grantinee 0.3.2 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +11 -1
- data/Gemfile.lock +1 -1
- data/README.md +2 -0
- data/grantinee.gemspec +2 -2
- data/lib/grantinee/cli.rb +12 -2
- data/lib/grantinee/configuration.rb +2 -0
- data/lib/grantinee/dsl.rb +2 -2
- data/lib/grantinee/engine/mysql.rb +2 -2
- data/lib/grantinee/engine/postgresql.rb +3 -3
- data/lib/grantinee/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bd59012e89ac1bad99cc95da8f1915b2c026fad022ab0e00740320cbcc26ce50
|
|
4
|
+
data.tar.gz: f1f48a160ecc3745bf508f1615565b1a6996e8403294da7681c63fb1bcee766f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4a527b5f2cf5992a3bed8f290f20675e12c2f1f15913ea0f0abc3b2daf73211fa1887bf42743a6de3fd5747dddfce47dafb2bf229c11c2f86f6f3f554d64425
|
|
7
|
+
data.tar.gz: c6c3af0d7e868aaf07f438901009cc1b7e5379d67e1719aeeb49aa07d6dff307a5457138d3d8a60c9dd14e17ac8b8fcc42dcd4aaf16a23ed27898681ee61f5b0
|
data/.rubocop.yml
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
AllCops:
|
|
2
|
+
TargetRubyVersion: 2.3
|
|
3
|
+
|
|
1
4
|
Layout/CaseIndentation:
|
|
2
5
|
EnforcedStyle: end
|
|
3
6
|
|
|
@@ -9,13 +12,16 @@ Lint/HandleExceptions:
|
|
|
9
12
|
Enabled: false
|
|
10
13
|
|
|
11
14
|
Metrics/AbcSize:
|
|
12
|
-
Max:
|
|
15
|
+
Max: 20
|
|
13
16
|
|
|
14
17
|
Metrics/BlockLength:
|
|
15
18
|
Exclude:
|
|
16
19
|
- "grantinee.gemspec"
|
|
17
20
|
- "spec/**/*"
|
|
18
21
|
|
|
22
|
+
Metrics/CyclomaticComplexity:
|
|
23
|
+
Enabled: false
|
|
24
|
+
|
|
19
25
|
Metrics/LineLength:
|
|
20
26
|
Max: 100
|
|
21
27
|
Exclude:
|
|
@@ -24,6 +30,10 @@ Metrics/LineLength:
|
|
|
24
30
|
Metrics/MethodLength:
|
|
25
31
|
Max: 15
|
|
26
32
|
|
|
33
|
+
Metrics/ModuleLength:
|
|
34
|
+
Exclude:
|
|
35
|
+
- "spec/**/*"
|
|
36
|
+
|
|
27
37
|
Security/Eval:
|
|
28
38
|
Enabled: false
|
|
29
39
|
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -2,8 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
Grantinee is a library to manage your database permissions. It supports MySQL and Postgres, allowing for granular per-table, and per-column permission setting. Tight and explicit permissions, instead of "allow all access" approach, may enhance the data security in your app, and make the GDPR compliance easier for multi-user databases (like when you have a service-oriented architecture).
|
|
4
4
|
|
|
5
|
+
[](https://badge.fury.io/rb/grantinee)
|
|
5
6
|
[](https://circleci.com/gh/blinkist/grantinee/tree/master)
|
|
6
7
|
|
|
8
|
+
|
|
7
9
|
## Installation
|
|
8
10
|
|
|
9
11
|
Add this line to your application's Gemfile:
|
data/grantinee.gemspec
CHANGED
|
@@ -7,8 +7,8 @@ require "grantinee/version"
|
|
|
7
7
|
Gem::Specification.new do |spec|
|
|
8
8
|
spec.name = "grantinee"
|
|
9
9
|
spec.version = Grantinee::VERSION
|
|
10
|
-
spec.authors = ["Paweł Komarnicki"]
|
|
11
|
-
spec.email = ["pawel@blinkist.com"]
|
|
10
|
+
spec.authors = ["Paweł Komarnicki", "John Donner"]
|
|
11
|
+
spec.email = ["pawel@blinkist.com", "john@blinkist.com"]
|
|
12
12
|
|
|
13
13
|
spec.summary = '"Your permissions, freshly baked!" | A library to manage your database permissions for MySQL and Postgres'
|
|
14
14
|
spec.description = "A Ruby library to manage your database permissions for MySQL and PostgreSQL. Supports per-table, and per-column permissions for granular access and security."
