safeguard-devise 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (185) hide show
  1. checksums.yaml +15 -0
  2. data/.vagrant/machines/default/virtualbox/action_provision +1 -0
  3. data/.vagrant/machines/default/virtualbox/action_set_name +1 -0
  4. data/.vagrant/machines/default/virtualbox/id +1 -0
  5. data/Gemfile +25 -0
  6. data/Gemfile.lock +186 -0
  7. data/Rakefile +51 -0
  8. data/VERSION +1 -0
  9. data/Vagrantfile +128 -0
  10. data/app/controllers/devise/devise_safeguard_controller.rb +56 -0
  11. data/app/views/devise/verify_safeguard.html.erb +9 -0
  12. data/app/views/devise/verify_safeguard.html.haml +7 -0
  13. data/config/locales/pt-BR.yml +5 -0
  14. data/lib/devise-safeguard/controllers/helpers.rb +54 -0
  15. data/lib/devise-safeguard/hooks/safeguard_authenticatable.rb +7 -0
  16. data/lib/devise-safeguard/models/safeguard_authenticatable.rb +18 -0
  17. data/lib/devise-safeguard/rails.rb +7 -0
  18. data/lib/devise-safeguard/routes.rb +17 -0
  19. data/lib/generators/active_record/devise_safeguard_generator.rb +13 -0
  20. data/lib/generators/active_record/templates/migration.rb +15 -0
  21. data/lib/generators/devise_safeguard/devise_safeguard_generator.rb +30 -0
  22. data/lib/generators/devise_safeguard/install_generator.rb +44 -0
  23. data/lib/safeguard-devise.rb +24 -0
  24. data/puppet/manifests/default.pp +66 -0
  25. data/puppet/modules/elasticsearch/CHANGELOG +62 -0
  26. data/puppet/modules/elasticsearch/CONTRIBUTORS +20 -0
  27. data/puppet/modules/elasticsearch/LICENSE +13 -0
  28. data/puppet/modules/elasticsearch/Modulefile +9 -0
  29. data/puppet/modules/elasticsearch/README.md +147 -0
  30. data/puppet/modules/elasticsearch/Rakefile +5 -0
  31. data/puppet/modules/elasticsearch/manifests/config.pp +64 -0
  32. data/puppet/modules/elasticsearch/manifests/init.pp +208 -0
  33. data/puppet/modules/elasticsearch/manifests/java.pp +50 -0
  34. data/puppet/modules/elasticsearch/manifests/package.pp +84 -0
  35. data/puppet/modules/elasticsearch/manifests/params.pp +103 -0
  36. data/puppet/modules/elasticsearch/manifests/plugin.pp +97 -0
  37. data/puppet/modules/elasticsearch/manifests/python.pp +34 -0
  38. data/puppet/modules/elasticsearch/manifests/service.pp +114 -0
  39. data/puppet/modules/elasticsearch/manifests/template.pp +118 -0
  40. data/puppet/modules/elasticsearch/metadata.json +41 -0
  41. data/puppet/modules/elasticsearch/spec/classes/elasticsearch_init_spec.rb +596 -0
  42. data/puppet/modules/elasticsearch/spec/defines/template_spec.rb +66 -0
  43. data/puppet/modules/elasticsearch/spec/spec_helper.rb +2 -0
  44. data/puppet/modules/elasticsearch/templates/etc/default/elasticsearch.erb +5 -0
  45. data/puppet/modules/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb +93 -0
  46. data/puppet/modules/memcached/.gitignore +2 -0
  47. data/puppet/modules/memcached/Modulefile +8 -0
  48. data/puppet/modules/memcached/README.md +29 -0
  49. data/puppet/modules/memcached/manifests/init.pp +33 -0
  50. data/puppet/modules/memcached/manifests/params.pp +21 -0
  51. data/puppet/modules/memcached/templates/memcached.conf.erb +46 -0
  52. data/puppet/modules/memcached/templates/memcached_sysconfig.erb +5 -0
  53. data/puppet/modules/mysql/.fixtures.yml +3 -0
  54. data/puppet/modules/mysql/.gemfile +5 -0
  55. data/puppet/modules/mysql/LICENSE +201 -0
  56. data/puppet/modules/mysql/Modulefile +8 -0
  57. data/puppet/modules/mysql/README.md +124 -0
  58. data/puppet/modules/mysql/files/mysqltuner.pl +966 -0
  59. data/puppet/modules/mysql/lib/puppet/parser/functions/mysql_password.rb +15 -0
  60. data/puppet/modules/mysql/lib/puppet/provider/database/mysql.rb +42 -0
  61. data/puppet/modules/mysql/lib/puppet/provider/database_grant/mysql.rb +177 -0
  62. data/puppet/modules/mysql/lib/puppet/provider/database_user/mysql.rb +42 -0
  63. data/puppet/modules/mysql/lib/puppet/type/database.rb +17 -0
  64. data/puppet/modules/mysql/lib/puppet/type/database_grant.rb +75 -0
  65. data/puppet/modules/mysql/lib/puppet/type/database_user.rb +25 -0
  66. data/puppet/modules/mysql/manifests/backup.pp +68 -0
  67. data/puppet/modules/mysql/manifests/config.pp +122 -0
