Merge pull request puppetlabs#530 from spil-jaak/bug/master/ignore_users_wo_grants_when_granting

igalic · igalic · commit f6e427c730ba · 2014-06-17T13:54:30.000+02:00
Change grant provider to ignore grants for non existing users.
diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb
@@ -8,7 +8,20 @@ def self.instances
     users.select{ |user| user =~ /.+@/ }.collect do |user|
       user_string = self.cmd_user(user)
       query = "SHOW GRANTS FOR #{user_string};"
-      grants = mysql([defaults_file, "-NBe", query].compact)
+      begin
+        grants = mysql([defaults_file, "-NBe", query].compact)
+      rescue Puppet::ExecutionFailure => e
+        # Silently ignore users with no grants. Can happen e.g. if user is
+        # defined with fqdn and server is run with skip-name-resolve. Example:
+        # Default root user created by mysql_install_db on a host with fqdn
+        # of myhost.mydomain.my: root@myhost.mydomain.my, when MySQL is started
+        # with --skip-name-resolve.
+        if e.inspect =~ /There is no such grant defined for user/
+          next
+        else
+          raise Puppet::Error, "#mysql had an error ->  #{e.inspect}"
+        end
+      end
       # Once we have the list of grants generate entries for each.
       grants.each_line do |grant|
         # Match the munges we do in the type.
diff --git a/spec/acceptance/types/mysql_grant_spec.rb b/spec/acceptance/types/mysql_grant_spec.rb
@@ -320,4 +320,82 @@ class { 'mysql::server': }
       end
     end
   end
+
+  describe 'grants with skip-name-resolve specified' do
+    it 'setup mysql::server' do
+      pp = <<-EOS
+        class { 'mysql::server':
+          override_options => {
+            'mysqld' => {'skip-name-resolve' => true}
+          },
+          restart          => true,
+        }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    it 'should apply' do
+      pp = <<-EOS
+        mysql_grant { 'test@fqdn.com/test.*':
+          ensure     => 'present',
+          table      => 'test.*',
+          user       => 'test@fqdn.com',
+          privileges => 'ALL',
+        }
+        mysql_grant { 'test@192.168.5.7/test.*':
+          ensure     => 'present',
+          table      => 'test.*',
+          user       => 'test@192.168.5.7',
+          privileges => 'ALL',
+        }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    it 'should have skip_name_resolve set' do
+      shell("mysql -NBe 'select @@skip_name_resolve'") do |r|
+        expect(r.stdout).to match(/1/)
+        expect(r.stderr).to be_empty
+      end
+    end
+
+    it 'should fail with fqdn' do
+      expect(shell("mysql -NBe \"SHOW GRANTS FOR test@fqdn.com\"", { :acceptable_exit_codes => 1}).stderr).to match(/There is no such grant defined for user 'test' on host 'fqdn.com'/)
+    end
+    it 'finds ipv4' do
+      shell("mysql -NBe \"SHOW GRANTS FOR 'test'@'192.168.5.7'\"") do |r|
+        expect(r.stdout).to match(/GRANT ALL PRIVILEGES ON `test`.* TO 'test'@'192.168.5.7'/)
+        expect(r.stderr).to be_empty
+      end
+    end
+
+    it 'should fail to execute while applying' do
+      pp = <<-EOS
+        mysql_grant { 'test@fqdn.com/test.*':
+          ensure     => 'present',
+          table      => 'test.*',
+          user       => 'test@fqdn.com',
+          privileges => 'ALL',
+        }
+      EOS
+
+      mysql_cmd = shell('which mysql').stdout.chomp
+      shell("mv #{mysql_cmd} #{mysql_cmd}.bak")
+      expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/Command mysql is missing/)
+      shell("mv #{mysql_cmd}.bak #{mysql_cmd}")
+    end
+
+    it 'reset mysql::server config' do
+      pp = <<-EOS
+        class { 'mysql::server':
+          restart          => true,
+        }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+    end
+  end
+
 end
