From 172b8a97b58b80d50b1faabca702e83f64e2c8fd Mon Sep 17 00:00:00 2001 From: praj1001 <134480625+praj1001@users.noreply.github.com> Date: Tue, 22 Aug 2023 19:17:53 +0530 Subject: [PATCH] (CAT-1148) Conversion of ERB to EPP --- .rubocop_todo.yml | 1 + .../sqlserver/partial_params_args.rb | 50 +++++++ manifests/database.pp | 136 +++++++++++++++++- manifests/login.pp | 42 ++++-- manifests/login/permissions.pp | 23 ++- manifests/role.pp | 66 ++++++++- manifests/role/permissions.pp | 28 +++- manifests/sp_configure.pp | 13 +- manifests/user.pp | 29 ++-- manifests/user/permissions.pp | 26 +++- spec/functions/partial_params_args_spec.rb | 29 ++++ templates/create/database.sql.epp | 106 ++++++++++++++ templates/create/database.sql.erb | 117 --------------- templates/create/login/permission.sql.epp | 15 ++ templates/create/login/permission.sql.erb | 17 --- templates/create/role.sql.epp | 10 ++ templates/create/role.sql.erb | 10 -- templates/create/role/members.sql.epp | 30 ++++ templates/create/role/members.sql.erb | 30 ---- templates/create/role/permissions.sql.epp | 14 ++ templates/create/role/permissions.sql.erb | 15 -- templates/create/sp_configure.sql.epp | 8 ++ templates/create/sp_configure.sql.erb | 8 -- templates/create/user/permission.sql.epp | 16 +++ templates/create/user/permission.sql.erb | 17 --- .../{database.sql.erb => database.sql.epp} | 6 +- templates/delete/role.sql.epp | 18 +++ templates/delete/role.sql.erb | 18 --- templates/instance_config.epp | 5 + templates/instance_config.erb | 5 - templates/query/database_exists.sql.epp | 43 ++++++ templates/query/database_exists.sql.erb | 24 ---- .../query/login/permission_exists.sql.epp | 7 + .../query/login/permission_exists.sql.erb | 8 -- ...in_exists.sql.erb => login_exists.sql.epp} | 48 +++---- templates/query/role/member_exists.sql.epp | 22 +++ templates/query/role/member_exists.sql.erb | 22 --- .../query/role/permission_exists.sql.epp | 8 ++ .../query/role/permission_exists.sql.erb | 9 -- templates/query/role_exists.sql.epp | 7 + templates/query/role_exists.sql.erb | 7 - templates/query/sp_configure.sql.epp | 3 + templates/query/sp_configure.sql.erb | 3 - .../query/user/permission_exists.sql.epp | 7 + .../query/user/permission_exists.sql.erb | 9 -- templates/query/user_exists.sql.epp | 4 + templates/query/user_exists.sql.erb | 4 - templates/restart_service.ps1.epp | 2 + templates/restart_service.ps1.erb | 2 - .../database/collation_exists.sql.epp | 1 + .../database/collation_exists.sql.erb | 1 - .../database/compatibility_exists.sql.epp | 1 + .../database/compatibility_exists.sql.erb | 1 - .../database/containment_exists.sql.epp | 1 + .../database/containment_exists.sql.erb | 1 - .../database/db_chaining_exists.sql.epp | 1 + .../database/db_chaining_exists.sql.erb | 1 - ... default_fulltext_language_exists.sql.epp} | 4 +- ...ql.erb => default_language_exists.sql.epp} | 4 +- .../database/nested_triggers_exists.sql.epp | 1 + .../database/nested_triggers_exists.sql.erb | 1 - .../transform_noise_words_exists.sql.epp | 1 + .../transform_noise_words_exists.sql.erb | 1 - .../database/trustworthy_exists.sql.epp | 1 + .../database/trustworthy_exists.sql.erb | 1 - ...b => two_digit_year_cutoff_exists.sql.epp} | 2 +- ...m_state.sql.erb => get_perm_state.sql.epp} | 2 +- .../snippets/login/permission/exists.sql.epp | 4 + .../snippets/login/permission/exists.sql.erb | 4 - .../{exists.sql.erb => exists.sql.epp} | 2 +- ...m_state.sql.erb => get_perm_state.sql.epp} | 4 +- .../role/declare_and_set_variables.sql.epp | 11 ++ .../role/declare_and_set_variables.sql.erb | 11 -- templates/snippets/role/exists.sql.epp | 3 + templates/snippets/role/exists.sql.erb | 3 - templates/snippets/role/member_exists.sql.epp | 5 + templates/snippets/role/member_exists.sql.erb | 5 - templates/snippets/role/owner_check.sql.epp | 4 + templates/snippets/role/owner_check.sql.erb | 4 - .../role/populate_purge_members.sql.epp | 11 ++ .../role/populate_purge_members.sql.erb | 11 -- .../snippets/user/permission/exists.sql.epp | 4 + .../snippets/user/permission/exists.sql.erb | 4 - ...m_state.sql.erb => get_perm_state.sql.epp} | 2 +- 84 files changed, 819 insertions(+), 446 deletions(-) create mode 100644 lib/puppet/functions/sqlserver/partial_params_args.rb create mode 100644 spec/functions/partial_params_args_spec.rb create mode 100644 templates/create/database.sql.epp delete mode 100644 templates/create/database.sql.erb create mode 100644 templates/create/login/permission.sql.epp delete mode 100644 templates/create/login/permission.sql.erb create mode 100644 templates/create/role.sql.epp delete mode 100644 templates/create/role.sql.erb create mode 100644 templates/create/role/members.sql.epp delete mode 100644 templates/create/role/members.sql.erb create mode 100644 templates/create/role/permissions.sql.epp delete mode 100644 templates/create/role/permissions.sql.erb create mode 100644 templates/create/sp_configure.sql.epp delete mode 100644 templates/create/sp_configure.sql.erb create mode 100644 templates/create/user/permission.sql.epp delete mode 100644 