Welcome to MysqlRoles’s documentation!

Run from Command line

Note

command line tools expect ~/.my.cnf to exist and have access to any host you wish to update

Initialize Central Database

Use:

python -m MysqlRoles init rbac

to initialize a server named rbac to use MysqlRoles.

Note

The argument is optional, and defaults to 127.0.0.1

Initialize Central Database

Use:

python -m MysqlRoles update rbac db-1

to update a server named db-1 to match the central server named rbac.

Note

The second argument is optional, and defaults to 127.0.0.1

Seed Central Database

Use:

python -m MysqlRoles seed rbac

to seed the sample values given into a host named rbac.

Warning

Do not use this command in any production environment.

Note

The argument is optional, and defaults to 127.0.0.1

Helper Tools

Ansible Playbook

I’ve created a basic playbook to use MysqlRoles:

# run_updates_msr.yml
---
- hosts: rbac_central
  sudo: yes

  tasks:
  - name: ensure a stable MysqlRoles is installed
   pip:
      name: MysqlRoles
      version: 1.0.0

  - name: initalize the central db
    command: python -m MysqlRoles init inventory_hostname_short

- hosts: rbac_db_servers
  sudo: yes

  tasks:
  - name: ensure a stable MysqlRoles is installed
    pip:
       name: MysqlRoles
       version: 1.0.0

  - name: run the update
    command: python -m MysqlRoles update arg1 inventory_hostname_short
       args:
           central: sys-p1

This file is located at usage_helpers/run_updates_msr.yml

Chef

An example of a chef cookbook which would implement this is:

centralhost = "rbac"

easy_install_package 'MysqlRoles' do
  action :install
  version :1.0.0
end

# only on your central host
execute 'run_init' do
    command "python -m MysqlRoles init #{centralhost}"
end

# on every host you want to manage
execute 'run_updates' do
    command "python -m MysqlRoles update #{centralhost} node['hostname']"
end

This file is located at usage_helpers/run_updates_msr.rb

Web UI

On the wishlist, but no progress so far.

MysqlRoles package

MysqlRoles.RoleManage module

class MysqlRoles.RoleManage.RoleManage(server, client='127.0.0.1')

Bases: object

RoleManage.

Functions to, from a source of truth, check a DB and make the mysql user table match. This class should only manage the client.

Input:
client: Address of server to make match the source of truth server: Address of source of Truth server (default: 127.0.0.1)
get_privs(user, schema='')

Get the privs of the user on the specified host.

Returns a list of “Y” or “N” for each permission. Should return an empty list if no results. Does not manage schema-specific permissions.

get_schemas(user)

Get a list of schemas that a particular user has special access for.

Returns a list of these schemas.

get_users()

Get a list of users managed by this service.

Returns a list of usernames managed by the service.

permission_order = ['Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Reload', 'Shutdown', 'Process', 'File', 'Grant Option', 'References', 'Index', 'Alter', 'Super', 'CREATE TEMPORARY TABLES', 'Lock tables', 'Execute', 'Replication slave', 'Replication client', 'Create view', 'Show view', 'Create routine', 'Alter routine', 'Create user', 'Event', 'Trigger', 'Create tablespace']
remove_user(name)

Remove a user from a database.

Returns nothing.

report_user_diff(usr_list)

Reports the client’s user status.

Reports users added to che client, as well as users not found on the central server.

static sanitize(input, allowable_list=[], default="''")

Sanitize inputs to avoid issues with pymysql.

Takes in an input to sanitize. Optionally takes in an list of allowable values and a default. The default is returned if the input is not in the list. Returns a sanizized result.

schema_privs(user)

Set schema-level permissions for users.

update_users(remove=False)

Make the user inserts to add to the client, and add them.

user_change(name, new_user=False, schema='')

Create and/or updates a user.

user_check()

Run a check against the host for consistency.

Reports a list of differences. The first element of the list is a list of users on the server but not client. The second slement of the list is a list of users on the client but not the server. The third element of the list is a list of users present on both the server and the client.

MysqlRoles.RoleServ module

class MysqlRoles.RoleServ.RoleServ(server='127.0.0.1')

Bases: object

RoleServ: Server tools for MysqlRoles.

Functions for intializing the mysql source of truth server and functions associated with using it. This class should only manage the server.

Input:
serv: Address of source of Truth server (default: 127.0.0.1)
add_access(name, usergroup, hostgroup, permission, schema='')

Give a user group access to a host group.

Supports schema-level access, which defaults to empty. Empty Schema parameter means all schemas. Nonempty schema is treated like “grant (privs) on (schema) to (user)”

Raises a RuntimeError if the the access grant exists by name. Raises a RuntimeError if the user access grant would be duplicated. Raises a ValueError if the host group does not exist. Raises a ValueError if the user group does not exist. Raises a ValueError if the permission type does not exist. Returns nothing.

add_host(address, name='', comments='')

Add a host to the server if it does not yet exist.

Raises a RuntimeError if the host already exists. Returns nothing.

add_host_group(name, description='')

Add a host group to the server if it does not yet exist.

Raises a RuntimeError if the host group already exists. Returns nothing.

add_host_group_membership(hostname, groupname)

Add a host to a host group.

Raises a RuntimeError if the host is already a member of the group. Raises a ValueError if the host does not exist. Raises a ValueError if the group does not exist. Returns nothing.

add_permission(name, grant, value='Y')

Add a permission to a named permission group. Takes in the name of the permission to modify, which grant to perform. Optionally takes in a value, so that it can be used to revoke. grant should be a permission column name for user. Run for each permission desired to change

Raises a ValueError if the permission type does not exist. Does not check for duplicates. Returns nothing.

add_user(name, fromhost='%', plugin='mysql_native_password', auth_str='*7ACE763ED393514FE0C162B93996ECD195FFC4F5')

Add a user to the server if it does not yet exist.

Raises a RuntimeError if the user already exists. Returns nothing.

add_user_group(name, description='')

Add a user group to the server if it does not yet exist.

Raises a RuntimeError if the user group already exists. Returns nothing.

add_user_group_membership(username, groupname)

Add a user to a user group.

Raises a RuntimeError if the user is already a member of the group. Raises a ValueError if the user does not exist. Raises a ValueError if the group does not exist. Returns nothing.

create_permission(name, allgrant=False)

Create a permission type if it does not exist yet.

Raises a RuntimeError if the permission already exists Does not check for duplicates. Returns nothing.

create_tables()

Create tables using the table_create.sql file in the create folder.

Returns nothing.

static sanitize(input, allowable_list=[], default="''")

Sanitize inputs to avoid issues with pymysql.

Takes in an input to sanitize. Optionally takes in an list of allowable values and a default. The default is returned if the input is not in the list. Returns a sanizized result.

test_seed_tables()

Seed table for testing, using the seed.sql file in the create folder.

Returns nothing.

MysqlRoles.Run module

class MysqlRoles.Run.Run

Bases: object

static net_test(host)

Determine if a host is accessible before doing anything.

Returns the host name back if the host is up and is able to connect with mysql. To fix this issue, try: - Update your my.cnf with credentials - Start a mysql instance on the host

static parse(args)

Parse arguments given to CLI into commands to run.