other/Puppet: modules/mysql/lib/puppet/provider/mysql

annotate modules/mysql/lib/puppet/provider/mysql_user/mysql.rb @ 443:c6c9a2cfcfbd

Update MySQL module Fixes a problem with MariaDB and blank certificate paths

author	IBBoard <dev@ibboard.co.uk>
date	Mon, 08 May 2023 11:48:41 +0100
parents	668df4711671
children	adf6fe9bbc17

rev	line source
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	1 # frozen_string_literal: true
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	2
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	3 require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql'))
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	4 Puppet::Type.type(:mysql_user).provide(:mysql, parent: Puppet::Provider::Mysql) do
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	5 desc 'manage users for a mysql database.'
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	6 commands mysql_raw: 'mysql'
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	7
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	8 # Build a property_hash containing all the discovered information about MySQL
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	9 # users.
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 def self.instances
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	11 users = mysql_caller("SELECT CONCAT(User, '@',Host) AS User FROM mysql.user", 'regular').split("\n")
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	12 # To reduce the number of calls to MySQL we collect all the properties in
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	13 # one big swoop.
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	14 users.map do \|name\|
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	15 if mysqld_version.nil?
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	16 ## Default ...
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	17 # rubocop:disable Layout/LineLength
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	18 query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /!50508 , PLUGIN / FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'"
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	19 elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6')
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	20 query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'"
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	21 elsif newer_than('mariadb' => '10.1.21')
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	22 query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD, PLUGIN, AUTHENTICATION_STRING FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'"
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	23 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	24 query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /!50508 , PLUGIN / FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'"
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	25 end
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 @max_user_connections, @max_connections_per_hour, @max_queries_per_hour,
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	27 @max_updates_per_hour, ssl_type, ssl_cipher, x509_issuer, x509_subject,
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	28 @password, @plugin, @authentication_string = mysql_caller(query, 'regular').chomp.split(%r{\t})
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	29 @tls_options = parse_tls_options(ssl_type, ssl_cipher, x509_issuer, x509_subject)
443 c6c9a2cfcfbd Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 389 diff changeset	30 if newer_than('mariadb' => '10.1.21') && (@plugin == 'ed25519' \|\| @plugin == 'mysql_native_password')
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	31 # Some auth plugins (e.g. ed25519) use authentication_string
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	32 # to store password hash or auth information
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	33 @password = @authentication_string
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	34 elsif (newer_than('mariadb' => '10.2.16') && older_than('mariadb' => '10.2.19')) \|\|
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	35 (newer_than('mariadb' => '10.3.8') && older_than('mariadb' => '10.3.11'))
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	36 # Old mariadb 10.2 or 10.3 store password hash in authentication_string
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	37 # https://jira.mariadb.org/browse/MDEV-16238 https://jira.mariadb.org/browse/MDEV-16774
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	38 @password = @authentication_string
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	39 end
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	40 # rubocop:enable Layout/LineLength
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	41 new(name: name,
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	42 ensure: :present,
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	43 password_hash: @password,
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	44 plugin: @plugin,
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	45 max_user_connections: @max_user_connections,
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	46 max_connections_per_hour: @max_connections_per_hour,
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	47 max_queries_per_hour: @max_queries_per_hour,
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	48 max_updates_per_hour: @max_updates_per_hour,
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	49 tls_options: @tls_options)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	52
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	53 # We iterate over each mysql_user entry in the catalog and compare it against
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	54 # the contents of the property_hash generated by self.instances
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	55 def self.prefetch(resources)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	56 users = instances
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	57 # rubocop:disable Lint/AssignmentInCondition
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	58 resources.each_key do \|name\|
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 if provider = users.find { \|user\| user.name == name }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 resources[name].provider = provider
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	62 end
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	63 # rubocop:enable Lint/AssignmentInCondition
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	64 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	65
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	66 def create
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	67 # (MODULES-3539) Allow @ in username
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	68 merged_name = @resource[:name].reverse.sub('@', "'@'").reverse
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	69 password_hash = @resource.value(:password_hash)
26 58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	70 plugin = @resource.value(:plugin)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	71 max_user_connections = @resource.value(:max_user_connections) \|\| 0
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	72 max_connections_per_hour = @resource.value(:max_connections_per_hour) \|\| 0
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	73 max_queries_per_hour = @resource.value(:max_queries_per_hour) \|\| 0
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	74 max_updates_per_hour = @resource.value(:max_updates_per_hour) \|\| 0
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	75 tls_options = @resource.value(:tls_options) \|\| ['NONE']
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	76
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	77 password_hash = password_hash.unwrap if password_hash.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	78
26 58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	79 # Use CREATE USER to be compatible with NO_AUTO_CREATE_USER sql_mode
58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	80 # This is also required if you want to specify a authentication plugin
58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	81 if !plugin.nil?
