Merge pull request #1284 from unki/adapt-group-owner-of-config-file

michaeltlombardi · web-flow · commit 4750787027df · 2020-03-05T09:48:33.000-06:00
Allow changing the mysql-config-file group-ownership
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -96,6 +96,8 @@
       $datadir                 = '/var/lib/mysql'
       $root_group              = 'root'
       $mysql_group             = 'mysql'
+      $mycnf_owner             = undef
+      $mycnf_group             = undef
       $socket                  = '/var/lib/mysql/mysql.sock'
       $ssl_ca                  = '/etc/mysql/cacert.pem'
       $ssl_cert                = '/etc/mysql/server-cert.pem'
@@ -152,6 +154,8 @@
       }
       $root_group          = 'root'
       $mysql_group         = 'mysql'
+      $mycnf_owner         = undef
+      $mycnf_group         = undef
       $server_service_name = 'mysql'
 
       if $::operatingsystem =~ /(SLES|SLED)/ {
@@ -209,6 +213,8 @@
       $pidfile                 = '/var/run/mysqld/mysqld.pid'
       $root_group              = 'root'
       $mysql_group             = 'adm'
+      $mycnf_owner             = undef
+      $mycnf_group             = undef
       $socket                  = '/var/run/mysqld/mysqld.sock'
       $ssl_ca                  = '/etc/mysql/cacert.pem'
       $ssl_cert                = '/etc/mysql/server-cert.pem'
@@ -253,6 +259,8 @@
       $pidfile                 = '/var/run/mysqld/mysqld.pid'
       $root_group              = 'root'
       $mysql_group             = 'mysql'
+      $mycnf_owner             = undef
+      $mycnf_group             = undef
       $server_service_name     = 'mysqld'
       $socket                  = '/var/lib/mysql/mysql.sock'
       $ssl_ca                  = '/etc/mysql/cacert.pem'
@@ -278,6 +286,8 @@
       $pidfile             = '/run/mysqld/mysqld.pid'
       $root_group          = 'root'
       $mysql_group         = 'mysql'
+      $mycnf_owner         = undef
+      $mycnf_group         = undef
       $server_service_name = 'mysql'
       $socket              = '/run/mysqld/mysqld.sock'
       $ssl_ca              = '/etc/mysql/cacert.pem'
@@ -303,6 +313,8 @@
       $pidfile             = '/var/run/mysql.pid'
       $root_group          = 'wheel'
       $mysql_group         = 'mysql'
+      $mycnf_owner         = undef
+      $mycnf_group         = undef
       $server_service_name = 'mysql-server'
       $socket              = '/var/db/mysql/mysql.sock'
       $ssl_ca              = undef
@@ -331,6 +343,8 @@
       $pidfile             = '/var/mysql/mysql.pid'
       $root_group          = 'wheel'
       $mysql_group         = '_mysql'
+      $mycnf_owner         = undef
+      $mycnf_group         = undef
       $server_service_name = 'mysqld'
       $socket              = '/var/run/mysql/mysql.sock'
       $ssl_ca              = undef
@@ -386,6 +400,8 @@
           $pidfile             = '/run/mysqld/mysqld.pid'
           $root_group          = 'root'
           $mysql_group         = 'mysql'
+          $mycnf_owner         = undef
+          $mycnf_group         = undef
           $server_service_name = 'mariadb'
           $socket              = '/run/mysqld/mysqld.sock'
           $ssl_ca              = '/etc/mysql/cacert.pem'
@@ -411,6 +427,8 @@
           $pidfile             = '/var/run/mysqld/mysqld.pid'
           $root_group          = 'root'
           $mysql_group         = 'mysql'
+          $mycnf_owner         = undef
+          $mycnf_group         = undef
           $server_service_name = 'mysqld'
           $socket              = '/var/lib/mysql/mysql.sock'
           $ssl_ca              = '/etc/mysql/cacert.pem'
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -41,6 +41,10 @@
 #   The name of the group used for root. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group).
 # @param mysql_group
 #   The name of the group of the MySQL daemon user. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group).
+# @param mycnf_owner
+#   Name or user-id who owns the mysql-config-file.
+# @param mycnf_group
+#   Name or group-id which owns the mysql-config-file.
 # @param root_password
 #   The MySQL root password. Puppet attempts to set the root password and update `/root/.my.cnf` with it. This is required if `create_root_user` or `create_root_my_cnf` are true. If `root_password` is 'UNSET', then `create_root_user` and `create_root_my_cnf` are assumed to be false --- that is, the MySQL root user and `/root/.my.cnf` are not created. Password changes are supported; however, the old password must be set in `/root/.my.cnf`. Effectively, Puppet uses the old password, configured in `/root/my.cnf`, to set the new password in MySQL, and then updates `/root/.my.cnf` with the new password.
 # @param service_enabled
@@ -85,6 +89,8 @@
                   $restart                 = $mysql::params::restart,
                   $root_group              = $mysql::params::root_group,
                   $mysql_group             = $mysql::params::mysql_group,
+                  $mycnf_owner             = $mysql::params::mycnf_owner,
+                  $mycnf_group             = $mysql::params::mycnf_group,
                   $root_password           = $mysql::params::root_password,
                   $service_enabled         = $mysql::params::server_service_enabled,
                   $service_manage          = $mysql::params::server_service_manage,
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
@@ -38,6 +38,8 @@
       path                    => $mysql::server::config_file,
       content                 => template('mysql/my.cnf.erb'),
       mode                    => $mysql::server::config_file_mode,
+      owner                   => $mysql::server::mycnf_owner,
+      group                   => $mysql::server::mycnf_group,
       selinux_ignore_defaults => true,
     }
 
diff --git a/spec/classes/mycnf_template_spec.rb b/spec/classes/mycnf_template_spec.rb
@@ -128,6 +128,37 @@
           is_expected.to contain_file('mysql-config-file').with(mode: '0600')
         end
       end
+
+      context 'user owner 12345' do
+        let(:params) { { 'mycnf_owner' => '12345' } }
+
+        it do
+          is_expected.to contain_file('mysql-config-file').with(
+            owner: '12345',
+          )
+        end
+      end
+
+      context 'group owner 12345' do
+        let(:params) { { 'mycnf_group' => '12345' } }
+
+        it do
+          is_expected.to contain_file('mysql-config-file').with(
+            group: '12345',
+          )
+        end
+      end
+
+      context 'user and group owner 12345' do
+        let(:params) { { 'mycnf_owner' => '12345', 'mycnf_group' => '12345' } }
+
+        it do
+          is_expected.to contain_file('mysql-config-file').with(
+            owner: '12345',
+            group: '12345',
+          )
+        end
+      end
     end
   end
 end

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,8 @@`
`38`	`38`	`path => $mysql::server::config_file,`
`39`	`39`	`content => template('mysql/my.cnf.erb'),`
`40`	`40`	`mode => $mysql::server::config_file_mode,`
	`41`	`+ owner => $mysql::server::mycnf_owner,`
	`42`	`+ group => $mysql::server::mycnf_group,`
`41`	`43`	`selinux_ignore_defaults => true,`
`42`	`44`	`}`
`43`	`45`