  68. data/puppet/modules/mysql/manifests/db.pp +77 -0
  69. data/puppet/modules/mysql/manifests/init.pp +24 -0
  70. data/puppet/modules/mysql/manifests/java.pp +24 -0
  71. data/puppet/modules/mysql/manifests/params.pp +91 -0
  72. data/puppet/modules/mysql/manifests/python.pp +26 -0
  73. data/puppet/modules/mysql/manifests/ruby.pp +28 -0
  74. data/puppet/modules/mysql/manifests/server/account_security.pp +13 -0
  75. data/puppet/modules/mysql/manifests/server/monitor.pp +19 -0
  76. data/puppet/modules/mysql/manifests/server/mysqltuner.pp +22 -0
  77. data/puppet/modules/mysql/manifests/server.pp +52 -0
  78. data/puppet/modules/mysql/templates/my.cnf.erb +42 -0
  79. data/puppet/modules/mysql/templates/my.cnf.pass.erb +6 -0
  80. data/puppet/modules/mysql/templates/mysqlbackup.sh.erb +23 -0
  81. data/puppet/modules/postgresql/GPL-3 +674 -0
  82. data/puppet/modules/postgresql/Modulefile +13 -0
  83. data/puppet/modules/postgresql/README.md +156 -0
  84. data/puppet/modules/postgresql/lib/puppet/provider/pg_database/debian_postgresql.rb +30 -0
  85. data/puppet/modules/postgresql/lib/puppet/provider/pg_database/default.rb +17 -0
  86. data/puppet/modules/postgresql/lib/puppet/provider/pg_user/debian_postgresql.rb +63 -0
  87. data/puppet/modules/postgresql/lib/puppet/provider/pg_user/default.rb +17 -0
  88. data/puppet/modules/postgresql/lib/puppet/type/pg_database.rb +29 -0
  89. data/puppet/modules/postgresql/lib/puppet/type/pg_user.rb +45 -0
  90. data/puppet/modules/postgresql/manifests/db.pp +20 -0
  91. data/puppet/modules/postgresql/manifests/init.pp +12 -0
  92. data/puppet/modules/postgresql/manifests/params.pp +15 -0
  93. data/puppet/modules/postgresql/manifests/server.pp +47 -0
  94. data/puppet/modules/postgresql/templates/pg_hba.conf.erb +105 -0
  95. data/puppet/modules/postgresql/templates/postgresql.conf.erb +559 -0
  96. data/puppet/modules/redis/CHANGELOG +41 -0
  97. data/puppet/modules/redis/Gemfile +7 -0
  98. data/puppet/modules/redis/Gemfile.lock +18 -0
  99. data/puppet/modules/redis/Modulefile +10 -0
  100. data/puppet/modules/redis/README.md +34 -0
  101. data/puppet/modules/redis/Rakefile +6 -0
  102. data/puppet/modules/redis/manifests/init.pp +153 -0
  103. data/puppet/modules/redis/manifests/params.pp +39 -0
  104. data/puppet/modules/redis/metadata.json +31 -0
  105. data/puppet/modules/redis/spec/spec_helper.rb +17 -0
  106. data/puppet/modules/redis/templates/redis.debian.conf.erb +217 -0
  107. data/puppet/modules/redis/templates/redis.logrotate.erb +9 -0
  108. data/puppet/modules/redis/templates/redis.rhel.conf.erb +547 -0
  109. data/puppet/modules/redis/tests/init.pp +8 -0
  110. data/puppet/upgrade-puppet.sh +16 -0
  111. data/safeguard-devise.gemspec +249 -0
  112. data/spec/controllers/safeguard_devise_controller_spec.rb +67 -0
  113. data/spec/devise/safeguard_authenticatable_spec.rb +71 -0
  114. data/spec/orm/active_record.rb +4 -0
  115. data/spec/routing/routes_spec.rb +13 -0
  116. data/spec/safeguard-devise-test-app/.gitignore +16 -0
  117. data/spec/safeguard-devise-test-app/Gemfile +14 -0
  118. data/spec/safeguard-devise-test-app/Gemfile.lock +119 -0
  119. data/spec/safeguard-devise-test-app/README.rdoc +28 -0
  120. data/spec/safeguard-devise-test-app/Rakefile +6 -0
  121. data/spec/safeguard-devise-test-app/app/assets/images/.keep +0 -0
  122. data/spec/safeguard-devise-test-app/app/assets/javascripts/application.js +13 -0
  123. data/spec/safeguard-devise-test-app/app/assets/stylesheets/application.css +13 -0
  124. data/spec/safeguard-devise-test-app/app/controllers/application_controller.rb +5 -0
  125. data/spec/safeguard-devise-test-app/app/controllers/concerns/.keep +0 -0
  126. data/spec/safeguard-devise-test-app/app/controllers/home_controller.rb +6 -0
  127. data/spec/safeguard-devise-test-app/app/helpers/application_helper.rb +2 -0
  128. data/spec/safeguard-devise-test-app/app/mailers/.keep +0 -0
  129. data/spec/safeguard-devise-test-app/app/models/.keep +0 -0
  130. data/spec/safeguard-devise-test-app/app/models/concerns/.keep +0 -0
  131. data/spec/safeguard-devise-test-app/app/models/user.rb +6 -0
  132. data/spec/safeguard-devise-test-app/app/views/devise/devise_safeguard/verify_safeguard.html.erb +9 -0
