From a6723ef8d497ce2e957998de479d1a566ad7bf00 Mon Sep 17 00:00:00 2001
From: Jonathan Sabbe <jonathan.sabbe@ingenico.com>
Date: Wed, 31 Aug 2022 15:29:23 +0200
Subject: [PATCH] fix: Make WSREP SST user's privileges customizable

---
 manifests/cluster.pp                |  1 +
 manifests/cluster/auth.pp           |  1 +
 manifests/cluster/wsrep_sst_user.pp |  9 +++++----
 manifests/params.pp                 | 19 ++++++++++---------
 metadata.json                       |  2 +-
 5 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/manifests/cluster.pp b/manifests/cluster.pp
index 989eda0..d24501f 100644
--- a/manifests/cluster.pp
+++ b/manifests/cluster.pp
@@ -68,6 +68,7 @@
   $wsrep_sst_password           = $mariadb::params::wsrep_sst_password,
   $wsrep_sst_user_tls_options   = undef,
   $wsrep_sst_user_grant_options = undef,
+  Array[String] $wresp_sst_user_privileges = $mariadb::params::wresp_sst_user_privileges,
   Enum['mariabackup', 'mysqldump', 'rsync', 'rsync_wan', 'xtrabackup', 'xtrabackup-v2'] $wsrep_sst_method = $mariadb::params::wsrep_sst_method, # lint:ignore:140chars
   $root_password                = $mariadb::params::root_password,
   $override_options             = {},
diff --git a/manifests/cluster/auth.pp b/manifests/cluster/auth.pp
index ac9343b..ceb7546 100644
--- a/manifests/cluster/auth.pp
+++ b/manifests/cluster/auth.pp
@@ -13,6 +13,7 @@
       wsrep_sst_password           => $mariadb::cluster::wsrep_sst_password,
       wsrep_sst_user_tls_options   => $mariadb::cluster::wsrep_sst_user_tls_options,
       wsrep_sst_user_grant_options => $mariadb::cluster::wsrep_sst_user_grant_options,
+      wresp_sst_user_privileges    => $mariadb::cluster::wresp_sst_user_privileges,
     }
   }
 }
diff --git a/manifests/cluster/wsrep_sst_user.pp b/manifests/cluster/wsrep_sst_user.pp
index e2e8632..2ca0fb2 100644
--- a/manifests/cluster/wsrep_sst_user.pp
+++ b/manifests/cluster/wsrep_sst_user.pp
@@ -5,9 +5,10 @@
 
 define mariadb::cluster::wsrep_sst_user (
   $wsrep_sst_password,
-  $wsrep_sst_user               = $name,
-  $wsrep_sst_user_tls_options   = undef,
-  $wsrep_sst_user_grant_options = undef,
+  $wsrep_sst_user                          = $name,
+  $wsrep_sst_user_tls_options              = undef,
+  $wsrep_sst_user_grant_options            = undef,
+  Array[String] $wresp_sst_user_privileges = ['ALL'],
 ) {
 
   mysql_user { $wsrep_sst_user:
@@ -21,7 +22,7 @@
     ensure     => present,
     user       => $wsrep_sst_user,
     table      => '*.*',
-    privileges => ['ALL'],
+    privileges => $wresp_sst_user_privileges,
     options    => $wsrep_sst_user_grant_options,
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index a284efc..a566b01 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -20,15 +20,16 @@
   }
 
   # wsrep patch config
-  $wsrep_cluster_address = undef
-  $wsrep_cluster_peers   = undef
-  $wsrep_cluster_port    = '4567'
-  $wsrep_cluster_name    = undef
-  $wsrep_sst_user        = 'wsrep_sst'
-  $wsrep_sst_user_peers  = '%'
-  $wsrep_sst_password    = 'UNSET' # lint:ignore:security_password_in_code
-  $wsrep_sst_method      = 'mysqldump'
-  $root_password         = 'UNSET' # lint:ignore:security_password_in_code
+  $wsrep_cluster_address     = undef
+  $wsrep_cluster_peers       = undef
+  $wsrep_cluster_port        = '4567'
+  $wsrep_cluster_name        = undef
+  $wsrep_sst_user            = 'wsrep_sst'
+  $wsrep_sst_user_peers      = '%'
+  $wsrep_sst_password        = 'UNSET' # lint:ignore:security_password_in_code
+  $wresp_sst_user_privileges = ['ALL']
+  $wsrep_sst_method          = 'mysqldump'
+  $root_password             = 'UNSET' # lint:ignore:security_password_in_code
 
   if ($::osfamily == 'RedHat') and (versioncmp($::operatingsystemrelease, '6.0') >= 0) {
     # client.pp
diff --git a/metadata.json b/metadata.json
index 7fb4bab..ad0b183 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "edestecd-mariadb",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "author": "Chris Edester",
   "summary": "Puppet Module for managing MariaDB",
   "license": "GPL-3.0+",