Commit Graph

292 Commits (d4285b5f21bacc72f8c22353f260d0e819680ef2)

Author SHA1 Message Date
Will Thames 47cb92f74f Ensure TEMP privilege gets removed when expanding ALL.
ALL gets expanded to the list of VALID_PRIVS which includes
TEMPORARY and TEMP
The code that replaced TEMP with TEMPORARY didn't work with the
expansion
9 years ago
Will Thames 2a0f6c1cb3 Correct handling of empty role_attr_flags
role_attr_flags is the empty string by default, not None.
9 years ago
Brian Coca ab5b5e8819 corrected version added 9 years ago
Brian Coca 2b53b92dc2 Merge pull request #1539 from acaveroc/mysql_vars_port_definition
Mysql vars port definition
9 years ago
Matt Martz 5a254e6303 Replace tabbed indentation with spaces for mysql_db module 10 years ago
ToBeReplaced 5e82f7e11e Make ALL_IN_SCHEMA for tables affect views
ALL TABLES is considered to include views, so we must check for reltypes
'r' and 'v', not just 'r'. This bug was introduced due to using a
custom, backwards-compatible version of "ALL TABLES IN SCHEMA".
10 years ago
Bryan Fleming 3b4b065315 fixes #1120 - privileges using columns 10 years ago
acaveroc e7876df99f Add version_added and type of parameter 10 years ago
acaveroc 7d2a5965bd Assorted minor bug fixes
- Modified data type for port definition from string to integer
- Modified login_host default value for compatibilize with port definition according with MySQL Documentation (https://dev.mysql.com/doc/refman/5.0/en/connecting.html)
10 years ago
acaveroc 5b84b0d136 Add port definition support for mysql_vars module 10 years ago
Sergei Antipov 5465fb8d4f mysql_user | Hide password 10 years ago
Greg DeKoenigsberg 2a5f0bde87 Proper author info for all remaining modules 10 years ago
Louis-Michel Couture d60d493916 Update example to remove outdated information 10 years ago
Toshio Kuratomi c700993dd5 Fix a problem introduced with #1101 and optimize privilege handling
* If a db user belonged to a role which had a privilege, the user would
  not have the privilege added as the role gave the appearance that the
  user already had it.  Fixed to always check the privileges specific to
  the user.
* Make fewer db queries to determine if privileges need to be changed
  and change them (was four for each privilege.  Now two for each object
  that has a set of privileges changed).
10 years ago
Toshio Kuratomi 8c10cc20ec Expand tildes and vars in the config file path 10 years ago
Will Thames 167e7c2b81 Perform privilege grants/revokes only when required
Use `has_table_privileges` and `has_database_privileges`
to test whether a user already has a privilege before
granting it, or whether a user doesn't have  a privilege
before revoking it.
10 years ago
Toshio Kuratomi 30fc6f03d6 Allow playbook specified login_user and login_password to override config file settings 10 years ago
Toshio Kuratomi f8d8af17cd Use a list comprehension instead of map and lambda 10 years ago
Toshio Kuratomi 474b731bcc Merge pull request #1036 from shr3kst3r/strip_spaces
Strip spaces around MySQL privileges before comparing to valid privileges
10 years ago
Toshio Kuratomi 2b5e932cfb Fix for the new import code when password is empty 10 years ago
Brian Coca 7a6f532020 Merge pull request #1423 from ercpe/mysql_db-debugging
Improved output of mysql_db plugin
10 years ago
Jonathan Mainguy db9ab9b262 escapeds changes
fixed merge conflict

remove uneeded regexs

arrays
10 years ago
Robin Miller cda7a9be15 Replaced lambda functions with list comprehensions. 10 years ago
Robin Miller 74b7ce9dcf Only revoke actually granted permissions, not 'ALL'.
This prevents errors when the login_user does not have 'ALL'
permissions, and the 'priv' value contains fewer permissions than are
held by an existing user. This is particularly an issue when using an
Amazon Web Services RDS instance, as there is no (accessible) user with
'ALL' permissions on *.*.
10 years ago
Johann Schmitz 8892aa2bf4 Improved output of mysql_db plugin
Show error number and error description on connect error to ease debugging.
10 years ago
Toshio Kuratomi d74187438f Merge pull request #1417 from fdupoux/mysql-db-use-python-pipelines
Decompress mysql dumps on the fly using python subprocess …
10 years ago
fdupoux 380b122d5a Refactoring to avoid duplication of code which manages the decompression of database dumps in various formats 10 years ago
fdupoux f634c10636 Simplify code which prepares the decompression command 10 years ago
Toshio Kuratomi 32e609720a Refactor dump compression and use get_bin_path for finding the compressors 10 years ago
fdupoux 1e2ce363f7 Decompress mysql dumps on the fly using python subprocess during an import to simplify operation 10 years ago
Jonathan Mainguy 5a22f052b4 changes hostname to lowercase 10 years ago
Toshio Kuratomi 0c04a54f67 Merge pull request #1368 from ansible/postgresql-user-account-vs-role-fix
Fix a problem introduced with #1101 and optimize privilege handling
10 years ago
Toshio Kuratomi c9b17136e4 Fix a problem introduced with #1101 and optimize privilege handling
* If a db user belonged to a role which had a privilege, the user would
  not have the privilege added as the role gave the appearance that the
  user already had it.  Fixed to always check the privileges specific to
  the user.
* Make fewer db queries to determine if privileges need to be changed
  and change them (was four for each privilege.  Now two for each object
  that has a set of privileges changed).
10 years ago
Brian Coca b9dba50372 minor doc fix and made sure check_implicit_admin is true boolean 10 years ago
Toshio Kuratomi 7dd9f57e16 Fix splitting of role_attrs 10 years ago
fdupoux 51ffbda9a1 Add support for xz compression (for dump and import) in mysql_db module 10 years ago
Toshio Kuratomi ed6b95a0bb Merge pull request #45 from Jmainguy/mysql_db_alldatabases
Adds name=all which allows a user to dump or import all data...
10 years ago
Jonathan Mainguy f0af9b9ed5 Adds all_databases option which allows a user to dump or import all databases at once, identical to mysqldump --all-databases
fix line 132

