diff --git a/manifests/schema/user.pp b/manifests/schema/user.pp index 4387988..bfd8d22 100644 --- a/manifests/schema/user.pp +++ b/manifests/schema/user.pp @@ -1,117 +1,137 @@ # Create or drop users. # To use this class, a suitable `authenticator` (e.g. PasswordAuthenticator) # must be set in the Cassandra class. # @param ensure [ present | absent ] Valid values can be **present** to # ensure a user is created, or **absent** to remove the user if it exists. # @param password [string] A password for the user. # @param superuser [boolean] If the user is to be a super-user on the system. # @param login [boolean] Allows the role to log in. # @param user_name [string] The name of the user. # @example # cassandra::schema::user { 'akers': # password => 'Niner2', # superuser => true, # } # # cassandra::schema::user { 'lucan': # ensure => absent, # } define cassandra::schema::user ( $ensure = present, $login = true, $password = undef, $superuser = false, $user_name = $title, $use_scl = $::cassandra::params::use_scl, $scl_name = $::cassandra::params::scl_name, ){ include 'cassandra::schema' + if $use_scl { + $quote = '\"' + } else { + $quote = '"' + } + if $::cassandrarelease != undef { if versioncmp($::cassandrarelease, '2.2') < 0 { $operate_with_roles = false } else { $operate_with_roles = true } } else { $operate_with_roles = false } if $operate_with_roles { $read_script = 'LIST ROLES' } else { $read_script = 'LIST USERS' } - $read_command = "${::cassandra::schema::cqlsh_opts} -e \"${read_script}\" ${::cassandra::schema::cqlsh_conn} | grep '\s*${user_name} |'" + $str_match = '\s' + $read_command_tmp = "${::cassandra::schema::cqlsh_opts} -e ${quote}${read_script}${quote} ${::cassandra::schema::cqlsh_conn} | grep '${str_match}*${user_name} |'" + if $use_scl { + $read_command = "/usr/bin/scl enable ${scl_name} \"${read_command_tmp}\"" + } else { + $read_command = $read_command_tmp + } if $ensure == present { if $operate_with_roles { # we are running cassandra > 2.2 $create_script1 = "CREATE ROLE IF NOT EXISTS ${user_name}" if $password != undef { $create_script2 = "${create_script1} WITH PASSWORD = '${password}'" } else { $create_script2 = $create_script1 } if $superuser { if $password != undef { $create_script3 = "${create_script2} AND SUPERUSER = true" } else { $create_script3 = "${create_script2} WITH SUPERUSER = true" } } else { $create_script3 = $create_script2 } if $login { if $superuser or $password != undef { $create_script = "${create_script3} AND LOGIN = true" } else { $create_script = "${create_script3} WITH LOGIN = true" } } else { $create_script = $create_script3 } } else { $create_script1 = "CREATE USER IF NOT EXISTS ${user_name}" if $password != undef { $create_script2 = "${create_script1} WITH PASSWORD '${password}'" } else { $create_script2 = $create_script1 } if $superuser { $create_script = "${create_script2} SUPERUSER" } else { $create_script = "${create_script2} NOSUPERUSER" } } - $create_command = "${::cassandra::schema::cqlsh_opts} -e \"${create_script}\" ${::cassandra::schema::cqlsh_conn}" - + $create_command_tmp = "${::cassandra::schema::cqlsh_opts} -e ${quote}${create_script}${quote} ${::cassandra::schema::cqlsh_conn}" + if $use_scl { + $create_command = "/usr/bin/scl enable ${scl_name} \"${create_command_tmp}\"" + } else { + $create_command = $create_command_tmp + } exec { "Create user (${user_name})": command => $create_command, unless => $read_command, require => Exec['::cassandra::schema connection test'], } } elsif $ensure == absent { if $operate_with_roles { $delete_script = "DROP ROLE ${user_name}" } else { $delete_script = "DROP USER ${user_name}" } - $delete_command = "${::cassandra::schema::cqlsh_opts} -e \"${delete_script}\" ${::cassandra::schema::cqlsh_conn}" - + $delete_command_tmp = "${::cassandra::schema::cqlsh_opts} -e ${quote}${delete_script}${quote} ${::cassandra::schema::cqlsh_conn}" + if $use_scl { + $delete_command = "/usr/bin/scl enable ${scl_name} \"${delete_command_tmp}\"" + } else { + $delete_command = $delete_command_tmp + } exec { "Delete user (${user_name})": command => $delete_command, onlyif => $read_command, require => Exec['::cassandra::schema connection test'], } } else { fail("Unknown action (${ensure}) for ensure attribute.") } } diff --git a/spec/defines/schema/user_spec.rb b/spec/defines/schema/user_spec.rb index f149860..d0abf60 100644 --- a/spec/defines/schema/user_spec.rb +++ b/spec/defines/schema/user_spec.rb @@ -1,214 +1,459 @@ require 'spec_helper' describe 'cassandra::schema::user' do context 'Create a supper user on cassandrarelease undef' do let :facts do { operatingsystemmajrelease: 7, osfamily: 'RedHat', cassandrarelease: nil } end let(:title) { 'akers' } let(:params) do { use_scl: false, scl_name: 'nodefault', password: 'Niner2', superuser: true } end it do is_expected.to contain_cassandra__schema__user('akers').with_ensure('present') - is_expected.to contain_exec('Create user (akers)').with( - command: '/usr/bin/cqlsh -e "CREATE USER IF NOT EXISTS akers WITH PASSWORD \'Niner2\' SUPERUSER" localhost 9042' - ) + read_command = '/usr/bin/cqlsh -e "LIST USERS" localhost 9042 | grep \'\s*akers |\'' + exec_command = '/usr/bin/cqlsh -e "CREATE USER IF NOT EXISTS akers' + exec_command += ' WITH PASSWORD \'Niner2\' SUPERUSER" localhost 9042' + is_expected.to contain_exec('Create user (akers)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') + end + end + + context 'Create a supper user on cassandrarelease undef with SCL' do + let :facts do + { + operatingsystemmajrelease: 7, + osfamily: 'RedHat', + cassandrarelease: nil + } + end + + let(:title) { 'akers' } + + let(:params) do + { + use_scl: true, + scl_name: 'testscl', + password: 'Niner2', + superuser: true + } + end + + it do + is_expected.to contain_cassandra__schema__user('akers').with_ensure('present') + read_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"LIST USERS\" localhost 9042 | grep \'\s*akers |\'"' + exec_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"CREATE USER IF NOT EXISTS akers' + exec_command += ' WITH PASSWORD \'Niner2\' SUPERUSER\" localhost 9042"' + is_expected.to contain_exec('Create user (akers)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') end end context 'Create a supper user in cassandrarelease < 2.2' do let :facts do { operatingsystemmajrelease: 7, osfamily: 'RedHat', cassandrarelease: '2.0.1' } end let(:title) { 'akers' } let(:params) do { use_scl: false, scl_name: 'nodefault', password: 'Niner2', superuser: true } end it do is_expected.to contain_cassandra__schema__user('akers').with_ensure('present') - is_expected.to contain_exec('Create user (akers)').with( - command: '/usr/bin/cqlsh -e "CREATE USER IF NOT EXISTS akers WITH PASSWORD \'Niner2\' SUPERUSER" localhost 9042' - ) + read_command = '/usr/bin/cqlsh -e "LIST USERS" localhost 9042 | grep \'\s*akers |\'' + exec_command = '/usr/bin/cqlsh -e "CREATE USER IF NOT EXISTS akers' + exec_command += ' WITH PASSWORD \'Niner2\' SUPERUSER" localhost 9042' + is_expected.to contain_exec('Create user (akers)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') + end + end + + context 'Create a supper user in cassandrarelease < 2.2 with SCL' do + let :facts do + { + operatingsystemmajrelease: 7, + osfamily: 'RedHat', + cassandrarelease: '2.0.1' + } + end + + let(:title) { 'akers' } + + let(:params) do + { + use_scl: true, + scl_name: 'testscl', + password: 'Niner2', + superuser: true + } + end + + it do + is_expected.to contain_cassandra__schema__user('akers').with_ensure('present') + read_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"LIST USERS\" localhost 9042 | grep \'\s*akers |\'"' + exec_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"CREATE USER IF NOT EXISTS akers' + exec_command += ' WITH PASSWORD \'Niner2\' SUPERUSER\" localhost 9042"' + is_expected.to contain_exec('Create user (akers)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') end end context 'Create a user in cassandrarelease < 2.2' do let :facts do { operatingsystemmajrelease: 7, osfamily: 'RedHat', cassandrarelease: '2.0.1' } end let(:title) { 'akers' } let(:params) do { use_scl: false, scl_name: 