gratan 0.1.0

data/lib/gratan/dsl/context/on.rb

@@ -0,0 +1,19 @@
+class Gratan::DSL::Context::On
+  include Gratan::DSL::Validator
+
+  attr_reader :result
+
+  def initialize(user, host, object, &block)
+    @error_identifier = "User `#{user}@#{host}` on `#{object}`"
+    @result = []
+    instance_eval(&block)
+  end
+
+  def grant(name, options = {})
+    __validate("Grant `#{name}` is already defined") do
+      not @result.include?(name)
+    end
+
+    @result << name
+  end
+end

data/lib/gratan/dsl/context/user.rb

@@ -0,0 +1,25 @@
+class Gratan::DSL::Context::User
+  include Gratan::DSL::Validator
+
+  attr_reader :result
+
+  def initialize(user, host, &block)
+    @error_identifier = "User `#{user}@#{host}`"
+    @user = user
+    @host = host
+    @result = {}
+    instance_eval(&block)
+  end
+
+  def on(name, options = {}, &block)
+    name = name.to_s
+
+    __validate("Object `#{name}` is already defined") do
+      not @result.has_key?(name)
+    end
+
+    grant = {:privs => Gratan::DSL::Context::On.new(@user, @host, name, &block).result}
+    grant[:with] = options[:with] if options[:with]
+    @result[name] = grant
+  end
+end

data/lib/gratan/dsl/context.rb

@@ -0,0 +1,57 @@
+class Gratan::DSL::Context
+  include Gratan::DSL::Validator
+  include Gratan::Logger::Helper
+
+  def self.eval(dsl, path, options = {})
+    self.new(path, options) do
+      eval(dsl, binding, path)
+    end
+  end
+
+  attr_reader :result
+
+  def initialize(path, options = {}, &block)
+    @path = path
+    @options = options
+    @result = {}
+    instance_eval(&block)
+  end
+
+  private
+
+  def require(file)
+    grantfile = (file =~ %r|\A/|) ? file : File.expand_path(File.join(File.dirname(@path), file))
+
+    if File.exist?(grantfile)
+      instance_eval(File.read(grantfile), grantfile)
+    elsif File.exist?(grantfile + '.rb')
+      instance_eval(File.read(grantfile + '.rb'), grantfile + '.rb')
+    else
+      Kernel.require(file)
+    end
+  end
+
+  def user(name, host, options = {}, &block)
+    name = name.to_s
+    host = host.to_s
+    options ||= {}
+
+    __validate("User `#{name}@#{host}` is already defined") do
+      not @result.has_key?([name, host])
+    end
+
+    if @options[:enable_expired] and (expired = options.delete(:expired))
+      expired = Time.parse(expired)
+
+      if Time.new >= expired
+        log(:warn, "User `#{name}@#{host}` has expired", :yellow)
+        return
+      end
+    end
+
+    @result[[name, host]] = {
+      :objects => Gratan::DSL::Context::User.new(name, host, &block).result,
+      :options => options,
+    }
+  end
+end

data/lib/gratan/dsl/converter.rb

@@ -0,0 +1,74 @@
+class Gratan::DSL::Converter
+  def self.convert(exported, options = {})
+    self.new(exported, options).convert
+  end
+
+  def initialize(exported, options = {})
+    @exported = exported
+    @options = options
+  end
+
+  def convert
+    @exported.map {|user_host, attrs|
+      output_user(user_host, attrs)
+    }.join("\n")
+  end
+
+  private
+
+  def output_user(user_host, attrs)
+    user, host = user_host
+    objects, options = attrs.values_at(:objects, :options)
+    options = output_user_options(options)
+
+    <<-EOS
+user #{user.inspect}, #{host.inspect}#{options}do
+  #{output_objects(objects)}
+end
+    EOS
+  end
+
+  def output_user_options(options)
+    if options.empty?
+      ' '
+    else
+      options = strip_hash_brace(options.inspect)
+      ", #{options} "
+    end
+  end
+
+  def output_objects(objects)
+    objects.map {|object, grant|
+      options = output_object_options(grant)
+
+      <<-EOS
+  on #{object.inspect}#{options}do
+    #{output_grant(grant)}
+  end
+      EOS
+    }.join("\n").strip
+  end
+
+  def output_object_options(grant)
+    with_option = grant.delete(:with)
+
+    if with_option
+      options = strip_hash_brace({:with => with_option}.inspect)
+      ", #{options} "
+    else
+      ' '
+    end
+  end
+
+  def output_grant(grant)
+    grant[:privs].map {|priv|
+      <<-EOS
+    grant #{priv.inspect}
+      EOS
+    }.join.strip
+  end
+
+  def strip_hash_brace(hash_str)
+    hash_str.sub(/\A\{/, '').sub(/\}\z/, '')
+  end
+end

