When fqdn==localhost account security breaks

This is because the root@localhost account is already defined. Remove localdomain accounts if fqdn is localhost
xbezdick · Jan 18, 2015 · c04fed1 · c04fed1
1 parent 23c192d
commit c04fed1
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 7 deletions.
diff --git a/manifests/server/account_security.pp b/manifests/server/account_security.pp
@@ -1,20 +1,36 @@
 class mysql::server::account_security {
   mysql_user {
-    [ "root@${::fqdn}",
-      '[email protected]',
+    [ '[email protected]',
       'root@::1',
-      "@${::fqdn}",
       '@localhost',
       '@%']:
     ensure  => 'absent',
     require => Anchor['mysql::server::end'],
   }
-  if ($::fqdn != $::hostname) {
-    mysql_user { ["root@${::hostname}", "@${::hostname}"]:
+  if ($::fqdn != 'localhost.localdomain') {
+    mysql_user {
+      [ "[email protected]",
+        "@localhost.localdomain"]:
+      ensure  => 'absent',
+      require => Anchor['mysql::server::end'],
+    }
+  }
+  if ($::fqdn != 'localhost') {
+    mysql_user {
+      [ "root@${::fqdn}",
+        "@${::fqdn}"]:
       ensure  => 'absent',
       require => Anchor['mysql::server::end'],
     }
   }
+  if ($::fqdn != $::hostname) {
+    if ($::hostname != 'localhost') {
+      mysql_user { ["root@${::hostname}", "@${::hostname}"]:
+        ensure  => 'absent',
+        require => Anchor['mysql::server::end'],
+      }
+    }
+  }
   mysql_database { 'test':
     ensure  => 'absent',
     require => Anchor['mysql::server::end'],

diff --git a/spec/classes/mysql_server_account_security_spec.rb b/spec/classes/mysql_server_account_security_spec.rb
@@ -13,7 +13,7 @@
           '@localhost',
           '@%',
         ].each do |user|
-          it 'removes Mysql_User[#{user}]' do
+          it "removes Mysql_User[#{user}]" do
             is_expected.to contain_mysql_user(user).with_ensure('absent')
           end
         end
@@ -22,7 +22,7 @@
         # We don't need to test the inverse as when they match they are
         # covered by the above list.
         [ 'root@myhost', '@myhost' ].each do |user|
-          it 'removes Mysql_User[#{user}]' do
+          it "removes Mysql_User[#{user}]" do
             is_expected.to contain_mysql_user(user).with_ensure('absent')
           end
         end
@@ -31,6 +31,38 @@
           is_expected.to contain_mysql_database('test').with_ensure('absent')
         end
       end
+
+      describe "on #{pe_version} #{pe_platform} with fqdn==localhost" do
+        let(:facts) { facts.merge({:fqdn => 'localhost', :hostname => 'localhost'}) }
+
+        [ '[email protected]',
+          'root@::1',
+          '@localhost',
+          '[email protected]',
+          '@localhost.localdomain',
+          '@%',
+        ].each do |user|
+          it "removes Mysql_User[#{user}]" do
+            is_expected.to contain_mysql_user(user).with_ensure('absent')
+          end
+        end
+      end
+
+      describe "on #{pe_version} #{pe_platform} with fqdn==localhost.localdomain" do
+        let(:facts) { facts.merge({:fqdn => 'localhost.localdomain', :hostname => 'localhost'}) }
+
+        [ '[email protected]',
+          'root@::1',
+          '@localhost',
+          '[email protected]',
+          '@localhost.localdomain',
+          '@%',
+        ].each do |user|
+          it "removes Mysql_User[#{user}]" do
+            is_expected.to contain_mysql_user(user).with_ensure('absent')
+          end
+        end
+      end
     end
   end
 end