From fdd69e40ac0a1ce4ae5780ed98f52665a7c6f860 Mon Sep 17 00:00:00 2001 From: David Swan Date: Tue, 9 Jun 2020 16:49:22 +0100 Subject: [PATCH] (IAC-823) - 'ALL' privilege test fix On newer versions of MySQL the 'ALL' privilege seems to return as the sum of it's constitute parts --- manifests/params.pp | 2 +- spec/acceptance/types/mysql_grant_spec.rb | 49 ++++++++++++++++++++--- 2 files changed, 45 insertions(+), 6 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 5e2b3a6c0..52ef1d527 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -255,7 +255,7 @@ 'trusty' => 'ruby-mysql', 'xenial' => 'ruby-mysql', 'bionic' => 'ruby-mysql2', - 'focal' => 'ruby-mysql2', + 'focal' => 'ruby-mysql2', default => 'libmysql-ruby', } } diff --git a/spec/acceptance/types/mysql_grant_spec.rb b/spec/acceptance/types/mysql_grant_spec.rb index ad9a29a20..84a141f78 100644 --- a/spec/acceptance/types/mysql_grant_spec.rb +++ b/spec/acceptance/types/mysql_grant_spec.rb @@ -266,7 +266,46 @@ class { 'mysql::server': end end + # On Ubuntu 20.04 'ALL' now returns as the sum of it's constitute parts and so require a specific test + describe 'ALL privilege on newer MySQL versions', if: os[:family] == 'ubuntu' && os[:release] =~ %r{^20\.04} do + pp_one = <<-MANIFEST + mysql_user { 'all@localhost': + ensure => present, + } + mysql_grant { 'all@localhost/*.*': + user => 'all@localhost', + privileges => ['ALL'], + table => '*.*', + require => Mysql_user['all@localhost'], + } + MANIFEST + it "create ['ALL'] privs" do + apply_manifest(pp_one, catch_failures: true) + end + + pp_two = <<-MANIFEST + mysql_user { 'all@localhost': + ensure => present, + } + mysql_grant { 'all@localhost/*.*': + user => 'all@localhost', + privileges => ['ALTER', 'ALTER ROUTINE', 'CREATE', 'CREATE ROLE', 'CREATE ROUTINE', 'CREATE TABLESPACE', 'CREATE TEMPORARY TABLES', 'CREATE USER', 'CREATE VIEW', 'DELETE', 'DROP', 'DROP ROLE', 'EVENT', 'EXECUTE', 'FILE', 'INDEX', 'INSERT', 'LOCK TABLES', 'PROCESS', 'REFERENCES', 'RELOAD', 'REPLICATION CLIENT', 'REPLICATION SLAVE', 'SELECT', 'SHOW DATABASES', 'SHOW VIEW', 'SHUTDOWN', 'SUPER', 'TRIGGER', 'UPDATE'], + table => '*.*', + require => Mysql_user['all@localhost'], + } + MANIFEST + it "create ['ALL'] constitute parts privs" do + apply_manifest(pp_two, catch_changes: true) + end + end + describe 'complex test' do + # On Ubuntu 20.04 'ALL' now returns as the sum of it's constitute parts and so is no longer idempotent when set + privileges = if os[:family] == 'ubuntu' && os[:release] =~ %r{^20\.04} + "['SELECT', 'INSERT', 'UPDATE']" + else + "['ALL']" + end pp = <<-MANIFEST $dbSubnet = '10.10.10.%' @@ -284,7 +323,7 @@ class { 'mysql::server': Mysql_grant { ensure => present, options => ['GRANT'], - privileges => ['ALL'], + privileges => #{privileges}, table => '*.*', require => [ Mysql_database['foo'], Exec['mysql-create-table'] ], } @@ -355,12 +394,12 @@ class { 'mysql::server': } mysql_grant { 'lowercase@localhost/*.*': user => 'lowercase@localhost', - privileges => 'ALL', + privileges => ['SELECT', 'INSERT', 'UPDATE'], table => '*.*', require => Mysql_user['lowercase@localhost'], } MANIFEST - it 'create ALL privs' do + it "create ['SELECT', 'INSERT', 'UPDATE'] privs" do apply_manifest(pp_one, catch_failures: true) end @@ -370,12 +409,12 @@ class { 'mysql::server': } mysql_grant { 'lowercase@localhost/*.*': user => 'lowercase@localhost', - privileges => 'all', + privileges => ['select', 'insert', 'update'], table => '*.*', require => Mysql_user['lowercase@localhost'], } MANIFEST - it 'create lowercase all privs' do + it "create lowercase ['select', 'insert', 'update'] privs" do apply_manifest(pp_two, catch_changes: true) end end