def enable_root(self):
"""Enable the root user global access and/or reset the root password"""
user = models.MySQLUser()
user.name = "root"
user.host = "%"
user.password = generate_random_password()
with LocalSqlClient(get_engine()) as client:
try:
cu = query.CreateUser(user.name, host=user.host)
t = text(str(cu))
client.execute(t, **cu.keyArgs)
except exc.OperationalError as err:
# Ignore, user is already created, just reset the password
# TODO(rnirmal): More fine grained error checking later on
LOG.debug(err)
with LocalSqlClient(get_engine()) as client:
uu = query.UpdateUser(user.name,
host=user.host,
clear=user.password)
t = text(str(uu))
client.execute(t)
LOG.debug("CONF.root_grant: %s CONF.root_grant_option: %s" %
(CONF.root_grant, CONF.root_grant_option))
g = query.Grant(permissions=CONF.root_grant,
user=user.name,
host=user.host,
grant_option=CONF.root_grant_option,
clear=user.password)
t = text(str(g))
client.execute(t)
return user.serialize()
def test_grant_specify_permissions(self):
permissions = ['ALTER ROUTINE',
'CREATE',
'ALTER',
'CREATE ROUTINE',
'CREATE TEMPORARY TABLES',
'CREATE VIEW',
'CREATE USER',
'DELETE',
'DROP',
'EVENT',
'EXECUTE',
'INDEX',
'INSERT',
'LOCK TABLES',
'PROCESS',
'REFERENCES',
'SELECT',
'SHOW DATABASES',
'SHOW VIEW',
'TRIGGER',
'UPDATE',
'USAGE']
user_name = 'root'
user_password = '******'
host = 'localhost'
grant = query.Grant(permissions=permissions,
user=user_name,
host=host,
clear=user_password)
self.assertEqual("GRANT ALTER, "
"ALTER ROUTINE, "
"CREATE, "
"CREATE ROUTINE, "
"CREATE TEMPORARY TABLES, "
"CREATE USER, "
"CREATE VIEW, "
"DELETE, "
"DROP, "
"EVENT, "
"EXECUTE, "
"INDEX, "
"INSERT, "
"LOCK TABLES, "
"PROCESS, "
"REFERENCES, "
"SELECT, "
"SHOW DATABASES, "
"SHOW VIEW, "
"TRIGGER, "
"UPDATE, "
"USAGE ON *.* TO "
"`root`@`localhost` "
"IDENTIFIED BY "
"'password123';",
str(grant))
def grant_access(self, username, hostname, databases):
"""Give a user permission to use a given database."""
user = self._get_user(username, hostname)
with LocalSqlClient(get_engine()) as client:
for database in databases:
g = query.Grant(permissions='ALL',
database=database,
user=user.name,
host=user.host,
hashed=user.password)
t = text(str(g))
client.execute(t)
def _create_admin_user(self, client, password):
"""
Create a os_admin user with a random password
with all privileges similar to the root user
"""
localhost = "localhost"
g = query.Grant(permissions='ALL',
user=ADMIN_USER_NAME,
host=localhost,
grant_option=True,
clear=password)
t = text(str(g))
client.execute(t)
def test_grant_all_with_explicit_grant_option(self):
permissions = ['ALL', 'GRANT OPTION']
user_name = 'root'
user_password = '******'
host = 'localhost'
grant = query.Grant(permissions=permissions,
user=user_name,
host=host,
clear=user_password)
self.assertEqual(
"GRANT ALL PRIVILEGES ON *.* TO "
"`root`@`localhost` "
"IDENTIFIED BY 'password123' "
"WITH GRANT OPTION;", str(grant))
def create_user(self, users):
"""Create users and grant them privileges for the
specified databases"""
with LocalSqlClient(get_engine()) as client:
for item in users:
user = models.MySQLUser()
user.deserialize(item)
# TODO(cp16net):Should users be allowed to create users
# 'os_admin' or 'debian-sys-maint'
g = query.Grant(user=user.name,
host=user.host,
clear=user.password)
t = text(str(g))
client.execute(t)
for database in user.databases:
mydb = models.MySQLDatabase()
mydb.deserialize(database)
g = query.Grant(permissions='ALL',
database=mydb.name,
user=user.name,
host=user.host,
clear=user.password)
t = text(str(g))
client.execute(t)
def test_grant_no_arg_constr(self):
grant = query.Grant()
self.assertIsNotNone(grant)
self.assertEqual("GRANT USAGE ON *.* "
"TO ``@`%` WITH GRANT OPTION;", str(grant))
