mirror of
https://github.com/valitydev/salt.git
synced 2024-11-08 09:23:56 +00:00
Add a lexical parser for MySQL grants to the MySQL module. Change the behavior of the grant-checker to use this new method by default and fallback to the strict method if it fails.
This commit is contained in:
parent
67ca15ecc2
commit
c4453b3307
@ -34,6 +34,9 @@ import sys
|
|||||||
# Import salt libs
|
# Import salt libs
|
||||||
import salt.utils
|
import salt.utils
|
||||||
|
|
||||||
|
#import shlex which should be distributed with Python
|
||||||
|
import shlex
|
||||||
|
|
||||||
# Import third party libs
|
# Import third party libs
|
||||||
try:
|
try:
|
||||||
import MySQLdb
|
import MySQLdb
|
||||||
@ -148,6 +151,59 @@ def _connect(**kwargs):
|
|||||||
return dbc
|
return dbc
|
||||||
|
|
||||||
|
|
||||||
|
def _grant_to_tokens(grant):
|
||||||
|
'''
|
||||||
|
|
||||||
|
This should correspond fairly closely to the YAML rendering of a mysql_grants state which comes out
|
||||||
|
as follows:
|
||||||
|
|
||||||
|
OrderedDict([('whatever_identifier', OrderedDict([('mysql_grants.present',
|
||||||
|
[OrderedDict([('database', 'testdb.*')]), OrderedDict([('user', 'testuser')]),
|
||||||
|
OrderedDict([('grant', 'ALTER, SELECT, LOCK TABLES')]), OrderedDict([('host', 'localhost')])])]))])
|
||||||
|
|
||||||
|
:param grant: An un-parsed MySQL GRANT statement str, like
|
||||||
|
"GRANT SELECT, ALTER, LOCK TABLES ON `testdb`.* TO 'testuser'@'localhost'"
|
||||||
|
:return:
|
||||||
|
A Python dict with the following keys/values:
|
||||||
|
- user: MySQL User
|
||||||
|
- host: MySQL host
|
||||||
|
- grant: [grant1, grant2] (ala SELECT, USAGE, etc)
|
||||||
|
- database: MySQL DB
|
||||||
|
'''
|
||||||
|
exploded_grant = shlex.split(grant)
|
||||||
|
grant_tokens = []
|
||||||
|
position_tracker = 1 # Skip the initial 'GRANT' word token
|
||||||
|
phrase = 'grants'
|
||||||
|
|
||||||
|
for token in exploded_grant[position_tracker:]:
|
||||||
|
if phrase == 'grants':
|
||||||
|
cleaned_token = token.rstrip(',')
|
||||||
|
grant_tokens.append(cleaned_token)
|
||||||
|
position_tracker += 1
|
||||||
|
|
||||||
|
if phrase == 'db':
|
||||||
|
database = token.strip('`')
|
||||||
|
phrase = 'tables'
|
||||||
|
|
||||||
|
if phrase == 'user':
|
||||||
|
user, host = token.split('@')
|
||||||
|
|
||||||
|
if token == 'ON':
|
||||||
|
phrase = 'db'
|
||||||
|
|
||||||
|
if token == 'TO':
|
||||||
|
phrase = 'user'
|
||||||
|
|
||||||
|
return {
|
||||||
|
'user': user,
|
||||||
|
'host': host,
|
||||||
|
'grant': grant_tokens,
|
||||||
|
'database': database,
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def query(database, query, **connection_args):
|
def query(database, query, **connection_args):
|
||||||
'''
|
'''
|
||||||
Run an arbitrary SQL query and return the results or
|
Run an arbitrary SQL query and return the results or
|
||||||
@ -1080,6 +1136,21 @@ def grant_exists(grant,
|
|||||||
)
|
)
|
||||||
|
|
||||||
grants = user_grants(user, host, **connection_args)
|
grants = user_grants(user, host, **connection_args)
|
||||||
|
|
||||||
|
for grant in grants:
|
||||||
|
try:
|
||||||
|
target_tokens = None
|
||||||
|
if not target_tokens: # Avoid the overhead of re-calc in loop
|
||||||
|
target_tokens = _grant_to_tokens(target)
|
||||||
|
grant_tokens = _grant_to_tokens(grant)
|
||||||
|
if grant_tokens['user'] == target_tokens['user'] and \
|
||||||
|
grant_tokens['database'] == target_tokens['database'] and \
|
||||||
|
grant_tokens['host'] == target_tokens['host']:
|
||||||
|
if set(grant_tokens['grant']) == set(target_tokens['grant']):
|
||||||
|
return True
|
||||||
|
|
||||||
|
except Exception as exc: # Fallback to strict parsing
|
||||||
|
log.debug("OH NO CAUGHT EXCEPTION: {0}".format(exc))
|
||||||
if grants is not False and target in grants:
|
if grants is not False and target in grants:
|
||||||
log.debug('Grant exists.')
|
log.debug('Grant exists.')
|
||||||
return True
|
return True
|
||||||
@ -1088,6 +1159,7 @@ def grant_exists(grant,
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def grant_add(grant,
|
def grant_add(grant,
|
||||||
database,
|
database,
|
||||||
user,
|
user,
|
||||||
|
Loading…
Reference in New Issue
Block a user