
state_is="$( cat "$__object/explorer/state" )"
|
||||
|
||||
state_should="$( cat "$__object/parameter/state" )"
|
||||
|
||||
if [ "$state_is" = "$state_should" ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
privileges="$( cat "$__object/parameter/privileges" )"
|
||||
|
||||
database="$( cat "$__object/parameter/database" )"
|
||||
|
||||
table="$( cat "$__object/parameter/table" )"
|
||||
|
||||
user="$( cat "$__object/parameter/user" )"
|
||||
|
||||
host="$( cat "$__object/parameter/host" )"
|
||||
|
||||
case "$state_should" in
|
||||
present)
|
||||
echo "mysql -e 'grant $privileges on \`$database\`.\`$table\` to \`$user\`@\`$host\`'"
|
||||
echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
|
||||
;;
|
||||
absent)
|
||||
echo "mysql -e 'revoke $privileges on \`$database\`.\`$table\` from \`$user\`@\`$host\`'"
|
||||
echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
|
||||
;;
|
||||
esac
|
57
cdist/conf/type/__mysql_privileges/man.rst
Normal file
57
cdist/conf/type/__mysql_privileges/man.rst
Normal file
|
@ -0,0 +1,57 @@
|
|||
cdist-type__mysql_privileges(7)
|
||||
===============================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__mysql_privileges - Manage MySQL privileges
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
|
||||
Grant and revoke privileges of MySQL user.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
database
|
||||
Name of database.
|
||||
|
||||
User
|
||||
Name of user.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
privileges
|
||||
Defaults to "all".
|
||||
|
||||
table
|
||||
Defaults to "*".
|
||||
|
||||
host
|
||||
Defaults to localhost.
|
||||
|
||||
state
|
||||
"present" grants and "absent" revokes. Defaults to present.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
__mysql_privileges user-to-db --database db --user user
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Ander Punnar <ander-at-kvlt-dot-ee>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
|
||||
under the terms of the GNU General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option) any
|
||||
later version.
|
|
@ -0,0 +1 @@
|
|||
localhost
|
|
@ -0,0 +1 @@
|
|||
all privileges
|
|
@ -0,0 +1 @@
|
|||
present
|
|
@ -0,0 +1 @@
|
|||
*
|
4
cdist/conf/type/__mysql_privileges/parameter/optional
Normal file
4
cdist/conf/type/__mysql_privileges/parameter/optional
Normal file
|
@ -0,0 +1,4 @@
|
|||
privileges
|
||||
table
|
||||
host
|
||||
state
|
2
cdist/conf/type/__mysql_privileges/parameter/required
Normal file
2
cdist/conf/type/__mysql_privileges/parameter/required
Normal file
|
@ -0,0 +1,2 @@
|
|||
database
|
||||
user
|
54
cdist/conf/type/__mysql_user/explorer/state
Executable file
54
cdist/conf/type/__mysql_user/explorer/state
Executable file
|
@ -0,0 +1,54 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
if [ -f "$__object/parameter/name" ]
|
||||
then
|
||||
name="$( cat "$__object/parameter/name" )"
|
||||
else
|
||||
name="$__object_id"
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/password" ]
|
||||
then
|
||||
password="$( cat "$__object/parameter/password" )"
|
||||
else
|
||||
password=''
|
||||
fi
|
||||
|
||||
host="$( cat "$__object/parameter/host" )"
|
||||
|
||||
check_user="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host'" )"
|
||||
|
||||
if [ -n "$check_user" ]
|
||||
then
|
||||
if [ -n "$password" ]
|
||||
then
|
||||
check_password="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host' and password = password( '$password' )" )"
|
||||
fi
|
||||
|
||||
if [ -n "$password" ] && [ -z "$check_password" ]
|
||||
then
|
||||
echo 'change-password'
|
||||
else
|
||||
echo 'present'
|
||||
fi
|
||||
else
|
||||
echo 'absent'
|
||||
fi
|
68
cdist/conf/type/__mysql_user/gencode-remote
Executable file
68
cdist/conf/type/__mysql_user/gencode-remote
Executable file
|
@ -0,0 +1,68 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
state_is="$( cat "$__object/explorer/state" )"
|
||||
|
||||
state_should="$( cat "$__object/parameter/state" )"
|
||||
|
||||
if [ "$state_is" = "$state_should" ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/name" ]
|
||||
then
|
||||
name="$( cat "$__object/parameter/name" )"
|
||||
else
|
||||
name="$__object_id"
|
||||
fi
|
||||
|
||||
host="$( cat "$__object/parameter/host" )"
|
||||
|
||||
if [ -f "$__object/parameter/password" ]
|
||||
then
|
||||
password="$( cat "$__object/parameter/password" )"
|
||||
else
|
||||
if [ "$state_should" = 'present' ]
|
||||
then
|
||||
echo '--password needed' >&2
|
||||
exit 1
|
||||
else
|
||||
password=''
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$state_is" = 'absent' ] && [ "$state_should" = 'present' ]
|
||||
then
|
||||
echo "mysql -e 'create user \`$name\`@\`$host\` identified by \"$password\"'"
|
||||
echo "create user $name@$host" >> "$__messages_out"
|
||||
|
||||
elif [ "$state_is" != 'absent' ] && [ "$state_should" = 'absent' ]
|
||||
then
|
||||
echo "mysql -e 'drop user \`$name\`@\`$host\`'"
|
||||
echo "drop user $name@$host" >> "$__messages_out"
|
||||
|
||||
elif [ "$state_is" = 'change-password' ]
|
||||
then
|
||||
# this only works with MySQL 5.7.6 and later or MariaDB 10.1.20 and later
|
||||
echo "mysql -e 'alter user \`$name\`@\`$host\` identified by \"$password\"'"
|
||||
echo "mysql -e 'flush privileges'"
|
||||
echo "change password $name@$host" >> "$__messages_out"
|
||||
fi
|
48
cdist/conf/type/__mysql_user/man.rst
Normal file
48
cdist/conf/type/__mysql_user/man.rst
Normal file
|
@ -0,0 +1,48 @@
|
|||
cdist-type__mysql_user(7)
|
||||
=========================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__mysql_user - Manage a MySQL user
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
|
||||
Create MySQL user or change password for the user.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
name
|
||||
Name of user. Defaults to object id.
|
||||
|
||||
host
|
||||
Host of user. Defaults to localhost.
|
||||
|
||||
password
|
||||
Password of user.
|
||||
|
||||
state
|
||||
Defaults to present.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
__mysql_user user --password secret
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Ander Punnar <ander-at-kvlt-dot-ee>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
|
||||
under the terms of the GNU General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option) any
|
||||
later version.
|
1
cdist/conf/type/__mysql_user/parameter/default/host
Normal file
1
cdist/conf/type/__mysql_user/parameter/default/host
Normal file
|
@ -0,0 +1 @@
|
|||
localhost
|
1
cdist/conf/type/__mysql_user/parameter/default/state
Normal file
1
cdist/conf/type/__mysql_user/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
|||
present
|
4
cdist/conf/type/__mysql_user/parameter/optional
Normal file
4
cdist/conf/type/__mysql_user/parameter/optional
Normal file
|
@ -0,0 +1,4 @@
|
|||
name
|
||||
host
|
||||
password
|
||||
state
|
Loading…
Reference in a new issue