grantinee 0.3.1

data/Rakefile

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rubocop/rake_task'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+RuboCop::RakeTask.new do |task|
+  task.options = %w[-a]
+end
+
+task(:default).clear
+task default: %i[rubocop spec]

data/bin/console

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'awesome_print'
+require 'grantinee'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here
+RACK_ENV=mysql bundle exec rake db:create
+RACK_ENV=postgresql bundle exec rake db:create

data/config/grantinee.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# This is a sample configuration file for you to play with
+Grantinee.configure do |c|
+  c.engine = :postgresql
+
+  case c.engine
+  when :mysql
+    c.username = 'root'
+    c.password = 'mysql'
+    c.hostname = ENV['MYSQL_HOST'] || 'localhost'
+    c.port     = 3306
+    c.database = 'grantinee_development'
+
+  when :mysql_url
+    c.url = 'mysql://root:mysql@localhost:3306/grantinee_development'
+
+  when :postgresql
+    c.username = 'postgres'
+    c.password = 'postgres'
+    c.hostname = ENV['POSTGRES_HOST'] || 'localhost'
+    c.port     = 5432
+    c.database = 'grantinee_development'
+
+  when :postgresql_url
+    c.url = 'postgres://postgres:postgres@localhost:5432/grantinee_development'
+
+  end
+end

data/docker-compose.yml

@@ -0,0 +1,34 @@
+version: '3'
+services:
+
+  mysql:
+    image: mysql:5.7.15
+    volumes:
+      - ./mysql:/var/lib/mysql
+    ports:
+      - "3306:3306"
+    environment:
+      MYSQL_ROOT_PASSWORD: mysql
+
+  postgres:
+    image: postgres:9.6
+    volumes:
+      - ./postgres/data:/var/lib/postgresql/data
+    ports:
+      - "5432:5432"
+    environment:
+      - POSTGRES_PASSWORD=postgres
+
+  rspec:
+    environment:
+      MYSQL_HOST: 'mysql'
+      POSTGRES_HOST: 'postgres'
+    tty: true
+    stdin_open: true
+    build: .
+    command: bundle exec rspec
+    volumes:
+      - .:/myapp
+    depends_on:
+      - mysql
+      - postgres

data/exe/grantinee

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'grantinee'
+require 'optparse'
+
+# Autodetect plug-and-play connection
+Bundler.require if File.exist? 'Gemfile.lock'
+
+# Logger setup
+logger       = Logger.new(STDOUT)
+logger.level = Logger::INFO
+
+Grantinee::CLI.new(ARGV, logger).run!

data/grantinee.gemspec

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "lib"))
+
+require "grantinee/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "grantinee"
+  spec.version       = Grantinee::VERSION
+  spec.authors       = ["Paweł Komarnicki"]
+  spec.email         = ["pawel@blinkist.com"]
+
+  spec.summary       = '"Your permissions, freshly baked!" | A library to manage your database permissions for MySQL and Postgres'
+  spec.description   = "A Ruby library to manage your database permissions for MySQL and PostgreSQL. Supports per-table, and per-column permissions for granular access and security."
+  spec.homepage      = "https://github.com/blinkist/grantinee"
+  spec.license       = "MIT"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.dirname(__FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "byebug"
+  spec.add_development_dependency "method_source"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rubocop"
+end

data/lib/grantinee.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+# Grantinee module is where the magic at ;-)
+module Grantinee
+  class << self
+    # Allow configuration using a block
+    def configure
+      yield configuration
+    end
+
+    # Returns configuration
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def logger
+      configuration.logger
+    end
+
+    def logger=(logger)
+      configuration.logger = logger
+    end
+
+    extend Gem::Deprecate
+    deprecate :logger=, "Please provide logger via configure block", 2018, 7
+  end
+end
+
+# Load internal stuffs
+require 'grantinee/configuration'
+require 'grantinee/engine'
+require 'grantinee/cli'
+require 'grantinee/dsl'
+require 'grantinee/executor'
+require 'grantinee/engine/abstract_engine'

