freighthop 0.0.6 → 0.1.0

data/modules/mysql/lib/puppet/parser/functions/mysql_deepmerge.rb

@@ -0,0 +1,52 @@
+module Puppet::Parser::Functions
+  newfunction(:mysql_deepmerge, :type => :rvalue, :doc => <<-'ENDHEREDOC') do |args|
+    Recursively merges two or more hashes together and returns the resulting hash.
+
+    For example:
+
+        $hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } }
+        $hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } }
+        $merged_hash = mysql_deepmerge($hash1, $hash2)
+        # The resulting hash is equivalent to:
+        # $merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } }
+
+    When there is a duplicate key that is a hash, they are recursively merged.
+    When there is a duplicate key that is not a hash, the key in the rightmost hash will "win."
+
+    ENDHEREDOC
+
+    if args.length < 2
+      raise Puppet::ParseError, ("mysql_deepmerge(): wrong number of arguments (#{args.length}; must be at least 2)")
+    end
+
+    result = Hash.new
+    args.each do |arg|
+      next if arg.is_a? String and arg.empty? # empty string is synonym for puppet's undef
+      # If the argument was not a hash, skip it.
+      unless arg.is_a?(Hash)
+        raise Puppet::ParseError, "mysql_deepmerge: unexpected argument type #{arg.class}, only expects hash arguments"
+      end
+
+      # Now we have to traverse our hash assigning our non-hash values
+      # to the matching keys in our result while following our hash values
+      # and repeating the process.
+      overlay( result, arg )
+    end
+    return( result )
+  end
+end
+
+def overlay( hash1, hash2 )
+    hash2.each do |key, value|
+        if( value.is_a?(Hash) )
+            if( ! hash1.has_key?( key ) or ! hash1[key].is_a?(Hash))
+                hash1[key] = value
+            else
+                overlay( hash1[key], value )
+            end
+        else
+            hash1[key] = value
+        end
+    end
+end
+

data/modules/mysql/lib/puppet/parser/functions/mysql_password.rb

@@ -0,0 +1,15 @@
+# hash a string as mysql's "PASSWORD()" function would do it
+require 'digest/sha1'
+
+module Puppet::Parser::Functions
+  newfunction(:mysql_password, :type => :rvalue, :doc => <<-EOS
+    Returns the mysql password hash from the clear text password.
+    EOS
+  ) do |args|
+
+    raise(Puppet::ParseError, 'mysql_password(): Wrong number of arguments ' +
+      "given (#{args.size} for 1)") if args.size != 1
+
+    '*' + Digest::SHA1.hexdigest(Digest::SHA1.digest(args[0])).upcase
+  end
+end

data/modules/mysql/lib/puppet/parser/functions/mysql_strip_hash.rb

@@ -0,0 +1,21 @@
+module Puppet::Parser::Functions
+  newfunction(:mysql_strip_hash, :type => :rvalue, :arity => 1, :doc => <<-EOS
+TEMPORARY FUNCTION: EXPIRES 2014-03-10
+When given a hash this function strips out all blank entries.
+EOS
+  ) do |args|
+
+    hash = args[0]
+    unless hash.is_a?(Hash)
+      raise(Puppet::ParseError, 'mysql_strip_hash(): Requires hash to work with')
+    end
+
+    # Filter out all the top level blanks.
+    hash.reject{|k,v| v == ''}.each do |k,v|
+      if v.is_a?(Hash)
+        v.reject!{|ki,vi| vi == '' }
+      end
+    end
+
+  end
+end

data/modules/mysql/lib/puppet/provider/database/mysql.rb

@@ -0,0 +1,52 @@
+Puppet::Type.type(:database).provide(:mysql) do
+  desc 'Manages MySQL database.'
+
+  defaultfor :kernel => 'Linux'
+
+  optional_commands :mysql      => 'mysql'
+  optional_commands :mysqladmin => 'mysqladmin'
+
+  def self.defaults_file
+    if File.file?("#{Facter.value(:root_home)}/.my.cnf")
+      "--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
+    else
+      nil
+    end
+  end
+
+  def defaults_file
+    self.class.defaults_file
+  end
+
+  def self.instances
+    mysql([defaults_file, '-NBe', 'show databases'].compact).split("\n").collect do |name|
+      new(:name => name)
+    end
+  end
+
+  def create
+    mysql([defaults_file, '-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}"].compact)
+  end
+
+  def destroy
+    mysqladmin([defaults_file, '-f', 'drop', @resource[:name]].compact)
+  end
+
+  def charset
+    mysql([defaults_file, '-NBe', "show create database `#{resource[:name]}`"].compact).match(/.*?(\S+)\s(?:COLLATE.*)?\*\//)[1]
+  end
+
+  def charset=(value)
+    mysql([defaults_file, '-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}"].compact)
+  end
+
+  def exists?
+    begin
+      mysql([defaults_file, '-NBe', 'show databases'].compact).match(/^#{@resource[:name]}$/)
+    rescue => e
+      debug(e.message)
+      return nil
+    end
+  end
+
+end

data/modules/mysql/lib/puppet/provider/database_grant/mysql.rb

@@ -0,0 +1,210 @@
+# A grant is either global or per-db. This can be distinguished by the syntax
+# of the name:
+#   user@host => global
+#   user@host/db => per-db
+
+Puppet::Type.type(:database_grant).provide(:mysql) do
+
+  desc 'Uses mysql as database.'
+
+  defaultfor :kernel => 'Linux'
+
+  optional_commands :mysql      => 'mysql'
+  optional_commands :mysqladmin => 'mysqladmin'
+
+  def self.prefetch(resources)
+    @user_privs = query_user_privs
+    @db_privs = query_db_privs
+  end
+
+  def self.user_privs
+    @user_privs || query_user_privs
+  end
+
+  def self.db_privs
+    @db_privs || query_db_privs
+  end
+
+  def user_privs
+    self.class.user_privs
+  end
+
+  def db_privs
+    self.class.db_privs
+  end
+
+  def self.query_user_privs
+    results = mysql([defaults_file, 'mysql', '-Be', 'describe user'].compact)
+    column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
+    @user_privs = column_names.delete_if { |e| !( e =~/_priv$/) }
+  end
+
+  def self.query_db_privs
+    results = mysql([defaults_file, 'mysql', '-Be', 'describe db'].compact)
+    column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
+    @db_privs = column_names.delete_if { |e| !(e =~/_priv$/) }
+  end
+
+  def mysql_flush
+    mysqladmin([defaults_file, 'flush-privileges'].compact)
+  end
+
+  # this parses the
+  def split_name(string)
+    matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact
+    case matches.length
+    when 2
+      {
+        :type => :user,
+        :user => matches[0],
+        :host => matches[1]
+      }
+    when 4
+      {
+        :type => :db,
+        :user => matches[0],
+        :host => matches[1],
+        :db => matches[3]
+      }
+    end
+  end
+
+  def create_row
+    unless @resource.should(:privileges).empty?
+      name = split_name(@resource[:name])
+      case name[:type]
+      when :user
+        mysql([defaults_file, 'mysql', '-e', "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
+          name[:host], name[:user],
+        ]].compact)
+      when :db
+        mysql([defaults_file, 'mysql', '-e', "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
+          name[:host], name[:user], name[:db],
+        ]].compact)
+      end
+      mysql_flush
+    end
+  end
+
+  def destroy
+    mysql([defaults_file, 'mysql', '-e', "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]].compact)
+  end
+
+  def row_exists?
+    name = split_name(@resource[:name])
+    fields = [:user, :host]
+    if name[:type] == :db
+      fields << :db
+    end
+    not mysql([defaults_file, 'mysql', '-NBe', "SELECT '1' FROM %s WHERE %s" % [ name[:type], fields.map do |f| "%s='%s'" % [f, name[f]] end.join(' AND ')]].compact).empty?
+  end
+
+  def all_privs_set?
+    all_privs = case split_name(@resource[:name])[:type]
+                when :user
+                  user_privs
+                when :db
+                  db_privs
+                end
+    all_privs = all_privs.collect do |p| p.downcase end.sort.join('|')
+    privs = privileges.collect do |p| p.downcase end.sort.join('|')
+
+    all_privs == privs
+  end
+
+  def privileges
+    name = split_name(@resource[:name])
+    privs = ''
+
+    case name[:type]
+    when :user
+      privs = mysql([defaults_file, 'mysql', '-Be', "select * from mysql.user where user='%s' and host='%s'" % [ name[:user], name[:host] ]].compact)
+    when :db
+      privs = mysql([defaults_file, 'mysql', '-Be', "select * from mysql.db where user='%s' and host='%s' and db='%s'" % [ name[:user], name[:host], name[:db] ]].compact)
+    end
+
+    if privs.match(/^$/)
+      privs = [] # no result, no privs
+    else
+      # returns a line with field names and a line with values, each tab-separated
+      privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end
+      # transpose the lines, so we have key/value pairs
+      privs = privs[0].zip(privs[1])
+      privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end
+    end
+
+    privs.collect do |p| p[0] end
+  end
+
+  def privileges=(privs)
+    unless row_exists?
+      create_row
+    end
+
+    # puts "Setting privs: ", privs.join(", ")
+    name = split_name(@resource[:name])
+    stmt = ''
+    where = ''
+    all_privs = []
+    case name[:type]
+    when :user
+      stmt = 'update user set '
+      where = " where user='%s' and host='%s'" % [ name[:user], name[:host] ]
+      all_privs = user_privs
+    when :db
+      stmt = 'update db set '
+      where = " where user='%s' and host='%s' and db='%s'" % [ name[:user], name[:host], name[:db] ]
+      all_privs = db_privs
+    end
+
+    if privs[0].downcase == 'all'
+      privs = all_privs
+    end
+
+    # Downcase the requested priviliges for case-insensitive selection
+    # we don't map! here because the all_privs object has to remain in
+    # the same case the DB gave it to us in
+    privs = privs.map { |p| p.downcase }
+
+    # puts "stmt:", stmt
+    set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p.downcase) ? 'Y' : 'N'] end.join(', ')
+    # puts "set:", set
+    stmt = stmt << set << where
+
+    validate_privs privs, all_privs
+    mysql([defaults_file, 'mysql', '-Be', stmt].compact)
+    mysql_flush
+  end
+
+  def validate_privs(set_privs, all_privs)
+    all_privs = all_privs.collect { |p| p.downcase }
+    set_privs = set_privs.collect { |p| p.downcase }
+    invalid_privs = Array.new
+    hints = Array.new
+    # Test each of the user provided privs to see if they exist in all_privs
+    set_privs.each do |priv|
+      invalid_privs << priv unless all_privs.include?(priv)
+      hints << "#{priv}_priv" if all_privs.include?("#{priv}_priv")
+    end
+    unless invalid_privs.empty?
+      # Print a decently helpful and gramatically correct error message
+      hints = "Did you mean '#{hints.join(',')}'?" unless hints.empty?
+      p = invalid_privs.size > 1 ? ['s', 'are not valid'] : ['', 'is not valid']
+      detail = ["The privilege#{p[0]} '#{invalid_privs.join(',')}' #{p[1]}."]
+      fail [detail, hints].join(' ')
+    end
+  end
+
+  # Optional defaults file
+  def self.defaults_file
+    if File.file?("#{Facter.value(:root_home)}/.my.cnf")
+      "--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
+    else
+      nil
+    end
+  end
+  def defaults_file
+    self.class.defaults_file
+  end
+
+end

