Mercurial > repos > other > Puppet
annotate modules/mysql/lib/puppet/provider/mysql_user/mysql.rb @ 443:c6c9a2cfcfbd
Update MySQL module
Fixes a problem with MariaDB and blank certificate paths
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Mon, 08 May 2023 11:48:41 +0100 |
parents | 668df4711671 |
children | adf6fe9bbc17 |
rev | line source |
---|---|
389 | 1 # frozen_string_literal: true |
2 | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql')) |
244 | 4 Puppet::Type.type(:mysql_user).provide(:mysql, parent: Puppet::Provider::Mysql) do |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 desc 'manage users for a mysql database.' |
244 | 6 commands mysql_raw: 'mysql' |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 # Build a property_hash containing all the discovered information about MySQL |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 # users. |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 def self.instances |
244 | 11 users = mysql_caller("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').split("\n") |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 # To reduce the number of calls to MySQL we collect all the properties in |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 # one big swoop. |
244 | 14 users.map do |name| |
15 if mysqld_version.nil? | |
16 ## Default ... | |
389 | 17 # rubocop:disable Layout/LineLength |
244 | 18 query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" |
389 | 19 elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6') |
244 | 20 query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" |
389 | 21 elsif newer_than('mariadb' => '10.1.21') |
22 query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD, PLUGIN, AUTHENTICATION_STRING FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" | |
244 | 23 else |
24 query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" | |
25 end | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 @max_user_connections, @max_connections_per_hour, @max_queries_per_hour, |
244 | 27 @max_updates_per_hour, ssl_type, ssl_cipher, x509_issuer, x509_subject, |
389 | 28 @password, @plugin, @authentication_string = mysql_caller(query, 'regular').chomp.split(%r{\t}) |
244 | 29 @tls_options = parse_tls_options(ssl_type, ssl_cipher, x509_issuer, x509_subject) |
443 | 30 if newer_than('mariadb' => '10.1.21') && (@plugin == 'ed25519' || @plugin == 'mysql_native_password') |
389 | 31 # Some auth plugins (e.g. ed25519) use authentication_string |
32 # to store password hash or auth information | |
33 @password = @authentication_string | |
34 elsif (newer_than('mariadb' => '10.2.16') && older_than('mariadb' => '10.2.19')) || | |
35 (newer_than('mariadb' => '10.3.8') && older_than('mariadb' => '10.3.11')) | |
36 # Old mariadb 10.2 or 10.3 store password hash in authentication_string | |
37 # https://jira.mariadb.org/browse/MDEV-16238 https://jira.mariadb.org/browse/MDEV-16774 | |
38 @password = @authentication_string | |
39 end | |
40 # rubocop:enable Layout/LineLength | |
244 | 41 new(name: name, |
42 ensure: :present, | |
43 password_hash: @password, | |
44 plugin: @plugin, | |
45 max_user_connections: @max_user_connections, | |
46 max_connections_per_hour: @max_connections_per_hour, | |
47 max_queries_per_hour: @max_queries_per_hour, | |
48 max_updates_per_hour: @max_updates_per_hour, | |
49 tls_options: @tls_options) | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 # We iterate over each mysql_user entry in the catalog and compare it against |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 # the contents of the property_hash generated by self.instances |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 def self.prefetch(resources) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 users = instances |
244 | 57 # rubocop:disable Lint/AssignmentInCondition |
389 | 58 resources.each_key do |name| |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 if provider = users.find { |user| user.name == name } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
60 resources[name].provider = provider |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
61 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
62 end |
244 | 63 # rubocop:enable Lint/AssignmentInCondition |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
66 def create |
244 | 67 # (MODULES-3539) Allow @ in username |
68 merged_name = @resource[:name].reverse.sub('@', "'@'").reverse | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 password_hash = @resource.value(:password_hash) |
26
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
70 plugin = @resource.value(:plugin) |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
71 max_user_connections = @resource.value(:max_user_connections) || 0 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
72 max_connections_per_hour = @resource.value(:max_connections_per_hour) || 0 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
73 max_queries_per_hour = @resource.value(:max_queries_per_hour) || 0 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
74 max_updates_per_hour = @resource.value(:max_updates_per_hour) || 0 |
244 | 75 tls_options = @resource.value(:tls_options) || ['NONE'] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
76 |
389 | 77 password_hash = password_hash.unwrap if password_hash.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) |
78 | |
26
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
79 # Use CREATE USER to be compatible with NO_AUTO_CREATE_USER sql_mode |
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
80 # This is also required if you want to specify a authentication plugin |
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
81 if !plugin.nil? |
244 | 82 if !password_hash.nil? |
83 self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED WITH '#{plugin}' AS '#{password_hash}'", 'system') | |
84 else | |
