1
+ require 'spec_helper_acceptance'
2
+ require 'securerandom'
3
+ require 'erb'
4
+
5
+ host = find_only_one ( "sql_host" )
6
+ hostname = host . hostname
7
+
8
+ # database name
9
+ DB_NAME = ( "DB" + SecureRandom . hex ( 4 ) ) . upcase
10
+ LOGIN1 = "Login1_" + SecureRandom . hex ( 2 )
11
+ LOGIN2 = "Login2_" + SecureRandom . hex ( 2 )
12
+ LOGIN3 = "Login3_" + SecureRandom . hex ( 2 )
13
+ USER1 = "User1_" + SecureRandom . hex ( 2 )
14
+
15
+ describe "Test sqlserver::role" , :node => host do
16
+
17
+
18
+ def ensure_sqlserver_logins_users ( host )
19
+ pp = <<-MANIFEST
20
+ sqlserver::config{'MSSQLSERVER':
21
+ admin_user => 'sa',
22
+ admin_pass => 'Pupp3t1@',
23
+ }
24
+ sqlserver::database{ '#{ DB_NAME } ':
25
+ }
26
+ sqlserver::login{'#{ LOGIN1 } ':
27
+ login_type => 'SQL_LOGIN',
28
+ password => 'Pupp3t1@',
29
+ }
30
+ sqlserver::login{'#{ LOGIN2 } ':
31
+ login_type => 'SQL_LOGIN',
32
+ password => 'Pupp3t1@',
33
+ }
34
+ sqlserver::login{'#{ LOGIN3 } ':
35
+ login_type => 'SQL_LOGIN',
36
+ password => 'Pupp3t1@',
37
+ }
38
+
39
+ sqlserver::user{'#{ USER1 } ':
40
+ database => '#{ DB_NAME } ',
41
+ user => '#{ USER1 } ',
42
+ login => '#{ LOGIN1 } ',
43
+ default_schema => 'guest',
44
+ require => Sqlserver::Login['#{ LOGIN1 } '],
45
+ }
46
+ MANIFEST
47
+ apply_manifest_on ( host , pp ) do |r |
48
+ expect ( r . stderr ) . not_to match ( /Error/i )
49
+ end
50
+ end
51
+
52
+ context "Test sqlser::role" , { :testrail => [ '89161' , '89162' , '89163' , '89164' , '89165' ] } do
53
+ before ( :all ) do
54
+ # Create database users
55
+ ensure_sqlserver_logins_users ( host )
56
+ end
57
+ before ( :each ) do
58
+ #@new_sql_login = "Login" + SecureRandom.hex(2)
59
+ @role = "Role_" + SecureRandom . hex ( 2 )
60
+ end
61
+
62
+ after ( :all ) do
63
+ # remove the newly created database
64
+ pp = <<-MANIFEST
65
+ sqlserver::database{ '#{ DB_NAME } ':
66
+ ensure => 'absent',
67
+ }
68
+ MANIFEST
69
+ # apply_manifest_on(host, pp) do |r|
70
+ # expect(r.stderr).not_to match(/Error/i)
71
+ # end
72
+ end
73
+
74
+ it "Create server role #{ @role } with optional authorization" do
75
+ pp = <<-MANIFEST
76
+ sqlserver::config{'MSSQLSERVER':
77
+ admin_user => 'sa',
78
+ admin_pass => 'Pupp3t1@',
79
+ }
80
+ sqlserver::role{'ServerRole':
81
+ ensure => 'present',
82
+ authorization => '#{ LOGIN1 } ',
83
+ role => '#{ @role } ',
84
+ permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
85
+ type => 'SERVER',
86
+ }
87
+ MANIFEST
88
+ apply_manifest_on ( host , pp ) do |r |
89
+ expect ( r . stderr ) . not_to match ( /Error/i )
90
+ end
91
+
92
+ #validate that the database-specific role '#{@role}' is successfully created with specified permissions':
93
+ query = "USE #{ DB_NAME } ;
94
+ SELECT spr.principal_id, spr.name,
95
+ spe.state_desc, spe.permission_name
96
+ FROM sys.server_principals AS spr
97
+ JOIN sys.server_permissions AS spe
98
+ ON spe.grantee_principal_id = spr.principal_id
99
+ WHERE spr.name = '#{ @role } ';"
100
+
101
+ run_sql_query ( host , { :query => query , :server => hostname , :expected_row_count => 2 } )
102
+
103
+ # validate that the database-specific role '#{@role}' has correct authorization #{LOGIN1}
104
+ query = "USE #{ DB_NAME } ;
105
+ SELECT spr.name, sl.name
106
+ FROM sys.server_principals AS spr
107
+ JOIN sys.sql_logins AS sl
108
+ ON spr.owning_principal_id = sl.principal_id
109
+ WHERE sl.name = '#{ LOGIN1 } ';"
110
+
111
+ run_sql_query ( host , { :query => query , :server => hostname , :expected_row_count => 1 } )
112
+ end
113
+
114
+ it "Create database-specific role: #{ @role } " do
115
+ pp = <<-MANIFEST
116
+ sqlserver::config{'MSSQLSERVER':
117
+ admin_user => 'sa',
118
+ admin_pass => 'Pupp3t1@',
119
+ }
120
+ sqlserver::role{'DatabaseRole':
121
+ ensure => 'present',
122
+ role => '#{ @role } ',
123
+ database => '#{ DB_NAME } ',
124
+ permissions => {'GRANT' => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'CONTROL', 'ALTER']},
125
+ type => 'DATABASE',
126
+ }
127
+ MANIFEST
128