templates/create/user/permission.sql.erb rename templates/delete/{database.sql.erb => database.sql.epp} (71%) create mode 100644 templates/delete/role.sql.epp delete mode 100644 templates/delete/role.sql.erb create mode 100644 templates/instance_config.epp delete mode 100644 templates/instance_config.erb create mode 100644 templates/query/database_exists.sql.epp delete mode 100644 templates/query/database_exists.sql.erb create mode 100644 templates/query/login/permission_exists.sql.epp delete mode 100644 templates/query/login/permission_exists.sql.erb rename templates/query/{login_exists.sql.erb => login_exists.sql.epp} (57%) create mode 100644 templates/query/role/member_exists.sql.epp delete mode 100644 templates/query/role/member_exists.sql.erb create mode 100644 templates/query/role/permission_exists.sql.epp delete mode 100644 templates/query/role/permission_exists.sql.erb create mode 100644 templates/query/role_exists.sql.epp delete mode 100644 templates/query/role_exists.sql.erb create mode 100644 templates/query/sp_configure.sql.epp delete mode 100644 templates/query/sp_configure.sql.erb create mode 100644 templates/query/user/permission_exists.sql.epp delete mode 100644 templates/query/user/permission_exists.sql.erb create mode 100644 templates/query/user_exists.sql.epp delete mode 100644 templates/query/user_exists.sql.erb create mode 100644 templates/restart_service.ps1.epp delete mode 100644 templates/restart_service.ps1.erb create mode 100644 templates/snippets/database/collation_exists.sql.epp delete mode 100644 templates/snippets/database/collation_exists.sql.erb create mode 100644 templates/snippets/database/compatibility_exists.sql.epp delete mode 100644 templates/snippets/database/compatibility_exists.sql.erb create mode 100644 templates/snippets/database/containment_exists.sql.epp delete mode 100644 templates/snippets/database/containment_exists.sql.erb create mode 100644 templates/snippets/database/db_chaining_exists.sql.epp delete mode 100644 templates/snippets/database/db_chaining_exists.sql.erb rename templates/snippets/database/{default_fulltext_language_exists.sql.erb => default_fulltext_language_exists.sql.epp} (50%) rename templates/snippets/database/{default_language_exists.sql.erb => default_language_exists.sql.epp} (52%) create mode 100644 templates/snippets/database/nested_triggers_exists.sql.epp delete mode 100644 templates/snippets/database/nested_triggers_exists.sql.erb create mode 100644 templates/snippets/database/transform_noise_words_exists.sql.epp delete mode 100644 templates/snippets/database/transform_noise_words_exists.sql.erb create mode 100644 templates/snippets/database/trustworthy_exists.sql.epp delete mode 100644 templates/snippets/database/trustworthy_exists.sql.erb rename templates/snippets/database/{two_digit_year_cutoff_exists.sql.erb => two_digit_year_cutoff_exists.sql.epp} (52%) rename templates/snippets/login/{get_perm_state.sql.erb => get_perm_state.sql.epp} (87%) create mode 100644 templates/snippets/login/permission/exists.sql.epp delete mode 100644 templates/snippets/login/permission/exists.sql.erb rename templates/snippets/principal/permission/{exists.sql.erb => exists.sql.epp} (63%) rename templates/snippets/principal/permission/{get_perm_state.sql.erb => get_perm_state.sql.epp} (54%) create mode 100644 templates/snippets/role/declare_and_set_variables.sql.epp delete mode 100644 templates/snippets/role/declare_and_set_variables.sql.erb create mode 100644 templates/snippets/role/exists.sql.epp delete mode 100644 templates/snippets/role/exists.sql.erb create mode 100644 templates/snippets/role/member_exists.sql.epp delete mode 100644 templates/snippets/role/member_exists.sql.erb create mode 100644 templates/snippets/role/owner_check.sql.epp delete mode 100644 templates/snippets/role/owner_check.sql.erb create mode 100644 templates/snippets/role/populate_purge_members.sql.epp delete mode 100644 templates/snippets/role/populate_purge_members.sql.erb create mode 100644 templates/snippets/user/permission/exists.sql.epp delete mode 100644 templates/snippets/user/permission/exists.sql.erb rename templates/snippets/user/permission/{get_perm_state.sql.erb => get_perm_state.sql.epp} (77%) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 9fbaf4aa..1ca51aea 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -144,6 +144,7 @@ RSpec/NamedSubject: - 'spec/defines/sp_configure_spec.rb' - 'spec/defines/user_spec.rb' - 'spec/unit/puppet_x/sql_connection_spec.rb' + - 'spec/functions/partial_params_args_spec.rb' # Offense count: 31 # Configuration parameters: AllowedGroups. diff --git a/lib/puppet/functions/sqlserver/partial_params_args.rb b/lib/puppet/functions/sqlserver/partial_params_args.rb new file mode 100644 index 00000000..903d4a00 --- /dev/null +++ b/lib/puppet/functions/sqlserver/partial_params_args.