Merge branch '__mysql' into 'master'

rewrite __mysql_database, add types __mysql_user and __mysql_privileges

See merge request ungleich-public/cdist!827

cdist/conf/type/__mysql_database/explorer/state

@@ -0,0 +1,33 @@
+#!/bin/sh -e
+#
+# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+if [ -f "$__object/parameter/name" ]
+then
+    name="$( cat "$__object/parameter/name" )"
+else
+    name="$__object_id"
+fi
+
+if [ -n "$( mysql -B -N -e "show databases like '$name'" )" ]
+then
+    echo 'present'
+else
+    echo 'absent'
+fi

cdist/conf/type/__mysql_database/gencode-remote

@@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2012 Benedikt Koeppel (code@benediktkoeppel.ch)
+# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
 #
 # This file is part of cdist.
 #
@@ -17,38 +17,30 @@
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
-#
 
-# if --database was specified
-if [ -f "$__object/parameter/name" ]; then
-   database="$(cat "$__object/parameter/name")"
-else # otherwise use the object id as database name
-   database="$__object_id"
+state_is="$( cat "$__object/explorer/state" )"
+
+state_should="$( cat "$__object/parameter/state" )"
+
+if [ "$state_is" = "$state_should" ]
+then
+    exit 0
 fi
 
-cat <<-EOFF
-mysql -u root <<-EOF
-	CREATE DATABASE IF NOT EXISTS $database
-EOF
-EOFF
-
-# if --user was specified
-if [ -f "$__object/parameter/user" ]; then
-   user="$(cat "$__object/parameter/user")"
-
-   # if --password was specified
-   if [ -f "$__object/parameter/password" ]; then
-      password="$(cat "$__object/parameter/password")"
-      cat <<-EOFF
-      mysql -u root <<-EOF
-      	GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost' IDENTIFIED BY '$password';
-EOF
-EOFF
+if [ -f "$__object/parameter/name" ]
+then
+    name="$( cat "$__object/parameter/name" )"
 else
-      cat <<-EOFF
-      mysql -u root <<-EOF
-      	GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost';
-EOF
-EOFF
-   fi
+    name="$__object_id"
 fi
+
+case "$state_should" in
+    present)
+        echo "mysql -e 'create database \`$name\`'"
+        echo "create database $name" >> "$__messages_out"
+    ;;
+    absent)
+        echo "mysql -e 'drop database \`$name\`'"
+        echo "drop database $name" >> "$__messages_out"
+    ;;
+esac

cdist/conf/type/__mysql_database/man.rst

@@ -8,24 +8,24 @@ cdist-type__mysql_database - Manage a MySQL database
 
 DESCRIPTION
 -----------
-This cdist type allows you to install a MySQL database.
 
+Create MySQL database and optionally user with all privileges.
 
-REQUIRED PARAMETERS
--------------------
-None.
 
 OPTIONAL PARAMETERS
 -------------------
 name
-   The name of the database to install
-   defaults to the object id
+   Name of database. Defaults to object id.
 
 user
-   A user that should have access to the database
+   Create user and give all privileges to database.
 
 password
-   The password for the user who manages the database
+   Password for user.
+
+state
+   Defaults to present.
+   If absent and user is also set, both will be removed (with privileges).
 
 
 EXAMPLES
@@ -33,17 +33,23 @@ EXAMPLES
 
 .. code-block:: sh
 
-    __mysql_database "cdist" --name "cdist" --user "myuser" --password "mypwd"
+    # just create database
+    __mysql_database foo
+
+    # create database with respective user with all privileges to database
+    __mysql_database bar \
+        --user name \
+        --password secret
 
 
 AUTHORS
 -------
-Benedikt Koeppel <code@benediktkoeppel.ch>
+Ander Punnar <ander-at-kvlt-dot-ee>
 
 
 COPYING
 -------
-Copyright \(C) 2012 Benedikt Koeppel. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
+Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option) any
+later version.

