gratan 0.1.4 → 0.1.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2c3510ebf4368b03f36389baa49df8f7e85c1b86
4
- data.tar.gz: 79e2f1a39804c36d0fcd0d7d7baf87c70dec0d44
3
+ metadata.gz: 3451238bb0c3d7aa0d0069c56329a421a7250bc0
4
+ data.tar.gz: ccd1281b0e7207b22bd92fbaf8179d463b3f6df3
5
5
  SHA512:
6
- metadata.gz: 571d09776900638414956154e14cc65055262092958e52af3524b772f8b3479bbc8ea1071030a781f181a8c9066446062ef36c4b0fd08b2422c491b0f47ac92e
7
- data.tar.gz: 4ff0f03f09744d1e2ae66d3cc440c445f66bce0dcb9023e1b599fd54daeb96ea89a19a43cfcc358e3fb13d89d7c8e486efbea6da3bcf763345fe37797b094857
6
+ metadata.gz: 6c3a808d92306537c82650686ed9fe35bace9892ae1b43ef7774ba22dbfc11b56f78c8c6eec09d498d1f89ea9680354a2f6e554d0dec3d81a0d003636fe4623c
7
+ data.tar.gz: 80b1e1816218d55a88680eb2627a028b2a21d782784e913875bd43adcd7bc0d65d092144fdcb094b1d7a700385ce3a8e61f39f6f7ee807fdd9275a68a0ec8636
data/README.md CHANGED
@@ -73,6 +73,11 @@ user "scott", "%" do
73
73
  grant "SELECT"
74
74
  grant "INSERT"
75
75
  end
76
+
77
+ on /^foo\.prefix_/ do
78
+ grant "SELECT"
79
+ grant "INSERT"
80
+ end
76
81
  end
77
82
 
78
83
  user "scott", "localhost", expired: '2014/10/10' do
data/lib/gratan/client.rb CHANGED
@@ -103,15 +103,17 @@ class Gratan::Client
103
103
  end
104
104
 
105
105
  def walk_objects(user, host, expected_objects, actual_objects)
106
- expected_objects.each do |object, expected_options|
107
- expected_options ||= {}
108
- actual_options = actual_objects.delete(object)
109
-
110
- if actual_options
111
- walk_object(user, host, object, expected_options, actual_options)
112
- else
113
- @driver.grant(user, host, object, expected_options)
114
- update!
106
+ expected_objects.each do |object_or_regexp, expected_options|
107
+ @driver.expand_object(object_or_regexp).each do |object|
108
+ expected_options ||= {}
109
+ actual_options = actual_objects.delete(object)
110
+
111
+ if actual_options
112
+ walk_object(user, host, object, expected_options, actual_options)
113
+ else
114
+ @driver.grant(user, host, object, expected_options)
115
+ update!
116
+ end
115
117
  end
116
118
  end
117
119
 
data/lib/gratan/driver.rb CHANGED
@@ -18,12 +18,44 @@ class Gratan::Driver
18
18
  end
19
19
  end
20
20
 
21
+ def show_databases
22
+ query("SHOW DATABASES").map {|i| i.values.first }
23
+ end
24
+
25
+ def show_tables(database)
26
+ query("SHOW TABLES FROM `#{database}`").map {|i| i.values.first }
27
+ end
28
+
29
+ def show_all_tables
30
+ @all_tables ||= show_databases.map {|database|
31
+ show_tables(database).map do |table|
32
+ "#{database}.#{table}"
33
+ end
34
+ }.flatten
35
+ end
36
+
37
+ def expand_object(object_or_regexp)
38
+ if object_or_regexp.kind_of?(Regexp)
39
+ show_all_tables.select {|i| i =~ object_or_regexp }
40
+ else
41
+ [object_or_regexp]
42
+ end
43
+ end
44
+
21
45
  def create_user(user, host, options = {})
22
46
  objects = options[:objects]
23
47
  grant_options = options[:options]
48
+ granted = false
49
+
50
+ objects.each do |object_or_regexp, object_options|
51
+ expand_object(object_or_regexp).each do |object|
52
+ grant(user, host, object, grant_options.merge(object_options))
53
+ granted = true
54
+ end
55
+ end
24
56
 
25
- objects.each do |object, object_options|
26
- grant(user, host, object, grant_options.merge(object_options))
57
+ unless granted
58
+ log(:warn, "there was no privileges to grant to #{quote_user(user, host)}", :color => :yellow)
27
59
  end
28
60
  end
29
61
 
@@ -12,7 +12,7 @@ class Gratan::DSL::Context::User
12
12
  end
13
13
 
14
14
  def on(name, options = {}, &block)
15
- name = name.to_s
15
+ name = name.kind_of?(Regexp) ? name : name.to_s
16
16
 
17
17
  __validate("Object `#{name}` is already defined") do
18
18
  not @result.has_key?(name)
@@ -1,3 +1,3 @@
1
1
  module Gratan
2
- VERSION = '0.1.4'
2
+ VERSION = '0.1.5'
3
3
  end
@@ -0,0 +1,144 @@
1
+ describe 'Gratan::Client#apply' do
2
+ before(:each) do
3
+ apply {
4
+ <<-RUBY
5
+ user 'scott', 'localhost', identified: 'tiger', required: 'SSL' do
6
+ on '*.*' do
7
+ grant 'SELECT'
8
+ grant 'INSERT'
9
+ end
10
+
11
+ on 'test.*' do
12
+ grant 'UPDATE'
13
+ grant 'DELETE'
14
+ end
15
+
16
+ on 'mysql.user' do
17
+ grant 'SELECT (user)'
18
+ end
19
+ end
20
+
21
+ user 'bob', 'localhost' do
22
+ on '*.*' do
23
+ grant 'USAGE'
24
+ end
25
+
26
+ on 'test.*' do
27
+ grant 'ALL PRIVILEGES'
28
+ end
29
+ end
30
+ RUBY
31
+ }
32
+ end
33
+
34
+ context 'when change privs using regexp' do
35
+ subject { client }
36
+
37
+ it do
38
+ dsl = <<-RUBY
39
+ user 'scott', 'localhost', required: 'SSL' do
40
+ on '*.*' do
41
+ grant 'SELECT'
42
+ grant 'INSERT'
43
+ end
44
+
45
+ on 'test.*' do
46
+ grant 'UPDATE'
47
+ grant 'DELETE'
48
+ end
49
+
50
+ on /\\Agratan_test\\.(foo|bar)\\z/ do
51
+ grant 'SELECT'
52
+ grant 'INSERT'
53
+ end
54
+ end
55
+
56
+ user 'bob', 'localhost' do
57
+ on '*.*' do
58
+ grant 'USAGE'
59
+ end
60
+
61
+ on 'test.*' do
62
+ grant 'ALL PRIVILEGES'
63
+ end
64
+
65
+ on /\\Agratan_test\\.z/ do
66
+ grant 'UPDATE'
67
+ grant 'DELETE'
68
+ end
69
+ end
70
+ RUBY
71
+
72
+ create_tables(:foo, :bar, :zoo, :baz) do
73
+ apply(subject) { dsl }
74
+
75
+ expect(show_grants).to match_array [
76
+ "GRANT ALL PRIVILEGES ON `test`.* TO 'bob'@'localhost'",
77
+ "GRANT SELECT, INSERT ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL",
78
+ "GRANT SELECT, INSERT ON `gratan_test`.`bar` TO 'scott'@'localhost'",
79
+ "GRANT SELECT, INSERT ON `gratan_test`.`foo` TO 'scott'@'localhost'",
80
+ "GRANT UPDATE, DELETE ON `gratan_test`.`zoo` TO 'bob'@'localhost'",
81
+ "GRANT UPDATE, DELETE ON `test`.* TO 'scott'@'localhost'",
82
+ "GRANT USAGE ON *.* TO 'bob'@'localhost'",
83
+ ]
84
+ end
85
+ end
86
+ end
87
+
88
+ context 'when no change privs using regexp' do
89
+ subject { client }
90
+
91
+ it do
92
+ dsl = <<-RUBY
93
+ user 'scott', 'localhost', required: 'SSL' do
94
+ on '*.*' do
95
+ grant 'SELECT'
96
+ grant 'INSERT'
97
+ end
98
+
99
+ on 'test.*' do
100
+ grant 'UPDATE'
101