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	82 if !password_hash.nil?
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	83 self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED WITH '#{plugin}' AS '#{password_hash}'", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	84 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	85 self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED WITH '#{plugin}'", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	86 end
26 58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	87 @property_hash[:ensure] = :present
58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	88 @property_hash[:plugin] = plugin
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	89 elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.1.3')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	90 self.class.mysql_caller("CREATE USER IF NOT EXISTS '#{merged_name}' IDENTIFIED WITH 'mysql_native_password' AS '#{password_hash}'", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	91 @property_hash[:ensure] = :present
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	92 @property_hash[:password_hash] = password_hash
26 58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	93 else
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	94 self.class.mysql_caller("CREATE USER '#{merged_name}' IDENTIFIED BY PASSWORD '#{password_hash}'", 'system')
26 58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	95 @property_hash[:ensure] = :present
58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	96 @property_hash[:password_hash] = password_hash
58d1818c2ded Update MySQL module (which adds "staging" module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	97 end
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	98 # rubocop:disable Layout/LineLength
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	99 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	100 self.class.mysql_caller("ALTER USER IF EXISTS '#{merged_name}' WITH MAX_USER_CONNECTIONS #{max_user_connections} MAX_CONNECTIONS_PER_HOUR #{max_connections_per_hour} MAX_QUERIES_PER_HOUR #{max_queries_per_hour} MAX_UPDATES_PER_HOUR #{max_updates_per_hour}", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	101 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	102 self.class.mysql_caller("GRANT USAGE ON . TO '#{merged_name}' WITH MAX_USER_CONNECTIONS #{max_user_connections} MAX_CONNECTIONS_PER_HOUR #{max_connections_per_hour} MAX_QUERIES_PER_HOUR #{max_queries_per_hour} MAX_UPDATES_PER_HOUR #{max_updates_per_hour}", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	103 end
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	104 # rubocop:enable Layout/LineLength
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	105 @property_hash[:max_user_connections] = max_user_connections
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	106 @property_hash[:max_connections_per_hour] = max_connections_per_hour
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	107 @property_hash[:max_queries_per_hour] = max_queries_per_hour
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	108 @property_hash[:max_updates_per_hour] = max_updates_per_hour
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	109
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	110 merged_tls_options = tls_options.join(' AND ')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	111 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	112 self.class.mysql_caller("ALTER USER '#{merged_name}' REQUIRE #{merged_tls_options}", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	113 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	114 self.class.mysql_caller("GRANT USAGE ON . TO '#{merged_name}' REQUIRE #{merged_tls_options}", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	115 end
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	116 @property_hash[:tls_options] = tls_options
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	117
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	118 exists? ? (return true) : (return false)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	119 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	120
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	121 def destroy
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	122 # (MODULES-3539) Allow @ in username
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	123 merged_name = @resource[:name].reverse.sub('@', "'@'").reverse
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	124 if_exists = if newer_than('mysql' => '5.7', 'percona' => '5.7', 'mariadb' => '10.1.3')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	125 'IF EXISTS '
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	126 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	127 ''
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	128 end
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	129
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	130 self.class.mysql_caller("DROP USER #{if_exists}'#{merged_name}'", 'system')
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	131
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	132 @property_hash.clear
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	133 exists? ? (return false) : (return true)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	134 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	135
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	136 def exists?