  133. data/spec/safeguard-devise-test-app/app/views/devise/devise_safeguard/verify_safeguard.html.haml +6 -0
  134. data/spec/safeguard-devise-test-app/app/views/home/index.html.erb +1 -0
  135. data/spec/safeguard-devise-test-app/app/views/layouts/application.html.erb +14 -0
  136. data/spec/safeguard-devise-test-app/bin/bundle +3 -0
  137. data/spec/safeguard-devise-test-app/bin/rails +4 -0
  138. data/spec/safeguard-devise-test-app/bin/rake +4 -0
  139. data/spec/safeguard-devise-test-app/config/application.rb +31 -0
  140. data/spec/safeguard-devise-test-app/config/boot.rb +4 -0
  141. data/spec/safeguard-devise-test-app/config/database.yml +25 -0
  142. data/spec/safeguard-devise-test-app/config/environment.rb +5 -0
  143. data/spec/safeguard-devise-test-app/config/environments/development.rb +29 -0
  144. data/spec/safeguard-devise-test-app/config/environments/production.rb +80 -0
  145. data/spec/safeguard-devise-test-app/config/environments/test.rb +36 -0
  146. data/spec/safeguard-devise-test-app/config/initializers/backtrace_silencers.rb +7 -0
  147. data/spec/safeguard-devise-test-app/config/initializers/devise.rb +259 -0
  148. data/spec/safeguard-devise-test-app/config/initializers/filter_parameter_logging.rb +4 -0
  149. data/spec/safeguard-devise-test-app/config/initializers/inflections.rb +16 -0
  150. data/spec/safeguard-devise-test-app/config/initializers/mime_types.rb +5 -0
  151. data/spec/safeguard-devise-test-app/config/initializers/secret_token.rb +12 -0
  152. data/spec/safeguard-devise-test-app/config/initializers/session_store.rb +3 -0
  153. data/spec/safeguard-devise-test-app/config/initializers/wrap_parameters.rb +14 -0
  154. data/spec/safeguard-devise-test-app/config/locales/devise.en.yml +59 -0
  155. data/spec/safeguard-devise-test-app/config/locales/devise.safeguard.pt-BR.yml +5 -0
  156. data/spec/safeguard-devise-test-app/config/locales/en.yml +23 -0
  157. data/spec/safeguard-devise-test-app/config/routes.rb +59 -0
  158. data/spec/safeguard-devise-test-app/config.ru +4 -0
  159. data/spec/safeguard-devise-test-app/db/migrate/20140220191103_create_users.rb +9 -0
  160. data/spec/safeguard-devise-test-app/db/migrate/20140220191247_add_devise_to_users.rb +49 -0
  161. data/spec/safeguard-devise-test-app/db/migrate/20140220191522_devise_safeguard_add_to_users.rb +15 -0
  162. data/spec/safeguard-devise-test-app/db/schema.rb +37 -0
  163. data/spec/safeguard-devise-test-app/db/seeds.rb +7 -0
  164. data/spec/safeguard-devise-test-app/lib/assets/.keep +0 -0
  165. data/spec/safeguard-devise-test-app/lib/tasks/.keep +0 -0
  166. data/spec/safeguard-devise-test-app/log/.keep +0 -0
  167. data/spec/safeguard-devise-test-app/public/404.html +58 -0
  168. data/spec/safeguard-devise-test-app/public/422.html +58 -0
  169. data/spec/safeguard-devise-test-app/public/500.html +57 -0
  170. data/spec/safeguard-devise-test-app/public/favicon.ico +0 -0
  171. data/spec/safeguard-devise-test-app/public/robots.txt +5 -0
  172. data/spec/safeguard-devise-test-app/test/controllers/.keep +0 -0
  173. data/spec/safeguard-devise-test-app/test/fixtures/.keep +0 -0
  174. data/spec/safeguard-devise-test-app/test/fixtures/users.yml +9 -0
  175. data/spec/safeguard-devise-test-app/test/helpers/.keep +0 -0
  176. data/spec/safeguard-devise-test-app/test/integration/.keep +0 -0
  177. data/spec/safeguard-devise-test-app/test/mailers/.keep +0 -0
  178. data/spec/safeguard-devise-test-app/test/models/.keep +0 -0
  179. data/spec/safeguard-devise-test-app/test/models/user_test.rb +7 -0
  180. data/spec/safeguard-devise-test-app/test/test_helper.rb +15 -0
  181. data/spec/safeguard-devise-test-app/vendor/assets/javascripts/.keep +0 -0
  182. data/spec/safeguard-devise-test-app/vendor/assets/stylesheets/.keep +0 -0
  183. data/spec/spec_helper.rb +31 -0
  184. data/spec/tests_helper/helpers.rb +34 -0
  185. metadata +381 -0
@@ -0,0 +1,15 @@
1
+ # hash a string as mysql's "PASSWORD()" function would do it
2
+ require 'digest/sha1'
3
+
4
+ module Puppet::Parser::Functions
5
+ newfunction(:mysql_password, :type => :rvalue, :doc => <<-EOS
6
+ Returns the mysql password hash from the clear text password.
