freighthop 0.0.6 → 0.1.0

data/modules/mysql/lib/puppet/provider/mysql_user/mysql.rb

@@ -0,0 +1,115 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'mysql'))
+Puppet::Type.type(:mysql_user).provide(:mysql, :parent => Puppet::Provider::Mysql) do
+
+  desc 'manage users for a mysql database.'
+  commands :mysql => 'mysql'
+
+  # Build a property_hash containing all the discovered information about MySQL
+  # users.
+  def self.instances
+    users = mysql([defaults_file, '-NBe',
+      "SELECT CONCAT(User, '@',Host) AS User FROM mysql.user"].compact).split("\n")
+    # To reduce the number of calls to MySQL we collect all the properties in
+    # one big swoop.
+    users.collect do |name|
+      query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, PASSWORD FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'"
+      @max_user_connections, @max_connections_per_hour, @max_queries_per_hour,
+      @max_updates_per_hour, @password = mysql([defaults_file, "-NBe", query].compact).split(/\s/)
+
+      new(:name                     => name,
+          :ensure                   => :present,
+          :password_hash            => @password,
+          :max_user_connections     => @max_user_connections,
+          :max_connections_per_hour => @max_connections_per_hour,
+          :max_queries_per_hour     => @max_queries_per_hour,
+          :max_updates_per_hour     => @max_updates_per_hour
+         )
+    end
+  end
+
+  # We iterate over each mysql_user entry in the catalog and compare it against
+  # the contents of the property_hash generated by self.instances
+  def self.prefetch(resources)
+    users = instances
+    resources.keys.each do |name|
+      if provider = users.find { |user| user.name == name }
+        resources[name].provider = provider
+      end
+    end
+  end
+
+  def create
+    merged_name             = @resource[:name].sub('@', "'@'")
+    password_hash            = @resource.value(:password_hash)
+    max_user_connections     = @resource.value(:max_user_connections) || 0
+    max_connections_per_hour = @resource.value(:max_connections_per_hour) || 0
+    max_queries_per_hour     = @resource.value(:max_queries_per_hour) || 0
+    max_updates_per_hour     = @resource.value(:max_updates_per_hour) || 0
+
+    mysql([defaults_file, '-e', "GRANT USAGE ON *.* TO '#{merged_name}' IDENTIFIED BY PASSWORD '#{password_hash}' WITH MAX_USER_CONNECTIONS #{max_user_connections} MAX_CONNECTIONS_PER_HOUR #{max_connections_per_hour} MAX_QUERIES_PER_HOUR #{max_queries_per_hour} MAX_UPDATES_PER_HOUR #{max_updates_per_hour}"].compact)
+
+    @property_hash[:ensure] = :present
+    @property_hash[:password_hash] = password_hash
+    @property_hash[:max_user_connections] = max_user_connections
+    @property_hash[:max_connections_per_hour] = max_connections_per_hour
+    @property_hash[:max_queries_per_hour] = max_queries_per_hour
+    @property_hash[:max_updates_per_hour] = max_updates_per_hour
+
+    exists? ? (return true) : (return false)
+  end
+
+  def destroy
+    merged_name = @resource[:name].sub('@', "'@'")
+    mysql([defaults_file, '-e', "DROP USER '#{merged_name}'"].compact)
+
+    @property_hash.clear
+    exists? ? (return false) : (return true)
+  end
+
+  def exists?
+    @property_hash[:ensure] == :present || false
+  end
+
+  ##
+  ## MySQL user properties
+  ##
+
+  # Generates method for all properties of the property_hash
+  mk_resource_methods
+
+  def password_hash=(string)
+    merged_name = @resource[:name].sub('@', "'@'")
+    mysql([defaults_file, '-e', "SET PASSWORD FOR '#{merged_name}' = '#{string}'"].compact)
+
+    password_hash == string ? (return true) : (return false)
+  end
+
+  def max_user_connections=(int)
+    merged_name = @resource[:name].sub('@', "'@'")
+    mysql([defaults_file, '-e', "GRANT USAGE ON *.* TO '#{merged_name}' WITH MAX_USER_CONNECTIONS #{int}"].compact).chomp
+
+    max_user_connections == int ? (return true) : (return false)
+  end
+
+  def max_connections_per_hour=(int)
+    merged_name = @resource[:name].sub('@', "'@'")
+    mysql([defaults_file, '-e', "GRANT USAGE ON *.* TO '#{merged_name}' WITH MAX_CONNECTIONS_PER_HOUR #{int}"].compact).chomp
+
+    max_connections_per_hour == int ? (return true) : (return false)
+  end
+
+  def max_queries_per_hour=(int)
+    merged_name = @resource[:name].sub('@', "'@'")
+    mysql([defaults_file, '-e', "GRANT USAGE ON *.* TO '#{merged_name}' WITH MAX_QUERIES_PER_HOUR #{int}"].compact).chomp
+
+    max_queries_per_hour == int ? (return true) : (return false)
+  end
+
+  def max_updates_per_hour=(int)
+    merged_name = @resource[:name].sub('@', "'@'")
+    mysql([defaults_file, '-e', "GRANT USAGE ON *.* TO '#{merged_name}' WITH MAX_UPDATES_PER_HOUR #{int}"].compact).chomp
+
+    max_updates_per_hour == int ? (return true) : (return false)
+  end
+
+end

data/modules/mysql/lib/puppet/type/database.rb

@@ -0,0 +1,21 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:database) do
+  @doc = 'Manage databases.'
+
+  ensurable
+
+  newparam(:name, :namevar=>true) do
+    desc 'The name of the database.'
+    validate do |value|
+      Puppet.warning("database has been deprecated in favor of mysql_database.")
+      true
+    end
+  end
+
+  newproperty(:charset) do
+    desc 'The characterset to use for a database'
+    defaultto :utf8
+    newvalue(/^\S+$/)
+  end
+
+end

data/modules/mysql/lib/puppet/type/database_grant.rb

@@ -0,0 +1,79 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:database_grant) do
+  @doc = "Manage a database user's rights."
+  #ensurable
+
+  autorequire :database do
+    # puts "Starting db autoreq for %s" % self[:name]
+    reqs = []
+    matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/)
+    unless matches.nil?
+      reqs << matches[3]
+    end
+    # puts "Autoreq: '%s'" % reqs.join(" ")
+    reqs
+  end
+
+  autorequire :database_user do
+    # puts "Starting user autoreq for %s" % self[:name]
+    reqs = []
+    matches = self[:name].match(/^([^@]+)@([^\/]+).*$/)
+    unless matches.nil?
+      reqs << '%s@%s' % [ matches[1], matches[2] ]
+    end
+    # puts "Autoreq: '%s'" % reqs.join(" ")
+    reqs
+  end
+
+  newparam(:name, :namevar=>true) do
+    desc 'The primary key: either user@host for global privilges or user@host/database for database specific privileges'
+    validate do |value|
+      Puppet.warning("database_grant has been deprecated in favor of mysql_grant.")
+      true
+    end
+  end
+
+  newproperty(:privileges, :array_matching => :all) do
+    desc 'The privileges the user should have. The possible values are implementation dependent.'
+
+    def should_to_s(newvalue = @should)
+      if newvalue
+        unless newvalue.is_a?(Array)
+          newvalue = [ newvalue ]
+        end
+        newvalue.collect do |v| v.downcase end.sort.join ', '
+      else
+        nil
+      end
+    end
+
+    def is_to_s(currentvalue = @is)
+      if currentvalue
+        unless currentvalue.is_a?(Array)
+          currentvalue = [ currentvalue ]
+        end
+        currentvalue.collect do |v| v.downcase end.sort.join ', '
+      else
+        nil
+      end
+    end
+
+    # use the sorted outputs for comparison
+    def insync?(is)
+      if defined? @should and @should
+        case self.should_to_s
+        when 'all'
+          self.provider.all_privs_set?
+        when self.is_to_s(is)
+          true
+        else
+          false
+        end
+      else
+        true
+      end
+    end
+  end
+
+end
+

