Skip to content

Commit

Permalink
fix for saltstack-formulas#119 using a custom module.
Browse files Browse the repository at this point in the history
use in a state of mysql.cleanup_users for simple user management with
removal.

user.absent is supported too.
pillar.example is updated
  • Loading branch information
Sylvain303 committed Jun 25, 2016
1 parent 78a31d8 commit 32b2c1c
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 58 deletions.
11 changes: 7 additions & 4 deletions _modules/cleanup_users.py
Original file line number Diff line number Diff line change
Expand Up @@ -94,10 +94,13 @@ def list_user_managed(keep_extra = [], drop_extra = []):
# single or many host
hosts = info.get('hosts', [info.get('host')])
for h in hosts:
s = user + '@' + h
if re.search(regexp, s):
continue
managed.append(s)
# if the user as no host entry (absent: True), ignore it.
# will be deleted.
if h:
s = user + '@' + h
if re.search(regexp, s):
continue
managed.append(s)

if len(keep_extra) > 0:
managed += keep_extra
Expand Down
68 changes: 14 additions & 54 deletions mysql/user.sls
Original file line number Diff line number Diff line change
Expand Up @@ -27,36 +27,6 @@ This state handle creation and deletion of mysql's user.
{%- endif %}
- connection_charset: utf8
{% endmacro -%}

{# this macro is the salt statement to remove a user #}
{%- macro mysql_user_remove(name, host, where) %}
{%- set state_id = 'mysql_user_remove_' ~ name ~ '_' ~ host %}
{{ state_id }}:
# {{ where }}
mysql_user.absent:
- name: {{ name }}
- host: '{{ host }}'
{{ mysql_root_connection() }}
{% endmacro -%}

{#- this macro is a salt state fully destroy a user from mysql tables
it is an experimental macro… use with caution!
-#}
{% macro mysql_user_destroy(name) %}
{%- set state_id = 'mysql_user_destroy_' ~ name %}
{%- set queries = "
DELETE FROM columns_priv WHERE user = '" ~ name ~ "';
DELETE FROM db WHERE user = '" ~ name ~ "';
DELETE FROM user WHERE user = '" ~ name ~"';
FLUSH PRIVILEGES;
" %}
{{ state_id }}:
module.run:
- name: mysql.query
- database: mysql
- query: "{{ queries }}"
{{ mysql_root_connection() }}
{% endmacro -%}
{#-
===== MAIN OUTPUT=====
-#}
Expand Down Expand Up @@ -91,12 +61,8 @@ include:
===== INNER LOOP OVER DATA : host -> fecthed above single or multiple =====
-#}
{% for host in user_hosts %}
{% if user.absent is defined and user.absent %}
{{ mysql_user_remove(name, host, 'top') }}
{% else %}
{#-
CREATE USER
-#}
{% if user.absent is not defined or not user.absent %}
{#- ================================================== CREATE USER -#}
{% set state_id = 'mysql_user_' ~ name ~ '_' ~ host %}
{{ state_id }}:
mysql_user.present:
Expand Down Expand Up @@ -155,28 +121,22 @@ include:
- mysql_user: {{ state_id }}
{% endfor %}
{% endif %}

{# collect added user for mysql/init.sls for requisites #}
{% do user_states.append(state_id) %}

{# END user.absent #}
{% endif %}
{#-
=============== END FOR host
-#}
{#- ========== END user is defined and present #}
{%- endif %}
{#- ===================== END FOR host ======================================== -#}
{% endfor %}
{#- =============== END FOR user -#}
{% endfor %}

{#-
extra remove user with multiples host see #119 for user.hosts_absent (list)
must be in user loop not in host loop.
remove all users not managed, See #119, grants will be droped for those users too
you can check before with: salt 'db*' mysql.list_user_to_drop
-#}
{% set user_hosts_absent = salt['pillar.get']('mysql:user:%s:hosts_absent'|format(name)) %}
{% if user_hosts_absent != '' %}
{% for h in user_hosts_absent %}
{{ mysql_user_remove(name, h, 'end') }}
{% endfor %}
{% if salt['pillar.get']('mysql:server:auto_remove_user_not_managed') %}
remove_user_not_managed:
module.run:
- name: mysql.cleanup_users
- keep_exrta: {{ salt['pillar.get']('mysql:server:keep_user_extra', []) }}
{% endif %}
{#-
=============== END FOR user
-#}
{% endfor %}
6 changes: 6 additions & 0 deletions pillar.example
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ mysql:
# another host
host: 123.123.123.123
# my.cnf sections changes
auto_remove_user_not_managed: True
# list of couple user@host, can be user@%
# note: % will become a regexp (.*) matching everything
keep_user_extra:
- momo@foreignhost.name
- admin@%
mysqld:
# you can use either underscore or hyphen in param names
bind-address: 0.0.0.0
Expand Down

0 comments on commit 32b2c1c

Please sign in to comment.