kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Downgrade mysql cookbook for now

Browse Source 
It doesn't play well with our current dev server setup
This commit is contained in:
Greg Karékinian
2017-06-16 22:43:51 +02:00
parent e39792ea36
commit bdfb3a1afb
398 changed files with 12716 additions and 10889 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
cookbooks/database/libraries/hashed_password.rb Normal file
View File

@@ -0,0 +1,50 @@
#
# Author:: Maksim Horbul (<max@gorbul.net>)
# Cookbook Name:: database
# Library:: hashed_password
#
# Copyright:: 2016 Eligible, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require File.join(File.dirname(__FILE__), 'resource_mysql_database_user')
require File.join(File.dirname(__FILE__), 'resource_postgresql_database_user')
class HashedPassword
# Initializes an object of the MysqlPassword type
# @param [String] hashed_password mysql native hashed password
# @return [MysqlPassword]
def initialize(hashed_password)
@hashed_password = hashed_password
end
# String representation of the object
# @return [String] hashed password string
def to_s
@hashed_password
end
module Helpers
# helper method wrappers the string into a MysqlPassword object
# @param [String] hashed_password mysql native hashed password
# @return [MysqlPassword] object
def hashed_password(hashed_password)
HashedPassword.new hashed_password
end
# For backward compatibility, because method was renamed
alias_method :mysql_hashed_password, :hashed_password
end
end
::Chef::Resource::MysqlDatabaseUser.send(:include, HashedPassword::Helpers)
::Chef::Resource::PostgresqlDatabaseUser.send(:include, HashedPassword::Helpers)

41
cookbooks/database/libraries/matchers.rb
View File

@@ -3,7 +3,7 @@
# Cookbook Name:: database
# Library:: matchers
#
# Copyright 2014, Chef Software, Inc.
# Copyright:: 2014-2016 Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,6 +21,8 @@
if defined?(ChefSpec)
# database
#
ChefSpec.define_matcher :database
def create_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:database, :create, resource_name)
end
@@ -35,6 +37,8 @@ if defined?(ChefSpec)
# database user
#
ChefSpec.define_matcher :database_user
def create_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:database_user, :create, resource_name)
end
@@ -49,6 +53,8 @@ if defined?(ChefSpec)
# mysql database
#
ChefSpec.define_matcher :mysql_database
def create_mysql_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_database, :create, resource_name)
end
@@ -63,6 +69,8 @@ if defined?(ChefSpec)
# mysql database user
#
ChefSpec.define_matcher :mysql_database_user
def create_mysql_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:mysql_database_user, :create, resource_name)
end
@@ -77,6 +85,8 @@ if defined?(ChefSpec)
# postgresql database
#
ChefSpec.define_matcher :postgresql_database
def create_postgresql_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:postgresql_database, :create, resource_name)
end
@@ -91,6 +101,8 @@ if defined?(ChefSpec)
# postgresql database schema
#
ChefSpec.define_matcher :postgresql_database_schema
def create_postgresql_database_schema(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:postgresql_database_schema, :create, resource_name)
end
@@ -101,6 +113,8 @@ if defined?(ChefSpec)
# postgresql database user
#
ChefSpec.define_matcher :postgresql_database_user
def create_postgresql_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:postgresql_database_user, :create, resource_name)
end
@@ -119,20 +133,24 @@ if defined?(ChefSpec)
# sql server database
#
ChefSpec.define_matcher :sql_server_database
def create_sql_server_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database, :create, resource_name)
end
def drop_database(resource_name)
def drop_sql_server_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database, :drop, resource_name)
end
def query_database(resource_name)
def query_sql_server_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database, :query, resource_name)
end
# sql server database user
#
ChefSpec.define_matcher :sql_server_database_user
def create_sql_server_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database_user, :create, resource_name)
end
@@ -148,4 +166,21 @@ if defined?(ChefSpec)
def alter_roles_sql_server_database_user(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sql_server_database_user, :alter_roles, resource_name)
end
# sqlite server database
#
ChefSpec.define_matcher :sqlite_database
def create_sqlite_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sqlite_database, :create, resource_name)
end
def query_sqlite_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sqlite_database, :query, resource_name)
end
def drop_sqlite_database(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:sqlite_database, :drop, resource_name)
end
end