cdist/conf/type/__mysql_database/manifest

@@ -0,0 +1,52 @@
+#!/bin/sh -e
+#
+# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+if [ -f "$__object/parameter/user" ]
+then
+    user="$( cat "$__object/parameter/user" )"
+fi
+
+if [ -f "$__object/parameter/password" ]
+then
+    password="$( cat "$__object/parameter/password" )"
+fi
+
+if [ -n "$user" ] && [ -n "$password" ]
+then
+    if [ -f "$__object/parameter/name" ]
+    then
+        database="$( cat "$__object/parameter/name" )"
+    else
+        database="$__object_id"
+    fi
+
+    state_should="$( cat "$__object/parameter/state" )"
+
+    __mysql_user "$user" \
+        --password "$password" \
+        --state "$state_should"
+
+    # removing user should remove all user's privileges
+    require="__mysql_user/$user" \
+        __mysql_privileges "$database/$user" \
+            --database "$database" \
+            --user "$user" \
+            --state "$state_should"
+fi

cdist/conf/type/__mysql_database/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__mysql_database/parameter/optional

@@ -1,3 +1,4 @@
 name
 user
 password
+state

cdist/conf/type/__mysql_privileges/explorer/state

@@ -0,0 +1,40 @@
+#!/bin/sh -e
+#
+# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+privileges="$( cat "$__object/parameter/privileges" )"
+
+database="$( cat "$__object/parameter/database" )"
+
+table="$( cat "$__object/parameter/table" )"
+
+user="$( cat "$__object/parameter/user" )"
+
+host="$( cat "$__object/parameter/host" )"
+
+check_privileges="$( 
+    mysql -B -N -e "show grants for '$user'@'$host'" \
+        | grep -Ei "^grant $privileges on .$database.\..$table. to " || true )"
+
+if [ -n "$check_privileges" ]
+then
+    echo 'present'
+else
+    echo 'absent'
+fi

cdist/conf/type/__mysql_privileges/gencode-remote

@@ -0,0 +1,49 @@
+#!/bin/sh -e
+#
+# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+state_is="$( cat "$__object/explorer/state" )"
+
+state_should="$( cat "$__object/parameter/state" )"
+
+if [ "$state_is" = "$state_should" ]
+then
+    exit 0
+fi
+
+privileges="$( cat "$__object/parameter/privileges" )"
+
+database="$( cat "$__object/parameter/database" )"
+
+table="$( cat "$__object/parameter/table" )"
+
+user="$( cat "$__object/parameter/user" )"
+
+host="$( cat "$__object/parameter/host" )"
+
+case "$state_should" in
+    present)
+        echo "mysql -e 'grant $privileges on \`$database\`.\`$table\` to \`$user\`@\`$host\`'"
+        echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
+    ;;
+    absent)
+        echo "mysql -e 'revoke $privileges on \`$database\`.\`$table\` from \`$user\`@\`$host\`'"
+        echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
+    ;;
+esac

cdist/conf/type/__mysql_privileges/man.rst

@@ -0,0 +1,57 @@
+cdist-type__mysql_privileges(7)
+===============================
+
+NAME
+----
+cdist-type__mysql_privileges - Manage MySQL privileges
+
+
+DESCRIPTION
+-----------
+
+Grant and revoke privileges of MySQL user.
+
+
+REQUIRED PARAMETERS
+-------------------
+database
+   Name of database.
+
+User
+   Name of user.
+
+
+OPTIONAL PARAMETERS
+-------------------
+privileges
+   Defaults to "all".
+
+table
+   Defaults to "*".
+
+host
+   Defaults to localhost.
+
+state
+   "present" grants and "absent" revokes. Defaults to present.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    __mysql_privileges user-to-db --database db --user user
+
+
+AUTHORS
+-------
+Ander Punnar <ander-at-kvlt-dot-ee>
+
+
+COPYING
+-------
+Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option) any
+later version.

cdist/conf/type/__mysql_privileges/parameter/default/host

@@ -0,0 +1 @@
+localhost

cdist/conf/type/__mysql_privileges/parameter/default/privileges

@@ -0,0 +1 @@
+all privileges

cdist/conf/type/__mysql_privileges/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__mysql_privileges/parameter/default/table