data/modules/mysql/lib/puppet/provider/database_user/mysql.rb

@@ -0,0 +1,76 @@
+Puppet::Type.type(:database_user).provide(:mysql) do
+
+  desc 'manage users for a mysql database.'
+
+  defaultfor :kernel => 'Linux'
+
+  commands :mysql      => 'mysql'
+  commands :mysqladmin => 'mysqladmin'
+
+  def self.instances
+    users = mysql([defaults_file, 'mysql', '-BNe' "select concat(User, '@',Host) as User from mysql.user"].compact).split("\n")
+    users.select{ |user| user =~ /.+@/ }.collect do |name|
+      new(:name => name)
+    end
+  end
+
+  def create
+    merged_name          = @resource[:name].sub('@', "'@'")
+    password_hash        = @resource.value(:password_hash)
+    max_user_connections = @resource.value(:max_user_connections) || 0
+
+    mysql([defaults_file, 'mysql', '-e', "grant usage on *.* to '#{merged_name}' identified by PASSWORD
+      '#{password_hash}' with max_user_connections #{max_user_connections}"].compact)
+
+    exists? ? (return true) : (return false)
+  end
+
+  def destroy
+    merged_name   = @resource[:name].sub('@', "'@'")
+    mysql([defaults_file, 'mysql', '-e', "drop user '#{merged_name}'"].compact)
+
+    exists? ? (return false) : (return true)
+  end
+
+  def password_hash
+    mysql([defaults_file, 'mysql', '-NBe', "select password from mysql.user where CONCAT(user, '@', host) = '#{@resource[:name]}'"].compact).chomp
+  end
+
+  def password_hash=(string)
+    mysql([defaults_file, 'mysql', '-e', "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub('@', "'@'"), string ] ].compact)
+
+    password_hash == string ? (return true) : (return false)
+  end
+
+  def max_user_connections
+    mysql([defaults_file, "mysql", "-NBe", "select max_user_connections from mysql.user where CONCAT(user, '@', host) = '#{@resource[:name]}'"].compact).chomp
+  end
+
+  def max_user_connections=(int)
+    mysql([defaults_file, "mysql", "-e", "grant usage on *.* to '%s' with max_user_connections #{int}" % [ @resource[:name].sub("@", "'@'")] ].compact).chomp
+
+    max_user_connections == int ? (return true) : (return false)
+  end
+
+  def exists?
+    not mysql([defaults_file, 'mysql', '-NBe', "select '1' from mysql.user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)].compact).empty?
+  end
+
+  def flush
+    @property_hash.clear
+    mysqladmin([defaults_file, 'flush-privileges'].compact)
+  end
+
+  # Optional defaults file
+  def self.defaults_file
+    if File.file?("#{Facter.value(:root_home)}/.my.cnf")
+      "--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
+    else
+      nil
+    end
+  end
+  def defaults_file
+    self.class.defaults_file
+  end
+
+end