18
cookbooks/database/libraries/provider_database_mysql.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Sean OMeara (<sean@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Author:: Sean OMeara (<sean@sean.io>)
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ class Chef
class Provider
class Database
class Mysql < Chef::Provider::LWRPBase
use_inline_resources if defined?(use_inline_resources)
use_inline_resources
def whyrun_supported?
true
@@ -107,7 +107,9 @@ class Chef
socket: new_resource.connection[:socket],
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port]
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group]
)
end
@@ -125,7 +127,9 @@ class Chef
socket: new_resource.connection[:socket],
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port]
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group]
)
end
@@ -144,13 +148,15 @@ class Chef
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group],
flags: new_resource.connection[:flags],
database: new_resource.database_name
)
end
def close_query_client
@query_client.close
@query_client.close if @query_client
rescue Mysql2::Error
@query_client = nil
end

272
cookbooks/database/libraries/provider_database_mysql_user.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Sean OMeara (<sean@chef.io>)
# Copyright:: 2011-2015 Chef Software, Inc.
# Author:: Sean OMeara (<sean@sean.io>)
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,7 +23,7 @@ class Chef
class Provider
class Database
class MysqlUser < Chef::Provider::Database::Mysql
use_inline_resources if defined?(use_inline_resources)
use_inline_resources
def whyrun_supported?
true
@@ -38,6 +38,8 @@ class Chef
test_sql_results.each do |r|
user_present = true if r['User'] == new_resource.username
end
password_up_to_date = !user_present || test_user_password
ensure
close_test_client
end
@@ -47,13 +49,22 @@ class Chef
converge_by "Creating user '#{new_resource.username}'@'#{new_resource.host}'" do
begin
repair_sql = "CREATE USER '#{new_resource.username}'@'#{new_resource.host}'"
repair_sql += " IDENTIFIED BY '#{new_resource.password}'" if new_resource.password
if new_resource.password
repair_sql += ' IDENTIFIED BY '
repair_sql += if new_resource.password.is_a?(HashedPassword)
" PASSWORD '#{new_resource.password}'"
else
" '#{new_resource.password}'"
end
end
repair_client.query(repair_sql)
ensure
close_repair_client
end
end
end
update_user_password unless password_up_to_date
end
action :drop do
@@ -89,12 +100,113 @@ class Chef
action :grant do
# gratuitous function
def ishash?
return true if (/(\A\*[0-9A-F]{40}\z)/i).match(new_resource.password)
return true if /(\A\*[0-9A-F]{40}\z)/i =~ new_resource.password
end
db_name = new_resource.database_name ? "`#{new_resource.database_name}`" : '*'
tbl_name = new_resource.table ? new_resource.table : '*'
test_table = new_resource.database_name ? 'mysql.db' : 'mysql.user'
test_table = new_resource.database_name ? 'mysql.db' : 'mysql.user'
# Test
incorrect_privs = nil
begin
test_sql = "SELECT * from #{test_table}"
test_sql += " WHERE User='#{new_resource.username}'"
test_sql += " AND Host='#{new_resource.host}'"
test_sql += " AND Db='#{new_resource.database_name}'" if new_resource.database_name
test_sql_results = test_client.query test_sql
incorrect_privs = true if test_sql_results.size == 0
# These should all be 'Y'
test_sql_results.each do |r|
desired_privs.each do |p|
key = p.to_s.capitalize.tr(' ', '_').gsub('Replication_', 'Repl_').gsub('Create_temporary_tables', 'Create_tmp_table').gsub('Show_databases', 'Show_db')
key = "#{key}_priv"
incorrect_privs = true if r[key] != 'Y'
end
end
password_up_to_date = incorrect_privs || test_user_password
ensure
close_test_client
end
# Repair
if incorrect_privs