|
data/lib/grantinee/cli.rb
CHANGED
|
@@ -108,9 +108,19 @@ module Grantinee
|
|
|
108
108
|
|
|
109
109
|
# Database configuration file
|
|
110
110
|
def process_database_param
|
|
111
|
-
|
|
111
|
+
unless @options[:config] || Grantinee.configuration.configured?
|
|
112
|
+
Grantinee::Engine.detect_active_record_connection!
|
|
112
113
|
|
|
113
|
-
|
|
114
|
+
unless Grantinee.configuration.configured?
|
|
115
|
+
raise "No configuration file found. Please use the -c option"\
|
|
116
|
+
" to pass a configuration file."
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
require options[:config]
|
|
121
|
+
rescue StandardError, LoadError => error
|
|
122
|
+
puts error
|
|
123
|
+
exit
|
|
114
124
|
end
|
|
115
125
|
|
|
116
126
|
# Grantinee file
|
data/lib/grantinee/dsl.rb
CHANGED
|
@@ -21,6 +21,8 @@ module Grantinee
|
|
|
21
21
|
instance_eval(commands)
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
+
private
|
|
25
|
+
|
|
24
26
|
# Define database and mode
|
|
25
27
|
def on(database, &block)
|
|
26
28
|
logger.debug "Got database: #{database}"
|
|
@@ -54,8 +56,6 @@ module Grantinee
|
|
|
54
56
|
end
|
|
55
57
|
end
|
|
56
58
|
|
|
57
|
-
private
|
|
58
|
-
|
|
59
59
|
def logger
|
|
60
60
|
Grantinee.logger
|
|
61
61
|
end
|
|
@@ -34,10 +34,10 @@ module Grantinee
|
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
def grant_permission!(data) # rubocop:disable Metrics/AbcSize
|
|
37
|
-
raise "Invalid permission kind" unless WHITELISTED_KINDS.include?(data[:kind])
|
|
37
|
+
raise "Invalid permission kind" unless WHITELISTED_KINDS.include?(data[:kind]&.downcase)
|
|
38
38
|
|
|
39
39
|
database = sanitize_column_name(data[:database])
|
|
40
|
-
kind = data[:kind]
|
|
40
|
+
kind = data[:kind]&.upcase
|
|
41
41
|
table = sanitize_table_name(data[:table])
|
|
42
42
|
user = sanitize_value(data[:user])
|
|
43
43
|
host = sanitize_value(data[:host])
|
|
@@ -24,16 +24,16 @@ module Grantinee
|
|
|
24
24
|
|
|
25
25
|
def revoke_permissions!(data)
|
|
26
26
|
database = sanitize_column_name(data[:database])
|
|
27
|
-
user = sanitize_column_name(data[:
|
|
27
|
+
user = sanitize_column_name(data[:user])
|
|
28
28
|
|
|
29
29
|
query = "REVOKE ALL PRIVILEGES ON DATABASE #{database} FROM #{user};"
|
|
30
30
|
run! query, data
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def grant_permission!(data)
|
|
34
|
-
raise "Invalid permission kind" unless WHITELISTED_KINDS.include?(data[:kind])
|
|
34
|
+
raise "Invalid permission kind" unless WHITELISTED_KINDS.include?(data[:kind]&.downcase)
|
|
35
35
|
|
|
36
|
-
kind = data[:kind]
|
|
36
|
+
kind = data[:kind]&.upcase
|
|
37
37
|
table = sanitize_table_name(data[:table])
|
|
38
38
|
user = sanitize_column_name(data[:user])
|
|
39
39
|
fields = data[:fields].map { |v| sanitize_column_name(v.to_s) }.join(', ')
|
data/lib/grantinee/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: grantinee
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Paweł Komarnicki
|
|
8
|
+
- John Donner
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: exe
|
|
10
11
|
cert_chain: []
|
|
@@ -98,6 +99,7 @@ description: A Ruby library to manage your database permissions for MySQL and Po
|
|
|
98
99
|
Supports per-table, and per-column permissions for granular access and security.
|
|
99
100
|
email:
|
|
100
101
|
- pawel@blinkist.com
|
|
102
|
+
- john@blinkist.com
|
|
101
103
|
executables:
|
|
102
104
|
- grantinee
|
|
103
105
|
extensions: []
|