Skip to content

Commit 189db7f

Browse files
phongdlyphongdly
committed
(MODULES-2469) Create Automated Tests for sqlserver::role
1 parent d034592 commit 189db7f

File tree

1 file changed

+231
-0
lines changed

1 file changed

+231
-0
lines changed

spec/acceptance/sqlserver_role_spec.rb

Lines changed: 231 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,231 @@
1+
require 'spec_helper_acceptance'
2+
require 'securerandom'
3+
require 'erb'
4+
5+
host = find_only_one("sql_host")
6+
hostname = host.hostname
7+
8+
# database name
9+
DB_NAME = ("DB" + SecureRandom.hex(4)).upcase
10+
LOGIN1 = "Login1_" + SecureRandom.hex(2)
11+
LOGIN2 = "Login2_" + SecureRandom.hex(2)
12+
LOGIN3 = "Login3_" + SecureRandom.hex(2)
13+
USER1 = "User1_" + SecureRandom.hex(2)
14+
15+
describe "Test sqlserver::role", :node => host do
16+
17+
18+
def ensure_sqlserver_logins_users(host)
19+
pp = <<-MANIFEST
20+
sqlserver::config{'MSSQLSERVER':
21+
admin_user => 'sa',
22+
admin_pass => 'Pupp3t1@',
23+
}
24+
sqlserver::database{ '#{DB_NAME}':
25+
}
26+
sqlserver::login{'#{LOGIN1}':
27+
login_type => 'SQL_LOGIN',
28+
password => 'Pupp3t1@',
29+
}
30+
sqlserver::login{'#{LOGIN2}':
31+
login_type => 'SQL_LOGIN',
32+
password => 'Pupp3t1@',
33+
}
34+
sqlserver::login{'#{LOGIN3}':
35+
login_type => 'SQL_LOGIN',
36+
password => 'Pupp3t1@',
37+
}
38+
39+
sqlserver::user{'#{USER1}':
40+
database => '#{DB_NAME}',
41+
user => '#{USER1}',
42+
login => '#{LOGIN1}',
43+
default_schema => 'guest',
44+
require => Sqlserver::Login['#{LOGIN1}'],
45+
}
46+
MANIFEST
47+
apply_manifest_on(host, pp) do |r|
48+
expect(r.stderr).not_to match(/Error/i)
49+
end
50+
end
51+
52+
context "Test sqlser::role", {:testrail => ['89161', '89162', '89163', '89164', '89165']} do
53+
before(:all) do
54+
# Create database users
55+
ensure_sqlserver_logins_users(host)
56+
end
57+
before(:each) do
58+
#@new_sql_login = "Login" + SecureRandom.hex(2)
59+
@role = "Role_" + SecureRandom.hex(2)
60+
end
61+
62+
after(:all) do
63+
# remove the newly created database
64+
pp = <<-MANIFEST
65+
sqlserver::database{ '#{DB_NAME}':
66+
ensure => 'absent',
67+
}
68+
MANIFEST
69+
# apply_manifest_on(host, pp) do |r|
70+
# expect(r.stderr).not_to match(/Error/i)
71+
# end
72+
end
73+
74+
it "Create server role #{@role} with optional authorization" do
75+
pp = <<-MANIFEST
76+
sqlserver::config{'MSSQLSERVER':
77+
admin_user => 'sa',
78+
admin_pass => 'Pupp3t1@',
79+
}
80+
sqlserver::role{'ServerRole':
81+
ensure => 'present',
82+
authorization => '#{LOGIN1}',
83+
role => '#{@role}',
84+
permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
85+
type => 'SERVER',
86+
}
87+
MANIFEST
88+
apply_manifest_on(host, pp) do |r|
89+
expect(r.stderr).not_to match(/Error/i)
90+
end
91+
92+
#validate that the database-specific role '#{@role}' is successfully created with specified permissions':
93+
query = "USE #{DB_NAME};
94+
SELECT spr.principal_id, spr.name,
95+
spe.state_desc, spe.permission_name
96+
FROM sys.server_principals AS spr
97+
JOIN sys.server_permissions AS spe
98+
ON spe.grantee_principal_id = spr.principal_id
99+
WHERE spr.name = '#{@role}';"
100+
101+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 2 })
102+
103+
# validate that the database-specific role '#{@role}' has correct authorization #{LOGIN1}
104+
query = "USE #{DB_NAME};
105+
SELECT spr.name, sl.name
106+
FROM sys.server_principals AS spr
107+
JOIN sys.sql_logins AS sl
108+
ON spr.owning_principal_id = sl.principal_id
109+
WHERE sl.name = '#{LOGIN1}';"
110+
111+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 1 })
112+
end
113+
114+
it "Create database-specific role: #{@role}" do
115+
pp = <<-MANIFEST
116+
sqlserver::config{'MSSQLSERVER':
117+
admin_user => 'sa',
118+
admin_pass => 'Pupp3t1@',
119+
}
120+
sqlserver::role{'DatabaseRole':
121+
ensure => 'present',
122+
role => '#{@role}',