converge_by "Granting privs for '#{new_resource.username}'@'#{new_resource.host}'" do
begin
repair_sql = "GRANT #{new_resource.privileges.join(',')}"
repair_sql += " ON #{db_name}.#{tbl_name}"
repair_sql += " TO '#{new_resource.username}'@'#{new_resource.host}' IDENTIFIED BY"
repair_sql += if new_resource.password.is_a?(HashedPassword)
" PASSWORD '#{new_resource.password}'"
else
" '#{new_resource.password}'"
end
repair_sql += ' REQUIRE SSL' if new_resource.require_ssl
repair_sql += ' REQUIRE X509' if new_resource.require_x509
repair_sql += ' WITH GRANT OPTION' if new_resource.grant_option
Chef::Log.info("#{@new_resource}: granting with sql [#{repair_sql}]")
repair_client.query(repair_sql)
repair_client.query('FLUSH PRIVILEGES')
ensure
close_repair_client
end
end
else
# The grants are correct, but perhaps the password needs updating?
update_user_password unless password_up_to_date
end
end
action :revoke do
db_name = new_resource.database_name ? "`#{new_resource.database_name}`" : '*'
tbl_name = new_resource.table ? new_resource.table : '*'
test_table = new_resource.database_name ? 'mysql.db' : 'mysql.user'
privs_to_revoke = []
begin
test_sql = "SELECT * from #{test_table}"
test_sql += " WHERE User='#{new_resource.username}'"
test_sql += " AND Host='#{new_resource.host}'"
test_sql += " AND Db='#{new_resource.database_name}'" if new_resource.database_name
test_sql_results = test_client.query test_sql
# These should all be 'N'
test_sql_results.each do |r|
desired_privs.each do |p|
key = p.to_s.capitalize.tr(' ', '_').gsub('Replication_', 'Repl_').gsub('Create_temporary_tables', 'Create_tmp_table').gsub('Show_databases', 'Show_db')
key = "#{key}_priv"
privs_to_revoke << revokify_key(p) if r[key] != 'N'
end
end
ensure
close_test_client
end
# Repair
unless privs_to_revoke.empty?
converge_by "Granting privs for '#{new_resource.username}'@'#{new_resource.host}'" do
begin
revoke_statement = "REVOKE #{privs_to_revoke.join(',')}"
revoke_statement += " ON #{db_name}.#{tbl_name}"
revoke_statement += " FROM `#{@new_resource.username}`@`#{@new_resource.host}` "
Chef::Log.info("#{@new_resource}: revoking access with statement [#{revoke_statement}]")
repair_client.query(revoke_statement)
repair_client.query('FLUSH PRIVILEGES')
@new_resource.updated_by_last_action(true)
ensure
close_repair_client
end
end
end
end
private
def desired_privs
possible_global_privs = [
:select,
:insert,
@@ -145,76 +257,17 @@ class Chef
:trigger
]
if new_resource.privileges == [:all] && new_resource.database_name
desired_privs = possible_db_privs
elsif new_resource.privileges == [:all]
desired_privs = possible_global_privs
else
desired_privs = new_resource.privileges
end
# Test
incorrect_privs = nil
begin
test_sql = "SELECT * from #{test_table}"
test_sql += " WHERE User='#{new_resource.username}'"
test_sql += " AND Host='#{new_resource.host}'"
test_sql += " AND Db='#{new_resource.database_name}'" if new_resource.database_name
test_sql_results = test_client.query test_sql
incorrect_privs = true if test_sql_results.size == 0
# These should all by 'Y'
test_sql_results.each do |r|
desired_privs.each do |p|
key = "#{p.capitalize}"
.gsub(' ', '_')
.gsub('Replication_', 'Repl_')
key = "#{key}_priv"
incorrect_privs = true if r[key] != 'Y'
end
end
ensure
close_test_client
end
# Repair
if incorrect_privs
converge_by "Granting privs for '#{new_resource.username}'@'#{new_resource.host}'" do
begin
repair_sql = "GRANT #{new_resource.privileges.join(',')}"
repair_sql += " ON #{db_name}.#{tbl_name}"
repair_sql += " TO '#{new_resource.username}'@'#{new_resource.host}' IDENTIFIED BY"
repair_sql += " '#{new_resource.password}'"
repair_sql += ' REQUIRE SSL' if new_resource.require_ssl
repair_sql += ' WITH GRANT OPTION' if new_resource.grant_option
