예제 #1
0
파일: service.py 프로젝트: nnt1997/trove
 def _create_admin_user(self, client, password):
     """
     Create a os_admin user with a random password
     with all privileges similar to the root user.
     """
     LOG.debug("Creating Trove admin user '%s'.", ADMIN_USER_NAME)
     host = "127.0.0.1"
     g = sql_query.Grant(permissions='ALL', user=ADMIN_USER_NAME,
                         host=host, grant_option=True, clear=password)
     t = text(str(g))
     client.execute(t)
     LOG.debug("Trove admin user '%s' created.", ADMIN_USER_NAME)
예제 #2
0
파일: service.py 프로젝트: nnt1997/trove
 def create_user(self, users):
     """Create users and grant them privileges for the
        specified databases.
     """
     with self.local_sql_client(self.mysql_app.get_engine()) as client:
         for item in users:
             user = models.MySQLUser.deserialize(item)
             user.check_create()
             # TODO(cp16net):Should users be allowed to create users
             # 'os_admin' or 'debian-sys-maint'
             g = sql_query.Grant(user=user.name, host=user.host,
                                 clear=user.password)
             t = text(str(g))
             client.execute(t)
             for database in user.databases:
                 mydb = models.MySQLSchema.deserialize(database)
                 g = sql_query.Grant(permissions='ALL', database=mydb.name,
                                     user=user.name, host=user.host,
                                     clear=user.password)
                 t = text(str(g))
                 client.execute(t)
예제 #3
0
파일: service.py 프로젝트: sapcc/trove
    def grant_replication_privilege(self, replication_user):
        LOG.info("Granting Replication Slave privilege.")

        LOG.debug("grant_replication_privilege: %s", replication_user)

        with self.local_sql_client(self.get_engine()) as client:
            g = sql_query.Grant(permissions=['REPLICATION SLAVE'],
                                user=replication_user['name'],
                                clear=replication_user['password'])

            t = text(str(g))
            client.execute(t)
예제 #4
0
 def _create_admin_user(self, client, password):
     """
     Create a os_admin user with a random password
     with all privileges similar to the root user.
     """
     localhost = "localhost"
     g = sql_query.Grant(permissions='ALL',
                         user=ADMIN_USER_NAME,
                         host=localhost,
                         grant_option=True,
                         clear=password)
     t = text(str(g))
     client.execute(t)
예제 #5
0
    def test_grant_all_with_explicit_grant_option(self):
        permissions = ['ALL', 'GRANT OPTION']
        user_name = 'root'
        user_password = '******'
        host = 'localhost'
        grant = sql_query.Grant(permissions=permissions,
                                user=user_name,
                                host=host,
                                clear=user_password,
                                grant_option=True)

        self.assertEqual(
            "GRANT ALL PRIVILEGES ON *.* TO "
            "`root`@`localhost` "
            "IDENTIFIED BY 'password123' "
            "WITH GRANT OPTION;", str(grant))
예제 #6
0
    def grant_access(self, username, hostname, databases):
        """Grant a user permission to use a given database."""
        user = self._get_user(username, hostname)
        mydb = models.ValidatedMySQLDatabase()
        with LocalSqlClient(get_engine()) as client:
            for database in databases:
                    try:
                        mydb.name = database
                    except ValueError:
                        raise exception.BadRequest(_(
                            "Grant access to %s is not allowed") % database)

                    g = sql_query.Grant(permissions='ALL', database=mydb.name,
                                        user=user.name, host=user.host,
                                        hashed=user.password)
                    t = text(str(g))
                    client.execute(t)
예제 #7
0
    def test_grant_specify_duplicate_permissions(self):
        permissions = [
            'ALTER ROUTINE', 'CREATE', 'CREATE', 'DROP', 'DELETE', 'DELETE',
            'ALTER', 'CREATE ROUTINE', 'CREATE TEMPORARY TABLES',
            'CREATE VIEW', 'CREATE USER', 'DELETE', 'DROP', 'EVENT', 'EXECUTE',
            'INDEX', 'INSERT', 'LOCK TABLES', 'PROCESS', 'REFERENCES',
            'SELECT', 'SHOW DATABASES', 'SHOW VIEW', 'TRIGGER', 'UPDATE',
            'USAGE'
        ]

        user_name = 'root'
        user_password = '******'
        host = 'localhost'
        grant = sql_query.Grant(permissions=permissions,
                                user=user_name,
                                host=host,
                                clear=user_password)

        self.assertEqual(
            "GRANT ALTER, "
            "ALTER ROUTINE, "
            "CREATE, "
            "CREATE ROUTINE, "
            "CREATE TEMPORARY TABLES, "
            "CREATE USER, "
            "CREATE VIEW, "
            "DELETE, "
            "DROP, "
            "EVENT, "
            "EXECUTE, "
            "INDEX, "
            "INSERT, "
            "LOCK TABLES, "
            "PROCESS, "
            "REFERENCES, "
            "SELECT, "
            "SHOW DATABASES, "
            "SHOW VIEW, "
            "TRIGGER, "
            "UPDATE, "
            "USAGE ON *.* TO "
            "`root`@`localhost` "
            "IDENTIFIED BY "
            "'password123';", str(grant))
예제 #8
0
파일: service.py 프로젝트: crowdy/trove
    def enable_root(self, root_password=None):
        """Enable the root user global access and/or
           reset the root password.
        """
        user = models.MySQLUser.root(password=root_password)
        with mysql_util.SqlClient(self.mysql_app.get_engine(),
                                  use_flush=True) as client:
            try:
                cu = sql_query.CreateUser(user.name, host=user.host)
                t = text(str(cu))
                client.execute(t, **cu.keyArgs)
            except (exc.OperationalError, exc.InternalError) as err:
                # Ignore, user is already created, just reset the password
                # TODO(rnirmal): More fine grained error checking later on
                LOG.debug(err)

        with mysql_util.SqlClient(self.mysql_app.get_engine(),
                                  use_flush=True) as client:
            uu = sql_query.SetPassword(user.name,
                                       host=user.host,
                                       new_password=user.password,
                                       ds=CONF.datastore_manager,
                                       ds_version=CONF.datastore_version)
            t = text(str(uu))
            client.execute(t)

