gratan 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -0
- data/lib/gratan/client.rb +11 -9
- data/lib/gratan/driver.rb +34 -2
- data/lib/gratan/dsl/context/user.rb +1 -1
- data/lib/gratan/version.rb +1 -1
- data/spec/change/change_grants_regexp_spec.rb +144 -0
- data/spec/create/create_user_regexp_spec.rb +67 -0
- data/spec/misc/misc_spec.rb +5 -1
- data/spec/spec_helper.rb +26 -0
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3451238bb0c3d7aa0d0069c56329a421a7250bc0
|
4
|
+
data.tar.gz: ccd1281b0e7207b22bd92fbaf8179d463b3f6df3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6c3a808d92306537c82650686ed9fe35bace9892ae1b43ef7774ba22dbfc11b56f78c8c6eec09d498d1f89ea9680354a2f6e554d0dec3d81a0d003636fe4623c
|
7
|
+
data.tar.gz: 80b1e1816218d55a88680eb2627a028b2a21d782784e913875bd43adcd7bc0d65d092144fdcb094b1d7a700385ce3a8e61f39f6f7ee807fdd9275a68a0ec8636
|
data/README.md
CHANGED
data/lib/gratan/client.rb
CHANGED
@@ -103,15 +103,17 @@ class Gratan::Client
|
|
103
103
|
end
|
104
104
|
|
105
105
|
def walk_objects(user, host, expected_objects, actual_objects)
|
106
|
-
expected_objects.each do |
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
106
|
+
expected_objects.each do |object_or_regexp, expected_options|
|
107
|
+
@driver.expand_object(object_or_regexp).each do |object|
|
108
|
+
expected_options ||= {}
|
109
|
+
actual_options = actual_objects.delete(object)
|
110
|
+
|
111
|
+
if actual_options
|
112
|
+
walk_object(user, host, object, expected_options, actual_options)
|
113
|
+
else
|
114
|
+
@driver.grant(user, host, object, expected_options)
|
115
|
+
update!
|
116
|
+
end
|
115
117
|
end
|
116
118
|
end
|
117
119
|
|
data/lib/gratan/driver.rb
CHANGED
@@ -18,12 +18,44 @@ class Gratan::Driver
|
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
21
|
+
def show_databases
|
22
|
+
query("SHOW DATABASES").map {|i| i.values.first }
|
23
|
+
end
|
24
|
+
|
25
|
+
def show_tables(database)
|
26
|
+
query("SHOW TABLES FROM `#{database}`").map {|i| i.values.first }
|
27
|
+
end
|
28
|
+
|
29
|
+
def show_all_tables
|
30
|
+
@all_tables ||= show_databases.map {|database|
|
31
|
+
show_tables(database).map do |table|
|
32
|
+
"#{database}.#{table}"
|
33
|
+
end
|
34
|
+
}.flatten
|
35
|
+
end
|
36
|
+
|
37
|
+
def expand_object(object_or_regexp)
|
38
|
+
if object_or_regexp.kind_of?(Regexp)
|
39
|
+
show_all_tables.select {|i| i =~ object_or_regexp }
|
40
|
+
else
|
41
|
+
[object_or_regexp]
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
21
45
|
def create_user(user, host, options = {})
|
22
46
|
objects = options[:objects]
|
23
47
|
grant_options = options[:options]
|
48
|
+
granted = false
|
49
|
+
|
50
|
+
objects.each do |object_or_regexp, object_options|
|
51
|
+
expand_object(object_or_regexp).each do |object|
|
52
|
+
grant(user, host, object, grant_options.merge(object_options))
|
53
|
+
granted = true
|
54
|
+
end
|
55
|
+
end
|
24
56
|
|
25
|
-
|
26
|
-
grant(user, host,
|
57
|
+
unless granted
|
58
|
+