+ grant 'DELETE'
102
+ end
103
+
104
+ on 'mysql.user' do
105
+ grant 'SELECT (user)'
106
+ end
107
+
108
+ on /\\Agratan_test\\.x(foo|bar)\\z/ do
109
+ grant 'SELECT'
110
+ grant 'INSERT'
111
+ end
112
+ end
113
+
114
+ user 'bob', 'localhost' do
115
+ on '*.*' do
116
+ grant 'USAGE'
117
+ end
118
+
119
+ on 'test.*' do
120
+ grant 'ALL PRIVILEGES'
121
+ end
122
+
123
+ on /\\Agratan_test\\.xz/ do
124
+ grant 'UPDATE'
125
+ grant 'DELETE'
126
+ end
127
+ end
128
+ RUBY
129
+
130
+ create_tables(:foo, :bar, :zoo, :baz) do
131
+ result = apply(subject) { dsl }
132
+ expect(result).to be_falsey
133
+
134
+ expect(show_grants).to match_array [
135
+ "GRANT ALL PRIVILEGES ON `test`.* TO 'bob'@'localhost'",
136
+ "GRANT SELECT (user) ON `mysql`.`user` TO 'scott'@'localhost'",
137
+ "GRANT SELECT, INSERT ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL",
138
+ "GRANT UPDATE, DELETE ON `test`.* TO 'scott'@'localhost'",
139
+ "GRANT USAGE ON *.* TO 'bob'@'localhost'",
140
+ ]
141
+ end
142
+ end
143
+ end
144
+ end
@@ -0,0 +1,67 @@
1
+ describe 'Gratan::Client#apply' do
2
+ context 'when create user using regexp' do
3
+ subject { client }
4
+
5
+ it do
6
+ dsl = <<-RUBY
7
+ user 'scott', 'localhost', identified: 'tiger' do
8
+ on 'test.*' do
9
+ grant 'SELECT'
10
+ grant 'INSERT'
11
+ grant 'UPDATE'
12
+ grant 'DELETE'
13
+ end
14
+
15
+ on /\\Agratan_test\\.(foo|bar)\\z/ do
16
+ grant 'SELECT'
17
+ grant 'INSERT'
18
+ end
19
+
20
+ on /\\Agratan_test\\.z/ do
21
+ grant 'UPDATE'
22
+ grant 'DELETE'
23
+ end
24
+ end
25
+ RUBY
26
+
27
+ create_tables(:foo, :bar, :zoo, :baz) do
28
+ apply(subject) { dsl }
29
+
30
+ expect(show_grants).to match_array [
31
+ "GRANT SELECT, INSERT ON `gratan_test`.`bar` TO 'scott'@'localhost'",
32
+ "GRANT SELECT, INSERT ON `gratan_test`.`foo` TO 'scott'@'localhost'",
33
+ "GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'scott'@'localhost'",
34
+ "GRANT UPDATE, DELETE ON `gratan_test`.`zoo` TO 'scott'@'localhost'",
35
+ "GRANT USAGE ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40'",
36
+ ]
37
+ end
38
+ end
39
+ end
40
+
41
+ context 'when create user using regexp (no privileges)' do
42
+ let(:logger) do
43
+ logger = Logger.new('/dev/null')
44
+ expect(logger).to receive(:warn).with("[WARN] there was no privileges to grant to 'scott'@'localhost'")
45
+ logger
46
+ end
47
+
48
+ subject { client(logger: logger) }
49
+
50
+ it do
51
+ dsl = <<-RUBY
52
+ user 'scott', 'localhost', identified: 'tiger' do
53
+ on /\\Agratan_test\\.x(foo|bar)\\z/ do
54
+ grant 'SELECT'
55
+ grant 'INSERT'
56
+ end
57
+ end
58
+ RUBY
59
+
60
+ create_tables(:foo, :bar, :zoo, :baz) do
61
+ apply(subject) { dsl }
62
+
63
+ expect(show_grants).to match_array []
64
+ end
65
+ end
66
+ end
67
+ end
@@ -37,8 +37,12 @@ end
37
37
 