            LOG.debug(
                "CONF.root_grant: %(grant)s CONF.root_grant_option: "
                "%(grant_option)s.", {
                    'grant': CONF.root_grant,
                    'grant_option': CONF.root_grant_option
                })

            g = sql_query.Grant(permissions=CONF.root_grant,
                                user=user.name,
                                host=user.host,
                                grant_option=CONF.root_grant_option)

            t = text(str(g))
            client.execute(t)
            return user.serialize()
예제 #9
0
    def create_users(self, users):
        """Create users and grant them privileges for the
           specified databases.
        """
        with mysql_util.SqlClient(self.mysql_app.get_engine()) as client:
            for item in users:
                user = models.MySQLUser.deserialize(item)
                user.check_create()

                cu = sql_query.CreateUser(user.name, host=user.host,
                                          clear=user.password)
                t = text(str(cu))
                client.execute(t, **cu.keyArgs)

                for database in user.databases:
                    mydb = models.MySQLSchema.deserialize(database)
                    g = sql_query.Grant(permissions='ALL', database=mydb.name,
                                        user=user.name, host=user.host)
                    t = text(str(g))
                    LOG.debug('Creating user, command: %s', str(g))
                    client.execute(t)
예제 #10
0
    def grant_access(self, username, hostname, databases):
        """Grant a user permission to use a given database."""
        user = self._get_user(username, hostname)
        mydb = None  # cache the model as we just want name validation
        with self.local_sql_client(self.mysql_app.get_engine()) as client:
            for database in databases:
                try:
                    if mydb:
                        mydb.name = database
                    else:
                        mydb = models.MySQLSchema(name=database)
                        mydb.check_reserved()
                except ValueError:
                    LOG.exception(_("Error granting access"))
                    raise exception.BadRequest(_(
                        "Grant access to %s is not allowed") % database)

                g = sql_query.Grant(permissions='ALL', database=mydb.name,
                                    user=user.name, host=user.host,
                                    hashed=user.password)
                t = text(str(g))
                client.execute(t)
예제 #11
0
    def enable_root(cls, root_password=None):
        """Enable the root user global access and/or
           reset the root password.
        """
        user = models.RootUser()
        user.name = "root"
        user.host = "%"
        user.password = root_password or utils.generate_random_password()
        with LocalSqlClient(get_engine()) as client:
            print(client)
            try:
                cu = sql_query.CreateUser(user.name, host=user.host)
                t = text(str(cu))
                client.execute(t, **cu.keyArgs)
            except exc.OperationalError as err:
                # Ignore, user is already created, just reset the password
                # TODO(rnirmal): More fine grained error checking later on
                LOG.debug(err)
        with LocalSqlClient(get_engine()) as client:
            print(client)
            uu = sql_query.UpdateUser(user.name,
                                      host=user.host,
                                      clear=user.password)
            t = text(str(uu))
            client.execute(t)

            LOG.debug("CONF.root_grant: %s CONF.root_grant_option: %s." %
                      (CONF.root_grant, CONF.root_grant_option))

            g = sql_query.Grant(permissions=CONF.root_grant,
                                user=user.name,
                                host=user.host,
                                grant_option=CONF.root_grant_option,
                                clear=user.password)

            t = text(str(g))
            client.execute(t)
            return user.serialize()
예제 #12
0
    def enable_root(self, root_password=None):
        """Enable the root user global access and/or
           reset the root password.
        """
        user = models.MySQLRootUser(root_password)
        with self.local_sql_client(self.mysql_app.get_engine()) as client:
            print(client)
            try:
                cu = sql_query.CreateUser(user.name, host=user.host)
                t = text(str(cu))
                client.execute(t, **cu.keyArgs)
            except (exc.OperationalError, exc.InternalError) as err:
                if '1396' in err.args[0]:
                    # Ignore, user is already created, just reset the password
                    # TODO(rnirmal): More fine grained error checking later on
                    LOG.debug(err)
                else:
                    raise
        with self.local_sql_client(self.mysql_app.get_engine()) as client:
            print(client)
            uu = sql_query.SetPassword(user.name,
                                       host=user.host,
                                       new_password=user.password)
            t = text(str(uu))
            client.execute(t)

            LOG.debug("CONF.root_grant: %s CONF.root_grant_option: %s." %
                      (CONF.root_grant, CONF.root_grant_option))

            g = sql_query.Grant(permissions=CONF.root_grant,
                                user=user.name,
                                host=user.host,
                                grant_option=CONF.root_grant_option,
                                clear=user.password)

            t = text(str(g))
            client.execute(t)
            return user.serialize()
예제 #13
0
 def test_grant_no_arg_constr(self):
     grant = sql_query.Grant()
     self.assertIsNotNone(grant)
     self.assertEqual("GRANT USAGE ON *.* " "TO ``@`%`;", str(grant))