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	137 @property_hash[:ensure] == :present \|\| false
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	138 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	139
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	140 ##
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	141 ## MySQL user properties
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	142 ##
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	143
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	144 # Generates method for all properties of the property_hash
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	145 mk_resource_methods
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	146
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	147 def password_hash=(string)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	148 merged_name = self.class.cmd_user(@resource[:name])
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	149 plugin = @resource.value(:plugin)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	150
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	151 # We have a fact for the mysql version ...
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	152 if mysqld_version.nil?
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	153 # default ... if mysqld_version does not work
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	154 self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system')
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	155 elsif newer_than('mariadb' => '10.1.21') && plugin == 'ed25519'
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	156 raise ArgumentError, _('ed25519 hash should be 43 bytes long.') unless string.length == 43
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	157 # ALTER USER statement is only available upstream starting 10.2
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	158 # https://mariadb.com/kb/en/mariadb-1020-release-notes/
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	159 if newer_than('mariadb' => '10.2.0')
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	160 sql = "ALTER USER #{merged_name} IDENTIFIED WITH ed25519 AS '#{string}'"
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	161 else
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	162 concat_name = @resource[:name]
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	163 sql = "UPDATE mysql.user SET password = '', plugin = 'ed25519'"
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	164 sql += ", authentication_string = '#{string}'"
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	165 sql += " where CONCAT(user, '@', host) = '#{concat_name}'; FLUSH PRIVILEGES"
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	166 end
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	167 self.class.mysql_caller(sql, 'system')
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	168 elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0')
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	169 raise ArgumentError, _('Only mysql_native_password (ABCD...XXX) hashes are supported.') unless %r{^\\|^$}.match?(string)
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	170 self.class.mysql_caller("ALTER USER #{merged_name} IDENTIFIED WITH mysql_native_password AS '#{string}'", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	171 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	172 self.class.mysql_caller("SET PASSWORD FOR #{merged_name} = '#{string}'", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	173 end
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	174
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	175 (password_hash == string) ? (return true) : (return false)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	176 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	177
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	178 def max_user_connections=(int)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	179 merged_name = self.class.cmd_user(@resource[:name])
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	180 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0')
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	181 self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_USER_CONNECTIONS #{int}", 'system').chomp
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	182 else
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	183 self.class.mysql_caller("GRANT USAGE ON . TO #{merged_name} WITH MAX_USER_CONNECTIONS #{int}", 'system').chomp
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	184 end
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	185 (max_user_connections == int) ? (return true) : (return false)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	186 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	187
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	188 def max_connections_per_hour=(int)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	189 merged_name = self.class.cmd_user(@resource[:name])
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	190 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0')
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	191 self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_CONNECTIONS_PER_HOUR #{int}", 'system').chomp
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	192 else
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	193 self.class.mysql_caller("GRANT USAGE ON . TO #{merged_name} WITH MAX_CONNECTIONS_PER_HOUR #{int}", 'system').chomp
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	194 end
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	195 (max_connections_per_hour == int) ? (return true) : (return false)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	196 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	197
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	198 def max_queries_per_hour=(int)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	199 merged_name = self.class.cmd_user(@resource[:name])
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	200 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0')
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	201 self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_QUERIES_PER_HOUR #{int}", 'system').chomp
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	202 else
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	203 self.class.mysql_caller("GRANT USAGE ON . TO #{merged_name} WITH MAX_QUERIES_PER_HOUR #{int}", 'system').chomp