data/modules/mysql/lib/puppet/type/database_user.rb

@@ -0,0 +1,31 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:database_user) do
+  @doc = 'Manage a database user. This includes management of users password as well as privileges'
+
+  ensurable
+
+  newparam(:name, :namevar=>true) do
+    desc "The name of the user. This uses the 'username@hostname' or username@hostname."
+    validate do |value|
+      Puppet.warning("database has been deprecated in favor of mysql_user.")
+      # https://dev.mysql.com/doc/refman/5.1/en/account-names.html
+      # Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
+      raise(ArgumentError, "Invalid database user #{value}") unless value =~ /[\w-]*@[\w%\.:]+/
+      username = value.split('@')[0]
+      if username.size > 16
+        raise ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters'
+      end
+    end
+  end
+
+  newproperty(:password_hash) do
+    desc 'The password hash of the user. Use mysql_password() for creating such a hash.'
+    newvalue(/\w+/)
+  end
+
+  newproperty(:max_user_connections) do
+    desc "Max concurrent connections for the user. 0 means no (or global) limit."
+    newvalue(/\d+/)
+  end
+
+end

data/modules/mysql/lib/puppet/type/mysql_database.rb

@@ -0,0 +1,22 @@
+Puppet::Type.newtype(:mysql_database) do
+  @doc = 'Manage MySQL databases.'
+
+  ensurable
+
+  newparam(:name, :namevar => true) do
+    desc 'The name of the MySQL database to manage.'
+  end
+
+  newproperty(:charset) do
+    desc 'The CHARACTER SET setting for the database'
+    defaultto :utf8
+    newvalue(/^\S+$/)
+  end
+
+  newproperty(:collate) do
+    desc 'The COLLATE setting for the database'
+    defaultto :utf8_general_ci
+    newvalue(/^\S+$/)
+  end
+
+end

data/modules/mysql/lib/puppet/type/mysql_grant.rb

@@ -0,0 +1,72 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:mysql_grant) do
+  @doc = "Manage a MySQL user's rights."
+  ensurable
+
+  autorequire(:file) { '/root/.my.cnf' }
+
+  def initialize(*args)
+    super
+    # Forcibly munge any privilege with 'ALL' in the array to exist of just
+    # 'ALL'.  This can't be done in the munge in the property as that iterates
+    # over the array and there's no way to replace the entire array before it's
+    # returned to the provider.
+    if self[:ensure] == :present and Array(self[:privileges]).count > 1 and self[:privileges].to_s.include?('ALL')
+      self[:privileges] = 'ALL'
+    end
+    # Sort the privileges array in order to ensure the comparision in the provider
+    # self.instances method match.  Otherwise this causes it to keep resetting the
+    # privileges.
+    self[:privileges] = Array(self[:privileges]).sort!
+  end
+
+  validate do
+    fail('privileges parameter is required.') if self[:ensure] == :present and self[:privileges].nil?
+    fail('table parameter is required.') if self[:ensure] == :present and self[:table].nil?
+    fail('user parameter is required.') if self[:ensure] == :present and self[:user].nil?
+  end
+
+  newparam(:name, :namevar => true) do
+    desc 'Name to describe the grant.'
+
+    munge do |value|
+      value.delete("'")
+    end
+  end
+
+  newproperty(:privileges, :array_matching => :all) do
+    desc 'Privileges for user'
+
+    munge do |value|
+      value.upcase
+    end
+  end
+
+  newproperty(:table) do
+    desc 'Table to apply privileges to.'
+
+    munge do |value|
+      value.delete("`")
+    end
+
+    newvalues(/.*\..*/)
+  end
+
+  newproperty(:user) do
+    desc 'User to operate on.'
+    validate do |value|
+      # https://dev.mysql.com/doc/refman/5.1/en/account-names.html
+      # Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
+      raise(ArgumentError, "Invalid user #{value}") unless value =~ /[\w-]*@[\w%\.:]+/
+      username = value.split('@')[0]
+      if username.size > 16
+        raise ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters'
+      end
+    end
+  end
+
+  newproperty(:options, :array_matching => :all) do
+    desc 'Options to grant.'
+  end
+
+end