data/lib/grantinee/cli.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+module Grantinee
+  class CLI
+    attr_accessor :options
+    attr_accessor :dsl
+    attr_accessor :engine
+
+    def initialize(args = ARGV, logger = ::Logger.new($stderr))
+      @args    = args
+      @logger  = logger
+
+      @options = {}
+    end
+
+    def run!
+      parse_command_line_parameters
+      process_command_line_parameters
+
+      @dsl      = build_dsl
+      @engine   = build_engine
+      @executor = build_executor
+      @executor.run!
+
+      [@dsl, @engine, @executor]
+    end
+
+    private
+
+    def parse_command_line_parameters # rubocop:disable Metrics/MethodLength
+      parser = OptionParser.new do |opts| # rubocop:disable Metrics/BlockLength
+        opts.banner = "Usage: grantinee [options]"
+
+        # Help
+        opts.on(
+          '-h', '--help',
+          "Displays help"
+        ) do
+          puts opts
+          exit
+        end
+
+        # Verbose mode
+        opts.on(
+          '-vLEVEL', '--verbosity=LEVEL',
+          "Set verbosity level to debug, info, warn, error, fatal, or unknown (default: warning)"
+        ) do |level|
+          @options[:verbose] = level || 'warning'
+        end
+
+        # App boot file
+        opts.on(
+          '-rFILE', '--require=FILE',
+          "Application boot file path (default: ./config/environment.rb)"
+        ) do |file_path|
+          @options[:require] = file_path
+        end
+
+        # Grantinee file
+        opts.on(
+          '-fFILE', '--file=FILE',
+          "Permission definitions file path (default: ./Grantinee)"
+        ) do |file_path|
+          @options[:file] = file_path
+        end
+
+        # Database configuration file
+        opts.on(
+          '-cFILE', '--config=FILE',
+          "Database configuration file path"
+        ) do |file_path|
+          @options[:config] = file_path
+        end
+      end
+
+      parser.parse! @args
+    end
+
+    # Process parsed parameters
+    def process_command_line_parameters
+      process_require_param
+      process_database_param
+      process_grantinee_param
+      process_verbosity_param
+    end
+
+    def build_dsl
+      Grantinee.configuration.logger = @logger
+      Grantinee::Dsl.eval(File.read(@options[:file]))
+    end
+
+    def build_engine
+      Grantinee::Engine.for Grantinee.configuration.engine
+    end
+
+    def build_executor
+      Grantinee::Executor.new(@dsl, @engine)
+    end
+
+    # Application boot file
+    def process_require_param
+      if @options[:require]
+        require @options[:require]
+      elsif defined?(Rails)
+        require './config/environment'
+      end
+    end
+
+    # Database configuration file
+    def process_database_param
+      require options[:config] if options[:config]
+
+      Grantinee::Engine.detect_active_record_connection! unless Grantinee.configuration.configured?
+    end
+
+    # Grantinee file
+    def process_grantinee_param
+      @options[:file] ||= "Grantinee"
+    end
+
+    # Explicit verbose mode, overrides configuration value
+    def process_verbosity_param
+      return unless @options[:verbose]
+      log_levels = %w[debug info warn error fatal unknown]
+      @logger.level = log_levels.index(@options[:verbose])
+    end
+  end
+end

data/lib/grantinee/configuration.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'uri'
+
+module Grantinee
+  class Configuration
+    # Which engine is used by the library?
+    attr_accessor :engine
+
+    attr_accessor :logger
+
+    # Connection parameters
+    attr_accessor :username
+    attr_accessor :password
+    attr_accessor :hostname
+    attr_accessor :port
+    attr_accessor :database
+    attr_reader :url
+
+    # Allow verbose mode
+    attr_accessor :verbose
+
+    def initialize
+      @logger = ::Logger.new(nil)
+    end
+
+    def configured?
+      username && password && hostname && port && database
+    end
+
+    # Handle url -> fields conversion
+    def url=(url)
+      uri = URI.parse url
+
+      case uri.scheme
+      when /^mysql/
+        default_port = 3306
+        @engine = :mysql
+      when /^postgres/
+        default_port = 5432
+        @engine = :postgres
+      end
+
+      @username = uri.user
+      @password = uri.password
+      @hostname = uri.host
+      @port     = uri.port || default_port
+      @database = (uri.path || '').split('/').last
+    end
+  end
+end