7
+ EOS
8
+ ) do |args|
9
+
10
+ raise(Puppet::ParseError, "mysql_password(): Wrong number of arguments " +
11
+ "given (#{args.size} for 1)") if args.size != 1
12
+
13
+ '*' + Digest::SHA1.hexdigest(Digest::SHA1.digest(args[0])).upcase
14
+ end
15
+ end
@@ -0,0 +1,42 @@
1
+ Puppet::Type.type(:database).provide(:mysql) do
2
+
3
+ desc "Manages MySQL database."
4
+
5
+ defaultfor :kernel => 'Linux'
6
+
7
+ optional_commands :mysql => 'mysql'
8
+ optional_commands :mysqladmin => 'mysqladmin'
9
+
10
+ def self.instances
11
+ mysql('-NBe', "show databases").split("\n").collect do |name|
12
+ new(:name => name)
13
+ end
14
+ end
15
+
16
+ def create
17
+ mysql('-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}")
18
+ end
19
+
20
+ def destroy
21
+ mysqladmin('-f', 'drop', @resource[:name])
22
+ end
23
+
24
+ def charset
25
+ mysql('-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1]
26
+ end
27
+
28
+ def charset=(value)
29
+ mysql('-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}")
30
+ end
31
+
32
+ def exists?
33
+ begin
34
+ mysql('-NBe', "show databases").match(/^#{@resource[:name]}$/)
35
+ rescue => e
36
+ debug(e.message)
37
+ return nil
38
+ end
39
+ end
40
+
41
+ end
42
+
@@ -0,0 +1,177 @@
1
+ # A grant is either global or per-db. This can be distinguished by the syntax
2
+ # of the name:
3
+ # user@host => global
4
+ # user@host/db => per-db
5
+
6
+ Puppet::Type.type(:database_grant).provide(:mysql) do
7
+
8
+ desc "Uses mysql as database."
9
+
10
+ defaultfor :kernel => 'Linux'
11
+
12
+ optional_commands :mysql => 'mysql'
13
+ optional_commands :mysqladmin => 'mysqladmin'
14
+
15
+ def self.prefetch(resources)
16
+ @user_privs = query_user_privs
17
+ @db_privs = query_db_privs
18
+ end
19
+
20
+ def self.user_privs
21
+ @user_privs || query_user_privs
22
+ end
23
+
24
+ def self.db_privs
25
+ @db_privs || query_db_privs
26
+ end
27
+
28
+ def user_privs
29
+ self.class.user_privs
30
+ end
31
+
32
+ def db_privs
33
+ self.class.db_privs
34
+ end
35
+
36
+ def self.query_user_privs
37
+ results = mysql("mysql", "-Be", "describe user")
38
+ column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
39
+ @user_privs = column_names.delete_if { |e| !( e =~/_priv$/) }
40
+ end
41
+
42
+ def self.query_db_privs
43
+ results = mysql("mysql", "-Be", "describe db")
44
+ column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
45
+ @db_privs = column_names.delete_if { |e| !(e =~/_priv$/) }
46
+ end
47
+
48
+ def mysql_flush
49
+ mysqladmin "flush-privileges"
50
+ end
51
+
52
+ # this parses the
53
+ def split_name(string)
54
+ matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact
55
+ case matches.length
56
+ when 2
57
+ {
58
+ :type => :user,
59
+ :user => matches[0],
60
+ :host => matches[1]
61
+ }
62
+ when 4
63
+ {
64
+ :type => :db,
65
+ :user => matches[0],
66
+ :host => matches[1],
67
+ :db => matches[3]
68
+ }
69
+ end
70
+ end
71
+
72
+ def create_row
73
+ unless @resource.should(:privileges).empty?
