Commit 457bfb6a authored by Jon Pugh's avatar Jon Pugh Committed by helmo

Issue #2794915 by Jon Pugh: Refactor database permissions granting to allow...

Issue #2794915 by Jon Pugh: Refactor database permissions granting to allow scalability to arbitrary web servers
parent 2de696e8
......@@ -15,12 +15,14 @@ class Provision_Service_db extends Provision_Service {
static function option_documentation() {
return array(
'master_db' => 'server with db: Master database connection info, {type}://{user}:{password}@{host}',
'db_grant_all_hosts' => 'Grant access to site database users from any web host. If set to TRUE, any host will be allowed to connect to MySQL site databases on this server using the generated username and password. If set to FALSE, web hosts will be granted access by their detected IP address.',
);
}
function init_server() {
parent::init_server();
$this->server->setProperty('master_db');
$this->server->setProperty('db_grant_all_hosts', FALSE);
$this->server->setProperty('utf8mb4_is_supported', FALSE);
$this->creds = array_map('urldecode', parse_url($this->server->master_db));
......@@ -103,6 +105,7 @@ class Provision_Service_db extends Provision_Service {
if (!$this->grant($db_name, $db_user, $db_passwd, $db_grant_host)) {
drush_set_error('PROVISION_CREATE_DB_FAILED', dt("Could not create database user @user", array('@user' => $db_user)));
}
drush_log(dt("Granted privileges to %user@%client on %database", array('%user' => $db_user, '%client' => $db_grant_host, '%database' => $db_name)), 'success');
}
$this->create_database($db_name);
......@@ -240,10 +243,16 @@ class Provision_Service_db extends Provision_Service {
/**
* Return a list of hosts, as seen by the db server, which should be granted
* access to the site database.
* access to the site database. If server property 'db_grant_all_hosts' is
* TRUE, use the MySQL wildcard '%' instead of
*/
function grant_host_list() {
return array_unique(array_map(array($this, 'grant_host'), $this->context->service('http')->grant_server_list()));
if ($this->server->db_grant_all_hosts) {
return array('%');
}
else {
return array_unique(array_map(array($this, 'grant_host'), $this->context->service('http')->grant_server_list()));
}
}
/**
......
......@@ -174,6 +174,7 @@ function drush_provision_hostmaster_install($site = NULL) {
$aegir_db_pass = drush_get_option('aegir_db_pass');
$aegir_db_port = drush_get_option('aegir_db_port');
$aegir_db_host = drush_get_option('aegir_db_host');
$aegir_db_grant_all_hosts = drush_get_option('aegir_db_grant_all_hosts');
$server = '@server_master';
$master_context = array(
......@@ -202,6 +203,7 @@ function drush_provision_hostmaster_install($site = NULL) {
'context_type' => 'server',
'db_service_type' => 'mysql',
'master_db' => $master_db,
'db_grant_all_hosts' => $aegir_db_grant_all_hosts,
'db_port' => $aegir_db_port,
);
drush_invoke_process('@none', "provision-save", array($dbserver), $dbserver_context);
......
......@@ -319,6 +319,7 @@ function provision_drush_command() {
'aegir_db_user' => dt('Database user to connect as (default: %user)', array('%user' => 'root')),
'aegir_db_pass' => dt('Database password to use'),
'aegir_db_port' => dt('Database port to use (default: %port)', array('%port' => '3306')),
'aegir_db_grant_all_hosts' => dt('Allow connection from arbitrary web hosts. (Default: FALSE)'),
'client_email' => dt('Email of the first client to create in the frontend'),
'client_name' => dt('Name of the first client to create in the frontend (default: %user)', array('%user' => 'admin')),
'makefile' => dt('The makefile used to create the hostmaster platform (default: %makefile)', array('%makefile' => dirname(__FILE__). '/aegir.make')),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment