mysql_grants¶
Management of MySQL grants (user permissions)¶
- depends:
MySQLdb Python module
- configuration:
See
salt.modules.mysqlfor setup instructions.
The mysql_grants module is used to grant and revoke MySQL permissions.
The name you pass in purely symbolic and does not have anything to do
with the grant itself.
The database parameter needs to specify a ‘priv_level’ in the same
specification as defined in the MySQL documentation:
*
*.*
db_name.*
db_name.tbl_name
etc…
This state is not able to set password for the permission from the
specified host. See salt.states.mysql_user for further
instructions.
frank_exampledb:
mysql_grants.present:
- grant: select,insert,update
- database: exampledb.*
- user: frank
- host: localhost
frank_otherdb:
mysql_grants.present:
- grant: all privileges
- database: otherdb.*
- user: frank
restricted_singletable:
mysql_grants.present:
- grant: select
- database: somedb.sometable
- user: joe
- saltext.mysql.states.mysql_grants.present(name, grant=None, database=None, user=None, host='localhost', grant_option=False, escape=True, revoke_first=False, ssl_option=False, **connection_args)[source]¶
Ensure that the grant is present with the specified properties
- name
The name (key) of the grant to add
- grant
The grant priv_type (i.e. select,insert,update OR all privileges)
- database
The database priv_level (i.e. db.tbl OR db.*)
- user
The user to apply the grant to
- host
The network/host that the grant should apply to
- grant_option
Adds the WITH GRANT OPTION to the defined grant. Default is
False- escape
Defines if the database value gets escaped or not. Default is
True- revoke_first
By default, MySQL will not do anything if you issue a command to grant privileges that are more restrictive than what’s already in place. This effectively means that you cannot downgrade permissions without first revoking permissions applied to a db.table/user pair first.
To have Salt forcibly revoke perms before applying a new grant, enable the ‘revoke_first options.
WARNING: This will remove permissions for a database before attempting to apply new permissions. There is no guarantee that new permissions will be applied correctly which can leave your database security in an unknown and potentially dangerous state. Use with caution!
Default is
False- ssl_option
Adds the specified ssl options for the connecting user as requirements for this grant. Value is a list of single-element dicts corresponding to the list of ssl options to use.
Possible key/value pairings for the dicts in the value:
- SSL: True - X509: True - SUBJECT: <subject> - ISSUER: <issuer> - CIPHER: <cipher>
The non-boolean ssl options take a string as their values, which should be an appropriate value as specified by the MySQL documentation for these options.
Default is
False(no ssl options will be used)
- saltext.mysql.states.mysql_grants.absent(name, grant=None, database=None, user=None, host='localhost', grant_option=False, escape=True, **connection_args)[source]¶
Ensure that the grant is absent
- name
The name (key) of the grant to add
- grant
The grant priv_type (i.e. select,insert,update OR all privileges)
- database
The database priv_level (i.e. db.tbl OR db.*)
- user
The user to apply the grant to
- host
The network/host that the grant should apply to