(MODULES-1550) add new Feature MySQL login paths

.sync.yml

@@ -36,6 +36,7 @@ Gemfile:
       git: https://github.com/skywinder/github-changelog-generator
       ref: 20ee04ba1234e9e83eb2ffb5056e23d641c7a018
       condition: Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')
+    - gem: puppet-resource_api
 Rakefile:
   requires:
   - puppet_pot_generator/rake_tasks

Gemfile

@@ -30,6 +30,7 @@ group :development do
   gem "puppet-module-win-dev-r#{minor_version}", '~> 0.4',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
   gem "puppet-lint-i18n",                                        require: false
   gem "github_changelog_generator",                              require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')
+  gem "puppet-resource_api",                                     require: false
 end
 
 puppet_version = ENV['PUPPET_GEM_VERSION']

README.md

@@ -183,6 +183,36 @@ mysql::db { 'mydb':
 
 If required, the password can also be an empty string to allow connections without an password.
 
+### Create login paths
+
+This feature works only for the MySQL Community Edition >= 5.6.6.
+
+A login path is a set of options (host, user, password, port and socket) that specify which MySQL server to connect to and which account to authenticate as. The authentication credentials and the other options are stored in an encrypted login file named .mylogin.cnf typically under the users home directory.
+
+More information about MySQL login paths: https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html.
+
+Some example for login paths: 
+```puppet
+mysql_login_path { 'client':
+  owner    => root,
+  host     => 'localhost',
+  user     => 'root',
+  password => Sensitive('secure'),
+  socket   => '/var/run/mysqld/mysqld.sock',
+  ensure   => present,
+}
+
+mysql_login_path { 'remote_db':
+  owner    => root,
+  host     => '10.0.0.1',
+  user     => 'network',
+  password => Sensitive('secure'),
+  port     => 3306,
+  ensure   => present,
+}
+```
+See examples/mysql_login_path.pp for further examples.
+
 ### Install Percona server on CentOS
 
 This example shows how to do a minimal installation of a Percona server on a
@@ -549,3 +579,4 @@ This module is based on work by David Schmitt. The following contributors have c
 * Daniël van Eeden
 * Jan-Otto Kröpke
 * Timothy Sven Nelson
+* Andreas Stürz

REFERENCE.md

@@ -29,10 +29,10 @@ _Private Classes_
 * `mysql::client::install`: Private class for MySQL client install.
 * `mysql::params`: Params class.
 * `mysql::server::account_security`: Private class for ensuring localhost accounts do not exist
-* `mysql::server::binarylog`: Binary log configuration requires the mysql user to be present. This must be done after package install
 * `mysql::server::config`: Private class for MySQL server configuration.
 * `mysql::server::install`: Private class for managing MySQL package.
 * `mysql::server::installdb`: Builds initial databases on installation.
+* `mysql::server::managed_dirs`: Binary log configuration requires the mysql user to be present. This must be done after package install
 * `mysql::server::providers`: Convenience class to call each of the three providers with the corresponding hashes provided in mysql::server.
 * `mysql::server::root_password`: Private class for managing the root password
 * `mysql::server::service`: Private class for managing the MySQL service
@@ -46,6 +46,7 @@ _Private Classes_
 _Public Resource types_
 
 * [`mysql_grant`](#mysql_grant): @summary Manage a MySQL user's rights.
+* [`mysql_login_path`](#mysql_login_path): Manage a MySQL login path.
 * [`mysql_plugin`](#mysql_plugin): Manage MySQL plugins.
 * [`mysql_user`](#mysql_user): @summary Manage a MySQL user. This includes management of users password as well as privileges.
 
@@ -56,12 +57,17 @@ _Private Resource types_
 
 **Functions**
 
+* [`mysql::mysql_password`](#mysqlmysql_password): @summary
 * [`mysql::normalise_and_deepmerge`](#mysqlnormalise_and_deepmerge): Recursively merges two or more hashes together, normalises keys with differing use of dashesh and underscores,
 then returns the resulting hash.
 * [`mysql::password`](#mysqlpassword): Hash a string as mysql's "PASSWORD()" function would do it
 * [`mysql::strip_hash`](#mysqlstrip_hash): When given a hash this function strips out all blank entries.
 * [`mysql_password`](#mysql_password): Hash a string as mysql's "PASSWORD()" function would do it
 
+**Data types**
+
+* [`Mysql::Options`](#mysqloptions): 
+
 **Tasks**
 
 * [`export`](#export): Allows you to backup your database to local file.
@@ -411,6 +417,14 @@ The location, as a path, of the MySQL configuration file.
 
 Default value: $mysql::params::config_file
 
+##### `config_file_mode`
+
+Data type: `Any`
+
+The MySQL configuration file's permissions mode.
+
+Default value: $mysql::params::config_file_mode
+
 ##### `includedir`
 
 Data type: `Any`
@@ -443,6 +457,14 @@ Whether the MySQL configuration file should be managed. Valid values are `true`,
 
 Default value: $mysql::params::manage_config_file
 
+##### `options`
+
+Data type: `Mysql::Options`
+
+A hash of options structured like the override_options, but not merged with the default options. Use this if you don’t want your options merged with the default options.
+
+Default value: {}
+
 ##### `override_options`
 
 Data type: `Any`
@@ -515,6 +537,22 @@ The name of the group of the MySQL daemon user. Can be a group name or a group I
 
 Default value: $mysql::params::mysql_group
 
+##### `mycnf_owner`
+
+Data type: `Any`
+
+Name or user-id who owns the mysql-config-file.
+
+Default value: $mysql::params::mycnf_owner
+
+##### `mycnf_group`
+
+Data type: `Any`
+
+Name or group-id which owns the mysql-config-file.
+
+Default value: $mysql::params::mycnf_group
+
 ##### `root_password`
 
 Data type: `Any`
@@ -715,7 +753,7 @@ Default value: $mysql::params::root_group
 
 Data type: `Any`
 
-Whether or not to compress the backup (when using the mysqldump provider)
+Whether or not to compress the backup (when using the mysqldump or xtrabackup provider)
 
 Default value: `true`
 
@@ -1113,6 +1151,100 @@ namevar
 
 Name to describe the grant.
 