data/modules/mysql/lib/puppet/type/mysql_user.rb

@@ -0,0 +1,45 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:mysql_user) do
+  @doc = 'Manage a MySQL user. This includes management of users password as well as privileges.'
+
+  ensurable
+
+  newparam(:name, :namevar => true) do
+    desc "The name of the user. This uses the 'username@hostname' or username@hostname."
+    validate do |value|
+      # https://dev.mysql.com/doc/refman/5.1/en/account-names.html
+      # Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
+      raise(ArgumentError, "Invalid database user #{value}") unless value =~ /[\w-]*@[\w%\.:]+/
+      username = value.split('@')[0]
+      if username.size > 16
+        raise ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters'
+      end
+    end
+  end
+
+  newproperty(:password_hash) do
+    desc 'The password hash of the user. Use mysql_password() for creating such a hash.'
+    newvalue(/\w+/)
+  end
+
+  newproperty(:max_user_connections) do
+    desc "Max concurrent connections for the user. 0 means no (or global) limit."
+    newvalue(/\d+/)
+  end
+
+  newproperty(:max_connections_per_hour) do
+    desc "Max connections per hour for the user. 0 means no (or global) limit."
+    newvalue(/\d+/)
+  end
+
+  newproperty(:max_queries_per_hour) do
+    desc "Max queries per hour for the user. 0 means no (or global) limit."
+    newvalue(/\d+/)
+  end
+
+  newproperty(:max_updates_per_hour) do
+    desc "Max updates per hour for the user. 0 means no (or global) limit."
+    newvalue(/\d+/)
+  end
+
+end

data/modules/mysql/manifests/backup.pp

@@ -0,0 +1,31 @@
+# Deprecated class
+class mysql::backup (
+  $backupuser,
+  $backuppassword,
+  $backupdir,
+  $backupcompress = true,
+  $backuprotate = 30,
+  $delete_before_dump = false,
+  $backupdatabases = [],
+  $file_per_database = false,
+  $ensure = 'present',
+  $time = ['23', '5'],
+) {
+
+  crit("This class has been deprecated and callers should directly call
+  mysql::server::backup now.")
+
+  class { 'mysql::server::backup':
+    ensure             => $ensure,
+    backupuser         => $backupuser,
+    backuppassword     => $backuppassword,
+    backupdir          => $backupdir,
+    backupcompress     => $backupcompress,
+    backuprotate       => $backuprotate,
+    delete_before_dump => $delete_before_dump,
+    backupdatabases    => $backupdatabases,
+    file_per_database  => $file_per_database,
+    time               => $time,
+  }
+
+}

data/modules/mysql/manifests/bindings/java.pp

@@ -0,0 +1,10 @@
+# Private class
+class mysql::bindings::java {
+
+  package { 'mysql-connector-java':
+    ensure   => $mysql::bindings::java_package_ensure,
+    name     => $mysql::bindings::java_package_name,
+    provider => $mysql::bindings::java_package_provider,
+  }
+
+}

data/modules/mysql/manifests/bindings/perl.pp

@@ -0,0 +1,10 @@
+# Private class
+class mysql::bindings::perl {
+
+  package{ 'perl_mysql':
+    ensure   => $mysql::bindings::perl_package_ensure,
+    name     => $mysql::bindings::perl_package_name,
+    provider => $mysql::bindings::perl_package_provider,
+  }
+
+}

data/modules/mysql/manifests/bindings/php.pp

@@ -0,0 +1,10 @@
+# Private class: See README.md
+class mysql::bindings::php {
+
+  package { 'php-mysql':
+    ensure   => $mysql::bindings::php_package_ensure,
+    name     => $mysql::bindings::php_package_name,
+    provider => $mysql::bindings::php_package_provider,
+  }
+
+}

data/modules/mysql/manifests/bindings/python.pp

@@ -0,0 +1,10 @@
+# Private class
+class mysql::bindings::python {
+
+  package { 'python-mysqldb':
+    ensure   => $mysql::bindings::python_package_ensure,
+    name     => $mysql::bindings::python_package_name,
+    provider => $mysql::bindings::python_package_provider,
+  }
+
+}

data/modules/mysql/manifests/bindings/ruby.pp

@@ -0,0 +1,10 @@
+# Private class
+class mysql::bindings::ruby {
+
+  package{ 'ruby_mysql':
+    ensure   => $mysql::bindings::ruby_package_ensure,
+    name     => $mysql::bindings::ruby_package_name,
+    provider => $mysql::bindings::ruby_package_provider,
+  }
+
+}

