Commit graph

260 commits

Author SHA1 Message Date
Toshio Kuratomi
c9b17136e4 Fix a problem introduced with #1101 and optimize privilege handling
* If a db user belonged to a role which had a privilege, the user would
  not have the privilege added as the role gave the appearance that the
  user already had it.  Fixed to always check the privileges specific to
  the user.
* Make fewer db queries to determine if privileges need to be changed
  and change them (was four for each privilege.  Now two for each object
  that has a set of privileges changed).
2015-05-19 12:57:06 -07:00
Brian Coca
b9dba50372 minor doc fix and made sure check_implicit_admin is true boolean 2015-05-19 10:40:36 -04:00
Toshio Kuratomi
7dd9f57e16 Fix splitting of role_attrs 2015-05-18 12:45:47 -07:00
fdupoux
51ffbda9a1 Add support for xz compression (for dump and import) in mysql_db module 2015-05-12 22:28:18 +01:00
Toshio Kuratomi
ed6b95a0bb Merge pull request #45 from Jmainguy/mysql_db_alldatabases
Adds name=all which allows a user to dump or import all data...
2015-05-12 13:42:12 -07:00
Jonathan Mainguy
f0af9b9ed5 Adds all_databases option which allows a user to dump or import all databases at once, identical to mysqldump --all-databases
fix line 132

Update to name=all

cleaned up all_database per abadger's suggestions
2015-05-12 16:35:38 -04:00
Toshio Kuratomi
8b4e201772 Expand tildes and vars in the config file path 2015-05-08 10:41:01 -07:00
Brian Coca
35703caf6f Merge pull request #1101 from willthames/postgresql_reduce_alter_role
Update postgresql users only when necessary
2015-05-05 08:49:45 -04:00
Pascal Borreli
f29a6ec54d Fixed typos 2015-05-04 12:54:03 +01:00
Toshio Kuratomi
58c8696fc5 Allow playbook specified login_user and login_password to override config file settings 2015-04-30 12:49:32 -07:00
Julia Kreger
35bcd6a965 Set default for mysql_user config_file
The default value set by the module was a value of None for the
config_file parameter, which propogates into the connect method
call overriding the stated default in the method.

Instead, the default should be set with-in the parameter
specification so the file check is not requested to check None.
2015-04-30 11:40:04 -04:00
Brian Coca
8023c60863 minor doc fixes 2015-04-22 15:58:56 -04:00
Sven Schliesing
c53ca2f776 use default value for parameter config_file in connect() 2015-04-22 20:32:39 +02:00
muffl0n
616ac905ff Use MySQLdbs read_default_file 2015-04-22 20:29:21 +02:00
Will Thames
c956c65731 Usage is not a valid database or table privilege
Remove `USAGE` from the `VALID_PRIVS` dict for both database and
table because it is not a valid privilege for either (and
breaks the implementation of `has_table_privilege` and
`has_database_privilege`

See http://www.postgresql.org/docs/9.0/static/sql-grant.html
2015-04-08 13:00:50 +10:00
Will Thames
7d66da35a7 Perform privilege grants/revokes only when required
Use `has_table_privileges` and `has_database_privileges`
to test whether a user already has a privilege before
granting it, or whether a user doesn't have  a privilege
before revoking it.
2015-04-08 12:48:45 +10:00
Will Thames
b4515c8909 Update postgresql users only when necessary
For read-only databases, users should not change when no changes
are required.

Don't issue ALTER ROLE when role attribute flags, users password
or expiry time is not changing.

In certain cases (hashed passwords in the DB, but the password
argument is not hashed) passlib.hash is required to avoid
running ALTER ROLE.
2015-04-08 11:17:11 +10:00
Brian Coca
6e373ace86 corrected version added 2015-03-31 15:31:54 -04:00
Brian Coca
c4a22478c4 Merge pull request #830 from BlackMesh/devel
mysql_user #829: add update_password to mysql_user
2015-03-31 15:28:31 -04:00
Dennis Rowe
539b7744d0 Strip spaces around perms 2015-03-31 09:59:07 -05:00
tedder
bffd137edd code review fixes per #957 2015-03-30 15:51:54 -07:00
tedder
472331a53b skip password changes so pg_authid isn't needed
Some places ([AWS RDS](https://forums.aws.amazon.com/thread.jspa?threadID=151248)) don't have, or don't allow, access to the `pg_authid` table. The only reason that is necessary is to check for a password change.