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +# @summary this function populates and returns the string of arguments which later gets injected in template. +# arguments that return string holds is conditional and decided by the the input given to function. + +Puppet::Functions.create_function(:'sqlserver::partial_params_args') do + # @param args contains + # Enum['ON', 'OFF'] $db_chaining + # Enum['ON', 'OFF'] $trustworthy + # String[1] $default_fulltext_language + # String[1] $default_language + # Optional[Enum['ON', 'OFF']] $nested_triggers + # Optional[Enum['ON', 'OFF']] $transform_noise_words + # Integer[1753, 9999] $two_digit_year_cutoff + # + # @return String + # Generated on the basis of provided values. + # + # Sample Input Output + # + # Input + # args = { + # db_chaining: 'OFF', + # trustworthy: 'OFF', + # default_fulltext_language: 'English', + # default_language: 'us_english', + # two_digit_year_cutoff: 2049, + # nested_triggers: 'OFF', + # } + # + # Output + # "DB_CHAINING OFF,TRUSTWORTHY OFF,DEFAULT_FULLTEXT_LANGUAGE=[English]\n,DEFAULT_LANGUAGE = [us_english]\n,NESTED_TRIGGERS = OFF,TWO_DIGIT_YEAR_CUTOFF = 2049" + + dispatch :partial_params_args do + param 'Hash', :args + return_type 'Variant[String]' + end + + def partial_params_args(args) + partial_params = [] + partial_params << "DB_CHAINING #{args['db_chaining']}" if args['db_chaining'] + partial_params << "TRUSTWORTHY #{args['trustworthy']}" if args['trustworthy'] + partial_params << "DEFAULT_FULLTEXT_LANGUAGE=[#{args['default_fulltext_language']}]\n" if args['default_fulltext_language'] + partial_params << "DEFAULT_LANGUAGE = [#{args['default_language']}]\n" if args['default_language'] + partial_params << "NESTED_TRIGGERS = #{args['nested_triggers']}" if args['nested_triggers'] + partial_params << "TRANSFORM_NOISE_WORDS = #{args['transform_noise_words']}" if args['transform_noise_words'] + partial_params << "TWO_DIGIT_YEAR_CUTOFF = #{args['two_digit_year_cutoff']}" if args['two_digit_year_cutoff'] + partial_params.join(',') + end +end diff --git a/manifests/database.pp b/manifests/database.pp index 87564176..10bee5c2 100644 --- a/manifests/database.pp +++ b/manifests/database.pp @@ -179,10 +179,142 @@ 'absent' => 'delete', } + $database_containment_exists_parameters = { + 'db_name' => $db_name, + 'containment' => $containment, + } + + $database_compatibility_exists_parameters = { + 'db_name' => $db_name, + 'compatibility' => $compatibility, + } + + $database_collation_exists_parameters = { + 'db_name' => $db_name, + 'collation_name' => $collation_name, + } + + $database_db_chaining_exists_parameters = { + 'db_name' => $db_name, + 'db_chaining' => $db_chaining, + } + + $database_default_fulltext_language_exists_parameters = { + 'default_fulltext_language' => $default_fulltext_language, + 'db_name' => $db_name, + } + + $database_default_language_exists_parameters = { + 'default_language' => $default_language, + 'db_name' => $db_name, + } + + $database_nested_triggers_exists_parameters = { + 'db_name' => $db_name, + 'nested_triggers' => $nested_triggers, + } + + $database_transform_noise_words_exists_parameters = { + 'db_name' => $db_name, + 'transform_noise_words' => $transform_noise_words, + } + + $database_trustworthy_exists_parameters = { + 'db_name' => $db_name, + 'trustworthy' => $trustworthy, + } + + $database_two_digit_year_cutoff_exists_parameters= { + 'db_name' => $db_name, + 'two_digit_year_cutoff' => $two_digit_year_cutoff, + } + + $partial_params_parameters = { + 'db_chaining' => $db_chaining, + 'trustworthy' => $trustworthy, + 'default_fulltext_language' => $default_fulltext_language, + 'default_language' => $default_language, + 'nested_triggers' => $nested_triggers, + 'transform_noise_words' => $transform_noise_words, + 'two_digit_year_cutoff' => $two_digit_year_cutoff, + } + + $partial_params = sqlserver::partial_params_args($partial_params_parameters) + + if $create_delete == 'create' { + $database_create_delete_parameters = { + 'db_name' => $db_name, + 'containment' => $containment, + 'filespec_name' => $filespec_name, + 'filespec_filename' => $filespec_filename, + 'filespec_size' => $filespec_size, + 'filespec_maxsize' => $filespec_maxsize, + 'filespec_filegrowth' => $filespec_filegrowth, + 'log_name' => $log_name, + 'log_filename' => $log_filename, + 'log_size' => $log_size, + 'log_maxsize' => $log_maxsize, + 'log_filegrowth' => $log_filegrowth, + 'filestream_directory_name' => $filestream_directory_name, + 'filestream_non_transacted_access' => $filestream_non_transacted_access, + 'db_chaining' => $db_chaining, + 'trustworthy' => $trustworthy, + 'default_fulltext_language' => $default_fulltext_language, + 'default_language' => $default_language, + 'nested_triggers' => $nested_triggers, + 'transform_noise_words' => $transform_noise_words, + 'two_digit_year_cutoff' => $two_digit_year_cutoff, + 'database_compatibility_exists_parameters' => $database_compatibility_exists_parameters, + 'compatibility' => $compatibility, + 'collation_name' => $collation_name, + 'database_collation_exists_parameters' => $database_collation_exists_parameters, + 'database_db_chaining_exists_parameters' => $database_db_chaining_exists_parameters, + 'database_default_fulltext_language_exists_parameters' => $database_default_fulltext_language_exists_parameters, + 