(MODULES-3256)(MODULES-2323)(MODULES-2554)(MODULES-3083) Fix sqlserver::login resource #182
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously the module would fail to create and delete windows based logins due to the TSQL scripts querying the `SQL_LOGINS` table. This table only lists SQL logins, not Windows logins. Instead the `SERVER_PRINCIPALS` table is used to determine login existance and correctness. This commit also modifies how Windows Group logins are disabled. Groups can not be disabled, they can only be denied to connect to the database. This requires the use the GRAND/REVOKE server permissions table. This commit detects the state of the login using the `server_permissions` table.
glennsarti
changed the title
glennsarti
changed the title
glennsarti
changed the title
| def create_login_manifest (testcase,login_name,login_password,options = {}) | ||
| case testcase | ||
| when 'SQL_LOGIN user' | ||
| login_type = 'SQL_LOGIN' |
There was a problem hiding this comment.
whitespace question - should this be a full tab under when ?
There was a problem hiding this comment.
Not sure...typically I do
There was a problem hiding this comment.
Ok. Looks like currently its just one space instead of tab
There was a problem hiding this comment.
Ahh I see. I'll fix that up
Previously when attempting to remove a login from an MS SQL Server, a TSQL error was thrown. This is due to the `GO` statement in the template. `GO` is not a TSQL statement, it is actually a command interpretted by a client, such as sqlcmd.exe. This commit changes the template to use only TSQL statements and uses the `DROP LOGIN` command as the `sp_droplogin` stored procedure has been deprecated. This commit re-instates the login deletion after each login acceptance test. Ref: https://msdn.microsoft.com/en-us/library/ms189767.aspx
Previously when attempting to remove a database from an MS SQL Server, a TSQL error was thrown. This is due to the `GO` statement in the template. `GO` is not a TSQL statement, it is actually a command interpretted by a TSQL client, such as sqlcmd.exe. This commit changes the database delete template to use only TSQL statements and terminate with a semi-colon. This change also reinstates the database deletion in the login_spec and database_spec acceptance tests.
Previously the acceptance test for the sqlserver::login resource was only testing a portion of the functionality. This commit refactors the test suite and adds the following tests; - Adds Windows user and group logins to the test suite - Removes test fixtures for login, database and windows principals on completion - Parameterizes the manifest generation - Tests creating a resource as well as modifying an existing resource - Tests deleting a sqlserver::login resource - Tests disabling a resource - Fixes testing errors where it was using a disabled account for db access - Added function to query the database as `sa` account
Previously when creating a login in a SQL Server it would take to puppet runs to complete the configuration. This is due to the ordering of actions in the `create/login.sql.rb` template. It would only modify a login if it already existed. This commit changes the logic of the script to create the login if it does not exist and then modify the login with the correct attributes.
Previously when modifying the assigned server roles for a login it would generate a TSQL error. This was due to not escaping the role names correctly with square brackets. This commit modifies the login template and adds acceptance tests for this scenario.
|
@ferventcoder Fixed typos in the commit messages. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR includes the following changes, all to do with the sqlserver::login resource
(MODULES-3256) Fix create/delete of Windows based logins
(MODULES-2323) Fix deleting an SQL login
(MODULES-2554) Fix remove database
(MODULES-3256) Refactor sqlserver_login_spec acceptance test
(MODULES-3256) Fix creating a login resource with additional attributes
(MODULES-3083) Fix modifying server roles for an existing login