This flag is a workaround so passwords can only be set at creation time. It isn't as elegant as changing the password down the line, but it fixes the longstanding issue #297 that prevented this from being useful on AWS RDS.
2015-03-30 13:35:54 -07:00
Jesse Sandberg
fc4c659400 Validate variable, return only the found variable value instead of tuple
Docs imply the mysql_variables is used to operate a single variable therefore
- fail before making any db connections if variable is not set
- validate chars for mysql variable name with re.match(^[a-z0-9_]+)
- use "SHOW VARIABLE WHERE Variable_name" instead of LIKE search
- getvariable() returns only the value or None if variable is not found
- the module returns only the found variable value instead of tuple for easier operation eg. as registere variable in tasks
2015-03-26 16:12:18 +02:00
Toshio Kuratomi
b0bc6f1379 Merge pull request #888 from ansible/mysql-port
Fix for int port assignment in a playbook failing
2015-03-04 18:57:32 -08:00
Toshio Kuratomi
ec6304d5a0 Merge pull request #824 from Jmainguy/mysql_db_616
Now correctly gzip/bzips file back up in case of import failure
2015-03-04 06:45:16 -08:00
Jonathan Mainguy
ee8039ef09 Now correctly gzip/bzips file back up in case of import failure
Removed gunzip and bunzip2 dependency
2015-03-04 09:07:24 -05:00
Toshio Kuratomi
a1135f803d Fix for int port assignment in a playbook failing
Ports are integer values but the old code was assuming they were
strings.  When login_port is put into playbook complex_args as an
integer the code would fail.  This update should make the argument
validating make sure we have an integer and then we can send that value
directly to the relevant APIs.

Fixes #818
2015-03-03 14:23:07 -08:00
Toshio Kuratomi
addca40604 Fix documentation to have correct param name 2015-02-25 06:49:24 -08:00
Solomon Gifford
35434f9672 mysql_user #829: add update_password to mysql_user 2015-02-20 12:30:27 -05:00
David Hummel
1d92dd31a6 Fix issue #793: mysql_db: for state={absent,present} connections to database mysql fail for users other than root 2015-02-14 17:16:35 -05:00
Brian Coca
02af66d232 Merge pull request #559 from mjschultz/postgres-db-fix
Build the db connection on `"postgres"` instead of `"template1"`
2015-02-11 17:38:34 -05:00
Brian Coca
1394920cd3 Merge pull request #44 from Jmainguy/mysql_db_6860
adds error message if socket does not exist
2015-01-30 14:04:48 -05:00
Johannes Steger
34aa98a99c Fix function identifier quoting 2015-01-26 17:47:03 +01:00
Toshio Kuratomi
fbb9dcc69a Also catch mysql errors so we can give the error message back through json rather than tracebacking 2015-01-12 14:37:44 -08:00
Bruce Pennypacker
272bb1fa63 requested changes 2015-01-08 21:41:15 +00:00
Bruce Pennypacker
a07873d6a3 Added support for 'REQUIRE SSL' grant option 2015-01-08 16:26:22 +00:00
sysadmin75
00b4f4d543 Fix to revoke privileges for mysql user = ''
Issue #9848
2014-12-25 17:36:51 -05:00
Michael J. Schultz
b894bc2b77 Build the db connection on "postgres" instead of "template1"
According to the postgresql docs[1], you should not have a connection with
`"template1"` when copying multiple databases.