38
38
  context 'when set debug' do
39
39
  let(:logger) do
40
- logger = Gratan::Logger.instance
40
+ logger = Gratan::Logger.send(:new)
41
41
  logger.set_debug(true)
42
+ expect(logger).to receive(:debug).with("[DEBUG] SET SQL_LOG_BIN = 0")
43
+ expect(logger).to receive(:debug).with("[DEBUG] SELECT user, host FROM mysql.user")
44
+ expect(logger).to receive(:info).with("GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'scott'@'localhost' IDENTIFIED BY 'tiger'")
45
+ expect(logger).to receive(:info).with("GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'scott'@'localhost' IDENTIFIED BY 'tiger'")
42
46
  logger
43
47
  end
44
48
 
data/spec/spec_helper.rb CHANGED
@@ -15,6 +15,7 @@ require 'tempfile'
15
15
  require 'timecop'
16
16
 
17
17
  IGNORE_USER = /\A(|root)\z/
18
+ TEST_DATABASE = 'gratan_test'
18
19
 
19
20
  RSpec.configure do |config|
20
21
  config.before(:each) do
@@ -36,6 +37,31 @@ def mysql
36
37
  retval
37
38
  end
38
39
 
40
+ def create_database(client)
41
+ client.query("CREATE DATABASE #{TEST_DATABASE}")
42
+ end
43
+
44
+ def drop_database(client)
45
+ client.query("DROP DATABASE IF EXISTS #{TEST_DATABASE}")
46
+ end
47
+
48
+ def create_table(client, table)
49
+ client.query("CREATE TABLE #{TEST_DATABASE}.#{table} (id INT)")
50
+ end
51
+
52
+ def create_tables(*tables)
53
+ mysql do |client|
54
+ begin
55
+ drop_database(client)
56
+ create_database(client)
57
+ tables.each {|i| create_table(client, i) }
58
+ yield
59
+ ensure
60
+ drop_database(client)
61
+ end
62
+ end
63
+ end
64
+
39
65
  def select_users(client)
40
66
  users = []
41
67
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gratan
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Genki Sugawara
@@ -146,9 +146,11 @@ files:
146
146
  - spec/change/change_grants_2_spec.rb
147
147
  - spec/change/change_grants_3_spec.rb
148
148
  - spec/change/change_grants_4_spec.rb
149
+ - spec/change/change_grants_regexp_spec.rb
149
150
  - spec/change/change_grants_spec.rb
150
151
  - spec/create/create_user_2_spec.rb
151
152
  - spec/create/create_user_3_spec.rb
153
+ - spec/create/create_user_regexp_spec.rb
152
154
  - spec/create/create_user_spec.rb
153
155
  - spec/drop/drop_user_2_spec.rb
154
156
  - spec/drop/drop_user_spec.rb
@@ -177,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
177
179
  version: '0'
178
180
  requirements: []
179
181
  rubyforge_project:
180
- rubygems_version: 2.0.14
182
+ rubygems_version: 2.4.1
181
183
  signing_key:
182
184
  specification_version: 4
183
185
  summary: Gratan is a tool to manage MySQL permissions using Ruby DSL.
@@ -185,9 +187,11 @@ test_files:
185
187
  - spec/change/change_grants_2_spec.rb
186
188
  - spec/change/change_grants_3_spec.rb
187
189
  - spec/change/change_grants_4_spec.rb
190
+ - spec/change/change_grants_regexp_spec.rb
188
191
  - spec/change/change_grants_spec.rb
189
192
  - spec/create/create_user_2_spec.rb
190
193
  - spec/create/create_user_3_spec.rb
194
+ - spec/create/create_user_regexp_spec.rb
191
195
  - spec/create/create_user_spec.rb
192
196
  - spec/drop/drop_user_2_spec.rb
193
197
  - spec/drop/drop_user_spec.rb