'database_default_language_exists_parameters' => $database_default_language_exists_parameters, + 'database_nested_triggers_exists_parameters' => $database_nested_triggers_exists_parameters, + 'database_transform_noise_words_exists_parameters' => $database_transform_noise_words_exists_parameters, + 'database_trustworthy_exists_parameters' => $database_trustworthy_exists_parameters, + 'database_two_digit_year_cutoff_exists_parameters' => $database_two_digit_year_cutoff_exists_parameters, + 'partial_params' => $partial_params, + } + } else { + $database_create_delete_parameters = { + 'db_name' => $db_name, + } + } + + $database_check_exists_parameters = { + 'compatibility' => $database_compatibility_exists_parameters, + 'collation' => $database_collation_exists_parameters, + 'containment' => $database_containment_exists_parameters, + 'db_chaining' => $database_db_chaining_exists_parameters, + 'default_fulltext_language' => $database_default_fulltext_language_exists_parameters, + 'default_language' => $database_default_language_exists_parameters, + 'nested_triggers' => $database_nested_triggers_exists_parameters, + 'transform_noise_words' => $database_transform_noise_words_exists_parameters, + 'trustworthy' => $database_trustworthy_exists_parameters, + 'two_digit_year_cutoff' => $database_two_digit_year_cutoff_exists_parameters, + } + + $database_exists_parameters = { + 'ensure' => $ensure, + 'db_name' => $db_name, + 'collation_name' => $collation_name, + 'containment' => $containment, + 'default_fulltext_language' => $default_fulltext_language, + 'default_language' => $default_language, + 'db_chaining' => $db_chaining, + 'nested_triggers' => $nested_triggers, + 'transform_noise_words' => $transform_noise_words, + 'trustworthy' => $trustworthy, + 'two_digit_year_cutoff' => $two_digit_year_cutoff, + 'database_check_exists_parameters' => $database_check_exists_parameters, + } + sqlserver_tsql { "database-${instance}-${db_name}": instance => $instance, - command => template("sqlserver/${create_delete}/database.sql.erb"), - onlyif => template('sqlserver/query/database_exists.sql.erb'), + command => epp("sqlserver/${create_delete}/database.sql.epp", $database_create_delete_parameters), + onlyif => epp('sqlserver/query/database_exists.sql.epp', $database_exists_parameters), require => Sqlserver::Config[$instance], } } diff --git a/manifests/login.pp b/manifests/login.pp index c09abdf3..fd2f1442 100644 --- a/manifests/login.pp +++ b/manifests/login.pp @@ -76,22 +76,40 @@ 'absent' => 'delete', } - $parameters = { - 'password' => Deferred('sqlserver::password', [$password]), - 'disabled' => $disabled, - 'login_type' => $login_type, - 'login' => $login, - 'default_language' => $default_language, - 'default_database' => $default_database, - 'check_policy' => $check_policy, - 'check_expiration' => $check_expiration, - 'svrroles' => $svrroles, + if $_create_delete == 'create' { + $create_delete_login_parameters = { + 'disabled' => $disabled, + 'login' => $login, + 'password' => Deferred('sqlserver::password', [$password]), + 'check_expiration' => $check_expiration, + 'check_policy' => $check_policy, + 'default_language' => $default_language, + 'default_database' => $default_database, + 'login_type' => $login_type, + 'svrroles' => $svrroles, + } + } else { + $create_delete_login_parameters = { + 'login' => $login, + } + } + + $query_login_exists_parameters = { + 'login' => $login, + 'disabled' => $disabled, + 'check_expiration' => $check_expiration, + 'check_policy' => $check_policy, + 'login_type' => $login_type, + 'default_database' => $default_database, + 'default_language' => $default_language, + 'ensure' => $ensure, + 'svrroles' => $svrroles, } sqlserver_tsql { "login-${instance}-${login}": instance => $instance, - command => stdlib::deferrable_epp("sqlserver/${_create_delete}/login.sql.epp", $parameters), - onlyif => template('sqlserver/query/login_exists.sql.erb'), + command => stdlib::deferrable_epp("sqlserver/${_create_delete}/login.sql.epp", $create_delete_login_parameters), + onlyif => epp('sqlserver/query/login_exists.sql.epp', $query_login_exists_parameters), require => Sqlserver::Config[$instance], } diff --git a/manifests/login/permissions.pp b/manifests/login/permissions.pp index 6249a9c5..7a277476 100644 --- a/manifests/login/permissions.pp +++ b/manifests/login/permissions.pp @@ -38,10 +38,29 @@ true => '-WITH_GRANT_OPTION', default => '' } + + $create_login_permission_parameters = { + 'permissions' => $permissions, + 'with_grant_option' => $with_grant_option, + 'login' => $login, + '_state' => $_state, + } + + $login_permission_exists_parameters = { + 'login' => $login, + '_state' => $_state, + 'with_grant_option' => $with_grant_option, + } + + $query_login_permission_exists_parameters = { + 'permissions' => $permissions, + 'login_permission_exists_parameters' => $login_permission_exists_parameters, + } + sqlserver_tsql { "login-permission-${instance}-${login}-${_state}${_grant_option}": instance => $instance, - command => template('sqlserver/create/login/permission.sql.erb'), - onlyif => template('sqlserver/query/login/permission_exists.sql.erb'), + command => epp('sqlserver/create/login/permission.sql.epp', $create_login_permission_parameters), + onlyif => epp('sqlserver/query/login/permission_exists.sql.epp', $query_login_permission_exists_parameters), require => Sqlserver::Config[$instance], } } diff --git a/manifests/role.pp b/manifests/role.pp index f3967106..09768cec 100644 --- a/manifests/role.pp +++ b/manifests/role.pp @@ -63,9 +63,50 @@ # users. see MODULES-3355 $sqlserver_tsql_title = "role-${instance}-${database}-${role}" + $role_exists_parameters = { + 'ensure' => $ensure, + 'type' => $type, + 'role' => $role, + } + + $role_owner_check_parameters = { + 'type' => $type, + 'authorization' => $authorization, + 'role' => $role, + } + + $query_role_exists_parameters = { + 'database' => $database, + 'role_exists_parameters' => $role_exists_parameters, + 'type' => $type, + 'role' => $role, + 'ensure' => $ensure, + 'authorization' => $authorization, + 'role_owner_check_parameters' => $role_owner_check_parameters, + } + + if $_create_delete == 'create' { + $role_create_delete_parameters = { + 'database' => $database, + 'role_exists_parameters' => $role_exists_parameters, + 'type' => $type, + 'role' => $role, + 'authorization' => $authorization, + 'role_owner_check_parameters' => $role_owner_check_parameters, + 'query_role_exists_parameters' => $query_role_exists_parameters, + } + } else { + $role_create_delete_parameters = { + 'database' => $database, + 'type' => $type, + 'role' => $role, + 'query_role_exists_parameters' => $query_role_exists_parameters, + } + } + sqlserver_tsql { $sqlserver_tsql_title: - command => template("sqlserver/${_create_delete}/role.sql.erb"), - onlyif => template('sqlserver/query/role_exists.sql.erb'), + command => epp("sqlserver/${_create_delete}/role.sql.epp", $role_create_delete_parameters), + onlyif => epp('sqlserver/query/role_exists.sql.epp', $query_role_exists_parameters), instance => $instance, } @@ -105,10 +146,27 @@ } } + $role_members_parameters = { + 'database' => $database, + 'role' => $role, + 'members' => $members, + 'type' => $type, + 'members_purge' => $members_purge, + } + + $query_role_member_exists_parameters = { + 'database' => $database, + 'role' => $role, + 'members' => $members, + 'ensure' => $ensure, + 'members_purge' => $members_purge, + 'type' => $type, + } + if size($members) > 0 or $members_purge == true { sqlserver_tsql { "${sqlserver_tsql_title}-members": - command => template('sqlserver/create/role/members.sql.erb'), - onlyif => template('sqlserver/query/role/member_exists.sql.erb'), + command => epp('sqlserver/create/role/members.sql.epp', $role_members_parameters), + onlyif => epp('sqlserver/query/role/member_exists.sql.epp', $query_role_member_exists_parameters), instance => $instance, } } diff --git a/manifests/role/permissions.pp b/manifests/role/permissions.pp index 684e7812..3dac63bd 100644 --- a/manifests/role/permissions.pp +++ b/manifests/role/permissions.pp @@ -52,10 +52,34 @@ ## # Parameters required in template are _state, role, _upermissions, database, type, with_grant_option ## + $role_declare_and_set_variables_parameters = { + 'type' => $type, + 'role' => $role, + 'with_grant_option' => $with_grant_option, + '_state' => $_state, + } + + $create_role_permissions_parameters = { + 'database' => $database, + 'role_declare_and_set_variables_parameters' => $role_declare_and_set_variables_parameters, + 'permissions' => $permissions, + 'with_grant_option' => $with_grant_option, + 'role' => $role, + '_state' => $_state, + 'type' => $type, + } + + $query_role_permission_exists_parameters = { + 'database' => $database, + 'role_declare_and_set_variables_parameters' => $role_declare_and_set_variables_parameters, + 'permissions' => $permissions, + 'type' => $type, + } + sqlserver_tsql { "role-permissions-${role}-${_state}${_grant_option}-${instance}-${database}": instance => $instance, - command => template('sqlserver/create/role/permissions.sql.erb'), - onlyif => template('sqlserver/query/role/permission_exists.sql.erb'), + command => epp('sqlserver/create/role/permissions.sql.epp', $create_role_permissions_parameters), + onlyif => epp('sqlserver/query/role/permission_exists.sql.epp', $query_role_permission_exists_parameters), } } } diff --git a/manifests/sp_configure.pp b/manifests/sp_configure.pp index 35783333..c3707a85 100644 --- a/manifests/sp_configure.pp +++ b/manifests/sp_configure.pp @@ -44,15 +44,22 @@ Sqlserver_tsql["sp_configure-${instance}-${config_name}"] ~> Exec["restart-service-${service_name}-${config_name}"] } + $create_sp_configure_parameters = { + 'config_name' => $config_name, + 'value' => $value, + 'reconfigure' => $reconfigure, + 'with_override' => $with_override, + } + sqlserver_tsql { "sp_configure-${instance}-${config_name}": instance => $instance, - command => template('sqlserver/create/sp_configure.sql.erb'), - onlyif => template('sqlserver/query/sp_configure.sql.erb'), + command => epp('sqlserver/create/sp_configure.sql.epp', $create_sp_configure_parameters), + onlyif => epp('sqlserver/query/sp_configure.sql.epp', { 'config_name' => $config_name, 'value' => $value }), require => Sqlserver::Config[$instance], } exec { "restart-service-${service_name}-${config_name}": - command => template('sqlserver/restart_service.ps1.erb'), + command => epp('sqlserver/restart_service.ps1.epp', { 'service_name' => $service_name }), provider => powershell, logoutput => true, refreshonly => true, diff --git a/manifests/user.pp b/manifests/user.pp index 50974b0d..eb92a1c6 100644 --- a/manifests/user.pp +++ b/manifests/user.pp @@ -62,18 +62,31 @@ 'absent' => 'delete', } - $parameters = { - 'password' => Deferred('sqlserver::password', [$password]), - 'database' => $database, - 'user' => $user, - 'login' => $login, - 'default_schema' => $default_schema, + if $create_delete == 'create' { + $create_delete_user_parameters = { + 'database' => $database, + 'password' => Deferred('sqlserver::password', [$password]), + 'user' => $user, + 'login' => $login, + 'default_schema' => $default_schema, + } + } else { + $create_delete_user_parameters = { + 'database' => $database, + 'user' => $user, + } + } + + $query_user_exists_parameters = { + 'database' => $database, + 'ensure' => $ensure, + 'user' => $user, } sqlserver_tsql { "user-${instance}-${database}-${user}": instance => $instance, - command => stdlib::deferrable_epp("sqlserver/${create_delete}/user.sql.epp", $parameters), - onlyif => template('sqlserver/query/user_exists.sql.erb'), + command => stdlib::deferrable_epp("sqlserver/${create_delete}/user.sql.epp", $create_delete_user_parameters), + onlyif => epp('sqlserver/query/user_exists.sql.epp', $query_user_exists_parameters), require => Sqlserver::Config[$instance], } diff --git a/manifests/user/permissions.pp b/manifests/user/permissions.pp index be107b2a..620efcef 100644 --- a/manifests/user/permissions.pp +++ b/manifests/user/permissions.pp @@ -45,11 +45,33 @@ true => '-WITH_GRANT_OPTION', default => '' } + + $user_permission_exists_parameters = { + 'user' => $user, + '_state' => $_state, + 'with_grant_option' => $with_grant_option, + } + + $user_permission_parameters = { + 'database' => $database, + 'permissions' => $permissions, + 'with_grant_option' => $with_grant_option, + 'user' => $user, + '_state' => $_state, + 'user_permission_exists_parameters' => $user_permission_exists_parameters, + } + + $query_user_permission_exists_parameters = { + 'database' => $database, + 'permissions' => $permissions, + 'user_permission_exists_parameters' => $user_permission_exists_parameters, + } + sqlserver_tsql { "user-permissions-${instance}-${database}-${user}-${_state}${_grant_option}": instance => $instance, - command => template('sqlserver/create/user/permission.sql.erb'), - onlyif => template('sqlserver/query/user/permission_exists.sql.erb'), + command => epp('sqlserver/create/user/permission.sql.epp', $user_permission_parameters), + onlyif => epp('sqlserver/query/user/permission_exists.sql.epp', $query_user_permission_exists_parameters), require => Sqlserver::Config[$instance], } } diff --git a/spec/functions/partial_params_args_spec.rb b/spec/functions/partial_params_args_spec.rb new file mode 100644 index 00000000..abff3bc8 --- /dev/null +++ b/spec/functions/partial_params_args_spec.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'sqlserver::partial_params_args' do + let(:params) do + { + db_chaining: 'OFF', + trustworthy: 'OFF', + default_fulltext_language: 'English', + default_language: 'us_english', + two_digit_year_cutoff: 2049 + } + end + + it { is_expected.to run.with_params(nil).and_raise_error(StandardError) } + + it 'contains NESTED_TRIGGERS when nested_triggers is passed' do + params[:nested_triggers] = 'OFF' + expected_results = "DB_CHAINING OFF,TRUSTWORTHY OFF,DEFAULT_FULLTEXT_LANGUAGE=[English]\n,DEFAULT_LANGUAGE = [us_english]\n,NESTED_TRIGGERS = OFF,TWO_DIGIT_YEAR_CUTOFF = 2049" + expect(subject).to run.with_params(params.transform_keys(&:to_s)).and_return(expected_results) + end + + it 'contains TRANSFORM_NOISE_WORDS when transform_noise_words is passed' do + params[:transform_noise_words] = 'ON' + expected_results = "DB_CHAINING OFF,TRUSTWORTHY OFF,DEFAULT_FULLTEXT_LANGUAGE=[English]\n,DEFAULT_LANGUAGE = [us_english]\n,TRANSFORM_NOISE_WORDS = ON,TWO_DIGIT_YEAR_CUTOFF = 2049" + expect(subject).to run.with_params(params.transform_keys(&:to_s)).and_return(expected_results) + end +end diff --git a/templates/create/database.sql.epp b/templates/create/database.sql.epp new file mode 100644 index 00000000..0a820386 --- /dev/null +++ b/templates/create/database.sql.epp @@ -0,0 +1,106 @@ +USE master +DECLARE @default_db_path as nvarchar(max), + @default_log_path as varchar(max) +SELECT @default_db_path = CONVERT(NVARCHAR(MAX),SERVERPROPERTY('instancedefaultdatapath'),0), + @default_log_path = CONVERT(NVARCHAR(MAX),SERVERPROPERTY('instancedefaultlogpath'),0) +<% $needs_comma = false %> +IF NOT EXISTS(select name FROM sys.databases WHERE name = '<%= $db_name%>') +-- CREATE SECTION +BEGIN +CREATE