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	204 end
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	205 (max_queries_per_hour == int) ? (return true) : (return false)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	206 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	207
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	208 def max_updates_per_hour=(int)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	209 merged_name = self.class.cmd_user(@resource[:name])
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	210 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0')
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	211 self.class.mysql_caller("ALTER USER #{merged_name} WITH MAX_UPDATES_PER_HOUR #{int}", 'system').chomp
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	212 else
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	213 self.class.mysql_caller("GRANT USAGE ON . TO #{merged_name} WITH MAX_UPDATES_PER_HOUR #{int}", 'system').chomp
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	214 end
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	215 (max_updates_per_hour == int) ? (return true) : (return false)
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	216 end
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	217
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	218 def plugin=(string)
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	219 merged_name = self.class.cmd_user(@resource[:name])
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	220
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	221 if newer_than('mariadb' => '10.1.21') && string == 'ed25519'
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	222 if newer_than('mariadb' => '10.2.0')
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	223 sql = "ALTER USER #{merged_name} IDENTIFIED WITH '#{string}' AS '#{@resource[:password_hash]}'"
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	224 else
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	225 concat_name = @resource[:name]
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	226 sql = "UPDATE mysql.user SET password = '', plugin = '#{string}'"
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	227 sql += ", authentication_string = '#{@resource[:password_hash]}'"
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	228 sql += " where CONCAT(user, '@', host) = '#{concat_name}'; FLUSH PRIVILEGES"
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	229 end
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	230 elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0')
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	231 sql = "ALTER USER #{merged_name} IDENTIFIED WITH '#{string}'"
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	232 sql += " AS '#{@resource[:password_hash]}'" if string == 'mysql_native_password'
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	233 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	234 # See https://bugs.mysql.com/bug.php?id=67449
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	235 sql = "UPDATE mysql.user SET plugin = '#{string}'"
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	236 sql += ((string == 'mysql_native_password') ? ", password = '#{@resource[:password_hash]}'" : ", password = ''")
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	237 sql += " WHERE CONCAT(user, '@', host) = '#{@resource[:name]}'"
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	238 end
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	239
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	240 self.class.mysql_caller(sql, 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	241 (plugin == string) ? (return true) : (return false)
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	242 end
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	243
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	244 def tls_options=(array)
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	245 merged_name = self.class.cmd_user(@resource[:name])
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	246 merged_tls_options = array.join(' AND ')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	247 if newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.0')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	248 self.class.mysql_caller("ALTER USER #{merged_name} REQUIRE #{merged_tls_options}", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	249 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	250 self.class.mysql_caller("GRANT USAGE ON . TO #{merged_name} REQUIRE #{merged_tls_options}", 'system')
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	251 end
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	252
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	253 (tls_options == array) ? (return true) : (return false)
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	254 end
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	255
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	256 def self.parse_tls_options(ssl_type, ssl_cipher, x509_issuer, x509_subject)
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	257 if ssl_type == 'ANY'
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	258 ['SSL']
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	259 elsif ssl_type == 'X509'
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	260 ['X509']
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	261 elsif ssl_type == 'SPECIFIED'
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	262 options = []
389 668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	263 options << "CIPHER '#{ssl_cipher}'" if !ssl_cipher.nil? && !ssl_cipher.empty?
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	264 options << "ISSUER '#{x509_issuer}'" if !x509_issuer.nil? && !x509_issuer.empty?
668df4711671 Update MySQL modules IBBoard <dev@ibboard.co.uk> parents: 244 diff changeset	265 options << "SUBJECT '#{x509_subject}'" if !x509_subject.nil? && !x509_subject.empty?
244 48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	266 options
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	267 else
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	268 ['NONE']
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	269 end
48d3a1948e4d Update MySQL module IBBoard <dev@ibboard.co.uk> parents: 26 diff changeset	270 end
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	271 end

Mercurial > repos > other > Puppet

annotate modules/mysql/lib/puppet/provider/mysql_user/mysql.rb @ 443:c6c9a2cfcfbd