def _create_admin_user(self, client, password):
"""
Create a os_admin user with a random password
with all privileges similar to the root user.
"""
LOG.debug("Creating Trove admin user '%s'.", ADMIN_USER_NAME)
host = "127.0.0.1"
g = sql_query.Grant(permissions='ALL', user=ADMIN_USER_NAME,
host=host, grant_option=True, clear=password)
t = text(str(g))
client.execute(t)
LOG.debug("Trove admin user '%s' created.", ADMIN_USER_NAME)
def create_user(self, users):
"""Create users and grant them privileges for the
specified databases.
"""
with self.local_sql_client(self.mysql_app.get_engine()) as client:
for item in users:
user = models.MySQLUser.deserialize(item)
user.check_create()
# TODO(cp16net):Should users be allowed to create users
# 'os_admin' or 'debian-sys-maint'
g = sql_query.Grant(user=user.name, host=user.host,
clear=user.password)
t = text(str(g))
client.execute(t)
for database in user.databases:
mydb = models.MySQLSchema.deserialize(database)
g = sql_query.Grant(permissions='ALL', database=mydb.name,
user=user.name, host=user.host,
clear=user.password)
t = text(str(g))
client.execute(t)
def grant_replication_privilege(self, replication_user):
LOG.info("Granting Replication Slave privilege.")
LOG.debug("grant_replication_privilege: %s", replication_user)
with self.local_sql_client(self.get_engine()) as client:
g = sql_query.Grant(permissions=['REPLICATION SLAVE'],
user=replication_user['name'],
clear=replication_user['password'])
t = text(str(g))
client.execute(t)
def _create_admin_user(self, client, password):
"""
Create a os_admin user with a random password
with all privileges similar to the root user.
"""
localhost = "localhost"
g = sql_query.Grant(permissions='ALL',
user=ADMIN_USER_NAME,
host=localhost,
grant_option=True,
clear=password)
t = text(str(g))
client.execute(t)
def test_grant_all_with_explicit_grant_option(self):
permissions = ['ALL', 'GRANT OPTION']
user_name = 'root'
user_password = '******'
host = 'localhost'
grant = sql_query.Grant(permissions=permissions,
user=user_name,
host=host,
clear=user_password,
grant_option=True)
self.assertEqual(
"GRANT ALL PRIVILEGES ON *.* TO "
"`root`@`localhost` "
"IDENTIFIED BY 'password123' "
"WITH GRANT OPTION;", str(grant))
def grant_access(self, username, hostname, databases):
"""Grant a user permission to use a given database."""
user = self._get_user(username, hostname)
mydb = models.ValidatedMySQLDatabase()
with LocalSqlClient(get_engine()) as client:
for database in databases:
try:
mydb.name = database
except ValueError:
raise exception.BadRequest(_(
"Grant access to %s is not allowed") % database)
g = sql_query.Grant(permissions='ALL', database=mydb.name,
user=user.name, host=user.host,
hashed=user.password)
t = text(str(g))
client.execute(t)
def test_grant_specify_duplicate_permissions(self):
permissions = [
'ALTER ROUTINE', 'CREATE', 'CREATE', 'DROP', 'DELETE', 'DELETE',
'ALTER', 'CREATE ROUTINE', 'CREATE TEMPORARY TABLES',
'CREATE VIEW', 'CREATE USER', 'DELETE', 'DROP', 'EVENT', 'EXECUTE',
'INDEX', 'INSERT', 'LOCK TABLES', 'PROCESS', 'REFERENCES',
'SELECT', 'SHOW DATABASES', 'SHOW VIEW', 'TRIGGER', 'UPDATE',
'USAGE'
]
user_name = 'root'
user_password = '******'
host = 'localhost'
grant = sql_query.Grant(permissions=permissions,
user=user_name,
host=host,
clear=user_password)
self.assertEqual(
"GRANT ALTER, "
"ALTER ROUTINE, "
"CREATE, "
"CREATE ROUTINE, "
"CREATE TEMPORARY TABLES, "
"CREATE USER, "
"CREATE VIEW, "
"DELETE, "
"DROP, "
"EVENT, "
"EXECUTE, "
"INDEX, "
"INSERT, "
"LOCK TABLES, "
"PROCESS, "
"REFERENCES, "
"SELECT, "
"SHOW DATABASES, "
"SHOW VIEW, "
"TRIGGER, "
"UPDATE, "
"USAGE ON *.* TO "
"`root`@`localhost` "
"IDENTIFIED BY "
"'password123';", str(grant))
def enable_root(self, root_password=None):
"""Enable the root user global access and/or
reset the root password.
