(MODULES-1550) add new Feature MySQL login paths for Mysql Community Server > 5.6.6

Author: andreas-stuerz

.sync.yml

@@ -36,6 +36,7 @@ Gemfile:
       git: https://github.com/skywinder/github-changelog-generator
       ref: 20ee04ba1234e9e83eb2ffb5056e23d641c7a018
       condition: Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')
+    - gem: puppet-resource_api
 Rakefile:
   requires:
   - puppet_pot_generator/rake_tasks

Gemfile

@@ -32,6 +32,7 @@ group :development do
   gem "github_changelog_generator",                              require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')
   gem 'ed25519', '>= 1.2', '< 2.0'
   gem 'bcrypt_pbkdf', '>= 1.0', '< 2.0'
+  gem "puppet-resource_api",                                     require: false
 end
 
 puppet_version = ENV['PUPPET_GEM_VERSION']

README.md

@@ -184,6 +184,36 @@ mysql::db { 'mydb':
 
 If required, the password can also be an empty string to allow connections without an password.
 
+### Create login paths
+
+This feature works only for the MySQL Community Edition >= 5.6.6.
+
+A login path is a set of options (host, user, password, port and socket) that specify which MySQL server to connect to and which account to authenticate as. The authentication credentials and the other options are stored in an encrypted login file named .mylogin.cnf typically under the users home directory.
+
+More information about MySQL login paths: https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html.
+
+Some example for login paths: 
+```puppet
+mysql_login_path { 'client':
+  owner    => root,
+  host     => 'localhost',
+  user     => 'root',
+  password => Sensitive('secure'),
+  socket   => '/var/run/mysqld/mysqld.sock',
+  ensure   => present,
+}
+
+mysql_login_path { 'remote_db':
+  owner    => root,
+  host     => '10.0.0.1',
+  user     => 'network',
+  password => Sensitive('secure'),
+  port     => 3306,
+  ensure   => present,
+}
+```
+See examples/mysql_login_path.pp for further examples.
+
 ### Install Percona server on CentOS
 
 This example shows how to do a minimal installation of a Percona server on a
@@ -613,3 +643,4 @@ This module is based on work by David Schmitt. The following contributors have c
 * Daniël van Eeden
 * Jan-Otto Kröpke
 * Timothy Sven Nelson
+* Andreas Stürz

REFERENCE.md

@@ -46,6 +46,7 @@ _Private Classes_
 _Public Resource types_
 
 * [`mysql_grant`](#mysql_grant): @summary Manage a MySQL user's rights.
+* [`mysql_login_path`](#mysql_login_path): Manage a MySQL login path.
 * [`mysql_plugin`](#mysql_plugin): Manage MySQL plugins.
 * [`mysql_user`](#mysql_user): @summary Manage a MySQL user. This includes management of users password as well as privileges.
 
@@ -56,6 +57,7 @@ _Private Resource types_
 
 **Functions**
 
+* [`mysql::mysql_password`](#mysqlmysql_password): @summary
 * [`mysql::normalise_and_deepmerge`](#mysqlnormalise_and_deepmerge): Recursively merges two or more hashes together, normalises keys with differing use of dashesh and underscores,
 then returns the resulting hash.
 * [`mysql::password`](#mysqlpassword): Hash a string as mysql's "PASSWORD()" function would do it
@@ -66,6 +68,10 @@ then returns the resulting hash.
 
 * [`Mysql::Options`](#mysqloptions): 
 
+**Data types**
+
+* [`Mysql::Options`](#mysqloptions): 
+
 **Tasks**
 
 * [`export`](#export): Allows you to backup your database to local file.
@@ -1157,6 +1163,100 @@ namevar
 
 Name to describe the grant.
 