85 self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED WITH '#{plugin}'", 'system') | |
86 end | |
26
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
87 @property_hash[:ensure] = :present |
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
88 @property_hash[:plugin] = plugin |
244 | 89 elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.1.3') |
90 self.class.mysql_caller("CREATE USER IF NOT EXISTS '#{merged_name}' IDENTIFIED WITH 'mysql_native_password' AS '#{password_hash}'", 'system') | |
91 @property_hash[:ensure] = :present | |
92 @property_hash[:password_hash] = password_hash | |
26
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
93 else |
244 | 94 self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED BY PASSWORD '#{password_hash}'", 'system') |
26
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
95 @property_hash[:ensure] = :present |
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
96 @property_hash[:password_hash] = password_hash |
58d1818c2ded
Update MySQL module (which adds "staging" module)
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
97 end |
389 | 98 # rubocop:disable Layout/LineLength |
244 | 99 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6') |
100 self.class.mysql_caller("ALTER USER IF EXISTS '#{merged_name}' WITH MAX_USER_CONNECTIONS #{max_user_connections} MAX_CONNECTIONS_PER_HOUR #{max_connections_per_hour} MAX_QUERIES_PER_HOUR #{max_queries_per_hour} MAX_UPDATES_PER_HOUR #{max_updates_per_hour}", 'system') | |
101 else | |
102 self.class.mysql_caller("GRANT USAGE ON *.* TO '#{merged_name}' WITH MAX_USER_CONNECTIONS #{max_user_connections} MAX_CONNECTIONS_PER_HOUR #{max_connections_per_hour} MAX_QUERIES_PER_HOUR #{max_queries_per_hour} MAX_UPDATES_PER_HOUR #{max_updates_per_hour}", 'system') | |
103 end | |
389 | 104 # rubocop:enable Layout/LineLength |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
105 @property_hash[:max_user_connections] = max_user_connections |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
106 @property_hash[:max_connections_per_hour] = max_connections_per_hour |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
107 @property_hash[:max_queries_per_hour] = max_queries_per_hour |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
108 @property_hash[:max_updates_per_hour] = max_updates_per_hour |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
109 |
244 | 110 merged_tls_options = tls_options.join(' AND ') |
111 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') | |
112 self.class.mysql_caller("ALTER USER '#{merged_name}' REQUIRE #{merged_tls_options}", 'system') | |
113 else | |
114 self.class.mysql_caller("GRANT USAGE ON *.* TO '#{merged_name}' REQUIRE #{merged_tls_options}", 'system') | |
115 end | |
116 @property_hash[:tls_options] = tls_options | |
117 | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
118 exists? ? (return true) : (return false) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
119 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
120 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
121 def destroy |
244 | 122 # (MODULES-3539) Allow @ in username |
123 merged_name = @resource[:name].reverse.sub('@', "'@'").reverse | |
124 if_exists = if newer_than('mysql' => '5.7', 'percona' => '5.7', 'mariadb' => '10.1.3') | |
125 'IF EXISTS ' | |
126 else | |
127 '' | |
128 end | |
129 | |
130 self.class.mysql_caller("DROP USER #{if_exists}'#{merged_name}'", 'system') | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
131 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
132 @property_hash.clear |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
133 exists? ? (return false) : (return true) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
134 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
135 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
136 def exists? |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
137 @property_hash[:ensure] == :present || false |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
138 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
139 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
140 ## |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
141 ## MySQL user properties |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
142 ## |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
143 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
144 # Generates method for all properties of the property_hash |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
145 mk_resource_methods |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
146 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
147 def password_hash=(string) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
148 merged_name = self.class.cmd_user(@resource[:name]) |
389 | 149 plugin = @resource.value(:plugin) |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
150 |
244 | 151 # We have a fact for the mysql version ... |
152 if mysqld_version.nil? | |
153 # default ... if mysqld_version does not work | |
154 self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system') | |
389 | 155 elsif newer_than('mariadb' => '10.1.21') && plugin == 'ed25519' |
156 raise ArgumentError, _('ed25519 hash should be 43 bytes long.') unless string.length == 43 | |
157 # ALTER USER statement is only available upstream starting 10.2 | |
158 # https://mariadb.com/kb/en/mariadb-1020-release-notes/ | |
159 if newer_than('mariadb' => '10.2.0') | |
160 sql = "ALTER USER #{merged_name} IDENTIFIED WITH ed25519 AS '#{string}'" | |
161 else | |
162 concat_name = @resource[:name] | |
163 sql = "UPDATE mysql.user SET password = '', plugin = 'ed25519'" | |
164 sql += ", authentication_string = '#{string}'" | |
165 sql += " where CONCAT(user, '@', host) = '#{concat_name}'; FLUSH PRIVILEGES" | |
166 end | |
167 self.class.mysql_caller(sql, 'system') | |
244 | 168 elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') |
