salt.states.mysql_grants

Management of MySQL grants (user permissions)

depends:
  • MySQLdb Python module
configuration:

See salt.modules.mysql for setup instructions.

The mysql_grants module is used to grant and revoke MySQL permissions.

The name you pass in purely symbolic and does not have anything to do with the grant itself.

The database parameter needs to specify a 'priv_level' in the same specification as defined in the MySQL documentation:

  • *
  • *.*
  • db_name.*
  • db_name.tbl_name
  • etc...
frank_exampledb:
   mysql_grants.present:
    - grant: select,insert,update
    - database: exampledb.*
    - user: frank
    - host: localhost

frank_otherdb:
  mysql_grants.present:
    - grant: all privileges
    - database: otherdb.*
    - user: frank

restricted_singletable:
  mysql_grants.present:
    - grant: select
    - database: somedb.sometable
    - user: joe
salt.states.mysql_grants.absent(name, grant=None, database=None, user=None, host='localhost', grant_option=False, escape=True, **connection_args)

Ensure that the grant is absent

name
The name (key) of the grant to add
grant
The grant priv_type (i.e. select,insert,update OR all privileges)
database
The database priv_level (i.e. db.tbl OR db.*)
user
The user to apply the grant to
host
The network/host that the grant should apply to
salt.states.mysql_grants.present(name, grant=None, database=None, user=None, host='localhost', grant_option=False, escape=True, revoke_first=False, **connection_args)

Ensure that the grant is present with the specified properties

name
The name (key) of the grant to add
grant
The grant priv_type (i.e. select,insert,update OR all privileges)
database
The database priv_level (ie. db.tbl OR db.*)
user
The user to apply the grant to
host
The network/host that the grant should apply to
grant_option
Adds the WITH GRANT OPTION to the defined grant. default: False
escape
Defines if the database value gets escaped or not. default: True
revoke_first

By default, MySQL will not do anything if you issue a command to grant privileges that are more restrictive than what's already in place. This effectively means that you cannot downgrade permissions without first revoking permissions applied to a db.table/user pair first.

To have Salt forcibly revoke perms before applying a new grant, enable the 'revoke_first options.

WARNING: This will remove permissions for a database before attempting to apply new permissions. There is no guarantee that new permissions will be applied correctly which can leave your database security in an unknown and potentially dangerous state. Use with caution!

default: False

Current Salt release: 2014.1.6

Docs for previous releases on salt.rtfd.org.

Table Of Contents

Previous topic

salt.states.mysql_database

Next topic

salt.states.mysql_user

Upcoming SaltStack Events