74
+ name = split_name(@resource[:name])
75
+ case name[:type]
76
+ when :user
77
+ mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
78
+ name[:host], name[:user],
79
+ ]
80
+ when :db
81
+ mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
82
+ name[:host], name[:user], name[:db],
83
+ ]
84
+ end
85
+ mysql_flush
86
+ end
87
+ end
88
+
89
+ def destroy
90
+ mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
91
+ end
92
+
93
+ def row_exists?
94
+ name = split_name(@resource[:name])
95
+ fields = [:user, :host]
96
+ if name[:type] == :db
97
+ fields << :db
98
+ end
99
+ not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
100
+ end
101
+
102
+ def all_privs_set?
103
+ all_privs = case split_name(@resource[:name])[:type]
104
+ when :user
105
+ user_privs
106
+ when :db
107
+ db_privs
108
+ end
109
+ all_privs = all_privs.collect do |p| p.downcase end.sort.join("|")
110
+ privs = privileges.collect do |p| p.downcase end.sort.join("|")
111
+
112
+ all_privs == privs
113
+ end
114
+
115
+ def privileges
116
+ name = split_name(@resource[:name])
117
+ privs = ""
118
+
119
+ case name[:type]
120
+ when :user
121
+ privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
122
+ when :db
123
+ privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
124
+ end
125
+
126
+ if privs.match(/^$/)
127
+ privs = [] # no result, no privs
128
+ else
129
+ # returns a line with field names and a line with values, each tab-separated
130
+ privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end
131
+ # transpose the lines, so we have key/value pairs
132
+ privs = privs[0].zip(privs[1])
133
+ privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end
134
+ end
135
+
136
+ privs.collect do |p| p[0] end
137
+ end
138
+
139
+ def privileges=(privs)
140
+ unless row_exists?
141
+ create_row
142
+ end
143
+
144
+ # puts "Setting privs: ", privs.join(", ")
145
+ name = split_name(@resource[:name])
146
+ stmt = ''
147
+ where = ''
148
+ all_privs = []
149
+ case name[:type]
150
+ when :user
151
+ stmt = 'update user set '
152
+ where = ' where user="%s" and host="%s"' % [ name[:user], name[:host] ]
153
+ all_privs = user_privs
154
+ when :db
155
+ stmt = 'update db set '
156
+ where = ' where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
157
+ all_privs = db_privs
158
+ end
159
+
160
+ if privs[0].downcase == 'all'
161
+ privs = all_privs
162
+ end
163
+
164
+ # Downcase the requested priviliges for case-insensitive selection
165
+ # we don't map! here because the all_privs object has to remain in
166
+ # the same case the DB gave it to us in
167
+ privs = privs.map { |p| p.downcase }
168
+
169
+ # puts "stmt:", stmt
170
+ set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p.downcase) ? 'Y' : 'N'] end.join(', ')
171
+ # puts "set:", set
172
+ stmt = stmt << set << where
173
+
174
+ mysql "mysql", "-Be", stmt
175
+ mysql_flush
176
+ end
177
+ end
@@ -0,0 +1,42 @@
1
+ Puppet::Type.type(:database_user).provide(:mysql) do
2
+
3
+ desc "manage users for a mysql database."
4
+
5
+ defaultfor :kernel => 'Linux'
6
+
7
+ optional_commands :mysql => 'mysql'
8
+ optional_commands :mysqladmin => 'mysqladmin'
9
+
10
+ def self.instances
11
+ users = mysql("mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n")
12
+ users.select{ |user| user =~ /.+@/ }.collect do |name|
13
+ new(:name => name)
14
+ end
15
+ end
16
+
17
+ def create
18
+ mysql("mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ])
19
+ end
20
+
21
+ def destroy
22
+ mysql("mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") )
23
+ end
24
+
25
+ def password_hash
26
+ mysql("mysql", "-NBe", "select password from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp
27
+ end
28
+
29
+ def password_hash=(string)
30
+ mysql("mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] )
31
+ end
32
+
33
+ def exists?
34
+ not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty?
35
+ end
36
+
37
+ def flush
38
+ @property_hash.clear
39
+ mysqladmin "flush-privileges"
40
+ end
41
+
42
+ end
@@ -0,0 +1,17 @@
1
+ # This has to be a separate type to enable collecting
2
+ Puppet::Type.newtype(:database) do
3
+ @doc = "Manage databases."
4
+
5
+ ensurable
6
+
7
+ newparam(:name, :namevar=>true) do
8
+ desc "The name of the database."