log(:warn, "there was no privileges to grant to #{quote_user(user, host)}", :color => :yellow)
|
27
59
|
end
|
28
60
|
end
|
29
61
|
|
data/lib/gratan/version.rb
CHANGED
@@ -0,0 +1,144 @@
|
|
1
|
+
describe 'Gratan::Client#apply' do
|
2
|
+
before(:each) do
|
3
|
+
apply {
|
4
|
+
<<-RUBY
|
5
|
+
user 'scott', 'localhost', identified: 'tiger', required: 'SSL' do
|
6
|
+
on '*.*' do
|
7
|
+
grant 'SELECT'
|
8
|
+
grant 'INSERT'
|
9
|
+
end
|
10
|
+
|
11
|
+
on 'test.*' do
|
12
|
+
grant 'UPDATE'
|
13
|
+
grant 'DELETE'
|
14
|
+
end
|
15
|
+
|
16
|
+
on 'mysql.user' do
|
17
|
+
grant 'SELECT (user)'
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
user 'bob', 'localhost' do
|
22
|
+
on '*.*' do
|
23
|
+
grant 'USAGE'
|
24
|
+
end
|
25
|
+
|
26
|
+
on 'test.*' do
|
27
|
+
grant 'ALL PRIVILEGES'
|
28
|
+
end
|
29
|
+
end
|
30
|
+
RUBY
|
31
|
+
}
|
32
|
+
end
|
33
|
+
|
34
|
+
context 'when change privs using regexp' do
|
35
|
+
subject { client }
|
36
|
+
|
37
|
+
it do
|
38
|
+
dsl = <<-RUBY
|
39
|
+
user 'scott', 'localhost', required: 'SSL' do
|
40
|
+
on '*.*' do
|
41
|
+
grant 'SELECT'
|
42
|
+
grant 'INSERT'
|
43
|
+
end
|
44
|
+
|
45
|
+
on 'test.*' do
|
46
|
+
grant 'UPDATE'
|
47
|
+
grant 'DELETE'
|
48
|
+
end
|
49
|
+
|
50
|
+
on /\\Agratan_test\\.(foo|bar)\\z/ do
|
51
|
+
grant 'SELECT'
|
52
|
+
grant 'INSERT'
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
user 'bob', 'localhost' do
|
57
|
+
on '*.*' do
|
58
|
+
grant 'USAGE'
|
59
|
+
end
|
60
|
+
|
61
|
+
on 'test.*' do
|
62
|
+
grant 'ALL PRIVILEGES'
|
63
|
+
end
|
64
|
+
|
65
|
+
on /\\Agratan_test\\.z/ do
|
66
|
+
grant 'UPDATE'
|
67
|
+
grant 'DELETE'
|
68
|
+
end
|
69
|
+
end
|
70
|
+
RUBY
|
71
|
+
|
72
|
+
create_tables(:foo, :bar, :zoo, :baz) do
|
73
|
+
apply(subject) { dsl }
|
74
|
+
|
75
|
+
expect(show_grants).to match_array [
|
76
|
+
"GRANT ALL PRIVILEGES ON `test`.* TO 'bob'@'localhost'",
|
77
|
+
"GRANT SELECT, INSERT ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL",
|
78
|
+
"GRANT SELECT, INSERT ON `gratan_test`.`bar` TO 'scott'@'localhost'",
|
79
|
+
"GRANT SELECT, INSERT ON `gratan_test`.`foo` TO 'scott'@'localhost'",
|
80
|
+
"GRANT UPDATE, DELETE ON `gratan_test`.`zoo` TO 'bob'@'localhost'",
|
81
|
+
"GRANT UPDATE, DELETE ON `test`.* TO 'scott'@'localhost'",
|
82
|
+
"GRANT USAGE ON *.* TO 'bob'@'localhost'",
|
83
|
+
]
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
context 'when no change privs using regexp' do
|
89
|
+
subject { client }
|
90
|
+
|
91
|
+
it do
|
92
|
+
dsl = <<-RUBY
|
93
|
+
user 'scott', 'localhost', required: 'SSL' do
|
94
|
+
on '*.*' do
|
95
|
+
grant 'SELECT'
|
96
|
+
grant 'INSERT'
|
97
|
+
end
|
98
|
+
|
99
|
+
on 'test.*' do
|
100
|
+
grant 'UPDATE'
|
101
|
+
grant 'DELETE'
|
102
|
+
end
|
103
|
+
|
104
|
+
on 'mysql.user' do
|
105
|
+
grant 'SELECT (user)'
|
106
|
+
end
|
107
|
+
|
108
|
+
on /\\Agratan_test\\.x(foo|bar)\\z/ do
|
109
|
+
grant 'SELECT'
|
110
|
+
grant 'INSERT'
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
user 'bob', 'localhost' do
|
115
|
+
on '*.*' do
|
116
|
+
