diff --git a/_modules/cleanup_users.py b/_modules/cleanup_users.py index f4ec3ea7..a54bf4c4 100644 --- a/_modules/cleanup_users.py +++ b/_modules/cleanup_users.py @@ -94,10 +94,13 @@ def list_user_managed(keep_extra = [], drop_extra = []): # single or many host hosts = info.get('hosts', [info.get('host')]) for h in hosts: - s = user + '@' + h - if re.search(regexp, s): - continue - managed.append(s) + # if the user as no host entry (absent: True), ignore it. + # will be deleted. + if h: + s = user + '@' + h + if re.search(regexp, s): + continue + managed.append(s) if len(keep_extra) > 0: managed += keep_extra diff --git a/mysql/user.sls b/mysql/user.sls index 25b2bffc..a908366b 100644 --- a/mysql/user.sls +++ b/mysql/user.sls @@ -27,36 +27,6 @@ This state handle creation and deletion of mysql's user. {%- endif %} - connection_charset: utf8 {% endmacro -%} - -{# this macro is the salt statement to remove a user #} -{%- macro mysql_user_remove(name, host, where) %} -{%- set state_id = 'mysql_user_remove_' ~ name ~ '_' ~ host %} -{{ state_id }}: - # {{ where }} - mysql_user.absent: - - name: {{ name }} - - host: '{{ host }}' - {{ mysql_root_connection() }} -{% endmacro -%} - -{#- this macro is a salt state fully destroy a user from mysql tables -it is an experimental macro… use with caution! --#} -{% macro mysql_user_destroy(name) %} -{%- set state_id = 'mysql_user_destroy_' ~ name %} -{%- set queries = " -DELETE FROM columns_priv WHERE user = '" ~ name ~ "'; -DELETE FROM db WHERE user = '" ~ name ~ "'; -DELETE FROM user WHERE user = '" ~ name ~"'; -FLUSH PRIVILEGES; -" %} -{{ state_id }}: - module.run: - - name: mysql.query - - database: mysql - - query: "{{ queries }}" - {{ mysql_root_connection() }} -{% endmacro -%} {#- ===== MAIN OUTPUT===== -#} @@ -91,12 +61,8 @@ include: ===== INNER LOOP OVER DATA : host -> fecthed above single or multiple ===== -#} {% for host in user_hosts %} -{% if user.absent is defined and user.absent %} -{{ mysql_user_remove(name, host, 'top') }} -{% else %} -{#- - CREATE USER --#} +{% if user.absent is not defined or not user.absent %} +{#- ================================================== CREATE USER -#} {% set state_id = 'mysql_user_' ~ name ~ '_' ~ host %} {{ state_id }}: mysql_user.present: @@ -155,28 +121,22 @@ include: - mysql_user: {{ state_id }} {% endfor %} {% endif %} - {# collect added user for mysql/init.sls for requisites #} {% do user_states.append(state_id) %} - -{# END user.absent #} -{% endif %} -{#- - =============== END FOR host --#} +{#- ========== END user is defined and present #} +{%- endif %} +{#- ===================== END FOR host ======================================== -#} +{% endfor %} +{#- =============== END FOR user -#} {% endfor %} {#- -extra remove user with multiples host see #119 for user.hosts_absent (list) -must be in user loop not in host loop. +remove all users not managed, See #119, grants will be droped for those users too +you can check before with: salt 'db*' mysql.list_user_to_drop -#} -{% set user_hosts_absent = salt['pillar.get']('mysql:user:%s:hosts_absent'|format(name)) %} -{% if user_hosts_absent != '' %} - {% for h in user_hosts_absent %} - {{ mysql_user_remove(name, h, 'end') }} - {% endfor %} +{% if salt['pillar.get']('mysql:server:auto_remove_user_not_managed') %} +remove_user_not_managed: + module.run: + - name: mysql.cleanup_users + - keep_exrta: {{ salt['pillar.get']('mysql:server:keep_user_extra', []) }} {% endif %} -{#- - =============== END FOR user --#} -{% endfor %} diff --git a/pillar.example b/pillar.example index 25d2086f..0ad30667 100644 --- a/pillar.example +++ b/pillar.example @@ -25,6 +25,12 @@ mysql: # another host host: 123.123.123.123 # my.cnf sections changes + auto_remove_user_not_managed: True + # list of couple user@host, can be user@% + # note: % will become a regexp (.*) matching everything + keep_user_extra: + - momo@foreignhost.name + - admin@% mysqld: # you can use either underscore or hyphen in param names bind-address: 0.0.0.0