9
+ end
10
+
11
+ newproperty(:charset) do
12
+ desc "The characterset to use for a database"
13
+ defaultto :utf8
14
+ newvalue(/^\S+$/)
15
+ end
16
+
17
+ end
@@ -0,0 +1,75 @@
1
+ # This has to be a separate type to enable collecting
2
+ Puppet::Type.newtype(:database_grant) do
3
+ @doc = "Manage a database user's rights."
4
+ #ensurable
5
+
6
+ autorequire :database do
7
+ # puts "Starting db autoreq for %s" % self[:name]
8
+ reqs = []
9
+ matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/)
10
+ unless matches.nil?
11
+ reqs << matches[3]
12
+ end
13
+ # puts "Autoreq: '%s'" % reqs.join(" ")
14
+ reqs
15
+ end
16
+
17
+ autorequire :database_user do
18
+ # puts "Starting user autoreq for %s" % self[:name]
19
+ reqs = []
20
+ matches = self[:name].match(/^([^@]+)@([^\/]+).*$/)
21
+ unless matches.nil?
22
+ reqs << "%s@%s" % [ matches[1], matches[2] ]
23
+ end
24
+ # puts "Autoreq: '%s'" % reqs.join(" ")
25
+ reqs
26
+ end
27
+
28
+ newparam(:name, :namevar=>true) do
29
+ desc "The primary key: either user@host for global privilges or user@host/database for database specific privileges"
30
+ end
31
+
32
+ newproperty(:privileges, :array_matching => :all) do
33
+ desc "The privileges the user should have. The possible values are implementation dependent."
34
+
35
+ def should_to_s(newvalue = @should)
36
+ if newvalue
37
+ unless newvalue.is_a?(Array)
38
+ newvalue = [ newvalue ]
39
+ end
40
+ newvalue.collect do |v| v.downcase end.sort.join ", "
41
+ else
42
+ nil
43
+ end
44
+ end
45
+
46
+ def is_to_s(currentvalue = @is)
47
+ if currentvalue
48
+ unless currentvalue.is_a?(Array)
49
+ currentvalue = [ currentvalue ]
50
+ end
51
+ currentvalue.collect do |v| v.downcase end.sort.join ", "
52
+ else
53
+ nil
54
+ end
55
+ end
56
+
57
+ # use the sorted outputs for comparison
58
+ def insync?(is)
59
+ if defined? @should and @should
60
+ case self.should_to_s
61
+ when "all"
62
+ self.provider.all_privs_set?
63
+ when self.is_to_s(is)
64
+ true
65
+ else
66
+ false
67
+ end
68
+ else
69
+ true
70
+ end
71
+ end
72
+ end
73
+
74
+ end
75
+
@@ -0,0 +1,25 @@
1
+ # This has to be a separate type to enable collecting
2
+ Puppet::Type.newtype(:database_user) do
3
+ @doc = "Manage a database user. This includes management of users password as well as priveleges"
4
+
5
+ ensurable
6
+
7
+ newparam(:name, :namevar=>true) do
8
+ desc "The name of the user. This uses the 'username@hostname' or username@hostname."
9
+ validate do |value|
10
+ # https://dev.mysql.com/doc/refman/5.1/en/account-names.html
11
+ # Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
12
+ raise(ArgumentError, "Invalid database user #{value}") unless value =~ /[\w-]*@[\w%\.]+/
13
+ username = value.split('@')[0]
14
+ if username.size > 16
15
+ raise ArgumentError, "MySQL usernames are limited to a maximum of 16 characters"
16
+ end
17
+ end
18
+ end
19
+
20
+ newproperty(:password_hash) do
21
+ desc "The password hash of the user. Use mysql_password() for creating such a hash."
22
+ newvalue(/\w+/)
23
+ end
24
+
25
+ end
@@ -0,0 +1,68 @@
1
+ # Class: mysql::backup
2
+ #
3
+ # This module handles ...
4
+ #
5
+ # Parameters:
6
+ # [*backupuser*] - The name of the mysql backup user.
7
+ # [*backuppassword*] - The password of the mysql backup user.
8
+ # [*backupdir*] - The target directory of the mysqldump.