[1]: http://www.postgresql.org/docs/9.1/static/manage-ag-templatedbs.html
2014-12-23 14:16:29 -06:00
Toshio Kuratomi
b0c94cd6f6 Merge pull request #281 from kustodian/postgresql_db_fix_for_python_24_checkmode
Fixed postgresql_db failing on Python 2.4 with --check
2014-12-14 13:43:44 -08:00
kustodian
07b98c45df Fixed postgresql_db failing on Python 2.4 with --check
This reverts commit 81cbdb6c8c and adds ignoring of the SystemExit exception because of Python 2.4.
2014-12-13 17:24:10 +01:00
Petros Moisiadis
bd7c6dbd3a mysql_user: Added missing privileges
Added missing privileges 'CREATE TABLESPACE' and 'PROXY' (see: http://dev.mysql.com/doc/refman/5.5/en/privileges-provided.html).
2014-12-10 18:53:55 +02:00
Andrew Shults
8396c063a3 Strip white space to support multiline permissions in YAML 2014-12-09 17:14:16 -05:00
Toshio Kuratomi
e8edee4166 Fix typo 2014-12-04 13:35:07 -08:00
Toshio Kuratomi
b766390ae2 Add USAGE as a valid privilege 2014-12-03 14:43:20 -08:00
Toshio Kuratomi
5af4463823 Gixes to doc formatting 2014-12-03 08:17:15 -08:00
Toshio Kuratomi
dda6d89060 Fix typo so docs will build 2014-12-03 07:09:10 -08:00
Toshio Kuratomi
3a80b734e6 Escape % in db+table names before adding to a format string being passed into db.execute()
Fixes #416
2014-12-01 10:40:53 -08:00
Dan
084ccf5a64 Adds a login_unix_socket option to the postgresql_privs module. 2014-12-01 12:27:12 -05:00
Dan
3a3ff1f0e4 Adds a unix_socket/login_unix_socket option to the postgresql_user module. 2014-12-01 12:23:33 -05:00
Dan
bf36697a55 Adds a login_unix_socket option to the postgresql_db module. 2014-12-01 12:23:33 -05:00
Toshio Kuratomi
1cab307649 Fix module traceback instead of returning an error 2014-12-01 07:15:27 -08:00
Toshio Kuratomi
2a794fa776 Fix for single role_attr 2014-11-26 14:43:56 -08:00
Toshio Kuratomi
7dd2859f9b Add a bare grant to the list of allowed privileges 2014-11-26 08:26:53 -08:00
Devin Christensen
06f1c1a97e Fix user_alter in postgresql_user 2014-11-25 12:04:47 -07:00
Devin Christensen
c77ab67274 Fix user_add in postgresql_user 2014-11-25 11:46:41 -07:00
Devin Christensen
4a3d7473fd Fix syntax error 2014-11-25 10:44:04 -07:00
Toshio Kuratomi
10ebcccedb Escape mysql identifiers 2014-11-25 01:46:09 -08:00
Toshio Kuratomi
06ac459fc5 Correct new function name 2014-11-25 01:42:33 -08:00
Toshio Kuratomi
c84ae54294 Normalize privs and flags to uppercase so comparisons against allowed names will work 2014-11-25 00:44:18 -08:00
Toshio Kuratomi
fbc4ed7a88 Make sure we quote or confirm good all user provided identifiers 2014-11-24 22:56:51 -08:00
Toshio Kuratomi
51910a1a33 Audit escaping of identifiers in the postgresql_user module 2014-11-24 22:30:10 -08:00
Toshio Kuratomi
1b0afb137c More robust quoting of database identifiers
Note: These aren't database values, those are already using the
appropriate Pyhton DB API method for quoting.
2014-11-24 20:51:27 -08:00
Jonathan Mainguy
16b251d743 adds error message if socket does not exist 2014-11-12 17:03:02 -05:00
kustodian
81cbdb6c8c Fixed postgresql_db failing on Python 2.4 with --check 2014-11-06 09:46:54 +01:00
Michael DeHaan
3ed1378067 Some more module categorization. 2014-11-04 17:23:22 -05:00
Michael DeHaan
385a037cd6 package files 2014-09-26 11:05:47 -04:00
Michael DeHaan
c8e1a2077e file extensions! 2014-09-26 10:37:56 -04:00
Michael DeHaan
417309a626 Restructuring. 2014-09-26 10:13:26 -04:00
Michael DeHaan
73123b69fa Move modules into subdirectory. 2014-09-26 09:23:50 -04:00
James Martin
49a5619cc0 Prevents module from failing with "_mysql_exceptions.Warning: Sending passwords in plain text without SSL/TLS is extremely insecure." When not using SSL/TLS. 2014-09-09 19:44:40 -04:00
Michael DeHaan
677709803c Merge pull request #8419 from georgeOsdDev/escape_underscore_in_database_name
mysql_db module: Escape "_" in database name for "SHOW DATABASES" statement
2014-08-08 14:38:51 -04:00
Michael DeHaan
185d5a6221 Merge branch 'spelling' of git://github.com/cgar/ansible into devel
Conflicts:
	docsite/rst/guide_rax.rst
	plugins/callbacks/mail.py
2014-08-08 13:28:45 -04:00
Takeharu Oshida
b42ff30505 Escape "_" in database name for "SHOW DATABASES" statement 2014-08-04 20:15:58 +09:00
Wayne Rosario
7cfef577a1 Adding the following Test Coverage:
Use mysql_user module to create, delete users.
Update user password and ensure new password was updated for the correct user.
Assert user has access to multiple databases
Assert user creation, deleting using different user privilege and ensure privilege work correctly.
