Skip to content

Commit 53ceeee

Browse files
author
Ryan Gard
committed
Merge pull request #147 from phongdly/MODULES-2469/sqlserver-user
(MODULES-2469) Create Automated Tests for sqlserver::role
2 parents d034592 + a1e8795 commit 53ceeee

File tree

1 file changed

+237
-0
lines changed

1 file changed

+237
-0
lines changed

spec/acceptance/sqlserver_role_spec.rb

Lines changed: 237 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,237 @@
1+
require 'spec_helper_acceptance'
2+
require 'securerandom'
3+
require 'erb'
4+
5+
host = find_only_one("sql_host")
6+
hostname = host.hostname
7+
8+
# database name
9+
DB_NAME = ("DB" + SecureRandom.hex(4)).upcase
10+
LOGIN1 = "Login1_" + SecureRandom.hex(2)
11+
LOGIN2 = "Login2_" + SecureRandom.hex(2)
12+
LOGIN3 = "Login3_" + SecureRandom.hex(2)
13+
USER1 = "User1_" + SecureRandom.hex(2)
14+
15+
describe "Test sqlserver::role", :node => host do
16+
17+
def ensure_sqlserver_logins_users(host)
18+
pp = <<-MANIFEST
19+
sqlserver::config{'MSSQLSERVER':
20+
admin_user => 'sa',
21+
admin_pass => 'Pupp3t1@',
22+
}
23+
sqlserver::database{ '#{DB_NAME}':
24+
}
25+
sqlserver::login{'#{LOGIN1}':
26+
login_type => 'SQL_LOGIN',
27+
password => 'Pupp3t1@',
28+
}
29+
sqlserver::login{'#{LOGIN2}':
30+
login_type => 'SQL_LOGIN',
31+
password => 'Pupp3t1@',
32+
}
33+
sqlserver::login{'#{LOGIN3}':
34+
login_type => 'SQL_LOGIN',
35+
password => 'Pupp3t1@',
36+
}
37+
sqlserver::user{'#{USER1}':
38+
database => '#{DB_NAME}',
39+
user => '#{USER1}',
40+
login => '#{LOGIN1}',
41+
default_schema => 'guest',
42+
require => Sqlserver::Login['#{LOGIN1}'],
43+
}
44+
MANIFEST
45+
apply_manifest_on(host, pp) do |r|
46+
expect(r.stderr).not_to match(/Error/i)
47+
end
48+
end
49+
50+
context "Start testing sqlserver::role", {:testrail => ['89161', '89162', '89163', '89164', '89165']} do
51+
before(:all) do
52+
# Create database users
53+
ensure_sqlserver_logins_users(host)
54+
end
55+
before(:each) do
56+
@role = "Role_" + SecureRandom.hex(2)
57+
end
58+
after(:each) do
59+
pp = <<-MANIFEST
60+
sqlserver::config{'MSSQLSERVER':
61+
admin_user => 'sa',
62+
admin_pass => 'Pupp3t1@',
63+
}
64+
sqlserver::role{'#{@role}':
65+
ensure => 'absent',
66+
}
67+
MANIFEST
68+
apply_manifest_on(host, pp) do |r|
69+
expect(r.stderr).not_to match(/Error/i)
70+
end
71+
end
72+
73+
after(:all) do
74+
# remove all newly created logins
75+
pp = <<-MANIFEST
76+
sqlserver::config{'MSSQLSERVER':
77+
admin_user => 'sa',
78+
admin_pass => 'Pupp3t1@',
79+
}
80+
sqlserver::user{'#{USER1}':
81+
database => '#{DB_NAME}',
82+
ensure => 'absent',
83+
}
84+
MANIFEST
85+
apply_manifest_on(host, pp) do |r|
86+
expect(r.stderr).not_to match(/Error/i)
87+
end
88+
end
89+
90+
it "Create server role #{@role} with optional authorization" do
91+
pp = <<-MANIFEST
92+
sqlserver::config{'MSSQLSERVER':
93+
admin_user => 'sa',
94+
admin_pass => 'Pupp3t1@',
95+
}
96+
sqlserver::role{'ServerRole':
97+
ensure => 'present',
98+
authorization => '#{LOGIN1}',
99+
role => '#{@role}',
100+
permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
101+
type => 'SERVER',
102+
}
103+
MANIFEST
104+
apply_manifest_on(host, pp) do |r|
105+
expect(r.stderr).not_to match(/Error/i)
106+
end
107+
108+
#validate that the database-specific role '#{@role}' is successfully created with specified permissions':
109+
query = "USE #{DB_NAME};
110+
SELECT spr.principal_id, spr.name,
111+
spe.state_desc, spe.permission_name
112+
FROM sys.server_principals AS spr
113+
JOIN sys.server_permissions AS spe
114+
ON spe.grantee_principal_id = spr.principal_id
115+
WHERE spr.name = '#{@role}';"
116+
117+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 2 })
118+
119+
# validate that the database-specific role '#{@role}' has correct authorization #{LOGIN1}
120+
query = "USE #{DB_NAME};
121+
SELECT spr.name, sl.name
122+
FROM sys.server_principals AS spr
123+
JOIN sys.sql_logins AS sl
124+
ON spr.owning_principal_id = sl.principal_id
