Database cookbook: database_user resource: grant action uses table specified in previous resource def

pmocek · May 7, 2013, 5:56pm

I believe I have discovered a bug in some combination of the database
cookbook
and the mysql cookbook. I’ll file a report with with Opscode unless
another
subscriber convinces me that my experience is a result of user error.

I define two databases and two database users. I grant all privileges
on the
first database to the first user, and all privileges on the second
database to
the second user. Additionally, I grant select on the time_zone table of
the
mysql database to the first user. This triplet works or fails depending
on the
order of the database_user resource definitions in my recipe. It
appears as
though my providing a table parameter for the second definition results
in it
"sticking" for the third.

In short, I get either this (good):

grant all on db1 to user1 = GRANT all ON db1.* TO
user1
grant all on db2 to user2 = GRANT all ON db2.* TO
user2
grant select on mysql.time_zone to user1 = GRANT select ON
mysql.time_zone TO user1

or this (bad):

grant all on db1 to user1 = GRANT all ON db1.* TO
user1
grant select on mysql.time_zone to user1 = GRANT select ON
mysql.time_zone TO user1
grant all on db2 to user2 = GRANT all ON
db2.time_zone TO user2

works as expected

database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db1’][‘schema’]
host '%'
privileges [:all]
action :grant
end

database_user node[‘mycoobook’][‘db2’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db2’][‘schema’]
host '%'
privileges [:all]
action :grant
end

database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name 'mysql’
table 'time_zone’
host '%'
privileges [:select]
action :grant
end

[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 74)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT all ON first_db.* TO ‘my_db_user1’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user2]
action grant (mycoobook::dbms line 83)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user2]: granting
access with statement [GRANT all ON second_db.* TO ‘my_db_user2’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 92)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT select ON mysql.time_zone TO
’my_db_user1’@’%’ IDENTIFIED BY ‘my_password’]

third grant faulty

database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db1’][‘schema’]
host '%'
privileges [:all]
action :grant
end

database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name 'mysql’
table 'time_zone’
host '%'
privileges [:select]
action :grant
end

database_user node[‘mycoobook’][‘db2’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db2’][‘schema’]
host '%'
privileges [:all]
action :grant
end

[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 74)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT all ON first_db.* TO ‘my_db_user1’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 83)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT select ON mysql.time_zone TO
’my_db_user1’@’%’ IDENTIFIED BY ‘my_password’]
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user2]
action grant (mycoobook::dbms line 93)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user2]: granting
access with statement [GRANT all ON second_db.time_zone TO
’my_db_user2’@’%’ IDENTIFIED BY ‘my_password’]

–
Phil Mocek
http://mocek.org

Topic		Replies	Views
Does mysql_database_user LWRP's action of database cookbook take a collection? Chef Infra (archive)	0	229	May 21, 2013
Example Mysql create users/database setup? Chef Infra (archive)	0	202	September 27, 2011
Installing mysql with chef Chef Infra (archive)	3	369	September 27, 2015
Postgres user/database/permission LWRPs Chef Infra (archive)	1	314	December 6, 2012
Assert the mysql user and database Chef Infra (archive)	0	333	June 21, 2013

Database cookbook: database_user resource: grant action uses table specified in previous resource def

works as expected

third grant faulty

Related Topics