repair_client.query(repair_sql)
repair_client.query('FLUSH PRIVILEGES')
ensure
close_repair_client
end
end
end
# convert :all to the individual db or global privs
desired_privs = if new_resource.privileges == [:all] && new_resource.database_name
possible_db_privs
elsif new_resource.privileges == [:all]
possible_global_privs
else
new_resource.privileges
end
desired_privs
end
def action_revoke
db_name = new_resource.database_name ? "`#{new_resource.database_name}`" : '*'
tbl_name = new_resource.table ? new_resource.table : '*'
revoke_statement = "REVOKE #{@new_resource.privileges.join(', ')}"
revoke_statement += " ON #{db_name}.#{tbl_name}"
revoke_statement += " FROM `#{@new_resource.username}`@`#{@new_resource.host}` "
Chef::Log.info("#{@new_resource}: revoking access with statement [#{revoke_statement}]")
db.query(revoke_statement)
@new_resource.updated_by_last_action(true)
ensure
close
end
private
def test_client
require 'mysql2'
@test_client ||=
@@ -223,7 +276,9 @@ class Chef
socket: new_resource.connection[:socket],
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port]
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group]
)
end
@@ -241,7 +296,9 @@ class Chef
socket: new_resource.connection[:socket],
username: new_resource.connection[:username],
password: new_resource.connection[:password],
port: new_resource.connection[:port]
port: new_resource.connection[:port],
default_file: new_resource.connection[:default_file],
default_group: new_resource.connection[:default_group]
)
end
@@ -250,6 +307,69 @@ class Chef
rescue Mysql2::Error
@repair_client = nil
end
def revokify_key(key)
return '' if key.nil?
# Some keys need to be translated as outlined by the table found here:
# https://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html
result = key.to_s.downcase.tr('_', ' ').gsub('repl ', 'replication ').gsub('create tmp table', 'create temporary tables').gsub('show db', 'show databases')
result = result.gsub(/ priv$/, '')
result
end
def test_user_password
if database_has_password_column(test_client)
test_sql = 'SELECT User,Host,Password FROM mysql.user ' \
"WHERE User='#{new_resource.username}' AND Host='#{new_resource.host}' "
test_sql += if new_resource.password.is_a? HashedPassword
"AND Password='#{new_resource.password}'"
else
"AND Password=PASSWORD('#{new_resource.password}')"
end
else
test_sql = 'SELECT User,Host,authentication_string FROM mysql.user ' \
"WHERE User='#{new_resource.username}' AND Host='#{new_resource.host}' " \
"AND plugin='mysql_native_password' "
test_sql += if new_resource.password.is_a? HashedPassword
"AND authentication_string='#{new_resource.password}'"
else
"AND authentication_string=PASSWORD('#{new_resource.password}')"
end
end
test_client.query(test_sql).size > 0
end
def update_user_password
converge_by "Updating password of user '#{new_resource.username}'@'#{new_resource.host}'" do
begin
if database_has_password_column(repair_client)
repair_sql = "SET PASSWORD FOR '#{new_resource.username}'@'#{new_resource.host}' = "
repair_sql += if new_resource.password.is_a? HashedPassword
"'#{new_resource.password}'"
else
" PASSWORD('#{new_resource.password}')"
end
else
# "ALTER USER is now the preferred statement for assigning passwords."
# http://dev.mysql.com/doc/refman/5.7/en/set-password.html
repair_sql = "ALTER USER '#{new_resource.username}'@'#{new_resource.host}' "
repair_sql += if new_resource.password.is_a? HashedPassword
"IDENTIFIED WITH mysql_native_password AS '#{new_resource.password}'"
else
"IDENTIFIED BY '#{new_resource.password}'"
end
end
repair_client.query(repair_sql)
ensure
close_repair_client
end
end
end
def database_has_password_column(client)
client.query('SHOW COLUMNS FROM mysql.user WHERE Field="Password"').size > 0
end
end
end
end