125+
WHERE sl.name = '#{LOGIN1}';"
126+
127+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 1 })
128+
end
129+
130+
it "Create database-specific role #{@role}" do
131+
pp = <<-MANIFEST
132+
sqlserver::config{'MSSQLSERVER':
133+
admin_user => 'sa',
134+
admin_pass => 'Pupp3t1@',
135+
}
136+
sqlserver::role{'DatabaseRole':
137+
ensure => 'present',
138+
role => '#{@role}',
139+
database => '#{DB_NAME}',
140+
permissions => {'GRANT' => ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'CONTROL', 'ALTER']},
141+
type => 'DATABASE',
142+
}
143+
MANIFEST
144+
apply_manifest_on(host, pp) do |r|
145+
expect(r.stderr).not_to match(/Error/i)
146+
end
147+
148+
# validate that the database-specific role '#{@role}' is successfully created with specified permissions':
149+
query = "USE #{DB_NAME};
150+
SELECT pr.principal_id, pr.name, pr.type_desc,
151+
pr.authentication_type_desc, pe.state_desc, pe.permission_name
152+
FROM sys.database_principals AS pr
153+
JOIN sys.database_permissions AS pe
154+
ON pe.grantee_principal_id = pr.principal_id
155+
WHERE pr.name = '#{@role}';"
156+
157+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 6 })
158+
end
159+
160+
# temporarily skip this test because of ticket MODULES-2543
161+
xit "Create server role #{@role} with optional members and optional members-purge" do
162+
pp = <<-MANIFEST
163+
sqlserver::config{'MSSQLSERVER':
164+
admin_user => 'sa',
165+
admin_pass => 'Pupp3t1@',
166+
}
167+
sqlserver::role{'ServerRole':
168+
instance => 'MSSQLSERVER',
169+
ensure => 'present',
170+
role => '#{@role}',
171+
permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
172+
type => 'SERVER',
173+
members => ['#{LOGIN1}', '#{LOGIN2}', '#{LOGIN3}'],
174+
}
175+
MANIFEST
176+
apply_manifest_on(host, pp) do |r|
177+
expect(r.stderr).not_to match(/Error/i)
178+
end
179+
180+
#validate that the server role '#{@role}' is successfully created with specified permissions':
181+
query = "USE #{DB_NAME};
182+
SELECT spr.principal_id AS ID, spr.name AS Server_Role,
183+
spe.state_desc, spe.permission_name
184+
FROM sys.server_principals AS spr
185+
JOIN sys.server_permissions AS spe
186+
ON spe.grantee_principal_id = spr.principal_id
187+
WHERE spr.name = '#{@role}';"
188+
189+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 2 })
190+
191+
#validate that the t server role '#{@role}' has correct members (Login1, 2, 3)
192+
query = "USE #{DB_NAME};
193+
SELECT spr.principal_id AS ID, spr.name AS ServerRole
194+
FROM sys.server_principals AS spr
195+
JOIN sys.server_role_members m
196+
ON spr.principal_id = m.member_principal_id
197+
WHERE spr.name = '#{LOGIN1}'
198+
OR spr.name = '#{LOGIN2}'
199+
OR spr.name = '#{LOGIN3}'
200+
OR spr.name = 'LOGIN4';"
201+
202+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 3 })
203+
204+
puts "Create server role #{@role} with optional members_purge:"
205+
pp = <<-MANIFEST
206+
sqlserver::config{'MSSQLSERVER':
207+
admin_user => 'sa',
208+
admin_pass => 'Pupp3t1@',
209+
}
210+
sqlserver::role{'ServerRole':
211+
instance => 'MSSQLSERVER',
212+
ensure => 'present',
213+
role => '#{@role}',
214+
permissions => {'GRANT' => ['CREATE ENDPOINT', 'CREATE ANY DATABASE']},
215+
type => 'SERVER',
216+
members => ['#{LOGIN3}'],
217+
members_purge => true,
218+
}
219+
MANIFEST
220+
apply_manifest_on(host, pp) do |r|
221+
expect(r.stderr).not_to match(/Error/i)
222+
end
223+
224+
#validate that the t server role '#{@role}' has correct members (only Login3)
225+
query = "USE #{DB_NAME};
226+
SELECT spr.principal_id AS ID, spr.name AS ServerRole
227+
FROM sys.server_principals AS spr
228+
JOIN sys.server_role_members m
229+
ON spr.principal_id = m.member_principal_id
230+
WHERE spr.name = '#{LOGIN1}'
231+
OR spr.name = '#{LOGIN2}'
232+
OR spr.name = '#{LOGIN3}';"
233+
234+
run_sql_query(host, { :query => query, :server => hostname, :expected_row_count => 1 })
235+
end
236+
end
237+
end

0 commit comments

Comments
 (0)