9
+ #
10
+ # Actions:
11
+ # GRANT SELECT, RELOAD, LOCK TABLES ON *.* TO 'user'@'localhost'
12
+ # IDENTIFIED BY 'password';
13
+ #
14
+ # Requires:
15
+ # Class['mysql::config']
16
+ #
17
+ # Sample Usage:
18
+ # class { 'mysql::backup':
19
+ # backupuser => 'myuser',
20
+ # backuppassword => 'mypassword',
21
+ # backupdir => '/tmp/backups',
22
+ # }
23
+ #
24
+ class mysql::backup (
25
+ $backupuser,
26
+ $backuppassword,
27
+ $backupdir,
28
+ $ensure = 'present'
29
+ ) {
30
+
31
+ database_user { "${backupuser}@localhost":
32
+ ensure => $ensure,
33
+ password_hash => mysql_password($backuppassword),
34
+ provider => 'mysql',
35
+ require => Class['mysql::config'],
36
+ }
37
+
38
+ database_grant { "${backupuser}@localhost":
39
+ privileges => [ 'Select_priv', 'Reload_priv', 'Lock_tables_priv' ],
40
+ require => Database_user["${backupuser}@localhost"],
41
+ }
42
+
43
+ cron { 'mysql-backup':
44
+ ensure => $ensure,
45
+ command => '/usr/local/sbin/mysqlbackup.sh',
46
+ user => 'root',
47
+ hour => 23,
48
+ minute => 5,
49
+ require => File['mysqlbackup.sh'],
50
+ }
51
+
52
+ file { 'mysqlbackup.sh':
53
+ ensure => $ensure,
54
+ path => '/usr/local/sbin/mysqlbackup.sh',
55
+ mode => '0700',
56
+ owner => 'root',
57
+ group => 'root',
58
+ content => template('mysql/mysqlbackup.sh.erb'),
59
+ }
60
+
61
+ file { 'mysqlbackupdir':
62
+ ensure => 'directory',
63
+ path => $backupdir,
64
+ mode => '0700',
65
+ owner => 'root',
66
+ group => 'root',
67
+ }
68
+ }
@@ -0,0 +1,122 @@
1
+ # Class: mysql::config
2
+ #
3
+ # Parameters:
4
+ #
5
+ # [*root_password*] - root user password.
6
+ # [*old_root_password*] - previous root user password,
7
+ # [*bind_address*] - address to bind service.
8
+ # [*port*] - port to bind service.
9
+ # [*etc_root_password*] - whether to save /etc/.my.cnf.
10
+ # [*service_name*] - mysql service name.
11
+ # [*config_file*] - my.cnf configuration file path.
12
+ # [*socket*] - mysql socket.
13
+ # [*datadir*] - path to datadir.
14
+ # [*ssl] - enable ssl
15
+ # [*ssl_ca] - path to ssl-ca
16
+ # [*ssl_cert] - path to ssl-cert
17
+ # [*ssl_key] - path to ssl-key
18
+ #
19
+ # Actions:
20
+ #
21
+ # Requires:
22
+ #
23
+ # class mysql::server
24
+ #
25
+ # Usage:
26
+ #
27
+ # class { 'mysql::config':
28
+ # root_password => 'changeme',
29
+ # bind_address => $::ipaddress,
30
+ # }
31
+ #
32
+ class mysql::config(
33
+ $root_password = 'UNSET',
34
+ $old_root_password = '',
35
+ $bind_address = $mysql::params::bind_address,
36
+ $port = $mysql::params::port,
37
+ $etc_root_password = $mysql::params::etc_root_password,
38
+ $service_name = $mysql::params::service_name,
39
+ $config_file = $mysql::params::config_file,
40
+ $socket = $mysql::params::socket,
41
+ $datadir = $mysql::params::datadir,
42
+ $ssl = $mysql::params::ssl,
43
+ $ssl_ca = $mysql::params::ssl_ca,
44
+ $ssl_cert = $mysql::params::ssl_cert,
45
+ $ssl_key = $mysql::params::ssl_key,
46
+ $log_error = $mysql::params::log_error,
47
+ $default_engine = 'UNSET',
48
+ $root_group = $mysql::params::root_group
49
+ ) inherits mysql::params {
50
+
51
+ File {
52
+ owner => 'root',
53
+ group => $root_group,
54
+ mode => '0400',
55
+ notify => Exec['mysqld-restart'],
56
+ }
57
+
58
+ if $ssl and $ssl_ca == undef {
59
+ fail('The ssl_ca parameter is required when ssl is true')
60
+ }
61
+
62
+ if $ssl and $ssl_cert == undef {
63
+ fail('The ssl_cert parameter is required when ssl is true')
64
+ }
65
+
66
+ if $ssl and $ssl_key == undef {
67
+ fail('The ssl_key parameter is required when ssl is true')
68
+ }
69
+
70
+ # This kind of sucks, that I have to specify a difference resource for
71
+ # restart. the reason is that I need the service to be started before mods
72
+ # to the config file which can cause a refresh
73
+ exec { 'mysqld-restart':
74
+ command => "service ${service_name} restart",
75
+ logoutput => on_failure,