17
cookbooks/database/libraries/provider_database_postgresql.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Lamont Granquist (<lamont@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,7 +23,7 @@ class Chef
class Provider
class Database
class Postgresql < Chef::Provider::LWRPBase
use_inline_resources if defined?(use_inline_resources)
use_inline_resources
def whyrun_supported?
true
@@ -31,7 +31,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'pg'
begin
require 'pg'
rescue LoadError
Chef::Log.fatal('Could not load the required pg gem. Make sure to include the database::postgresql or postgresql::ruby recipes in your runlist')
raise
end
@current_resource = Chef::Resource::Database.new(@new_resource.name)
@current_resource.database_name(@new_resource.database_name)
@current_resource
@@ -134,7 +139,11 @@ class Chef
end
def close
@db.close rescue nil
begin
@db.close
rescue
nil
end
@db = nil
end
end

9
cookbooks/database/libraries/provider_database_postgresql_schema.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Marco Betti (<m.betti@gmail.com>)
# Copyright:: Copyright (c) 2013 Chef Software, Inc.
# Copyright:: 2013-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,7 +26,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'pg'
begin
require 'pg'
rescue LoadError
Chef::Log.fatal('Could not load the required pg gem. Make sure to include the database::postgresql or postgresql::ruby recipes in your runlist')
raise
end
@current_resource = Chef::Resource::PostgresqlDatabaseSchema.new(@new_resource.name)
@current_resource.schema_name(@new_resource.schema_name)
@current_resource