+### mysql_login_path
+
+This type provides Puppet with the capabilities to store authentication credentials in an obfuscated login path file
+named .mylogin.cnf created with the mysql_config_editor utility. Supports only MySQL Community Edition > v5.6.6.
+
+* **See also**
+https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html
+
+#### Examples
+
+##### 
+
+```puppet
+mysql_login_path { 'local_socket':
+  owner    => 'root',
+  host     => 'localhost',
+  user     => 'root',
+  password => Sensitive('secure'),
+  socket   => '/var/run/mysql/mysql.sock',
+  ensure   => present,
+}
+
+mysql_login_path { 'local_tcp':
+  owner    => 'root',
+  host     => '127.0.0.1',
+  user     => 'root',
+  password => Sensitive('more_secure'),
+  port     => 3306,
+  ensure   => present,
+}
+```
+
+#### Properties
+
+The following properties are available in the `mysql_login_path` type.
+
+##### `ensure`
+
+Data type: `Enum[present, absent]`
+
+Whether this resource should be present or absent on the target system.
+
+##### `host`
+
+Data type: `Optional[String]`
+
+Host name to be entered into the login path.
+
+##### `user`
+
+Data type: `Optional[String]`
+
+Username to be entered into the login path.
+
+##### `password`
+
+Data type: `Optional[Sensitive[String[1]]]`
+
+Password to be entered into login path
+
+##### `socket`
+
+Data type: `Optional[String]`
+
+Socket path to be entered into login path
+
+##### `port`
+
+Data type: `Optional[Integer[0,65535]]`
+
+Port number to be entered into login path.
+
+#### Parameters
+
+The following parameters are available in the `mysql_login_path` type.
+
+##### `name`
+
+namevar
+
+Data type: `String`
+
+Name of the login path you want to manage.
+
+##### `owner`
+
+namevar
+
+Data type: `String`
+
+The user to whom the logon path should belong.
+
+Default value: root
+
 ### mysql_plugin
 
 Manage MySQL plugins.
@@ -1268,6 +1368,37 @@ The name of the user. This uses the 'username@hostname' or username@hostname.
 
 ## Functions
 
+### mysql::mysql_password
+
+Type: Ruby 4.x API
+
+---- original file header ----
+
+     Hash a string as mysql's "PASSWORD()" function would do it
+
+   @param [String] password Plain text password.
+
+   @return [String] the mysql password hash from the clear text password.
+
+#### `mysql::mysql_password(Any *$args)`
+
+---- original file header ----
+
+     Hash a string as mysql's "PASSWORD()" function would do it
+
+   @param [String] password Plain text password.
+
+   @return [String] the mysql password hash from the clear text password.
+
+Returns: `Data type` Describe what the function returns here
+
+##### `*args`
+
+Data type: `Any`
+
+The original array of arguments. Port this to individually managed params
+to get the full benefit of the modern function API.
+
 ### mysql::normalise_and_deepmerge
 
 Type: Ruby 4.x API

examples/mysql_login_path.pp

@@ -0,0 +1,68 @@
+# Debian MySQL Commiunity Server 8.0
+include apt
+apt::source { 'repo.mysql.com':
+  location => 'http://repo.mysql.com/apt/debian',
+  release  => $::lsbdistcodename,
+  repos    => 'mysql-8.0',
+  key      => {
+    id     => 'A4A9406876FCBD3C456770C88C718D3B5072E1F5',
+    server => 'hkp://keyserver.ubuntu.com:80',
+  },
+  include  => {
+    src => false,
+    deb => true,
+  },
+  notify   => Exec['apt-get update']
+}
+exec { 'apt-get update':
+  path        => '/usr/bin:/usr/sbin:/bin:/sbin',
+  refreshonly => true,
+}
+
+$root_pw = 'password'
+class { '::mysql::server':
+  root_password      => $root_pw,
+  service_name       => 'mysql',
+  package_name       => 'mysql-community-server',
+  create_root_my_cnf => false,
+  require            => [
+    Apt::Source['repo.mysql.com'],
+    Exec['apt-get update']
+  ],
+  notify             => Mysql_login_path['client']
+}
+
+class { '::mysql::client':
+  package_manage => false,
+  package_name   => 'mysql-community-client',
+  require        => Class['::mysql::server'],
+}
+
+mysql_login_path { 'client':
+  ensure   => present,
+  host     => 'localhost',
+  user     => 'root',
+  password => Sensitive($root_pw),
+  socket   => '/var/run/mysqld/mysqld.sock',
+  owner    => root,
+}
+
+mysql_login_path { 'local_dan':
+  ensure   => present,
+  host     => '127.0.0.1',
+  user     => 'dan',
+  password => Sensitive('blah'),
+  port     => 3306,
+  owner    => root,
+  require  => Class['::mysql::server'],
+}
+
+mysql_user { 'dan@localhost':
+  ensure        => present,
+  password_hash => mysql::password('blah'),
+  require       => Mysql_login_path['client'],
+}
+
+
+
+