2014-07-29 11:49:53 -04:00
Wayne Rosario
45d7e53da9 updating doc to include revoke example for mysql_user docs 2014-07-24 10:32:28 -04:00
Jonathan Mainguy
3da1e5ce62 This fixes 8173, if target was not defined it would break, now it wont 2014-07-18 09:52:37 -04:00
James Cammarata
93d862f3f5 Expand target for mysql_db
Fixes #8128
2014-07-16 13:39:47 -05:00
Jonathan Mainguy
2b84ec6b4a Errors out with stderr 1049, unknown database: when importing a database that does not exist 2014-07-11 14:57:45 -04:00
James Cammarata
a8368e4dc4 Merge pull request #8092 from ghjm/mysql-exceptions
Added exception handling to database creation and deletion. Fixes #8075.
2014-07-11 11:59:12 -05:00
Graham Mainwaring
8e6e9a12e7 Switched primary and alias names of the name/db parameter, to match documentation. Fixes #8065. 2014-07-10 22:37:46 -04:00
Graham Mainwaring
6e237bed7a Added exception handling to database creation and deletion. Fixes #8075. 2014-07-10 22:28:56 -04:00
Jonathan Mainguy
f4690464b4 Makes ansible fail if login_port is defined and login_host is either not defined, or defined as localhost. This is because if login_host is localhost then MySQLdb will use the socket instead of TCP. This leads to confusion for ansible users as, when a port is defined it gets ignored if login_host is localhost. This is to fix the bug reported by wrosario #8070. Info on MysqlDb can be read here http://mysql-python.sourceforge.net/MySQLdb.html 2014-07-09 14:38:27 -04:00
James Cammarata
ae37758257 Merge pull request #6766 from Jmainguy/mysql_db_bug
mysql_db module now correctly fails on import if bz2 or gz fails.
2014-06-23 12:42:42 -05:00
Scott Brown
34d960ef20 BUGFIX 1178: Adding better existence check in one place. db_import now fails fast if target does not exist b/c no point going further without the target. 2014-06-17 14:37:14 -07:00
Scott Brown
1853a3f565 BUGFIX 7811: Adding file existence check when performing mysql import on a .gz or .bz2 file, otherwise Ansible will not notice that the underlying *nix command silently died. 2014-06-17 13:08:53 -07:00
James Cammarata
8d0d2831e6 Fixing mysql master replication boolean
Fixes #7528
2014-06-09 08:58:55 -05:00
Josef Špak
1dbc069bcb Fix typo in CHANGE MASTER TO syntax 2014-06-02 13:42:55 +02:00
Mathieu Martin
9589ee2a41 Add example 'Specify grants composed of more than one word' to the mysql_user module. 2014-05-20 14:41:18 -04:00
Scott Sturdivant
40a6a6f911 Clarify that the encrypted param must also be set.
While the encrypted parameter's documentation clearly states that it needs to
be set, if you are focused on the password parameter's documentation, there's
nothing to draw your attention to the fact that encrypted may also need to be
set.
2014-05-14 07:49:11 -06:00
Adam Chainz
29b10ac698 Fix sync_binlog name in mysql_variables example
The previous sync_binary_log is not a real MySQL variable.
2014-05-06 12:25:11 +01:00
Carlos E. Garcia
4dcaa9d9fb multiple spelling error changes 2014-04-29 10:41:05 -04:00
Cove Schneider
ae0721d3da re-add idempotency check 2014-04-05 16:31:33 -07:00
Cove Schneider
428dead8cd add replicaset support to mongodb_user module 2014-04-05 15:33:22 -07:00
Michael DeHaan
acd89f7a1f Merge pull request #6796 from mistaka0s/mysqldump_fix
Remove extra quote from the mysqldump password argument
2014-04-02 17:24:35 -04:00
Matt Martz
a4078a4bf8 Use /usr/bin/python instead of /usr/bin/env python 2014-04-01 13:54:37 -05:00
Chao Luan
749e749c11 Remove extra quote from the mysqldump password argument
The mysqldb Ansible module will fail if the state specified is import or dump with a '1045: Access Denied' mysql error for complex passwords.

This is caused by the extra quote around the '--password' argument to mysqldump, as pipes.quotes already quotes the password string.

>>> "--password='%s'" % pipes.quote('simple')
"--password='simple'"

>>> "--password='%s'" % pipes.quote('c0mplexp@ssword!')
"--password=''c0mplexp@ssword!''"

>>> "--password='%s'" % pipes.quote('password with space')
"--password=''password with space''"
2014-04-01 23:52:08 +11:00
Jonathan Mainguy
17fa8e3c84 Added mpdehaan suggestion to use os.path.splitext. Wise suggestion, does look clearner 2014-03-31 11:09:00 -04:00
Jonathan Mainguy
f0b2616bd8 mysql_db module now correctly fails on import if bz2 or gz fails. 2014-03-30 13:39:00 -04:00
Michael DeHaan
ff5560f00c Update comments about redis config. 2014-03-19 18:15:52 -04:00
Michael DeHaan
fbb15ad52f Merge branch 'devel' of git://github.com/mleventi/ansible into devel 2014-03-19 18:15:06 -04:00