-
Notifications
You must be signed in to change notification settings - Fork 363
/
user.sls
148 lines (137 loc) · 5.16 KB
/
user.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
{%- from tpldir ~ "/map.jinja" import mysql with context %}
{%- set mysql_root_user = salt['pillar.get']('mysql:server:root_user', 'root') %}
{%- set mysql_root_pass = salt['pillar.get']('mysql:server:root_password', salt['grains.get']('server_id')) %}
{%- set mysql_host = salt['pillar.get']('mysql:server:host', 'localhost') %}
{%- set mysql_salt_user = salt['pillar.get']('mysql:salt_user:salt_user_name', mysql_root_user) %}
{%- set mysql_salt_pass = salt['pillar.get']('mysql:salt_user:salt_user_password', mysql_root_pass) %}
{%- set mysql_unix_socket = salt['pillar.get']('mysql:server:unix_socket', '') %}
{%- set user_states = [] %}
{%- set user_hosts = [] %}
include:
- .python
{%- for name, user in salt['pillar.get']('mysql:user', {}).items() %}
{%- set user_host = salt['pillar.get']('mysql:user:%s:host'|format(name)) %}
{%- if user_host != '' %}
{%- set user_hosts = [user_host] %}
{%- else %}
{%- set user_hosts = salt['pillar.get']('mysql:user:%s:hosts'|format(name)) %}
{%- endif %}
{%- if not user_hosts %}
{%- set mine_target = salt['pillar.get']('mysql:user:%s:mine_hosts:target'|format(name)) %}
{%- set mine_function = salt['pillar.get']('mysql:user:%s:mine_hosts:function'|format(name)) %}
{%- set mine_expression_form = salt['pillar.get']('mysql:user:%s:mine_hosts:expr_form'|format(name)) %}
{%- if mine_target and mine_function and mine_expression_form %}
{%- set user_hosts = salt['mine.get'](mine_target, mine_function, mine_expression_form).values() %}
{%- endif %}
{%- endif %}
{%- for host in user_hosts %}
{%- set state_id = 'mysql_user_' ~ name ~ '_' ~ host %}
{{ state_id }}:
{%- if user.get('present', True) %}
mysql_user.present:
- name: {{ name }}
- host: '{{ host }}'
{%- if user['password_hash'] is defined %}
- password_hash: '{{ user['password_hash'] }}'
{%- elif user['password'] is defined and user['password'] != None %}
- password: '{{ user['password'] }}'
{%- elif user['unix_socket'] is defined and user['unix_socket'] != None %}
- allow_passwordless: True
- unix_socket: True
{%- else %}
- allow_passwordless: True
{%- endif %}
{%- else %}
mysql_user.absent:
- name: {{ name }}
- host: '{{ host }}'
{%- endif %}
- connection_host: '{{ mysql_host }}'
- connection_user: '{{ mysql_salt_user }}'
{%- if mysql_salt_pass %}
- connection_pass: '{{ mysql_salt_pass }}'
{%- endif %}
{%- if mysql_unix_socket %}
- connection_unix_socket: '{{ mysql_unix_socket }}'
{%- endif %}
- connection_charset: utf8
{%- if 'grants' in user %}
{{ state_id ~ '_grants' }}:
mysql_grants.present:
- name: {{ name }}
- grant: {{ user['grants']|join(",") }}
- database: '*.*'
- grant_option: {{ user['grant_option'] | default(False) }}
{%- if 'ssl' in user or 'ssl-X509' in user %}
- ssl_option:
- SSL: {{ user['ssl'] | default(False) }}
{%- if user['ssl-X509'] is defined %}
- X509: {{ user['ssl-X509'] }}
{%- endif %}
{%- if user['ssl-SUBJECT'] is defined %}
- SUBJECT: {{ user['ssl-SUBJECT'] }}
{%- endif %}
{%- if user['ssl-ISSUER'] is defined %}
- ISSUER: {{ user['ssl-ISSUER'] }}
{%- endif %}
{%- if user['ssl-CIPHER'] is defined %}
- CIPHER: {{ user['ssl-CIPHER'] }}
{%- endif %}
{%- endif %}
- user: {{ name }}
- host: '{{ host }}'
- connection_host: '{{ mysql_host }}'
- connection_user: '{{ mysql_salt_user }}'
{%- if mysql_salt_pass %}
- connection_pass: '{{ mysql_salt_pass }}'
{%- endif %}
{%- if mysql_unix_socket %}
- connection_unix_socket: '{{ mysql_unix_socket }}'
{%- endif %}
- connection_charset: utf8
- require:
- mysql_user: {{ state_id }}
{%- endif %}
{%- if 'databases' in user %}
{%- for db in user['databases'] %}
{{ state_id ~ '_' ~ loop.index0 }}:
mysql_grants.present:
- name: {{ name ~ '_' ~ db['database'] ~ '_' ~ db['table'] | default('all') }}
- grant: {{ db['grants']|join(",") }}
- database: '{{ db['database'] }}.{{ db['table'] | default('*') }}'
- grant_option: {{ db['grant_option'] | default(False) }}
{%- if 'ssl' in user or 'ssl-X509' in user %}
- ssl_option:
- SSL: {{ user['ssl'] | default(False) }}
{%- if user['ssl-X509'] is defined %}
- X509: {{ user['ssl-X509'] }}
{%- endif %}
{%- if user['ssl-SUBJECT'] is defined %}
- SUBJECT: {{ user['ssl-SUBJECT'] }}
{%- endif %}
{%- if user['ssl-ISSUER'] is defined %}
- ISSUER: {{ user['ssl-ISSUER'] }}
{%- endif %}
{%- if user['ssl-CIPHER'] is defined %}
- CIPHER: {{ user['ssl-CIPHER'] }}
{%- endif %}
{%- endif %}
- user: {{ name }}
- host: '{{ host }}'
- escape: {{ db['escape'] | default(True) }}
- connection_host: '{{ mysql_host }}'
- connection_user: '{{ mysql_salt_user }}'
{%- if mysql_salt_pass %}
- connection_pass: '{{ mysql_salt_pass }}'
{%- endif %}
- connection_charset: utf8
{%- if mysql_unix_socket %}
- connection_unix_socket: '{{ mysql_unix_socket }}'
{%- endif %}
- require:
- mysql_user: {{ state_id }}
{%- endfor %}
{%- endif %}
{%- do user_states.append(state_id) %}
{%- endfor %}
{%- endfor %}