75
cookbooks/database/libraries/provider_database_postgresql_user.rb
View File

@@ -2,7 +2,7 @@
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Lamont Granquist (<lamont@chef.io>)
# Author:: Marco Betti (<m.betti@gmail.com>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,7 +28,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'pg'
begin
require 'pg'
rescue LoadError
Chef::Log.fatal('Could not load the required pg gem. Make sure to include the database::postgresql or postgresql::ruby recipes in your runlist')
raise
end
@current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name)
@current_resource.username(@new_resource.name)
@current_resource
@@ -39,14 +44,23 @@ class Chef
begin
options = ''
options += " PASSWORD '#{@new_resource.password}'" if @new_resource.password
options += " #{@new_resource.createdb ? 'CREATEDB' : 'NOCREATEDB'}"
options += " #{@new_resource.createrole ? 'CREATEROLE' : 'NOCREATEROLE'}"
options += " #{@new_resource.login ? 'LOGIN' : 'NOLOGIN'}"
options += " #{@new_resource.replication ? 'REPLICATION' : 'NOREPLICATION'}" if version_greater_than?(90_100)
options += " #{@new_resource.superuser ? 'SUPERUSER' : 'NOSUPERUSER'}"
# Options from Postgresql specific resource
options += " #{@new_resource.createdb ? 'CREATEDB' : 'NOCREATEDB'}" if @new_resource.respond_to?(:createdb)
options += " #{@new_resource.createrole ? 'CREATEROLE' : 'NOCREATEROLE'}" if @new_resource.respond_to?(:createrole)
options += " #{@new_resource.login ? 'LOGIN' : 'NOLOGIN'}" if @new_resource.respond_to?(:login)
options += " #{@new_resource.replication ? 'REPLICATION' : 'NOREPLICATION'}" if @new_resource.respond_to?(:replication) && version_greater_than?(90_100)
options += " #{@new_resource.superuser ? 'SUPERUSER' : 'NOSUPERUSER'}" if @new_resource.respond_to?(:superuser)
# Options from a non Postgresql specific resource
options += " #{Chef::Resource::PostgresqlDatabaseUser::CREATE_DB_DEFAULT ? 'CREATEDB' : 'NOCREATEDB'}" unless @new_resource.respond_to?(:createdb)
options += " #{Chef::Resource::PostgresqlDatabaseUser::CREATE_ROLE_DEFAULT ? 'CREATEROLE' : 'NOCREATEROLE'}" unless @new_resource.respond_to?(:createrole)
options += " #{Chef::Resource::PostgresqlDatabaseUser::LOGIN_DEFAULT ? 'LOGIN' : 'NOLOGIN'}" unless @new_resource.respond_to?(:login)
options += " #{Chef::Resource::PostgresqlDatabaseUser::REPLICATION_DEFAULT ? 'REPLICATION' : 'NOREPLICATION'}" unless @new_resource.respond_to?(:replication) || !version_greater_than?(90_100)
options += " #{Chef::Resource::PostgresqlDatabaseUser::SUPERUSER_DEFAULT ? 'SUPERUSER' : 'NOSUPERUSER'}" unless @new_resource.respond_to?(:superuser)
statement = "CREATE USER \"#{@new_resource.username}\""
statement += " WITH #{options}" if options.length > 0
statement += " WITH #{options}" unless options.empty?
db('template1').query(statement)
@new_resource.updated_by_last_action(true)
@@ -85,6 +99,51 @@ class Chef
close
end
def action_grant_table
grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON "
grant_statement << if @new_resource.tables.include?(:all)
"ALL TABLES IN SCHEMA \"#{@new_resource.schema_name}\""
else
"TABLE #{@new_resource.tables.join(', ')}"
end
grant_statement << " TO \"#{@new_resource.username}\""
Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}]")
db(@new_resource.database_name).query(grant_statement)
@new_resource.updated_by_last_action(true)
ensure
close
end
def action_grant_sequence
grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON "
grant_statement << if @new_resource.sequences.include?(:all)
"ALL SEQUENCES IN SCHEMA \"#{@new_resource.schema_name}\""
else
"SEQUENCE #{@new_resource.sequences.join(', ')}"
end
grant_statement << " TO \"#{@new_resource.username}\""
Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}]")
db(@new_resource.database_name).query(grant_statement)
@new_resource.updated_by_last_action(true)
ensure
close
end
def action_grant_function
grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON "
grant_statement << if @new_resource.functions.include?(:all)
"ALL FUNCTIONS IN SCHEMA \"#{@new_resource.schema_name}\""
else
"FUNCTION #{@new_resource.functions.join(', ')}"
end
grant_statement << " TO \"#{@new_resource.username}\""
Chef::Log.info("#{@new_resource}: granting access with statement [#{grant_statement}]")
db(@new_resource.database_name).query(grant_statement)
@new_resource.updated_by_last_action(true)
ensure
close
end
private
def exists?

27
cookbooks/database/libraries/provider_database_sql_server.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,7 +26,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'tiny_tds'
begin
require 'tiny_tds'
rescue LoadError
Chef::Log.fatal('Could not load the required tiny_tds gem. Make sure to install this in your wrapper cookbook')
raise
end
@current_resource = Chef::Resource::Database.new(@new_resource.name)
@current_resource.database_name(@new_resource.database_name)
@current_resource
@@ -92,17 +97,29 @@ class Chef
def db
@db ||= begin
::TinyTds::Client.new(
connection = ::TinyTds::Client.new(
host: @new_resource.connection[:host],
username: @new_resource.connection[:username],
password: @new_resource.connection[:password],
port: @new_resource.connection[:port] || 1433
port: @new_resource.connection[:port] || 1433,
timeout: @new_resource.connection[:timeout] || 120,
options: @new_resource.connection[:options] || {}
)
if new_resource.connection.include?(:options)
@new_resource.connection[:options].each do |key, value|
connection.execute("SET #{key} #{value}").do
end
end
connection
end
end
def close
@db.close rescue nil
begin
@db.close
rescue
nil
end
@db = nil
end
end