+### mysql_login_path
+
+This type provides Puppet with the capabilities to store authentication credentials in an obfuscated login path file
+named .mylogin.cnf created with the mysql_config_editor utility. Supports only MySQL Community Edition > v5.6.6.
+
+* **See also**
+https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html
+
+#### Examples
+
+##### 
+
+```puppet
+mysql_login_path { 'local_socket':
+  owner    => 'root',
+  host     => 'localhost',
+  user     => 'root',
+  password => Sensitive('secure'),
+  socket   => '/var/run/mysql/mysql.sock',
+  ensure   => present,
+}
+
+mysql_login_path { 'local_tcp':
+  owner    => 'root',
+  host     => '127.0.0.1',
+  user     => 'root',
+  password => Sensitive('more_secure'),
+  port     => 3306,
+  ensure   => present,
+}
+```
+
+#### Properties
+
+The following properties are available in the `mysql_login_path` type.
+
+##### `ensure`
+
+Data type: `Enum[present, absent]`
+
+Whether this resource should be present or absent on the target system.
+
+##### `host`
+
+Data type: `Optional[String]`
+
+Host name to be entered into the login path.
+
+##### `user`
+
+Data type: `Optional[String]`
+
+Username to be entered into the login path.
+
+##### `password`
+
+Data type: `Optional[Sensitive[String[1]]]`
+
+Password to be entered into login path
+
+##### `socket`
+
+Data type: `Optional[String]`
+
+Socket path to be entered into login path
+
+##### `port`
+
+Data type: `Optional[Integer[0,65535]]`
+
+Port number to be entered into login path.
+
+#### Parameters
+
+The following parameters are available in the `mysql_login_path` type.
+
+##### `name`
+
+namevar
+
+Data type: `String`
+
+Name of the login path you want to manage.
+
+##### `owner`
+
+namevar
+
+Data type: `String`
+
+The user to whom the logon path should belong.
+
+Default value: root
+
 ### mysql_plugin
 
 Manage MySQL plugins.
@@ -1224,6 +1356,37 @@ The name of the user. This uses the 'username@hostname' or username@hostname.
 
 ## Functions
 
+### mysql::mysql_password
+
+Type: Ruby 4.x API
+
+---- original file header ----
+
+     Hash a string as mysql's "PASSWORD()" function would do it
+
+   @param [String] password Plain text password.
+
+   @return [String] the mysql password hash from the clear text password.
+
+#### `mysql::mysql_password(Any *$args)`
+
+---- original file header ----
+
+     Hash a string as mysql's "PASSWORD()" function would do it
+
+   @param [String] password Plain text password.
+
+   @return [String] the mysql password hash from the clear text password.
+
+Returns: `Data type` Describe what the function returns here
+
+##### `*args`
+
+Data type: `Any`
+
+The original array of arguments. Port this to individually managed params
+to get the full benefit of the modern function API.
+
 ### mysql::normalise_and_deepmerge
 
 Type: Ruby 4.x API
@@ -1326,6 +1489,14 @@ Data type: `String`
 
 Plain text password.
 
+## Data types
+
+### Mysql::Options
+
+The Mysql::Options data type.
+
+Alias of `Hash[String, Hash]`
+
 ## Tasks
 
 ### export

examples/mysql_login_path.pp

@@ -0,0 +1,68 @@
+# Debian MySQL Commiunity Server 8.0
+include apt
+apt::source { 'repo.mysql.com':
+  location => 'http://repo.mysql.com/apt/debian',
+  release  => $::lsbdistcodename,
+  repos    => 'mysql-8.0',
+  key      => {
+    id     => 'A4A9406876FCBD3C456770C88C718D3B5072E1F5',
+    server => 'hkp://keyserver.ubuntu.com:80',
+  },
+  include  => {
+    src => false,
+    deb => true,
+  },
+  notify   => Exec['apt-get update']
+}
+exec { 'apt-get update':
+  path        => '/usr/bin:/usr/sbin:/bin:/sbin',
+  refreshonly => true,
+}
+
+$root_pw = 'password'
+class { '::mysql::server':
+  root_password      => $root_pw,
+  service_name       => 'mysql',
+  package_name       => 'mysql-community-server',
+  create_root_my_cnf => false,
+  require            => [
+    Apt::Source['repo.mysql.com'],
+    Exec['apt-get update']
+  ],
+  notify             => Mysql_login_path['client']
+}
+
+class { '::mysql::client':
+  package_manage => false,
+  package_name   => 'mysql-community-client',
+  require        => Class['::mysql::server'],
+}
+
+mysql_login_path { 'client':
+  ensure   => present,
+  host     => 'localhost',
+  user     => 'root',
+  password => Sensitive($root_pw),
+  socket   => '/var/run/mysqld/mysqld.sock',
+  owner    => root,
+}
+
+mysql_login_path { 'local_dan':
+  ensure   => present,
+  host     => '127.0.0.1',
+  user     => 'dan',
+  password => Sensitive('blah'),
+  port     => 3306,
+  owner    => root,
+  require  => Class['::mysql::server'],
+}
+
+mysql_user { 'dan@localhost':
+  ensure        => present,
+  password_hash => mysql::password('blah'),
+  require       => Mysql_login_path['client'],
+}
+
+
+
+