data/lib/grantinee/dsl.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module Grantinee
+  class Dsl
+    attr_accessor :permissions
+
+    # Allow evaluation of the code coming from the Grantinee file
+    def self.eval(commands)
+      new.tap do |x|
+        x.eval(commands)
+      end
+    end
+
+    # Initialize defaults
+    def initialize
+      @permissions = []
+      @data        = {}
+    end
+
+    def eval(commands)
+      instance_eval(commands)
+    end
+
+    # Define database and mode
+    def on(database, &block)
+      logger.debug "Got database: #{database}"
+
+      @data[:database] = database
+
+      instance_eval(&block) if block_given?
+    end
+
+    # Define user and host
+    # Note: revokes all permissions for given user first
+    def user(user, &block)
+      logger.debug "Got user: #{user}"
+
+      @data[:user], @data[:host] = user.to_s.split '@'
+      @data[:host] ||= '%'
+
+      instance_eval(&block) if block_given?
+    end
+
+    # Define permission grants
+    Engine::WHITELISTED_KINDS.each do |kind|
+      define_method(kind.to_sym) do |table, fields = []|
+        logger.debug "Got table: #{table}, fields: #{fields}"
+
+        @permissions << @data.merge(
+          kind:   kind,
+          table:  table,
+          fields: fields
+        )
+      end
+    end
+
+    private
+
+    def logger
+      Grantinee.logger
+    end
+  end
+end

data/lib/grantinee/engine.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Grantinee
+  module Engine
+    SUPPORTED_ENGINES = %w[mysql postgresql].freeze
+
+    WHITELISTED_KINDS = %w[all usage select update insert].freeze
+
+    class << self
+      # Get appropriate engine class for the engine name
+      def for(engine)
+        logger.debug "Using engine: #{engine}"
+        unless SUPPORTED_ENGINES.include?(engine.to_s)
+          raise "Engine '#{engine}' is not supported, supported engines: #{SUPPORTED_ENGINES}"
+        end
+
+        case engine.to_s
+        when 'mysql'
+          require 'grantinee/engine/mysql'
+          Mysql.new
+        when 'postgresql'
+          require 'grantinee/engine/postgresql'
+          Postgresql.new
+        end
+      end
+
+      def detect_active_record_connection!
+        return unless defined?(ActiveRecord::Base)
+
+        configure_for_active_record(ActiveRecord::Base.connection_config)
+      end
+
+      private
+
+      def logger
+        Grantinee.logger
+      end
+
+      def configure_for_active_record(ar_config)
+        if ar_config[:url]
+          configure_for_active_record_url(ar_config)
+        else
+          configure_for_active_record_fields(ar_config)
+        end
+
+        Grantinee.configuration.engine = case ar_config[:adapter]
+        when 'mysql', 'mysql2'
+          :mysql
+        when 'postgresql', 'pg'
+          :postgresql
+        end
+      end
+
+      def configure_for_active_record_url(ar_config)
+        Grantinee.configuration.url = ar_config[:url]
+      end
+
+      def configure_for_active_record_fields(ar_config)
+        Grantinee.configuration.username = ar_config[:username]
+        Grantinee.configuration.password = ar_config[:password]
+        Grantinee.configuration.hostname = ar_config[:host]
+        Grantinee.configuration.port     = ar_config[:port]
+        Grantinee.configuration.database = ar_config[:database]
+      end
+    end
+  end
+end