data/lib/gratan/dsl/validator.rb

@@ -0,0 +1,13 @@
+module Gratan::DSL::Validator
+  def __validate(errmsg)
+    raise __identify(errmsg) unless yield
+  end
+
+  def __identify(errmsg)
+    if @error_identifier
+      errmsg = "#{@error_identifier}: #{errmsg}"
+    end
+
+    return errmsg
+  end
+end

data/lib/gratan/dsl.rb

@@ -0,0 +1,9 @@
+class Gratan::DSL
+  def self.convert(exported, options = {})
+    Gratan::DSL::Converter.convert(exported, options)
+  end
+
+  def self.parse(dsl, path, options = {})
+    Gratan::DSL::Context.eval(dsl, path, options).result
+  end
+end

data/lib/gratan/exporter.rb

@@ -0,0 +1,49 @@
+class Gratan::Exporter
+  def self.export(driver, options = {}, &block)
+    self.new(driver, options).export(&block)
+  end
+
+  def initialize(driver, options = {})
+    @driver = driver
+    @options = options
+  end
+
+  def export
+    grants = []
+
+    @driver.each_user do |user, host|
+      next if user =~ @options[:ignore_user]
+
+      @driver.show_grants(user, host) do |stmt|
+        grants << Gratan::GrantParser.parse(stmt)
+      end
+    end
+
+    pack(grants)
+  end
+
+  private
+
+  def pack(grants)
+    packed = {}
+
+    grants.each do |grant|
+      user = grant.delete(:user)
+      host = grant.delete(:host)
+      user_host = [user, host]
+      object = grant.delete(:object)
+      identified = grant.delete(:identified)
+      required = grant.delete(:require)
+
+      packed[user_host] ||= {:objects => {}, :options => {}}
+      packed[user_host][:objects][object] = grant
+      packed[user_host][:options][:required] = required if required
+
+      if @options[:with_identifier] and identified
+        packed[user_host][:options][:identified] = identified
+      end
+    end
+
+    packed
+  end
+end

data/lib/gratan/ext/string_ext.rb

@@ -0,0 +1,25 @@
+class String
+  @@colorize = false
+
+  class << self
+    def colorize=(value)
+      @@colorize = value
+    end
+
+    def colorize
+      @@colorize
+    end
+  end # of class methods
+
+  Term::ANSIColor::Attribute.named_attributes.map do |attribute|
+    class_eval(<<-EOS, __FILE__, __LINE__ + 1)
+      def #{attribute.name}
+        if @@colorize
+          Term::ANSIColor.send(#{attribute.name.inspect}, self)
+        else
+          self
+        end
+      end
+    EOS
+  end
+end

data/lib/gratan/grant_parser.rb

@@ -0,0 +1,68 @@
+class Gratan::GrantParser
+  def initialize(stmt)
+    @stmt = stmt.strip
+    @parsed = {}
+  end
+
+  def self.parse(stmt)
+    parser = self.new(stmt)
+    parser.parse!
+  end
+
+  def parse!
+    parse_grant
+    parse_require
+    parse_identified
+    parse_main
+    @parsed
+  end
+
+  private
+
+  def parse_grant
+    @stmt.slice!(/\s+WITH\s+(.+?)\z/)
+    with_option = $1
+
+    if with_option
+      @parsed[:with] = with_option.strip
+    end
+  end
+
+  def parse_require
+    @stmt.slice!(/\s+REQUIRE\s+(.+?)\z/)
+    required = $1
+
+    if required
+      @parsed[:require] = required.strip
+    end
+  end
+
+  def parse_identified
+    @stmt.slice!(/\s+IDENTIFIED BY\s+(.+?)\z/)
+    identified = $1
+
+    if identified
+      @parsed[:identified] = identified.strip
+    end
+  end
+
+  def parse_main
+    md = /\AGRANT\s+(.+?)\s+ON\s+(.+?)\s+TO\s+'(.*)'@'(.+)'\z/.match(@stmt)
+    privs, object, user, host = md.captures
+    @parsed[:privs] = parse_privs(privs.strip)
+    @parsed[:object] = object.gsub('`', '').strip
+    @parsed[:user] = user
+    @parsed[:host] = host
+  end
+
+  def parse_privs(privs)
+    privs << ','
+    priv_list = []
+
+    while priv = privs.slice!(/\A[^,(]+(?:\([^)]+\))?\s*,\s*/)
+      priv_list << priv.strip.sub(/,\z/, '').strip
+    end
+
+    priv_list
+  end
+end