123+
database => '#{DB_NAME}',
124+
permissions => {'GRANT' => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'CONTROL', 'ALTER']},
125+
type => 'DATABASE',
126+
}
127+
MANIFEST
128+
apply_manifest_on(host, pp) do |r|
129+
expect(r.stderr).not_to match(/Error/i)
130+
end
131+
132+
# validate that the database-specific role '#{@role}' is successfully created with specified permissions':
133+
query = "USE #{DB_NAME};
134+
SELECT pr.principal_id, pr.name, pr.type_desc,
135+
pr.authentication_type_desc, pe.state_desc, pe.permission_name
136+
FROM sys.database_principals AS pr
137+
JOIN sys.database_permissions AS pe
138+
ON pe.grantee_principal_id = pr.principal_id
139+
WHERE pr.name = '#{@role}';"
140+
141+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 6 })
142+
end
143+
144+
it "Create server role #{@role} with optional members" do
145+
pp = <<-MANIFEST
146+
sqlserver::config{'MSSQLSERVER':
147+
admin_user => 'sa',
148+
admin_pass => 'Pupp3t1@',
149+
}
150+
sqlserver::role{'ServerRole':
151+
instance => 'MSSQLSERVER',
152+
ensure => 'present',
153+
role => '#{@role}',
154+
permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
155+
type => 'SERVER',
156+
members => ['#{LOGIN1}', '#{LOGIN2}', '#{LOGIN3}'],
157+
}
158+
MANIFEST
159+
apply_manifest_on(host, pp) do |r|
160+
expect(r.stderr).not_to match(/Error/i)
161+
end
162+
163+
#validate that the server role '#{@role}' is successfully created with specified permissions':
164+
query = "USE #{DB_NAME};
165+
SELECT spr.principal_id, spr.name,
166+
spe.state_desc, spe.permission_name
167+
FROM sys.server_principals AS spr
168+
JOIN sys.server_permissions AS spe
169+
ON spe.grantee_principal_id = spr.principal_id
170+
WHERE spr.name = '#{@role}';"
171+
172+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 2 })
173+
174+
#validate that the t server role '#{@role}' has correct members (Login1, 2, 3)
175+
query = "USE #{DB_NAME};
176+
SELECT sp1.principal_id AS LOGIN, sp1.name AS ServerRole
177+
FROM sys.server_principals sp1
178+
JOIN sys.server_role_members m
179+
ON sp1.principal_id = m.member_principal_id
180+
JOIN sys.server_principals sp2
181+
ON m.role_principal_id = sp2.principal_id
182+
WHERE sp1.name = '#{LOGIN1}'
183+
OR sp1.name = '#{LOGIN2}'
184+
OR sp1.name = '#{LOGIN3}';"
185+
186+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 3 })
187+
end
188+
189+
it "Create server role #{@role} with optional members_purge" do
190+
pp = <<-MANIFEST
191+
sqlserver::config{'MSSQLSERVER':
192+
admin_user => 'sa',
193+
admin_pass => 'Pupp3t1@',
194+
}
195+
sqlserver::role{'ServerRole':
196+
instance => 'MSSQLSERVER',
197+
ensure => 'present',
198+
role => '#{@role}',
199+
permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
200+
type => 'SERVER',
201+
members => ['#{LOGIN3}'],
202+
members_purge => true,
203+
}
204+
MANIFEST
205+
apply_manifest_on(host, pp) do |r|
206+
expect(r.stderr).not_to match(/Error/i)
207+
end
208+
209+
#validate that the server role '#{@role}' is successfully created with specified permissions':
210+
query = "USE #{DB_NAME};
211+
SELECT spr.principal_id, spr.name,
212+
spe.state_desc, spe.permission_name
213+
FROM sys.server_principals AS spr
214+
JOIN sys.server_permissions AS spe
215+
ON spe.grantee_principal_id = spr.principal_id
216+
WHERE spr.name = '#{@role}';"
217+
218+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 2 })
219+
220+
#validate that the t server role '#{@role}' has correct members (Login3)
221+
query = "USE #{DB_NAME};
222+
SELECT sp1.principal_id AS ID, sp1.name AS Logins
223+
FROM sys.server_principals sp1
224+
JOIN sys.server_role_members m
225+
ON sp1.principal_id = m.member_principal_id
226+
where sp1.name = '#{@role}';"
227+
228+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 1 })
229+
end
230+
end
231+
end

0 commit comments

Comments
 (0)