chef - [chef] database cookbook: database_user resource: grant action uses table specified in previous resource def

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] database cookbook: database_user resource: grant action uses table specified in previous resource def

From: Phil Mocek < >
To: "chef-users" < >
Subject: [chef] database cookbook: database_user resource: grant action uses table specified in previous resource def
Date: Tue, 07 May 2013 10:56:49 -0700

I believe I have discovered a bug in some combination of the database
cookbook
and the mysql cookbook.  I'll file a report with with Opscode unless
another
subscriber convinces me that my experience is a result of user error.

I define two databases and two database users.  I grant all privileges
on the
first database to the first user, and all privileges on the second
database to
the second user.  Additionally, I grant select on the time_zone table of
the
mysql database to the first user.  This triplet works or fails depending
on the
order of the database_user resource definitions in my recipe.  It
appears as
though my providing a table parameter for the second definition results
in it
"sticking" for the third.

In short, I get either this (good):

1. grant all    on db1             to user1 = GRANT all ON db1.* TO
user1
2. grant all    on db2             to user2 = GRANT all ON db2.* TO
user2
3. grant select on mysql.time_zone to user1 = GRANT select ON
mysql.time_zone TO user1

or this (bad):

1. grant all    on db1             to user1 = GRANT all ON db1.* TO
user1
2. grant select on mysql.time_zone to user1 = GRANT select ON
mysql.time_zone TO user1
3. grant all    on db2             to user2 = GRANT all ON
db2.time_zone TO user2

## works as expected ##

database_user node['mycoobook']['db1']['user'] do
  provider Chef::Provider::Database::MysqlUser
  connection dbms_connection_info
  database_name node['mycoobook']['db1']['schema']
  host '%'
  privileges [:all]
  action :grant
end

database_user node['mycoobook']['db2']['user'] do
  provider Chef::Provider::Database::MysqlUser
  connection dbms_connection_info
  database_name node['mycoobook']['db2']['schema']
  host '%'
  privileges [:all]
  action :grant
end

database_user node['mycoobook']['db1']['user'] do
  provider Chef::Provider::Database::MysqlUser
  connection dbms_connection_info
  database_name 'mysql'
  table 'time_zone'
  host '%'
  privileges [:select]
  action :grant
end

[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 74)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT all ON first_db.* TO 'my_db_user1'@'%'
IDENTIFIED BY 'my_password']
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user2]
action grant (mycoobook::dbms line 83)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user2]: granting
access with statement [GRANT all ON second_db.* TO 'my_db_user2'@'%'
IDENTIFIED BY 'my_password']
[2013-05-01T17:45:41+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 92)
[2013-05-01T17:45:41+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT select ON mysql.time_zone TO
'my_db_user1'@'%' IDENTIFIED BY 'my_password']

## third grant faulty ##

database_user node['mycoobook']['db1']['user'] do
  provider Chef::Provider::Database::MysqlUser
  connection dbms_connection_info
  database_name node['mycoobook']['db1']['schema']
  host '%'
  privileges [:all]
  action :grant
end

database_user node['mycoobook']['db1']['user'] do
  provider Chef::Provider::Database::MysqlUser
  connection dbms_connection_info
  database_name 'mysql'
  table 'time_zone'
  host '%'
  privileges [:select]
  action :grant
end

database_user node['mycoobook']['db2']['user'] do
  provider Chef::Provider::Database::MysqlUser
  connection dbms_connection_info
  database_name node['mycoobook']['db2']['schema']
  host '%'
  privileges [:all]
  action :grant
end

[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 74)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT all ON first_db.* TO 'my_db_user1'@'%'
IDENTIFIED BY 'my_password']
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user1]
action grant (mycoobook::dbms line 83)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user1]: granting
access with statement [GRANT select ON mysql.time_zone TO
'my_db_user1'@'%' IDENTIFIED BY 'my_password']
[2013-05-01T17:57:47+00:00] INFO: Processing database_user[my_db_user2]
action grant (mycoobook::dbms line 93)
[2013-05-01T17:57:47+00:00] INFO: database_user[my_db_user2]: granting
access with statement [GRANT all ON second_db.time_zone TO
'my_db_user2'@'%' IDENTIFIED BY 'my_password']

--
Phil Mocek
http://mocek.org

[chef] database cookbook: database_user resource: grant action uses table specified in previous resource def, Phil Mocek, 05/07/2013