I believe I have discovered a bug in some combination of the database
cookbook
and the mysql cookbook. I’ll file a report with with Opscode unless
another
subscriber convinces me that my experience is a result of user error.
I define two databases and two database users. I grant all privileges
on the
first database to the first user, and all privileges on the second
database to
the second user. Additionally, I grant select on the time_zone table of
the
mysql database to the first user. This triplet works or fails depending
on the
order of the database_user resource definitions in my recipe. It
appears as
though my providing a table parameter for the second definition results
in it
"sticking" for the third.
In short, I get either this (good):
- grant all on db1 to user1 = GRANT all ON db1.* TO
user1 - grant all on db2 to user2 = GRANT all ON db2.* TO
user2 - grant select on mysql.time_zone to user1 = GRANT select ON
mysql.time_zone TO user1
or this (bad):
- grant all on db1 to user1 = GRANT all ON db1.* TO
user1 - grant select on mysql.time_zone to user1 = GRANT select ON
mysql.time_zone TO user1 - grant all on db2 to user2 = GRANT all ON
db2.time_zone TO user2
works as expected
database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db1’][‘schema’]
host '%'
privileges [:all]
action :grant
end
database_user node[‘mycoobook’][‘db2’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db2’][‘schema’]
host '%'
privileges [:all]
action :grant
end
database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name 'mysql’
table 'time_zone’
host '%'
privileges [:select]
action :grant
end
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 74)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT all ON first_db.* TO ‘my_db_user1’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user2]
action grant (mycoobook::dbms line 83)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user2]: granting
access with statement [GRANT all ON second_db.* TO ‘my_db_user2’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 92)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT select ON mysql.time_zone TO
’my_db_user1’@’%’ IDENTIFIED BY ‘my_password’]
third grant faulty
database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db1’][‘schema’]
host '%'
privileges [:all]
action :grant
end
database_user node[‘mycoobook’][‘db1’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name 'mysql’
table 'time_zone’
host '%'
privileges [:select]
action :grant
end
database_user node[‘mycoobook’][‘db2’][‘user’] do
provider Chef::Provider::Database::MysqlUser
connection dbms_connection_info
database_name node[‘mycoobook’][‘db2’][‘schema’]
host '%'
privileges [:all]
action :grant
end
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 74)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT all ON first_db.* TO ‘my_db_user1’@’%‘
IDENTIFIED BY ‘my_password’]
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 83)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT select ON mysql.time_zone TO
’my_db_user1’@’%’ IDENTIFIED BY ‘my_password’]
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user2]
action grant (mycoobook::dbms line 93)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user2]: granting
access with statement [GRANT all ON second_db.time_zone TO
’my_db_user2’@’%’ IDENTIFIED BY ‘my_password’]
–
Phil Mocek
http://mocek.org