Defined Type: mysql::user
- Defined in:
- puppet/modules/mysql/manifests/user.pp
Overview
Define: mysql::user
Creates a user on the local MySQL database server and (optionally) grants the user privileges on some database.
Parameters
- ensure
-
If 'present', creates the user. If 'absent', drops it. Defaults to present.
- username
-
Account name of user to create. Defaults to resource title. Example: 'wikiadmin'.
- password
-
Password for the new account. Example: 'hunter2'.
- hostname
-
Hostname or host mask specifying from where the user may connect. Used for grant command. Defaults to $::mysql::grant_host_name.
- grant
-
SQL sub-expression of the form 'priv_type ON object_type'. Defaults to 'usage on .'. This allows combining user account creation with a database permission grant.
- socket
-
Use unix_socket auth rather than a password to identify the user. When enabled the $password supplied will be ignored. Defaults to false.
Examples
Creates an 'wikiadmin' user with full privileges on 'wiki':
mysql::user { 'wikiadmin':
password => 'hunter2',
grant => 'all on wiki.*',
}
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'puppet/modules/mysql/manifests/user.pp', line 43
define mysql::user(
$password,
$ensure = present,
$username = $title,
$grant = 'USAGE ON *.*',
$hostname = $::mysql::grant_host_name,
$socket = false,
) {
if $ensure == 'absent' {
$command = 'drop'
$unless = 'not exists'
} else {
$command = 'create'
$unless = 'exists'
}
if $ensure == 'absent' {
mysql::sql { "DROP USER '${username}'":
unless => "SELECT NOT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${username}')",
}
} else {
$ident = $socket ? {
true => 'IDENTIFIED VIA unix_socket',
default => "IDENTIFIED BY '${password}'",
}
mysql::sql { "create user ${username}":
sql => "CREATE USER '${username}'@'${hostname}' ${ident}; GRANT ${grant} to '${username}'@'${hostname}'",
unless => "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${username}')",
}
}
}
|