Database cookbook: database_user resource: grant action uses table specified in previous resource def


#1

I believe I have discovered a bug in some combination of the database
cookbook
and the mysql cookbook. I’ll file a report with with Opscode unless
another
subscriber convinces me that my experience is a result of user error.

I define two databases and two database users. I grant all privileges
on the
first database to the first user, and all privileges on the second
database to
the second user. Additionally, I grant select on the time_zone table of
the
mysql database to the first user. This triplet works or fails depending
on the
order of the database_user resource definitions in my recipe. It
appears as
though my providing a table parameter for the second definition results
in it
"sticking" for the third.

In short, I get either this (good):

  1. grant all on db1 to user1 = GRANT all ON db1.* TO
    user1
  2. grant all on db2 to user2 = GRANT all ON db2.* TO
    user2
  3. grant select on mysql.time_zone to user1 = GRANT select ON
    mysql.time_zone TO user1

or this (bad):

  1. grant all on db1 to user1 = GRANT all ON db1.* TO
    user1
  2. grant select on mysql.time_zone to user1 = GRANT select ON
    mysql.time_zone TO user1
  3. grant all on db2 to user2 = GRANT all ON
    db2.time_zone TO user2

works as expected

database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db1’][‘schema’]
host '%'
privileges [:all]
action :grant
end

database_user node[‘mycoobook’][‘db2’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db2’][‘schema’]
host '%'
privileges [:all]
action :grant
end

database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name 'mysql’
table 'time_zone’
host '%'
privileges [:select]
action :grant
end

[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 74)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT all ON first_db.* TO ‘my_db_user1’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user2]
action grant (mycoobook::dbms line 83)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user2]: granting
access with statement [GRANT all ON second_db.* TO ‘my_db_user2’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 92)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT select ON mysql.time_zone TO
’my_db_user1’@’%’ IDENTIFIED BY ‘my_password’]

third grant faulty

database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db1’][‘schema’]
host '%'
privileges [:all]
action :grant
end

database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name 'mysql’
table 'time_zone’
host '%'
privileges [:select]
action :grant
end

database_user node[‘mycoobook’][‘db2’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db2’][‘schema’]
host '%'
privileges [:all]
action :grant
end

[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 74)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT all ON first_db.* TO ‘my_db_user1’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 83)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT select ON mysql.time_zone TO
’my_db_user1’@’%’ IDENTIFIED BY ‘my_password’]
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user2]
action grant (mycoobook::dbms line 93)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user2]: granting
access with statement [GRANT all ON second_db.time_zone TO
’my_db_user2’@’%’ IDENTIFIED BY ‘my_password’]


Phil Mocek
http://mocek.org