data/modules/mysql/manifests/bindings.pp

@@ -0,0 +1,33 @@
+# See README.md.
+class mysql::bindings (
+  # Boolean to determine if we should include the classes.
+  $java_enable   = false,
+  $perl_enable   = false,
+  $php_enable    = false,
+  $python_enable = false,
+  $ruby_enable   = false,
+  # Settings for the various classes.
+  $java_package_ensure     = $mysql::params::java_package_ensure,
+  $java_package_name       = $mysql::params::java_package_name,
+  $java_package_provider   = $mysql::params::java_package_provider,
+  $perl_package_ensure     = $mysql::params::perl_package_ensure,
+  $perl_package_name       = $mysql::params::perl_package_name,
+  $perl_package_provider   = $mysql::params::perl_package_provider,
+  $php_package_ensure      = $mysql::params::php_package_ensure,
+  $php_package_name        = $mysql::params::php_package_name,
+  $php_package_provider    = $mysql::params::php_package_provider,
+  $python_package_ensure   = $mysql::params::python_package_ensure,
+  $python_package_name     = $mysql::params::python_package_name,
+  $python_package_provider = $mysql::params::python_package_provider,
+  $ruby_package_ensure     = $mysql::params::ruby_package_ensure,
+  $ruby_package_name       = $mysql::params::ruby_package_name,
+  $ruby_package_provider   = $mysql::params::ruby_package_provider
+) inherits mysql::params {
+
+  if $java_enable   { include '::mysql::bindings::java' }
+  if $perl_enable   { include '::mysql::bindings::perl' }
+  if $php_enable    { include '::mysql::bindings::php' }
+  if $python_enable { include '::mysql::bindings::python' }
+  if $ruby_enable   { include '::mysql::bindings::ruby' }
+
+}

data/modules/mysql/manifests/client/install.pp

@@ -0,0 +1,8 @@
+class mysql::client::install {
+
+  package { 'mysql_client':
+    ensure => $mysql::client::package_ensure,
+    name   => $mysql::client::package_name,
+  }
+
+}

data/modules/mysql/manifests/client.pp

@@ -0,0 +1,27 @@
+#
+class mysql::client (
+  $bindings_enable = $mysql::params::bindings_enable,
+  $package_ensure  = $mysql::params::client_package_ensure,
+  $package_name    = $mysql::params::client_package_name,
+) inherits mysql::params {
+
+  include '::mysql::client::install'
+
+  if $bindings_enable {
+    class { 'mysql::bindings':
+      java_enable   => true,
+      perl_enable   => true,
+      php_enable    => true,
+      python_enable => true,
+      ruby_enable   => true,
+    }
+  }
+
+
+  # Anchor pattern workaround to avoid resources of mysql::client::install to
+  # "float off" outside mysql::client
+  anchor { 'mysql::client::start': } ->
+    Class['mysql::client::install'] ->
+  anchor { 'mysql::client::end': }
+
+}

data/modules/mysql/manifests/db.pp

@@ -0,0 +1,59 @@
+# See README.md for details.
+define mysql::db (
+  $user,
+  $password,
+  $charset     = 'utf8',
+  $collate     = 'utf8_general_ci',
+  $host        = 'localhost',
+  $grant       = 'ALL',
+  $sql         = '',
+  $enforce_sql = false,
+  $ensure      = 'present'
+) {
+  #input validation
+  validate_re($ensure, '^(present|absent)$',
+  "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
+  $table = "${name}.*"
+
+  include '::mysql::client'
+
+  mysql_database { $name:
+    ensure   => $ensure,
+    charset  => $charset,
+    collate  => $collate,
+    provider => 'mysql',
+    require  => [ Class['mysql::server'], Class['mysql::client'] ],
+    before   => Mysql_user["${user}@${host}"],
+  }
+
+  $user_resource = {
+    ensure        => $ensure,
+    password_hash => mysql_password($password),
+    provider      => 'mysql',
+    require       => Class['mysql::server'],
+  }
+  ensure_resource('mysql_user', "${user}@${host}", $user_resource)
+
+  if $ensure == 'present' {
+    mysql_grant { "${user}@${host}/${table}":
+      privileges => $grant,
+      provider   => 'mysql',
+      user       => "${user}@${host}",
+      table      => $table,
+      require    => [ Mysql_user["${user}@${host}"], Class['mysql::server'] ],
+    }
+
+    $refresh = ! $enforce_sql
+
+    if $sql {
+      exec{ "${name}-import":
+        command     => "/usr/bin/mysql ${name} < ${sql}",
+        logoutput   => true,
+        environment => "HOME=${::root_home}",
+        refreshonly => $refresh,
+        require     => Mysql_grant["${user}@${host}/${table}"],
+        subscribe   => Mysql_database[$name],
+      }
+    }
+  }
+}