data/lib/gratan/identifier/auto.rb

@@ -0,0 +1,28 @@
+class Gratan::Identifier::Auto
+  def initialize(output, options = {})
+    @options = options
+
+    if output == '-'
+      @output = $stdout
+    else
+      @output = open(output, 'w')
+    end
+  end
+
+  def identify(user, host)
+    password = mkpasswd
+    puts_password(user, host, password)
+    password
+  end
+
+  private
+
+  def mkpasswd(len = 8)
+    [*1..9, *'A'..'Z', *'a'..'z'].shuffle.slice(0, len).join
+  end
+
+  def puts_password(user, host, password)
+    @output.puts("#{user}@#{host},#{password}")
+    @output.flush
+  end
+end

data/lib/gratan/identifier/csv.rb

@@ -0,0 +1,25 @@
+require 'csv'
+
+class Gratan::Identifier::CSV
+  include Gratan::Logger::Helper
+
+  def initialize(path, options = {})
+    @options = options
+    @passwords = {}
+
+    CSV.foreach(path) do |row|
+      @passwords[row[0]] = row[1]
+    end
+  end
+
+  def identify(user, host)
+    user_host = "#{user}@#{host}"
+    password = @passwords[user_host]
+
+    unless password
+      log(:warn, "password for `#{user_host}` can not be found", :yellow)
+    end
+
+    password
+  end
+end

data/lib/gratan/identifier/null.rb

@@ -0,0 +1,5 @@
+class Gratan::Identifier::Null
+  def identify(user, host)
+    nil
+  end
+end

data/lib/gratan/identifier.rb

@@ -0,0 +1,2 @@
+class Gratan::Identifier
+end

data/lib/gratan/logger.rb

@@ -0,0 +1,28 @@
+class Gratan::Logger < ::Logger
+  include Singleton
+
+  def initialize
+    super($stdout)
+
+    self.formatter = proc do |severity, datetime, progname, msg|
+      "#{msg}\n"
+    end
+
+    self.level = Logger::INFO
+  end
+
+  def set_debug(value)
+    self.level = value ? Logger::DEBUG : Logger::INFO
+  end
+
+  module Helper
+    def log(level, message, color = nil)
+      options = @options || {}
+      message = "[#{level.to_s.upcase}] #{message}" unless level == :info
+      message << ' (dry-run)' if options[:dry_run]
+      message = message.send(color) if color
+      logger = options[:logger] || Gratan::Logger.instance
+      logger.send(level, message)
+    end
+  end
+end

data/lib/gratan/version.rb

@@ -0,0 +1,3 @@
+module Gratan
+  VERSION = '0.1.0'
+end

data/lib/gratan.rb

@@ -0,0 +1,24 @@
+require 'logger'
+require 'mysql2'
+require 'singleton'
+require 'term/ansicolor'
+require 'time'
+
+module Gratan; end
+require 'gratan/logger'
+require 'gratan/client'
+require 'gratan/driver'
+require 'gratan/dsl'
+require 'gratan/dsl/validator'
+require 'gratan/dsl/context'
+require 'gratan/dsl/context/user'
+require 'gratan/dsl/context/on'
+require 'gratan/dsl/converter'
+require 'gratan/exporter'
+require 'gratan/ext/string_ext'
+require 'gratan/grant_parser'
+require 'gratan/identifier'
+require 'gratan/identifier/auto'
+require 'gratan/identifier/csv'
+require 'gratan/identifier/null'
+require 'gratan/version'