'nodefault', password: 'Niner2' } end it do is_expected.to contain_cassandra__schema__user('akers').with_ensure('present') - is_expected.to contain_exec('Create user (akers)').with( - command: '/usr/bin/cqlsh -e "CREATE USER IF NOT EXISTS akers WITH PASSWORD \'Niner2\' NOSUPERUSER" localhost 9042' - ) + read_command = '/usr/bin/cqlsh -e "LIST USERS" localhost 9042 | grep \'\s*akers |\'' + exec_command = '/usr/bin/cqlsh -e "CREATE USER IF NOT EXISTS akers' + exec_command += ' WITH PASSWORD \'Niner2\' NOSUPERUSER" localhost 9042' + is_expected.to contain_exec('Create user (akers)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') + end + end + + context 'Create a user in cassandrarelease < 2.2 with SCL' do + let :facts do + { + operatingsystemmajrelease: 7, + osfamily: 'RedHat', + cassandrarelease: '2.0.1' + } + end + + let(:title) { 'akers' } + + let(:params) do + { + use_scl: true, + scl_name: 'testscl', + password: 'Niner2' + } + end + + it do + is_expected.to contain_cassandra__schema__user('akers').with_ensure('present') + read_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"LIST USERS\" localhost 9042 | grep \'\s*akers |\'"' + exec_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"CREATE USER IF NOT EXISTS akers' + exec_command += ' WITH PASSWORD \'Niner2\' NOSUPERUSER\" localhost 9042"' + is_expected.to contain_exec('Create user (akers)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') end end context 'Create a supper user with login in cassandrarelease > 2.2' do let :facts do { operatingsystemmajrelease: 7, osfamily: 'RedHat', cassandrarelease: '3.0.9' } end let(:title) { 'akers' } let(:params) do { use_scl: false, scl_name: 'nodefault', password: 'Niner2', superuser: true } end it do is_expected.to contain_cassandra__schema__user('akers').with_ensure('present') - is_expected.to contain_exec('Create user (akers)').with( - command: '/usr/bin/cqlsh -e "CREATE ROLE IF NOT EXISTS akers WITH PASSWORD = \'Niner2\' AND SUPERUSER = true AND LOGIN = true" localhost 9042' - ) + read_command = '/usr/bin/cqlsh -e "LIST ROLES" localhost 9042 | grep \'\s*akers |\'' + exec_command = '/usr/bin/cqlsh -e "CREATE ROLE IF NOT EXISTS akers' + exec_command += ' WITH PASSWORD = \'Niner2\' AND SUPERUSER = true AND LOGIN = true" localhost 9042' + is_expected.to contain_exec('Create user (akers)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') + end + end + + context 'Create a supper user with login in cassandrarelease > 2.2 with SCL' do + let :facts do + { + operatingsystemmajrelease: 7, + osfamily: 'RedHat', + cassandrarelease: '3.0.9' + } + end + + let(:title) { 'akers' } + + let(:params) do + { + use_scl: true, + scl_name: 'testscl', + password: 'Niner2', + superuser: true + } + end + + it do + is_expected.to contain_cassandra__schema__user('akers').with_ensure('present') + read_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"LIST ROLES\" localhost 9042 | grep \'\s*akers |\'"' + exec_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"CREATE ROLE IF NOT EXISTS akers' + exec_command += ' WITH PASSWORD = \'Niner2\' AND SUPERUSER = true AND LOGIN = true\" localhost 9042"' + is_expected.to contain_exec('Create user (akers)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') end end context 'Create a user without login in cassandrarelease > 2.2' do let :facts do { operatingsystemmajrelease: 7, osfamily: 'RedHat', cassandrarelease: '3.0.9' } end let(:title) { 'bob' } let(:params) do { use_scl: false, scl_name: 'nodefault', password: 'kaZe89a', login: false } end it do is_expected.to contain_cassandra__schema__user('bob').with_ensure('present') - is_expected.to contain_exec('Create user (bob)').with( - command: '/usr/bin/cqlsh -e "CREATE ROLE IF NOT EXISTS bob WITH PASSWORD = \'kaZe89a\'" localhost 9042' - ) + read_command = '/usr/bin/cqlsh -e "LIST ROLES" localhost 9042 | grep \'\s*bob |\'' + exec_command = '/usr/bin/cqlsh -e "CREATE ROLE IF NOT EXISTS bob' + exec_command += ' WITH PASSWORD = \'kaZe89a\'" localhost 9042' + is_expected.to contain_exec('Create user (bob)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') + end + end + + context 'Create a user without login in cassandrarelease > 2.2 with SCL' do + let :facts do + { + operatingsystemmajrelease: 7, + osfamily: 'RedHat', + cassandrarelease: '3.0.9' + } + end + + let(:title) { 'bob' } + + let(:params) do + { + use_scl: true, + scl_name: 'testscl', + password: 'kaZe89a', + login: false + } + end + + it do + is_expected.to contain_cassandra__schema__user('bob').with_ensure('present') + read_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"LIST ROLES\" localhost 9042 | grep \'\s*bob |\'"' + exec_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"CREATE ROLE IF NOT EXISTS bob' + exec_command += ' WITH PASSWORD = \'kaZe89a\'\" localhost 9042"' + is_expected.to contain_exec('Create user (bob)'). + only_with(command: exec_command, + unless: read_command, + require: 'Exec[::cassandra::schema connection test]') end end context 'Drop a user in cassandrarelease > 2.2' do let :facts do { operatingsystemmajrelease: 7, osfamily: 'RedHat', cassandrarelease: '3.0.9' } end let(:title) { 'akers' } let(:params) do { use_scl: false, scl_name: 'nodefault', password: 'Niner2', ensure: 'absent' } end it do - is_expected.to contain_exec('Delete user (akers)').with( - command: '/usr/bin/cqlsh -e "DROP ROLE akers" localhost 9042' - ) + read_command = '/usr/bin/cqlsh -e "LIST ROLES" localhost 9042 | grep \'\s*akers |\'' + exec_command = '/usr/bin/cqlsh -e "DROP ROLE akers" localhost 9042' + is_expected.to contain_exec('Delete user (akers)'). + only_with(command: exec_command, + onlyif: read_command, + require: 'Exec[::cassandra::schema connection test]') + end + end + + context 'Drop a user in cassandrarelease > 2.2 with SCL' do + let :facts do + { + operatingsystemmajrelease: 7, + osfamily: 'RedHat', + cassandrarelease: '3.0.9' + } + end + + let(:title) { 'akers' } + + let(:params) do + { + use_scl: true, + scl_name: 'testscl', + password: 'Niner2', + ensure: 'absent' + } + end + + it do + read_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"LIST ROLES\" localhost 9042 | grep \'\s*akers |\'"' + exec_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"DROP ROLE akers\" localhost 9042"' + is_expected.to contain_exec('Delete user (akers)'). + only_with(command: exec_command, + onlyif: read_command, + require: 'Exec[::cassandra::schema connection test]') end end context 'Drop a user in cassandrarelease < 2.2' do let :facts do { operatingsystemmajrelease: 7, osfamily: 'RedHat', cassandrarelease: '2.0.2' } end let(:title) { 'akers' } let(:params) do { use_scl: false, scl_name: 'nodefault', password: 'Niner2', ensure: 'absent' } end it do - is_expected.to contain_exec('Delete user (akers)').with( - command: '/usr/bin/cqlsh -e "DROP USER akers" localhost 9042' - ) + read_command = '/usr/bin/cqlsh -e "LIST USERS" localhost 9042 | grep \'\s*akers |\'' + exec_command = '/usr/bin/cqlsh -e "DROP USER akers" localhost 9042' + is_expected.to contain_exec('Delete user (akers)'). + only_with(command: exec_command, + onlyif: read_command, + require: 'Exec[::cassandra::schema connection test]') + end + end + + context 'Drop a user in cassandrarelease < 2.2 with SCL' do + let :facts do + { + operatingsystemmajrelease: 7, + osfamily: 'RedHat', + cassandrarelease: '2.0.2' + } + end + + let(:title) { 'akers' } + + let(:params) do + { + use_scl: true, + scl_name: 'testscl', + password: 'Niner2', + ensure: 'absent' + } + end + + it do + read_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"LIST USERS\" localhost 9042 | grep \'\s*akers |\'"' + exec_command = '/usr/bin/scl enable testscl "/usr/bin/cqlsh -e \"DROP USER akers\" localhost 9042"' + is_expected.to contain_exec('Delete user (akers)'). + only_with(command: exec_command, + onlyif: read_command, + require: 'Exec[::cassandra::schema connection test]') end end context 'Set ensure to latest' do let :facts do { operatingsystemmajrelease: 7, osfamily: 'RedHat' } end let(:title) { 'foobar' } let(:params) do { ensure: 'latest' } end it { is_expected.to raise_error(Puppet::Error) } end end