389 | 169 raise ArgumentError, _('Only mysql_native_password (*ABCD...XXX) hashes are supported.') unless %r{^\*|^$}.match?(string) |
244 | 170 self.class.mysql_caller("ALTER USER #{merged_name} IDENTIFIED WITH mysql_native_password AS '#{string}'", 'system') |
171 else | |
172 self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system') | |
173 end | |
174 | |
175 (password_hash == string) ? (return true) : (return false) | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
176 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
177 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
178 def max_user_connections=(int) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
179 merged_name = self.class.cmd_user(@resource[:name]) |
389 | 180 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') |
181 self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_USER_CONNECTIONS #{int}", 'system').chomp | |
182 else | |
183 self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_USER_CONNECTIONS #{int}", 'system').chomp | |
184 end | |
244 | 185 (max_user_connections == int) ? (return true) : (return false) |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
186 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
187 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
188 def max_connections_per_hour=(int) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
189 merged_name = self.class.cmd_user(@resource[:name]) |
389 | 190 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') |
191 self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_CONNECTIONS_PER_HOUR #{int}", 'system').chomp | |
192 else | |
193 self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_CONNECTIONS_PER_HOUR #{int}", 'system').chomp | |
194 end | |
244 | 195 (max_connections_per_hour == int) ? (return true) : (return false) |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
196 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
197 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
198 def max_queries_per_hour=(int) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
199 merged_name = self.class.cmd_user(@resource[:name]) |
389 | 200 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') |
201 self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_QUERIES_PER_HOUR #{int}", 'system').chomp | |
202 else | |
203 self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_QUERIES_PER_HOUR #{int}", 'system').chomp | |
204 end | |
244 | 205 (max_queries_per_hour == int) ? (return true) : (return false) |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
206 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
207 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
208 def max_updates_per_hour=(int) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
209 merged_name = self.class.cmd_user(@resource[:name]) |
389 | 210 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') |
211 self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_UPDATES_PER_HOUR #{int}", 'system').chomp | |
212 else | |
213 self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} WITH MAX_UPDATES_PER_HOUR #{int}", 'system').chomp | |
214 end | |
244 | 215 (max_updates_per_hour == int) ? (return true) : (return false) |
216 end | |
217 | |
218 def plugin=(string) | |
219 merged_name = self.class.cmd_user(@resource[:name]) | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
220 |
389 | 221 if newer_than('mariadb' => '10.1.21') && string == 'ed25519' |
222 if newer_than('mariadb' => '10.2.0') | |
223 sql = "ALTER USER #{merged_name} IDENTIFIED WITH '#{string}' AS '#{@resource[:password_hash]}'" | |
224 else | |
225 concat_name = @resource[:name] | |
226 sql = "UPDATE mysql.user SET password = '', plugin = '#{string}'" | |
227 sql += ", authentication_string = '#{@resource[:password_hash]}'" | |
228 sql += " where CONCAT(user, '@', host) = '#{concat_name}'; FLUSH PRIVILEGES" | |
229 end | |
230 elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') | |
244 | 231 sql = "ALTER USER #{merged_name} IDENTIFIED WITH '#{string}'" |
389 | 232 sql += " AS '#{@resource[:password_hash]}'" if string == 'mysql_native_password' |
244 | 233 else |
234 # See https://bugs.mysql.com/bug.php?id=67449 | |
235 sql = "UPDATE mysql.user SET plugin = '#{string}'" | |
389 | 236 sql += ((string == 'mysql_native_password') ? ", password = '#{@resource[:password_hash]}'" : ", password = ''") |
237 sql += " WHERE CONCAT(user, '@', host) = '#{@resource[:name]}'" | |
244 | 238 end |
239 | |
240 self.class.mysql_caller(sql, 'system') | |
241 (plugin == string) ? (return true) : (return false) | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
242 end |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
243 |
244 | 244 def tls_options=(array) |
245 merged_name = self.class.cmd_user(@resource[:name]) | |
246 merged_tls_options = array.join(' AND ') | |
247 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0') | |
248 self.class.mysql_caller("ALTER USER #{merged_name} REQUIRE #{merged_tls_options}", 'system') | |
249 else | |
250 self.class.mysql_caller("GRANT USAGE ON *.* TO #{merged_name} REQUIRE #{merged_tls_options}", 'system') | |
251 end | |
252 | |
253 (tls_options == array) ? (return true) : (return false) | |
254 end | |
255 | |
256 def self.parse_tls_options(ssl_type, ssl_cipher, x509_issuer, x509_subject) | |
257 if ssl_type == 'ANY' | |
258 ['SSL'] | |
259 elsif ssl_type == 'X509' | |
260 ['X509'] | |
261 elsif ssl_type == 'SPECIFIED' | |
262 options = [] | |
389 | 263 options << "CIPHER '#{ssl_cipher}'" if !ssl_cipher.nil? && !ssl_cipher.empty? |
264 options << "ISSUER '#{x509_issuer}'" if !x509_issuer.nil? && !x509_issuer.empty? | |
265 options << "SUBJECT '#{x509_subject}'" if !x509_subject.nil? && !x509_subject.empty? | |
244 | 266 options |
267 else | |
268 ['NONE'] | |
269 end | |
270 end | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
271 end |