76
+ refreshonly => true,
77
+ path => '/sbin/:/usr/sbin/:/usr/bin/:/bin/',
78
+ }
79
+
80
+ # manage root password if it is set
81
+ if $root_password != 'UNSET' {
82
+ case $old_root_password {
83
+ '': { $old_pw='' }
84
+ default: { $old_pw="-p'${old_root_password}'" }
85
+ }
86
+
87
+ exec { 'set_mysql_rootpw':
88
+ command => "mysqladmin -u root ${old_pw} password '${root_password}'",
89
+ logoutput => true,
90
+ unless => "mysqladmin -u root -p'${root_password}' status > /dev/null",
91
+ path => '/usr/local/sbin:/usr/bin:/usr/local/bin',
92
+ notify => Exec['mysqld-restart'],
93
+ require => File['/etc/mysql/conf.d'],
94
+ }
95
+
96
+ file { '/root/.my.cnf':
97
+ content => template('mysql/my.cnf.pass.erb'),
98
+ require => Exec['set_mysql_rootpw'],
99
+ }
100
+
101
+ if $etc_root_password {
102
+ file{ '/etc/my.cnf':
103
+ content => template('mysql/my.cnf.pass.erb'),
104
+ require => Exec['set_mysql_rootpw'],
105
+ }
106
+ }
107
+ }
108
+
109
+ file { '/etc/mysql':
110
+ ensure => directory,
111
+ mode => '0755',
112
+ }
113
+ file { '/etc/mysql/conf.d':
114
+ ensure => directory,
115
+ mode => '0755',
116
+ }
117
+ file { $config_file:
118
+ content => template('mysql/my.cnf.erb'),
119
+ mode => '0644',
120
+ }
121
+
122
+ }
@@ -0,0 +1,77 @@
1
+ # Define: mysql::db
2
+ #
3
+ # This module creates database instances, a user, and grants that user
4
+ # privileges to the database. It can also import SQL from a file in order to,
5
+ # for example, initialize a database schema.
6
+ #
7
+ # Since it requires class mysql::server, we assume to run all commands as the
8
+ # root mysql user against the local mysql server.
9
+ #
10
+ # Parameters:
11
+ # [*title*] - mysql database name.
12
+ # [*user*] - username to create and grant access.
13
+ # [*password*] - user's password.
14
+ # [*charset*] - database charset.
15
+ # [*host*] - host for assigning privileges to user.
16
+ # [*grant*] - array of privileges to grant user.
17
+ # [*enforce_sql*] - whether to enforce or conditionally run sql on creation.
18
+ # [*sql*] - sql statement to run.
19
+ #
20
+ # Actions:
21
+ #
22
+ # Requires:
23
+ #
24
+ # class mysql::server
25
+ #
26
+ # Sample Usage:
27
+ #
28
+ # mysql::db { 'mydb':
29
+ # user => 'my_user',
30
+ # password => 'password',
31
+ # host => $::hostname,
32
+ # grant => ['all']
33
+ # }
34
+ #
35
+ define mysql::db (
36
+ $user,
37
+ $password,
38
+ $charset = 'utf8',
39
+ $host = 'localhost',
40
+ $grant = 'all',
41
+ $sql = '',
42
+ $enforce_sql = false
43
+ ) {
44
+
45
+ database { $name:
46
+ ensure => present,
47
+ charset => $charset,
48
+ provider => 'mysql',
49
+ require => Class['mysql::server'],
50
+ }
51
+
52
+ database_user { "${user}@${host}":
53
+ ensure => present,
54
+ password_hash => mysql_password($password),
55
+ provider => 'mysql',
56
+ require => Database[$name],
57
+ }
58
+
59
+ database_grant { "${user}@${host}/${name}":
60
+ privileges => $grant,
61
+ provider => 'mysql',
62
+ require => Database_user["${user}@${host}"],
63
+ }
64
+
65
+ $refresh = ! $enforce_sql
66
+
67
+ if $sql {
68
+ exec{ "${name}-import":
69
+ command => "/usr/bin/mysql ${name} < ${sql}",
70
+ logoutput => true,
71
+ refreshonly => $refresh,
72
+ require => Database_grant["${user}@${host}/${name}"],
73
+ subscribe => Database[$name],
74
+ }
75
+ }
76
+
77
+ }
@@ -0,0 +1,24 @@
1
+ # Class: mysql
2
+ #
3
+ # This class installs mysql client software.
4
+ #
5
+ # Parameters:
6
+ # [*client_package_name*] - The name of the mysql client package.
7
+ #
8
+ # Actions:
9
+ #
10
+ # Requires:
11
+ #
12
+ # Sample Usage:
13
+ #
14
+ class mysql (
15
+ $package_name = $mysql::params::client_package_name,
16
+ $package_ensure = 'present'
17
+ ) inherits mysql::params {
18
+
19
+ package { 'mysql_client':
20
+ name => $package_name,
21
+ ensure => $package_ensure,
22
+ }
23
+
24
+ }