@@ -0,0 +1 @@
+*

cdist/conf/type/__mysql_privileges/parameter/optional

@@ -0,0 +1,4 @@
+privileges
+table
+host
+state

cdist/conf/type/__mysql_privileges/parameter/required

@@ -0,0 +1,2 @@
+database
+user

cdist/conf/type/__mysql_user/explorer/state

@@ -0,0 +1,54 @@
+#!/bin/sh -e
+#
+# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+if [ -f "$__object/parameter/name" ]
+then
+    name="$( cat "$__object/parameter/name" )"
+else
+    name="$__object_id"
+fi
+
+if [ -f "$__object/parameter/password" ]
+then
+    password="$( cat "$__object/parameter/password" )"
+else
+    password=''
+fi
+
+host="$( cat "$__object/parameter/host" )"
+
+check_user="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host'" )"
+
+if [ -n "$check_user" ]
+then
+    if [ -n "$password" ]
+    then
+        check_password="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host' and password = password( '$password' )" )"
+    fi
+
+    if [ -n "$password" ] && [ -z "$check_password" ]
+    then
+        echo 'change-password'
+    else
+        echo 'present'
+    fi
+else
+    echo 'absent'
+fi

cdist/conf/type/__mysql_user/gencode-remote

@@ -0,0 +1,68 @@
+#!/bin/sh -e
+#
+# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+state_is="$( cat "$__object/explorer/state" )"
+
+state_should="$( cat "$__object/parameter/state" )"
+
+if [ "$state_is" = "$state_should" ]
+then
+    exit 0
+fi
+
+if [ -f "$__object/parameter/name" ]
+then
+    name="$( cat "$__object/parameter/name" )"
+else
+    name="$__object_id"
+fi
+
+host="$( cat "$__object/parameter/host" )"
+
+if [ -f "$__object/parameter/password" ]
+then
+    password="$( cat "$__object/parameter/password" )"
+else
+    if [ "$state_should" = 'present' ]
+    then
+        echo '--password needed' >&2
+        exit 1
+    else
+        password=''
+    fi
+fi
+
+if [ "$state_is" = 'absent' ] && [ "$state_should" = 'present' ]
+then
+    echo "mysql -e 'create user \`$name\`@\`$host\` identified by \"$password\"'"
+    echo "create user $name@$host" >> "$__messages_out"
+
+elif [ "$state_is" != 'absent' ] && [ "$state_should" = 'absent' ]
+then
+    echo "mysql -e 'drop user \`$name\`@\`$host\`'"
+    echo "drop user $name@$host" >> "$__messages_out"
+
+elif [ "$state_is" = 'change-password' ]
+then
+    # this only works with MySQL 5.7.6 and later or MariaDB 10.1.20 and later
+    echo "mysql -e 'alter user \`$name\`@\`$host\` identified by \"$password\"'"
+    echo "mysql -e 'flush privileges'"
+    echo "change password $name@$host" >> "$__messages_out"
+fi

cdist/conf/type/__mysql_user/man.rst

@@ -0,0 +1,48 @@
+cdist-type__mysql_user(7)
+=========================
+
+NAME
+----
+cdist-type__mysql_user - Manage a MySQL user
+
+
+DESCRIPTION
+-----------
+
+Create MySQL user or change password for the user.
+
+
+OPTIONAL PARAMETERS
+-------------------
+name
+   Name of user. Defaults to object id.
+
+host
+   Host of user. Defaults to localhost.
+
+password
+   Password of user.
+
+state
+   Defaults to present.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    __mysql_user user --password secret
+
+
+AUTHORS
+-------
+Ander Punnar <ander-at-kvlt-dot-ee>
+
+
+COPYING
+-------
+Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option) any
+later version.

cdist/conf/type/__mysql_user/parameter/default/host

@@ -0,0 +1 @@
+localhost

cdist/conf/type/__mysql_user/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__mysql_user/parameter/optional

@@ -0,0 +1,4 @@
+name
+host
+password
+state