data/spec/change/change_grants_2_spec.rb

@@ -0,0 +1,154 @@
+describe 'Gratan::Client#apply' do
+  before(:each) do
+    apply {
+      <<-RUBY
+user 'scott', 'localhost', identified: 'tiger', required: 'SSL' do
+  on '*.*' do
+    grant 'USAGE'
+  end
+end
+
+user 'bob', 'localhost' do
+  on '*.*', with: 'GRANT OPTION' do
+    grant 'ALL PRIVILEGES'
+  end
+end
+      RUBY
+    }
+  end
+
+  context 'when update password' do
+    subject { client }
+
+    it do
+      apply(subject) {
+        <<-RUBY
+user 'scott', 'localhost', identified: '123', required: 'SSL' do
+  on '*.*' do
+    grant 'USAGE'
+  end
+end
+
+user 'bob', 'localhost', identified: '456' do
+  on '*.*', with: 'GRANT OPTION' do
+    grant 'ALL PRIVILEGES'
+  end
+end
+        RUBY
+      }
+
+      expect(show_grants).to match_array [
+        "GRANT ALL PRIVILEGES ON *.* TO 'bob'@'localhost' IDENTIFIED BY PASSWORD '*531E182E2F72080AB0740FE2F2D689DBE0146E04' WITH GRANT OPTION",
+        "GRANT USAGE ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' REQUIRE SSL",
+      ]
+    end
+  end
+
+  context 'when remove password' do
+    subject { client }
+
+    it do
+      apply(subject) {
+        <<-RUBY
+user 'scott', 'localhost', identified: nil, required: 'SSL' do
+  on '*.*' do
+    grant 'USAGE'
+  end
+end
+
+user 'bob', 'localhost' do
+  on '*.*', with: 'GRANT OPTION' do
+    grant 'ALL PRIVILEGES'
+  end
+end
+        RUBY
+      }
+
+      expect(show_grants).to match_array [
+        "GRANT ALL PRIVILEGES ON *.* TO 'bob'@'localhost' WITH GRANT OPTION",
+        "GRANT USAGE ON *.* TO 'scott'@'localhost' REQUIRE SSL",
+      ]
+    end
+  end
+
+  context 'when skip update password' do
+    subject { client }
+
+    it do
+      apply(subject) {
+        <<-RUBY
+user 'scott', 'localhost', required: 'SSL' do
+  on '*.*' do
+    grant 'USAGE'
+  end
+end
+
+user 'bob', 'localhost' do
+  on '*.*', with: 'GRANT OPTION' do
+    grant 'ALL PRIVILEGES'
+  end
+end
+        RUBY
+      }
+
+      expect(show_grants).to match_array [
+        "GRANT ALL PRIVILEGES ON *.* TO 'bob'@'localhost' WITH GRANT OPTION",
+        "GRANT USAGE ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL",
+      ]
+    end
+  end
+
+  context 'when update require' do
+    subject { client }
+
+    it do
+      apply(subject) {
+        <<-RUBY
+user 'scott', 'localhost', required: 'X509' do
+  on '*.*' do
+    grant 'USAGE'
+  end
+end
+
+user 'bob', 'localhost', required: 'SSL' do
+  on '*.*', with: 'GRANT OPTION' do
+    grant 'ALL PRIVILEGES'
+  end
+end
+        RUBY
+      }
+
+      expect(show_grants).to match_array [
+        "GRANT ALL PRIVILEGES ON *.* TO 'bob'@'localhost' REQUIRE SSL WITH GRANT OPTION",
+        "GRANT USAGE ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE X509",
+      ]
+    end
+  end
+
+  context 'when update with option' do
+    subject { client }
+
+    it do
+      apply(subject) {
+        <<-RUBY
+user 'scott', 'localhost', identified: 'tiger', required: 'SSL' do
+  on '*.*', with: 'GRANT OPTION MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3 MAX_USER_CONNECTIONS 4' do
+    grant 'USAGE'
+  end
+end
+
+user 'bob', 'localhost' do
+  on '*.*' do
+    grant 'ALL PRIVILEGES'
+  end
+end
+        RUBY
+      }
+
+      expect(show_grants).to match_array [
+        "GRANT ALL PRIVILEGES ON *.* TO 'bob'@'localhost'",
+        "GRANT USAGE ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL WITH GRANT OPTION MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 3 MAX_USER_CONNECTIONS 4",
+      ]
+    end
+  end
+end