def _create_db_user_gran_priv_if_needed(con_fun, user, password,
db, priv, create):
"""
Helping function to create db and user
"""
if create:
log.info("Creating %s and user to access it" % (db, ))
else:
log.info("Setting user to access %s" % (db, ))
m_su_con, m_su_cur = con_fun(True, None)
client_host = get_db_client_host(m_su_cur)
if create:
_cursor_execute(
m_su_cur,
"CREATE DATABASE IF NOT EXISTS %s CHARACTER SET utf8" %
(cv(db), ))
create_user_if_not_exists(m_su_con,
m_su_cur,
user,
password,
client_host,
dry_run=akrr.dry_run)
_cursor_execute(
m_su_cur,
"GRANT " + cv(priv) + " ON " + cv(db) + ".* TO %s@%s",
(user, client_host))
m_su_con.commit()
def test_db_check_priv(self):
from akrr.util.sql import get_user_password_host_port
from akrr.util.sql import get_db_client_host
from akrr.util.sql import get_con_to_db
from akrr.util.sql import db_check_priv
from akrr.util.sql import cv
from akrr.util.sql import create_user_if_not_exists
su_user, \
su_password, \
db_host, \
db_port = get_user_password_host_port(self.su_sql)
su_con, su_cur = get_con_to_db(su_user, su_password, db_host, db_port)
client_host = get_db_client_host(su_cur)
# create user
create_user_if_not_exists(su_con, su_cur, self.user1, self.password1,
client_host)
# check su rights
self.assertEqual(db_check_priv(su_cur, "mysql", "ALL"), True)
self.assertEqual(db_check_priv(su_cur, "dontexists", "ALL"), True)
self.assertEqual(db_check_priv(su_cur, "mysql", "ALL", self.user1),
False)
self.assertEqual(
db_check_priv(su_cur, "dontexists", "ALL", self.user1), False)
self.assertEqual(
db_check_priv(su_cur, "mysql", "ALL", self.user1, client_host),
False)
self.assertEqual(
db_check_priv(su_cur, "dontexists", "ALL", self.user1,
client_host), False)
# connect as user
_, cur = get_con_to_db(self.user1, self.password1, "localhost")
self.assertEqual(
db_check_priv(su_cur, "dontexists", "ALL", self.user1), False)
# create db and give permission to user1
su_cur.execute("CREATE DATABASE IF NOT EXISTS %s CHARACTER SET utf8" %
(cv(self.db1), ))
su_cur.execute("CREATE DATABASE IF NOT EXISTS %s CHARACTER SET utf8" %
(cv(self.db2), ))
su_con.commit()
su_cur.execute("GRANT ALL ON " + cv(self.db1) + ".* TO %s@%s",
(self.user1, client_host))
su_cur.execute("GRANT SELECT ON " + cv(self.db2) + ".* TO %s@%s",
(self.user1, client_host))
su_con.commit()
# check rights as current regular user
self.assertEqual(db_check_priv(cur, "mysql", "ALL"), False)
self.assertEqual(db_check_priv(cur, self.db1, "ALL"), True)
self.assertEqual(db_check_priv(cur, self.db1, "SELECT"), True)
self.assertEqual(db_check_priv(cur, self.db2, "ALL"), False)
self.assertEqual(db_check_priv(cur, self.db2, "SELECT"), True)