Update to name=all

cleaned up all_database per abadger's suggestions
10 years ago
Toshio Kuratomi 8b4e201772 Expand tildes and vars in the config file path 10 years ago
Brian Coca 35703caf6f Merge pull request #1101 from willthames/postgresql_reduce_alter_role
Update postgresql users only when necessary
10 years ago
Pascal Borreli f29a6ec54d Fixed typos 10 years ago
Toshio Kuratomi 58c8696fc5 Allow playbook specified login_user and login_password to override config file settings 10 years ago
Julia Kreger 35bcd6a965 Set default for mysql_user config_file
The default value set by the module was a value of None for the
config_file parameter, which propogates into the connect method
call overriding the stated default in the method.

Instead, the default should be set with-in the parameter
specification so the file check is not requested to check None.
10 years ago
Brian Coca 8023c60863 minor doc fixes 10 years ago
Sven Schliesing c53ca2f776 use default value for parameter config_file in connect() 10 years ago
muffl0n 616ac905ff Use MySQLdbs read_default_file 10 years ago
Will Thames c956c65731 Usage is not a valid database or table privilege
Remove `USAGE` from the `VALID_PRIVS` dict for both database and
table because it is not a valid privilege for either (and
breaks the implementation of `has_table_privilege` and
`has_database_privilege`

See http://www.postgresql.org/docs/9.0/static/sql-grant.html
10 years ago
Will Thames 7d66da35a7 Perform privilege grants/revokes only when required
Use `has_table_privileges` and `has_database_privileges`
to test whether a user already has a privilege before
granting it, or whether a user doesn't have  a privilege
before revoking it.
10 years ago
Will Thames b4515c8909 Update postgresql users only when necessary
For read-only databases, users should not change when no changes
are required.

Don't issue ALTER ROLE when role attribute flags, users password
or expiry time is not changing.

In certain cases (hashed passwords in the DB, but the password
argument is not hashed) passlib.hash is required to avoid
running ALTER ROLE.
10 years ago
Brian Coca 6e373ace86 corrected version added 10 years ago
Brian Coca c4a22478c4 Merge pull request #830 from BlackMesh/devel
mysql_user #829: add update_password to mysql_user
10 years ago
Dennis Rowe 539b7744d0 Strip spaces around perms 10 years ago
tedder bffd137edd code review fixes per #957 10 years ago
tedder 472331a53b skip password changes so pg_authid isn't needed
Some places ([AWS RDS](https://forums.aws.amazon.com/thread.jspa?threadID=151248)) don't have, or don't allow, access to the `pg_authid` table. The only reason that is necessary is to check for a password change.

This flag is a workaround so passwords can only be set at creation time. It isn't as elegant as changing the password down the line, but it fixes the longstanding issue #297 that prevented this from being useful on AWS RDS.
10 years ago
Jesse Sandberg fc4c659400 Validate variable, return only the found variable value instead of tuple
Docs imply the mysql_variables is used to operate a single variable therefore
- fail before making any db connections if variable is not set
- validate chars for mysql variable name with re.match(^[a-z0-9_]+)
- use "SHOW VARIABLE WHERE Variable_name" instead of LIKE search
- getvariable() returns only the value or None if variable is not found
- the module returns only the found variable value instead of tuple for easier operation eg. as registere variable in tasks
10 years ago
Toshio Kuratomi b0bc6f1379 Merge pull request #888 from ansible/mysql-port
Fix for int port assignment in a playbook failing
10 years ago
Toshio Kuratomi ec6304d5a0 Merge pull request #824 from Jmainguy/mysql_db_616
Now correctly gzip/bzips file back up in case of import failure
10 years ago
Jonathan Mainguy ee8039ef09 Now correctly gzip/bzips file back up in case of import failure
Removed gunzip and bunzip2 dependency
10 years ago
Toshio Kuratomi a1135f803d Fix for int port assignment in a playbook failing
Ports are integer values but the old code was assuming they were
strings.  When login_port is put into playbook complex_args as an
integer the code would fail.  This update should make the argument
validating make sure we have an integer and then we can send that value
directly to the relevant APIs.