+ apply_manifest_on ( host , pp ) do |r |
129
+ expect ( r . stderr ) . not_to match ( /Error/i )
130
+ end
131
+
132
+ # validate that the database-specific role '#{@role}' is successfully created with specified permissions':
133
+ query = "USE #{ DB_NAME } ;
134
+ SELECT pr.principal_id, pr.name, pr.type_desc,
135
+ pr.authentication_type_desc, pe.state_desc, pe.permission_name
136
+ FROM sys.database_principals AS pr
137
+ JOIN sys.database_permissions AS pe
138
+ ON pe.grantee_principal_id = pr.principal_id
139
+ WHERE pr.name = '#{ @role } ';"
140
+
141
+ run_sql_query ( host , { :query => query , :server => hostname , :expected_row_count => 6 } )
142
+ end
143
+
144
+ it "Create server role #{ @role } with optional members" do
145
+ pp = <<-MANIFEST
146
+ sqlserver::config{'MSSQLSERVER':
147
+ admin_user => 'sa',
148
+ admin_pass => 'Pupp3t1@',
149
+ }
150
+ sqlserver::role{'ServerRole':
151
+ instance => 'MSSQLSERVER',
152
+ ensure => 'present',
153
+ role => '#{ @role } ',
154
+ permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
155
+ type => 'SERVER',
156
+ members => ['#{ LOGIN1 } ', '#{ LOGIN2 } ', '#{ LOGIN3 } '],
157
+ }
158
+ MANIFEST
159
+ apply_manifest_on ( host , pp ) do |r |
160
+ expect ( r . stderr ) . not_to match ( /Error/i )
161
+ end
162
+
163
+ #validate that the server role '#{@role}' is successfully created with specified permissions':
164
+ query = "USE #{ DB_NAME } ;
165
+ SELECT spr.principal_id, spr.name,
166
+ spe.state_desc, spe.permission_name
167
+ FROM sys.server_principals AS spr
168
+ JOIN sys.server_permissions AS spe
169
+ ON spe.grantee_principal_id = spr.principal_id
170
+ WHERE spr.name = '#{ @role } ';"
171
+
172
+ run_sql_query ( host , { :query => query , :server => hostname , :expected_row_count => 2 } )
173
+
174
+ #validate that the t server role '#{@role}' has correct members (Login1, 2, 3)
175
+ query = "USE #{ DB_NAME } ;
176
+ SELECT sp1.principal_id AS LOGIN, sp1.name AS ServerRole
177
+ FROM sys.server_principals sp1
178
+ JOIN sys.server_role_members m
179
+ ON sp1.principal_id = m.member_principal_id
180
+ JOIN sys.server_principals sp2
181
+ ON m.role_principal_id = sp2.principal_id
182
+ WHERE sp1.name = '#{ LOGIN1 } '
183
+ OR sp1.name = '#{ LOGIN2 } '
184
+ OR sp1.name = '#{ LOGIN3 } ';"
185
+
186
+ run_sql_query ( host , { :query => query , :server => hostname , :expected_row_count => 3 } )
187
+ end
188
+
189
+ it "Create server role #{ @role } with optional members_purge" do
190
+ pp = <<-MANIFEST
191
+ sqlserver::config{'MSSQLSERVER':
192
+ admin_user => 'sa',
193
+ admin_pass => 'Pupp3t1@',
194
+ }
195
+ sqlserver::role{'ServerRole':
196
+ instance => 'MSSQLSERVER',
197
+ ensure => 'present',
198
+ role => '#{ @role } ',
199
+ permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
200
+ type => 'SERVER',
201
+ members => ['#{ LOGIN3 } '],
202
+ members_purge => true,
203
+ }
204
+ MANIFEST
205
+ apply_manifest_on ( host , pp ) do |r |
206
+ expect ( r . stderr ) . not_to match ( /Error/i )
207
+ end
208
+
209
+ #validate that the server role '#{@role}' is successfully created with specified permissions':
210
+ query = "USE #{ DB_NAME } ;
211
+ SELECT spr.principal_id, spr.name,
212
+ spe.state_desc, spe.permission_name
213
+ FROM sys.server_principals AS spr
214
+ JOIN sys.server_permissions AS spe
215
+ ON spe.grantee_principal_id = spr.principal_id
216
+ WHERE spr.name = '#{ @role } ';"
217
+
218
+ run_sql_query ( host , { :query => query , :server => hostname , :expected_row_count => 2 } )
219
+
220
+ #validate that the t server role '#{@role}' has correct members (Login3)
221
+ query = "USE #{ DB_NAME } ;
222
+ SELECT sp1.principal_id AS ID, sp1.name AS Logins
223
+ FROM sys.server_principals sp1
224
+ JOIN sys.server_role_members m
225
+ ON sp1.principal_id = m.member_principal_id
226
+ where sp1.name = '#{ @role } ';"
227
+
228
+ run_sql_query ( host , { :query => query , :server => hostname , :expected_row_count => 1 } )
229
+ end
230
+ end
231
+ end
0 commit comments