31
cookbooks/database/libraries/provider_database_sql_server_user.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,7 +26,12 @@ class Chef
def load_current_resource
Gem.clear_paths
require 'tiny_tds'
begin
require 'tiny_tds'
rescue LoadError
Chef::Log.fatal('Could not load the required tiny_tds gem. Make sure to install this in your wrapper cookbook')
raise
end
@current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name)
@current_resource.username(@new_resource.name)
@current_resource
@@ -106,22 +111,12 @@ class Chef
Chef::Log.info("SQL Server Version: #{server_version.inspect}")
db.execute('USE [master]').do
@new_resource.sql_sys_roles.each do |sql_sys_role, role_action|
case role_action
when 'ADD'
if server_version < '11.00.0000.00'
alter_statement = "EXEC sp_addsrvrolemember '#{@new_resource.username}', '#{sql_sys_role}'"
else
alter_statement = "ALTER SERVER ROLE #{sql_role} #{role_action} MEMBER [#{@new_resource.username}]"
end
Chef::Log.info("#{@new_resource} granting server role membership with statement [#{alter_statement}]")
when 'DROP'
if server_version < '11.00.0000.00'
alter_statement = "EXEC sp_dropsrvrolemember '#{@new_resource.username}', '#{sql_sys_role}'"
else
alter_statement = "ALTER SERVER ROLE #{sql_role} #{role_action} MEMBER [#{@new_resource.username}]"
end
Chef::Log.info("#{@new_resource} revoking server role membership with statement [#{alter_statement}]")
end
alter_statement = if server_version < '11.00.0000.00'
"EXEC sp_#{role_action.downcase}srvrolemember '#{@new_resource.username}', '#{sql_sys_role}'"
else
"ALTER SERVER ROLE #{sql_sys_role} #{role_action} MEMBER [#{@new_resource.username}]"
end
Chef::Log.info("#{@new_resource} granting server role membership with statement [#{alter_statement}]")
db.execute(alter_statement).do
end
@new_resource.updated_by_last_action(true)

96
cookbooks/database/libraries/provider_database_sqlite.rb Normal file
View File

@@ -0,0 +1,96 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'chef/provider'
class Chef
class Provider
class Database
class Sqlite < Chef::Provider
include Chef::Mixin::ShellOut
def load_current_resource
Gem.clear_paths
begin
require 'sqlite3'
rescue LoadError
Chef::Log.fatal('Could not load the required sqlite3 gem. Make sure to include the database::sqlite recipe on your runlist')
raise
end
@current_resource = Chef::Resource::Database.new(@new_resource.name)
@current_resource.database_name(@new_resource.database_name)
@current_resource
end
def action_create
unless exists?
::File.open(@new_resource.database_name, 'w') {}
@new_resource.updated_by_last_action(true)
end
end
def action_query
if exists?
begin
if @new_resource.sql_query.is_a?(Array)
@new_resource.sql_query.each do |sql|
Chef::Log.debug("#{@new_resource}: Performing queries [#{sql}]")
db.execute(sql)
end
else
Chef::Log.debug("#{@new_resource}: Performing query [#{new_resource.sql_query}]")
db.execute(@new_resource.sql_query)
end
@new_resource.updated_by_last_action(true)
ensure
close
end
end
end
def action_drop
if exists?
begin
Chef::Log.debug("#{@new_resource}: Dropping database #{new_resource.database_name}")
::File.unlink(@new_resource.database_name)
@new_resource.updated_by_last_action(true)
ensure
close
end
end
end
private
def exists?
::File.exist?(@new_resource.database_name)
end
def db
@db ||= begin
::SQLite3::Database.new(@new_resource.database_name)
end
end
def close
@db = nil
end
end
end
end
end

2
cookbooks/database/libraries/resource_database.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

11
cookbooks/database/libraries/resource_database_user.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,6 +32,7 @@ class Chef
@privileges = [:all]
@grant_option = false
@require_ssl = false
@require_x509 = false
@allowed_actions.push(:create, :drop, :grant, :revoke)
@action = :create
@@ -61,6 +62,14 @@ class Chef
)
end
def require_x509(arg = nil)
set_or_return(
:require_x509,
arg,
kind_of: [TrueClass, FalseClass]
)
end
def password(arg = nil)
set_or_return(
:password,

4
cookbooks/database/libraries/resource_mysql_database.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Sean OMeara (<sean@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Author:: Sean OMeara (<sean@sean.io>)
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

10
cookbooks/database/libraries/resource_mysql_database_user.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -27,6 +27,14 @@ class Chef
@resource_name = :mysql_database_user
@provider = Chef::Provider::Database::MysqlUser
end
def password(arg = nil)
set_or_return(
:password,
arg,
kind_of: [String, HashedPassword]
)
end
end
end
end

2
cookbooks/database/libraries/resource_postgresql_database.rb
View File

@@ -1,7 +1,7 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Lamont Granquist (<lamont@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

2
cookbooks/database/libraries/resource_postgresql_database_schema.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Marco Betti (<m.betti@gmail.com>)
# Copyright:: Copyright (c) 2013 Chef Software, Inc.
# Copyright:: 2013-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

55
cookbooks/database/libraries/resource_postgresql_database_user.rb
View File

@@ -2,7 +2,7 @@
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Lamont Granquist (<lamont@chef.io>)
# Author:: Marco Betti (<m.betti@gmail.com>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,17 +24,26 @@ require File.join(File.dirname(__FILE__), 'provider_database_postgresql_user')
class Chef
class Resource
class PostgresqlDatabaseUser < Chef::Resource::DatabaseUser
CREATE_DB_DEFAULT = false unless defined?(CREATE_DB_DEFAULT)
CREATE_ROLE_DEFAULT = false unless defined?(CREATE_ROLE_DEFAULT)
LOGIN_DEFAULT = true unless defined?(LOGIN_DEFAULT)
REPLICATION_DEFAULT = false unless defined?(REPLICATION_DEFAULT)
SUPERUSER_DEFAULT = false unless defined?(SUPERUSER_DEFAULT)
def initialize(name, run_context = nil)
super
@resource_name = :postgresql_database_user
@provider = Chef::Provider::Database::PostgresqlUser
@createdb = false
@createrole = false
@login = true
@replication = false
@superuser = false
@createdb = CREATE_DB_DEFAULT
@createrole = CREATE_ROLE_DEFAULT
@login = LOGIN_DEFAULT
@replication = REPLICATION_DEFAULT
@superuser = SUPERUSER_DEFAULT
@schema_name = nil
@allowed_actions.push(:create, :drop, :grant, :grant_schema)
@tables = [:all]
@sequences = [:all]
@functions = [:all]
@allowed_actions.push(:create, :drop, :grant, :grant_schema, :grant_table, :grant_sequence, :grant_function)
end
def createdb(arg = nil)
@@ -61,6 +70,14 @@ class Chef
)
end
def password(arg = nil)
set_or_return(
:password,
arg,
kind_of: [String, HashedPassword]
)
end
def replication(arg = nil)
set_or_return(
:replication,
@@ -84,6 +101,30 @@ class Chef
equal_to: [true, false]
)
end
def tables(arg = nil)
set_or_return(
:tables,
arg,
kind_of: Array, default: [:all]
)
end
def sequences(arg = nil)
set_or_return(
:sequences,
arg,
kind_of: Array, default: [:all]
)
end
def functions(arg = nil)
set_or_return(
:functions,
arg,
kind_of: Array, default: [:all]
)
end
end
end
end

2
cookbooks/database/libraries/resource_sql_server_database.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

2
cookbooks/database/libraries/resource_sql_server_database_user.rb
View File

@@ -1,6 +1,6 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Copyright:: Copyright (c) 2011 Chef Software, Inc.
# Copyright:: 2011-2016 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");

40
cookbooks/database/libraries/resource_sqlite_database.rb Normal file
View File

@@ -0,0 +1,40 @@
#
# Author:: Ronald Doorn (<rdoorn@schubergphilis.com>)
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require File.join(File.dirname(__FILE__), 'resource_database')
require File.join(File.dirname(__FILE__), 'provider_database_sqlite')
class Chef
class Resource
class SqliteDatabase < Chef::Resource::Database
def initialize(name, run_context = nil)
super
@resource_name = :sqlite_database
@provider = Chef::Provider::Database::Sqlite
end
def sql(arg = nil, &block)
arg ||= block
set_or_return(
:sql,
arg,
kind_of: [String, Proc, Array]
)
end
end
end
end