data/modules/mysql/lib/puppet/provider/mysql.rb

@@ -0,0 +1,67 @@
+class Puppet::Provider::Mysql < Puppet::Provider
+
+  # Without initvars commands won't work.
+  initvars
+  commands :mysql      => 'mysql'
+  commands :mysqladmin => 'mysqladmin'
+
+  # Optional defaults file
+  def self.defaults_file
+    if File.file?("#{Facter.value(:root_home)}/.my.cnf")
+      "--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
+    else
+      nil
+    end
+  end
+  
+  def defaults_file
+    self.class.defaults_file
+  end
+
+  def self.users
+    mysql([defaults_file, '-NBe', "SELECT CONCAT(User, '@',Host) AS User FROM mysql.user"].compact).split("\n")
+  end
+
+  # Take root@localhost and munge it to 'root'@'localhost'
+  def self.cmd_user(user)
+    "'#{user.sub('@', "'@'")}'"
+  end
+
+  # Take root.* and return ON `root`.*
+  def self.cmd_table(table)
+    table_string = ''
+
+    # We can't escape *.* so special case this.
+    if table == '*.*'
+      table_string << '*.*'
+    else
+      table_string << table.sub(/^(.*)(\..*)/, '`\1`\2')
+    end
+    table_string
+  end
+
+  def self.cmd_privs(privileges)
+    if privileges.include?('ALL')
+      return 'ALL PRIVILEGES'
+    else
+      priv_string = ''
+      privileges.each do |priv|
+        priv_string << "#{priv}, "
+      end
+    end
+    # Remove trailing , from the last element.
+    priv_string.sub(/, $/, '')
+  end
+
+  # Take in potential options and build up a query string with them.
+  def self.cmd_options(options)
+    option_string = ''
+    options.each do |opt|
+      if opt == 'GRANT'
+        option_string << ' WITH GRANT OPTION'
+      end
+    end
+    option_string
+  end
+
+end

data/modules/mysql/lib/puppet/provider/mysql_database/mysql.rb

@@ -0,0 +1,68 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql'))
+Puppet::Type.type(:mysql_database).provide(:mysql, :parent => Puppet::Provider::Mysql) do
+  desc 'Manages MySQL databases.'
+
+  commands :mysql => 'mysql'
+
+  def self.instances
+    mysql([defaults_file, '-NBe', 'show databases'].compact).split("\n").collect do |name|
+      attributes = {}
+      mysql([defaults_file, '-NBe', 'show variables like "%_database"', name].compact).split("\n").each do |line|
+        k,v = line.split(/\s/)
+        attributes[k] = v
+      end
+      new(:name    => name,
+          :ensure  => :present,
+          :charset => attributes['character_set_database'],
+          :collate => attributes['collation_database']
+         )
+    end
+  end
+
+  # We iterate over each mysql_database entry in the catalog and compare it against
+  # the contents of the property_hash generated by self.instances
+  def self.prefetch(resources)
+    databases = instances
+    resources.keys.each do |database|
+      if provider = databases.find { |db| db.name == database }
+        resources[database].provider = provider
+      end
+    end
+  end
+
+  def create
+    mysql([defaults_file, '-NBe', "create database `#{@resource[:name]}` character set #{@resource[:charset]} collate #{@resource[:collate]}"].compact)
+
+    @property_hash[:ensure]  = :present
+    @property_hash[:charset] = @resource[:charset]
+    @property_hash[:collate] = @resource[:collate]
+
+    exists? ? (return true) : (return false)
+  end
+
+  def destroy
+    mysql([defaults_file, '-NBe', "drop database `#{@resource[:name]}`"].compact)
+
+    @property_hash.clear
+    exists? ? (return false) : (return true)
+  end
+
+  def exists?
+    @property_hash[:ensure] == :present || false
+  end
+
+  mk_resource_methods
+
+  def charset=(value)
+    mysql([defaults_file, '-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}"].compact)
+    @property_hash[:charset] = value
+    charset == value ? (return true) : (return false)
+  end
+
+  def collate=(value)
+    mysql([defaults_file, '-NBe', "alter database `#{resource[:name]}` COLLATE #{value}"].compact)
+    @property_hash[:collate] = value
+    collate == value ? (return true) : (return false)
+  end
+
+end

