fix: Make WSREP SST user's privileges customizable

manifests/cluster.pp

@@ -68,6 +68,7 @@
   $wsrep_sst_password           = $mariadb::params::wsrep_sst_password,
   $wsrep_sst_user_tls_options   = undef,
   $wsrep_sst_user_grant_options = undef,
+  Array[String] $wresp_sst_user_privileges = $mariadb::params::wresp_sst_user_privileges,
   Enum['mariabackup', 'mysqldump', 'rsync', 'rsync_wan', 'xtrabackup', 'xtrabackup-v2'] $wsrep_sst_method = $mariadb::params::wsrep_sst_method, # lint:ignore:140chars
   $root_password                = $mariadb::params::root_password,
   $override_options             = {},

manifests/cluster/auth.pp

@@ -13,6 +13,7 @@
       wsrep_sst_password           => $mariadb::cluster::wsrep_sst_password,
       wsrep_sst_user_tls_options   => $mariadb::cluster::wsrep_sst_user_tls_options,
       wsrep_sst_user_grant_options => $mariadb::cluster::wsrep_sst_user_grant_options,
+      wresp_sst_user_privileges    => $mariadb::cluster::wresp_sst_user_privileges,
     }
   }
 }

manifests/cluster/wsrep_sst_user.pp

@@ -5,9 +5,10 @@
 
 define mariadb::cluster::wsrep_sst_user (
   $wsrep_sst_password,
-  $wsrep_sst_user               = $name,
-  $wsrep_sst_user_tls_options   = undef,
-  $wsrep_sst_user_grant_options = undef,
+  $wsrep_sst_user                          = $name,
+  $wsrep_sst_user_tls_options              = undef,
+  $wsrep_sst_user_grant_options            = undef,
+  Array[String] $wresp_sst_user_privileges = ['ALL'],
 ) {
 
   mysql_user { $wsrep_sst_user:
@@ -21,7 +22,7 @@
     ensure     => present,
     user       => $wsrep_sst_user,
     table      => '*.*',
-    privileges => ['ALL'],
+    privileges => $wresp_sst_user_privileges,
     options    => $wsrep_sst_user_grant_options,
   }
 }

manifests/params.pp

@@ -20,15 +20,16 @@
   }
 
   # wsrep patch config
-  $wsrep_cluster_address = undef
-  $wsrep_cluster_peers   = undef
-  $wsrep_cluster_port    = '4567'
-  $wsrep_cluster_name    = undef
-  $wsrep_sst_user        = 'wsrep_sst'
-  $wsrep_sst_user_peers  = '%'
-  $wsrep_sst_password    = 'UNSET' # lint:ignore:security_password_in_code
-  $wsrep_sst_method      = 'mysqldump'
-  $root_password         = 'UNSET' # lint:ignore:security_password_in_code
+  $wsrep_cluster_address     = undef
+  $wsrep_cluster_peers       = undef
+  $wsrep_cluster_port        = '4567'
+  $wsrep_cluster_name        = undef
+  $wsrep_sst_user            = 'wsrep_sst'
+  $wsrep_sst_user_peers      = '%'
+  $wsrep_sst_password        = 'UNSET' # lint:ignore:security_password_in_code
+  $wresp_sst_user_privileges = ['ALL']
+  $wsrep_sst_method          = 'mysqldump'
+  $root_password             = 'UNSET' # lint:ignore:security_password_in_code
 
   if ($::osfamily == 'RedHat') and (versioncmp($::operatingsystemrelease, '6.0') >= 0) {
     # client.pp

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "edestecd-mariadb",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "author": "Chris Edester",
   "summary": "Puppet Module for managing MariaDB",
   "license": "GPL-3.0+",