"""
user = models.MySQLUser.root(password=root_password)
with mysql_util.SqlClient(self.mysql_app.get_engine(),
use_flush=True) as client:
try:
cu = sql_query.CreateUser(user.name, host=user.host)
t = text(str(cu))
client.execute(t, **cu.keyArgs)
except (exc.OperationalError, exc.InternalError) as err:
# Ignore, user is already created, just reset the password
# TODO(rnirmal): More fine grained error checking later on
LOG.debug(err)
with mysql_util.SqlClient(self.mysql_app.get_engine(),
use_flush=True) as client:
uu = sql_query.SetPassword(user.name,
host=user.host,
new_password=user.password,
ds=CONF.datastore_manager,
ds_version=CONF.datastore_version)
t = text(str(uu))
client.execute(t)
LOG.debug(
"CONF.root_grant: %(grant)s CONF.root_grant_option: "
"%(grant_option)s.", {
'grant': CONF.root_grant,
'grant_option': CONF.root_grant_option
})
g = sql_query.Grant(permissions=CONF.root_grant,
user=user.name,
host=user.host,
grant_option=CONF.root_grant_option)
t = text(str(g))
client.execute(t)
return user.serialize()
def create_users(self, users):
"""Create users and grant them privileges for the
specified databases.
"""
with mysql_util.SqlClient(self.mysql_app.get_engine()) as client:
for item in users:
user = models.MySQLUser.deserialize(item)
user.check_create()
cu = sql_query.CreateUser(user.name, host=user.host,
clear=user.password)
t = text(str(cu))
client.execute(t, **cu.keyArgs)
for database in user.databases:
mydb = models.MySQLSchema.deserialize(database)
g = sql_query.Grant(permissions='ALL', database=mydb.name,
user=user.name, host=user.host)
t = text(str(g))
LOG.debug('Creating user, command: %s', str(g))
client.execute(t)
def grant_access(self, username, hostname, databases):
"""Grant a user permission to use a given database."""
user = self._get_user(username, hostname)
mydb = None # cache the model as we just want name validation
with self.local_sql_client(self.mysql_app.get_engine()) as client:
for database in databases:
try:
if mydb:
mydb.name = database
else:
mydb = models.MySQLSchema(name=database)
mydb.check_reserved()
except ValueError:
LOG.exception(_("Error granting access"))
raise exception.BadRequest(_(
"Grant access to %s is not allowed") % database)
g = sql_query.Grant(permissions='ALL', database=mydb.name,
user=user.name, host=user.host,
hashed=user.password)
t = text(str(g))
client.execute(t)
def enable_root(cls, root_password=None):
"""Enable the root user global access and/or
reset the root password.
"""
user = models.RootUser()
user.name = "root"
user.host = "%"
user.password = root_password or utils.generate_random_password()
with LocalSqlClient(get_engine()) as client:
print(client)
try:
cu = sql_query.CreateUser(user.name, host=user.host)
t = text(str(cu))
client.execute(t, **cu.keyArgs)
except exc.OperationalError as err:
# Ignore, user is already created, just reset the password
# TODO(rnirmal): More fine grained error checking later on
LOG.debug(err)
with LocalSqlClient(get_engine()) as client:
print(client)
uu = sql_query.UpdateUser(user.name,
host=user.host,
clear=user.password)
t = text(str(uu))
client.execute(t)
LOG.debug("CONF.root_grant: %s CONF.root_grant_option: %s." %
(CONF.root_grant, CONF.root_grant_option))
g = sql_query.Grant(permissions=CONF.root_grant,
user=user.name,
host=user.host,
grant_option=CONF.root_grant_option,
clear=user.password)
t = text(str(g))
client.execute(t)
return user.serialize()
def enable_root(self, root_password=None):
"""Enable the root user global access and/or
reset the root password.
"""
user = models.MySQLRootUser(root_password)
with self.local_sql_client(self.mysql_app.get_engine()) as client:
print(client)
try:
cu = sql_query.CreateUser(user.name, host=user.host)
t = text(str(cu))
client.execute(t, **cu.keyArgs)
except (exc.OperationalError, exc.InternalError) as err:
if '1396' in err.args[0]:
# Ignore, user is already created, just reset the password
# TODO(rnirmal): More fine grained error checking later on
LOG.debug(err)
else:
raise
with self.local_sql_client(self.mysql_app.get_engine()) as client:
print(client)
uu = sql_query.SetPassword(user.name,
host=user.host,
new_password=user.password)
t = text(str(uu))
client.execute(t)
LOG.debug("CONF.root_grant: %s CONF.root_grant_option: %s." %
(CONF.root_grant, CONF.root_grant_option))
g = sql_query.Grant(permissions=CONF.root_grant,
user=user.name,
host=user.host,
grant_option=CONF.root_grant_option,
clear=user.password)
t = text(str(g))
client.execute(t)
return user.serialize()
def test_grant_no_arg_constr(self):
grant = sql_query.Grant()
self.assertIsNotNone(grant)
self.assertEqual("GRANT USAGE ON *.* " "TO ``@`%`;", str(grant))