data/modules/mysql/lib/puppet/provider/mysql_grant/mysql.rb

@@ -0,0 +1,115 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql'))
+Puppet::Type.type(:mysql_grant).provide(:mysql, :parent => Puppet::Provider::Mysql) do
+
+  desc 'Set grants for users in MySQL.'
+
+  def self.instances
+    instances = []
+    users.select{ |user| user =~ /.+@/ }.collect do |user|
+      user_string = self.cmd_user(user)
+      query = "SHOW GRANTS FOR #{user_string};"
+      grants = mysql([defaults_file, "-NBe", query].compact)
+      # Once we have the list of grants generate entries for each.
+      grants.each_line do |grant|
+        # Match the munges we do in the type.
+        munged_grant = grant.delete("'").delete("`")
+        # Matching: GRANT (SELECT, UPDATE) PRIVILEGES ON (*.*) TO ('root')@('127.0.0.1') (WITH GRANT OPTION)
+        if match = munged_grant.match(/^GRANT\s(.+)\sON\s(.+)\sTO\s(.*)@(.*?)(\s.*)$/)
+          privileges, table, user, host, rest = match.captures
+          # Once we split privileges up on the , we need to make sure we
+          # shortern ALL PRIVILEGES to just all.
+          stripped_privileges = privileges.split(',').map do |priv|
+            priv == 'ALL PRIVILEGES' ? 'ALL' : priv.lstrip.rstrip
+          end
+          # Same here, but to remove OPTION leaving just GRANT.
+          options = rest.match(/WITH\s(.*)\sOPTION$/).captures if rest.include?('WITH')
+          # We need to return an array of instances so capture these
+          instances << new(
+              :name       => "#{user}@#{host}/#{table}",
+              :ensure     => :present,
+              :privileges => stripped_privileges.sort,
+              :table      => table,
+              :user       => "#{user}@#{host}",
+              :options    => options
+          )
+        end
+      end
+    end
+    return instances
+  end
+
+  def self.prefetch(resources)
+    users = instances
+    resources.keys.each do |name|
+      if provider = users.find { |user| user.name == name }
+        resources[name].provider = provider
+      end
+    end
+  end
+
+  def grant(user, table, privileges, options)
+    user_string = self.class.cmd_user(user)
+    priv_string = self.class.cmd_privs(privileges)
+    table_string = self.class.cmd_table(table)
+    query = "GRANT #{priv_string}"
+    query << " ON #{table_string}"
+    query << " TO #{user_string}"
+    query << self.class.cmd_options(options) unless options.nil?
+    mysql([defaults_file, '-e', query].compact)
+  end
+
+  def create
+    grant(@resource[:user], @resource[:table], @resource[:privileges], @resource[:options])
+
+    @property_hash[:ensure]     = :present
+    @property_hash[:table]      = @resource[:table]
+    @property_hash[:user]       = @resource[:user]
+    @property_hash[:options]    = @resource[:options] if @resource[:options]
+    @property_hash[:privileges] = @resource[:privileges]
+
+    exists? ? (return true) : (return false)
+  end
+
+  def revoke(user, table)
+    user_string = self.class.cmd_user(user)
+    table_string = self.class.cmd_table(table)
+
+    query = "REVOKE ALL ON #{table_string} FROM #{user_string}"
+    mysql([defaults_file, '-e', query].compact)
+  end
+
+  def destroy
+    revoke(@property_hash[:user], @property_hash[:table])
+    @property_hash.clear
+
+    exists? ? (return false) : (return true)
+  end
+
+  def exists?
+    @property_hash[:ensure] == :present || false
+  end
+
+  def flush
+    @property_hash.clear
+    mysql([defaults_file, '-NBe', 'FLUSH PRIVILEGES'].compact)
+  end
+
+  mk_resource_methods
+
+  def privileges=(privileges)
+    revoke(@property_hash[:user], @property_hash[:table])
+    grant(@property_hash[:user], @property_hash[:table], privileges, @property_hash[:options])
+    @property_hash[:privileges] = privileges
+
+    self.privileges
+  end
+
+  def options=(options)
+    revoke(@property_hash[:user], @property_hash[:table])
+    grant(@property_hash[:user], @property_hash[:table], @property_hash[:privileges], options)
+    @property_hash[:options] = options
+
+    self.options
+  end
+
+end