Fixes #818
10 years ago
Toshio Kuratomi addca40604 Fix documentation to have correct param name 10 years ago
Solomon Gifford 35434f9672 mysql_user #829: add update_password to mysql_user 10 years ago
David Hummel 1d92dd31a6 Fix issue #793: mysql_db: for state={absent,present} connections to database mysql fail for users other than root 10 years ago
Brian Coca 02af66d232 Merge pull request #559 from mjschultz/postgres-db-fix
Build the db connection on `"postgres"` instead of `"template1"`
10 years ago
Brian Coca 1394920cd3 Merge pull request #44 from Jmainguy/mysql_db_6860
adds error message if socket does not exist
10 years ago
Johannes Steger 34aa98a99c Fix function identifier quoting 10 years ago
Toshio Kuratomi fbb9dcc69a Also catch mysql errors so we can give the error message back through json rather than tracebacking 10 years ago
Bruce Pennypacker 272bb1fa63 requested changes 10 years ago
Bruce Pennypacker a07873d6a3 Added support for 'REQUIRE SSL' grant option 10 years ago
sysadmin75 00b4f4d543 Fix to revoke privileges for mysql user = ''
Issue #9848
10 years ago
Michael J. Schultz b894bc2b77 Build the db connection on `"postgres"` instead of `"template1"`
According to the postgresql docs[1], you should not have a connection with
`"template1"` when copying multiple databases.

[1]: http://www.postgresql.org/docs/9.1/static/manage-ag-templatedbs.html
10 years ago
Toshio Kuratomi b0c94cd6f6 Merge pull request #281 from kustodian/postgresql_db_fix_for_python_24_checkmode
Fixed postgresql_db failing on Python 2.4 with --check
10 years ago
kustodian 07b98c45df Fixed postgresql_db failing on Python 2.4 with --check
This reverts commit 81cbdb6c8c and adds ignoring of the SystemExit exception because of Python 2.4.
10 years ago
Petros Moisiadis bd7c6dbd3a mysql_user: Added missing privileges
Added missing privileges 'CREATE TABLESPACE' and 'PROXY' (see: http://dev.mysql.com/doc/refman/5.5/en/privileges-provided.html).
10 years ago
Andrew Shults 8396c063a3 Strip white space to support multiline permissions in YAML 10 years ago
Toshio Kuratomi e8edee4166 Fix typo 10 years ago
Toshio Kuratomi b766390ae2 Add USAGE as a valid privilege 10 years ago
Toshio Kuratomi 5af4463823 Gixes to doc formatting 10 years ago
Toshio Kuratomi dda6d89060 Fix typo so docs will build 10 years ago
Toshio Kuratomi 3a80b734e6 Escape % in db+table names before adding to a format string being passed into db.execute()
Fixes #416
10 years ago
Dan 084ccf5a64 Adds a login_unix_socket option to the postgresql_privs module. 10 years ago
Dan 3a3ff1f0e4 Adds a unix_socket/login_unix_socket option to the postgresql_user module. 10 years ago
Dan bf36697a55 Adds a login_unix_socket option to the postgresql_db module. 10 years ago
Toshio Kuratomi 1cab307649 Fix module traceback instead of returning an error 10 years ago
Toshio Kuratomi 2a794fa776 Fix for single role_attr 10 years ago
Toshio Kuratomi 7dd2859f9b Add a bare grant to the list of allowed privileges 10 years ago
Devin Christensen 06f1c1a97e Fix user_alter in postgresql_user 10 years ago
Devin Christensen c77ab67274 Fix user_add in postgresql_user 10 years ago
Devin Christensen 4a3d7473fd Fix syntax error 10 years ago
Toshio Kuratomi 10ebcccedb Escape mysql identifiers 10 years ago
Toshio Kuratomi 06ac459fc5 Correct new function name 10 years ago
Toshio Kuratomi c84ae54294 Normalize privs and flags to uppercase so comparisons against allowed names will work 10 years ago
Toshio Kuratomi fbc4ed7a88 Make sure we quote or confirm good all user provided identifiers 10 years ago
Toshio Kuratomi 51910a1a33 Audit escaping of identifiers in the postgresql_user module 10 years ago
Toshio Kuratomi 1b0afb137c More robust quoting of database identifiers
Note: These aren't database values, those are already using the
appropriate Pyhton DB API method for quoting.
10 years ago
Jonathan Mainguy 16b251d743 adds error message if socket does not exist 10 years ago
kustodian 81cbdb6c8c Fixed postgresql_db failing on Python 2.4 with --check 10 years ago
Michael DeHaan 3ed1378067 Some more module categorization. 10 years ago
Michael DeHaan 385a037cd6 package files 10 years ago
Michael DeHaan c8e1a2077e file extensions! 10 years ago
Michael DeHaan 417309a626 Restructuring. 10 years ago