grant 'USAGE'
|
117
|
+
end
|
118
|
+
|
119
|
+
on 'test.*' do
|
120
|
+
grant 'ALL PRIVILEGES'
|
121
|
+
end
|
122
|
+
|
123
|
+
on /\\Agratan_test\\.xz/ do
|
124
|
+
grant 'UPDATE'
|
125
|
+
grant 'DELETE'
|
126
|
+
end
|
127
|
+
end
|
128
|
+
RUBY
|
129
|
+
|
130
|
+
create_tables(:foo, :bar, :zoo, :baz) do
|
131
|
+
result = apply(subject) { dsl }
|
132
|
+
expect(result).to be_falsey
|
133
|
+
|
134
|
+
expect(show_grants).to match_array [
|
135
|
+
"GRANT ALL PRIVILEGES ON `test`.* TO 'bob'@'localhost'",
|
136
|
+
"GRANT SELECT (user) ON `mysql`.`user` TO 'scott'@'localhost'",
|
137
|
+
"GRANT SELECT, INSERT ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL",
|
138
|
+
"GRANT UPDATE, DELETE ON `test`.* TO 'scott'@'localhost'",
|
139
|
+
"GRANT USAGE ON *.* TO 'bob'@'localhost'",
|
140
|
+
]
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
@@ -0,0 +1,67 @@
|
|
1
|
+
describe 'Gratan::Client#apply' do
|
2
|
+
context 'when create user using regexp' do
|
3
|
+
subject { client }
|
4
|
+
|
5
|
+
it do
|
6
|
+
dsl = <<-RUBY
|
7
|
+
user 'scott', 'localhost', identified: 'tiger' do
|
8
|
+
on 'test.*' do
|
9
|
+
grant 'SELECT'
|
10
|
+
grant 'INSERT'
|
11
|
+
grant 'UPDATE'
|
12
|
+
grant 'DELETE'
|
13
|
+
end
|
14
|
+
|
15
|
+
on /\\Agratan_test\\.(foo|bar)\\z/ do
|
16
|
+
grant 'SELECT'
|
17
|
+
grant 'INSERT'
|
18
|
+
end
|
19
|
+
|
20
|
+
on /\\Agratan_test\\.z/ do
|
21
|
+
grant 'UPDATE'
|
22
|
+
grant 'DELETE'
|
23
|
+
end
|
24
|
+
end
|
25
|
+
RUBY
|
26
|
+
|
27
|
+
create_tables(:foo, :bar, :zoo, :baz) do
|
28
|
+
apply(subject) { dsl }
|
29
|
+
|
30
|
+
expect(show_grants).to match_array [
|
31
|
+
"GRANT SELECT, INSERT ON `gratan_test`.`bar` TO 'scott'@'localhost'",
|
32
|
+
"GRANT SELECT, INSERT ON `gratan_test`.`foo` TO 'scott'@'localhost'",
|
33
|
+
"GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'scott'@'localhost'",
|
34
|
+
"GRANT UPDATE, DELETE ON `gratan_test`.`zoo` TO 'scott'@'localhost'",
|
35
|
+
"GRANT USAGE ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40'",
|
36
|
+
]
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
context 'when create user using regexp (no privileges)' do
|
42
|
+
let(:logger) do
|
43
|
+
logger = Logger.new('/dev/null')
|
44
|
+
expect(logger).to receive(:warn).with("[WARN] there was no privileges to grant to 'scott'@'localhost'")
|
45
|
+
logger
|
46
|
+
end
|
47
|
+
|
48
|
+
subject { client(logger: logger) }
|
49
|
+
|
50
|
+
it do
|
51
|
+
dsl = <<-RUBY
|
52
|
+
user 'scott', 'localhost', identified: 'tiger' do
|
53
|
+
on /\\Agratan_test\\.x(foo|bar)\\z/ do
|
54
|
+
grant 'SELECT'
|
55
|
+
grant 'INSERT'
|
56
|
+
end
|
57
|
+
end
|
58
|
+
RUBY
|
59
|
+
|
60
|
+
create_tables(:foo, :bar, :zoo, :baz) do
|
61
|
+
apply(subject) { dsl }
|
62
|
+
|
63
|
+
expect(show_grants).to match_array []
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
data/spec/misc/misc_spec.rb
CHANGED
@@ -37,8 +37,12 @@ end
|
|
37
37
|
|
38
38
|
context 'when set debug' do
|
39
39
|
let(:logger) do
|
40
|
-
logger = Gratan::Logger.
