Hi all,
last night I wrote some of the worst code I have written in a while. I
am literally proud of the amount of shame I feel for messing with code
this badly. Naturally, waking up on Monday morning the bad code
hangover is severe, but I don''t quite see how this could be improved.
That''s where you boys and girls come in (hopefully ;) ).
What I want: pass a normal MySQL style string of mysql permissions and
check for each of those and grant it if needed. The code I have now
works, behold..
# Grant a mysql user permissions to a database
#
define mariadb::user::dummyloop($dbname, $grantoption, $isgrantable, $username,
$pw, $real_admin_pass, $dbhost, $host_to_grant){
$grant_ = regsubst($name, ''___'', '''',
''G'')
$grant_parts = split($grant_, ''__'')
$grant = $grant_parts[3]
if ($dbname == ''*'') {
$real_dbname = "*.*"
$privilege_check_query = "select count(*) from
information_schema.USER_PRIVILEGES where
GRANTEE=\\\"''${username}''@''${host_to_grant}''\\\"
and
PRIVILEGE_TYPE=\\\"${grant}\\\" and
IS_GRANTABLE=\\\"${isgrantable}\\\""
} else {
$real_dbname = "`${dbname}`.*"
$privilege_check_query = "select count(*) from
information_schema.SCHEMA_PRIVILEGES where
TABLE_SCHEMA=\\\"''${dbname}''\\\"
GRANTEE=\\\"''${username}''@''${host_to_grant}''\\\"
and
PRIVILEGE_TYPE=\\\"${grant}\\\" and
IS_GRANTABLE=\\\"${isgrantable}\\\""
}
exec {
"create-grant-${name}-${username}-${host_to_grant}-${dbhost}":
command => "/usr/bin/mysql -h${dbhost}
-u${mariadb::params::admin_user} ${real_admin_pass} -e ''grant ${grant}
on ${real_dbname} to `${username}`@`${host_to_grant}` identified by
\"${pw}\" ${grantoption}''",
path => "/bin:/usr/bin",
onlyif => "[ `/usr/bin/mysql -h${dbhost}
-u${mariadb::params::admin_user} ${real_admin_pass} -BN -e
\"${privilege_check_query}\"` -eq 0 ]",
require => Package[$mariadb::params::packagename_client]
}
}
# Usage: mariadb::user { "dbname": "username" }
define mariadb::user ($username, $pw, $dbname, $grants = ''all
privileges'',
$host_to_grant = ''%'', $dbhost =
''localhost'', $withgrants = false) {
include mariadb::params
if $withgrants {
$grantoption = '' with grant option''
$isgrantable = ''YES''
} else {
$grantoption = ''''
$isgrantable = ''NO''
}
if ($mariadb::params::admin_pass == '''') {
$real_admin_pass = ''''
} else {
$real_admin_pass =
"-p\"${mariadb::params::admin_pass}\""
}
# This is some very nasty puppet stunts to make it possible to run
through a string of grants
# First we surround every grant by triple underscores, then prefix
it with host, databasename and username so the $name variable of the
dummyloop stays unique
#replace all spaces by underscores
#$grants = ''INSERT, DELETE''
$grants_ = regsubst($grants, ''\s*,\s*'',
"___,___${dbhost}__${dbname}__${username}__", ''G'')
#$grants_ = ''INSERT__,__DELETE''
$grants__ = "___${dbhost}__${dbname}__${username}__${grants_}___"
#$grants__ = "__localhost_zabbix_zabbixuser_INSERT__,__DELETE__
# split the grants by comma into an array
$grants_array = split($grants__,'','')
#$grants_array
# call dummy loop with the array in order to check/create all desired grants
mariadb::user::dummyloop{ $grants_array:
dbname => $dbname,
grantoption => $grantoption,
isgrantable => $isgrantable,
username => $username,
pw => $pw,
real_admin_pass => $real_admin_pass,
dbhost => $dbhost,
host_to_grant => $host_to_grant
}
}
Better ways are more then welcome (or a decent implementation to loop
through arrays in puppet ;) )
kind regards,
--
Walter Heck
--
follow @walterheck on twitter to see what I''m up to!
--
Check out my new startup: Server Monitoring as a Service @ http://tribily.com
Follow @tribily on Twitter and/or ''Like'' our Facebook page at
http://www.facebook.com/tribily
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.