|
40
|
+
logger = Gratan::Logger.send(:new)
|
41
41
|
logger.set_debug(true)
|
42
|
+
expect(logger).to receive(:debug).with("[DEBUG] SET SQL_LOG_BIN = 0")
|
43
|
+
expect(logger).to receive(:debug).with("[DEBUG] SELECT user, host FROM mysql.user")
|
44
|
+
expect(logger).to receive(:info).with("GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'scott'@'localhost' IDENTIFIED BY 'tiger'")
|
45
|
+
expect(logger).to receive(:info).with("GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'scott'@'localhost' IDENTIFIED BY 'tiger'")
|
42
46
|
logger
|
43
47
|
end
|
44
48
|
|
data/spec/spec_helper.rb
CHANGED
@@ -15,6 +15,7 @@ require 'tempfile'
|
|
15
15
|
require 'timecop'
|
16
16
|
|
17
17
|
IGNORE_USER = /\A(|root)\z/
|
18
|
+
TEST_DATABASE = 'gratan_test'
|
18
19
|
|
19
20
|
RSpec.configure do |config|
|
20
21
|
config.before(:each) do
|
@@ -36,6 +37,31 @@ def mysql
|
|
36
37
|
retval
|
37
38
|
end
|
38
39
|
|
40
|
+
def create_database(client)
|
41
|
+
client.query("CREATE DATABASE #{TEST_DATABASE}")
|
42
|
+
end
|
43
|
+
|
44
|
+
def drop_database(client)
|
45
|
+
client.query("DROP DATABASE IF EXISTS #{TEST_DATABASE}")
|
46
|
+
end
|
47
|
+
|
48
|
+
def create_table(client, table)
|
49
|
+
client.query("CREATE TABLE #{TEST_DATABASE}.#{table} (id INT)")
|
50
|
+
end
|
51
|
+
|
52
|
+
def create_tables(*tables)
|
53
|
+
mysql do |client|
|
54
|
+
begin
|
55
|
+
drop_database(client)
|
56
|
+
create_database(client)
|
57
|
+
tables.each {|i| create_table(client, i) }
|
58
|
+
yield
|
59
|
+
ensure
|
60
|
+
drop_database(client)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
39
65
|
def select_users(client)
|
40
66
|
users = []
|
41
67
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gratan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Genki Sugawara
|
@@ -146,9 +146,11 @@ files:
|
|
146
146
|
- spec/change/change_grants_2_spec.rb
|
147
147
|
- spec/change/change_grants_3_spec.rb
|
148
148
|
- spec/change/change_grants_4_spec.rb
|
149
|
+
- spec/change/change_grants_regexp_spec.rb
|
149
150
|
- spec/change/change_grants_spec.rb
|
150
151
|
- spec/create/create_user_2_spec.rb
|
151
152
|
- spec/create/create_user_3_spec.rb
|
153
|
+
- spec/create/create_user_regexp_spec.rb
|
152
154
|
- spec/create/create_user_spec.rb
|
153
155
|
- spec/drop/drop_user_2_spec.rb
|
154
156
|
- spec/drop/drop_user_spec.rb
|
@@ -177,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
177
179
|
version: '0'
|
178
180
|
requirements: []
|
179
181
|
rubyforge_project:
|
180
|
-
rubygems_version: 2.
|
182
|
+
rubygems_version: 2.4.1
|
181
183
|
signing_key:
|
182
184
|
specification_version: 4
|
183
185
|
summary: Gratan is a tool to manage MySQL permissions using Ruby DSL.
|
@@ -185,9 +187,11 @@ test_files:
|
|
185
187
|
- spec/change/change_grants_2_spec.rb
|
186
188
|
- spec/change/change_grants_3_spec.rb
|
187
189
|
- spec/change/change_grants_4_spec.rb
|
190
|
+
- spec/change/change_grants_regexp_spec.rb
|
188
191
|
- spec/change/change_grants_spec.rb
|
189
192
|
- spec/create/create_user_2_spec.rb
|
190
193
|
- spec/create/create_user_3_spec.rb
|
194
|
+
- spec/create/create_user_regexp_spec.rb
|
191
195
|
- spec/create/create_user_spec.rb
|
192
196
|
- spec/drop/drop_user_2_spec.rb
|
193
197
|
- spec/drop/drop_user_spec.rb
|