DATABASE [<%= $db_name %>] + CONTAINMENT = <%= $containment %> + <% if $filespec_name and $filespec_filename { -%> + ON ( + NAME = N'<%= $filespec_name %>', + FILENAME = N'<%= $filespec_filename %>' + <% if $filespec_size { %>, SIZE = <%= $filespec_size %><%} %> + <% if $filespec_maxsize { %>, MAXSIZE = <%= $filespec_maxsize %><% } %> + <% if $filespec_filegrowth { %>, FILEGROWTH = <%= $filespec_filegrowth %><% } %> + ) + <% } -%> + <% if $log_name and $log_filename { -%> + LOG ON + ( + NAME = N'<%= $log_name %>', + FILENAME = N'<%= $log_filename %>' + <% if $log_size { %>, SIZE = <%= $log_size %> <% } %> + <% if $log_maxsize { %>, MAXSIZE = <%= $log_maxsize %><% } %> + <% if $log_filegrowth { %>, FILEGROWTH = <%= $log_filegrowth %><% } %> + ) + <%- } -%> + <% if $filestream_directory_name or $filestream_non_transacted_access or $containment == 'PARTIAL' { -%> + WITH + <% if $filestream_non_transacted_access or $filestream_directory_name { -%> + $needs_comma = true + FILESTREAM ( + <% if $filestream_non_transacted_access { -%> + NON_TRANSACTED_ACCESS = <%= $filestream_non_transacted_access %> + <% if $filestream_directory_name { %>,<% } -%> + <% } -%> + <% if $filestream_directory_name { -%> + DIRECTORY_NAME = '<%= $filestream_directory_name %>' + <% } -%> + ) + <% } -%> + <% if $containment == 'PARTIAL' { -%> + <% if $needs_comma { %>,<% } -%> + <%= $partial_params %> + <%- } -%> + <%- } -%> +<%= epp('sqlserver/snippets/database/compatibility_exists.sql.epp', $database_compatibility_exists_parameters) -%> + ALTER DATABASE [<%= $db_name %>] SET COMPATIBILITY_LEVEL = <%= $compatibility %> +<%- if $collation_name { -%> +/* Alter Database collation */ +<%= epp('sqlserver/snippets/database/collation_exists.sql.epp', $database_collation_exists_parameters) -%> + ALTER DATABASE [<%= $db_name %>] COLLATE <%= $collation_name %> +<%- } -%> +END +ELSE +-- UPDATE SECTION +BEGIN +<%= epp('sqlserver/snippets/database/compatibility_exists.sql.epp', $database_compatibility_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] SET COMPATIBILITY_LEVEL = <%= $compatibility %> + <%- if $collation_name { -%> +<%= epp('sqlserver/snippets/database/collation_exists.sql.epp', $database_collation_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] COLLATE <%= $collation_name %> + <%- } -%> + <%- if $containment == 'PARTIAL' { %> + /* + Specifies the default language for all newly created logins. Language can be specified by providing the + local id (lcid), the language name, or the language alias. For a list of acceptable language names and aliases, see + sys.syslanguages (Transact-SQL). This option is allowable only when CONTAINMENT has been set to PARTIAL. If CONTAINMENT + is set to NONE, errors will occur. + */ + <%- if $db_chaining { -%> +<%= epp("sqlserver/snippets/database/db_chaining_exists.sql.epp", $database_db_chaining_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] SET DB_CHAINING <%= $db_chaining %> + <%- } -%> + <%- if $default_fulltext_language { -%> +<%= epp("sqlserver/snippets/database/default_fulltext_language_exists.sql.epp", $database_default_fulltext_language_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] SET DEFAULT_FULLTEXT_LANGUAGE = [<%= $default_fulltext_language %>] + <%- } -%> + <%- if $default_language { -%> +<%= epp("sqlserver/snippets/database/default_language_exists.sql.epp", $database_default_language_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] SET DEFAULT_LANGUAGE = [<%= $default_language %>] + <%- } -%> + <%- if $nested_triggers { -%> +<%= epp("sqlserver/snippets/database/nested_triggers_exists.sql.epp", $database_nested_triggers_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] SET NESTED_TRIGGERS = <%= $nested_triggers %> + <%- } -%> + <%- if $transform_noise_words { -%> +<%= epp("sqlserver/snippets/database/transform_noise_words_exists.sql.epp", $database_transform_noise_words_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] SET TRANSFORM_NOISE_WORDS = <%= $transform_noise_words %> + <%- } -%> + <%- if $trustworthy { -%> +<%= epp("sqlserver/snippets/database/trustworthy_exists.sql.epp", $database_trustworthy_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] SET TRUSTWORTHY <%= $trustworthy %> + <%- } -%> + <%- if $two_digit_year_cutoff { -%> +<%= epp("sqlserver/snippets/database/two_digit_year_cutoff_exists.sql.epp", $database_two_digit_year_cutoff_exists_parameters) %> + ALTER DATABASE [<%= $db_name %>] SET TWO_DIGIT_YEAR_CUTOFF = <%= $two_digit_year_cutoff %> + <%- } -%> + <%- } -%> +END + +IF NOT EXISTS (select * from sys.databases WHERE name = '<%= $db_name %>') + THROW 51000, 'DATABASE CREATION FAILED', 10 diff --git a/templates/create/database.sql.erb b/templates/create/database.sql.erb deleted file mode 100644 index 3ffdcbdd..00000000 --- a/templates/create/database.sql.erb +++ /dev/null @@ -1,117 +0,0 @@ -USE master -DECLARE @default_db_path as nvarchar(max), - @default_log_path as varchar(max) -SELECT @default_db_path = CONVERT(NVARCHAR(MAX),SERVERPROPERTY('instancedefaultdatapath'),0), - @default_log_path = CONVERT(NVARCHAR(MAX),SERVERPROPERTY('instancedefaultlogpath'),0) -<% needs_comma = false %> -IF NOT EXISTS(select name FROM sys.databases WHERE name = '<%= @db_name%>') --- CREATE SECTION -BEGIN -CREATE DATABASE [<%= @db_name %>] - CONTAINMENT = <%= @containment %> - <% if @filespec_name && @filespec_filename -%> - ON ( - NAME = N'<%= @filespec_name %>', - FILENAME = N'<%= @filespec_filename %>' - <% if @filespec_size %>, SIZE = <%= @filespec_size %><% end %> - <% if @filespec_maxsize %>, MAXSIZE = <%= @filespec_maxsize %><% end %> - <% if @filespec_filegrowth %>, FILEGROWTH = <%= @filespec_filegrowth %><% end %> - ) - <% end -%> - <% if @log_name && @log_filename -%> - LOG ON - ( - NAME = N'<%= @log_name %>', - FILENAME = N'<%= @log_filename %>' - <% if @log_size %>, SIZE = <%= @log_size %> <% end %> - <% if @log_maxsize %>, MAXSIZE = <%= @log_maxsize %><% end %> - <% if @log_filegrowth %>, FILEGROWTH = <%= @log_filegrowth %><% end %> - ) - <%- end -%> - <% if @filestream_directory_name || @filestream_non_transacted_access || @containment == 'PARTIAL' -%> - WITH - <% if @filestream_non_transacted_access || @filestream_directory_name - needs_comma = true - -%> - FILESTREAM ( - <% if @filestream_non_transacted_access -%> - NON_TRANSACTED_ACCESS = <%= @filestream_non_transacted_access %> - <% if @filestream_directory_name -%>,<% end -%> - <% end -%> - <% if @filestream_directory_name -%> - DIRECTORY_NAME = '<%= @filestream_directory_name %>' - <% end -%> - ) - <% end -%> - <% if @containment == 'PARTIAL' -%> - <% if needs_comma -%>,<% end %> - <% - partialParams = []; - partialParams << "DB_CHAINING #{@db_chaining}" if @db_chaining - partialParams << "TRUSTWORTHY #{@trustworthy}" if @trustworthy - partialParams << "DEFAULT_FULLTEXT_LANGUAGE=[#{@default_fulltext_language}]\n" if @default_fulltext_language - partialParams << "DEFAULT_LANGUAGE = [#{@default_language}]\n" if @default_language - partialParams << "NESTED_TRIGGERS = #{@nested_triggers}" if @nested_triggers - partialParams << "TRANSFORM_NOISE_WORDS = #{@transform_noise_words}" if @transform_noise_words - partialParams << "TWO_DIGIT_YEAR_CUTOFF = #{@two_digit_year_cutoff}" if @two_digit_year_cutoff - -%> - <%= partialParams.join(',') %> - <%- end -%> - <%- end -%> -<%= scope.function_template(['sqlserver/snippets/database/compatibility_exists.sql.erb']) -%> - ALTER DATABASE [<%= @db_name %>] SET COMPATIBILITY_LEVEL = <%= @compatibility %> -<%- if @collation_name -%> -/* Alter Database collation */ -<%= scope.function_template(['sqlserver/snippets/database/collation_exists.sql.erb']) -%> - ALTER DATABASE [<%= @db_name %>] COLLATE <%= @collation_name %> -<%- end -%> -END -ELSE --- UPDATE SECTION -BEGIN -<%= scope.function_template(['sqlserver/snippets/database/compatibility_exists.sql.erb']) %> - ALTER DATABASE [<%= @db_name %>] SET COMPATIBILITY_LEVEL = <%= @compatibility %> - <%- if @collation_name -%> -<%= scope.function_template(['sqlserver/snippets/database/collation_exists.sql.erb']) %> - ALTER DATABASE [<%= @db_name %>] COLLATE <%= @collation_name %> - <%- end -%> - <%- if @containment == 'PARTIAL' %> - /* - Specifies the default language for all newly created logins. Language can be specified by providing the - local id (lcid), the language name, or the language alias. For a list of acceptable language names and aliases, see - sys.syslanguages (Transact-SQL). This option is allowable only when CONTAINMENT has been set to PARTIAL. If CONTAINMENT - is set to NONE, errors will occur. - */ - <%- if @db_chaining -%> -<%= scope.function_template(["sqlserver/snippets/database/db_chaining_exists.sql.erb"]) %> - ALTER DATABASE [<%= @db_name %>] SET DB_CHAINING <%= @db_chaining %> - <%- end -%> - <%- if @default_fulltext_language -%> -<%= scope.function_template(["sqlserver/snippets/database/default_fulltext_language_exists.sql.erb"]) %> - ALTER DATABASE [<%= @db_name %>] SET DEFAULT_FULLTEXT_LANGUAGE = [<%= @default_fulltext_language %>] - <%- end -%> - <%- if @default_language -%> -<%= scope.function_template(["sqlserver/snippets/database/default_language_exists.sql.erb"]) %> - ALTER DATABASE [<%= @db_name %>] SET DEFAULT_LANGUAGE = [<%= @default_language %>] - <%- end -%> - <%- if @nested_triggers -%> -<%= scope.function_template(["sqlserver/snippets/database/nested_triggers_exists.sql.erb"]) %> - ALTER DATABASE [<%= @db_name %>] SET NESTED_TRIGGERS = <%= @nested_triggers %> - <%- end -%> - <%- if @transform_noise_words -%> -<%= scope.function_template(["sqlserver/snippets/database/transform_noise_words_exists.sql.erb"]) %> - ALTER DATABASE [<%= @db_name %>] SET TRANSFORM_NOISE_WORDS = <%= @transform_noise_words %> - <%- end -%> - <%- if @trustworthy -%> -<%= scope.function_template(["sqlserver/snippets/database/trustworthy_exists.sql.erb"]) %> - ALTER DATABASE [<%= @db_name %>] SET TRUSTWORTHY <%= @trustworthy %> - <%- end -%> - <%- if @two_digit_year_cutoff -%> -<%= scope.function_template(["sqlserver/snippets/database/two_digit_year_cutoff_exists.sql.erb"]) %> - ALTER DATABASE [<%= @db_name %>] SET TWO_DIGIT_YEAR_CUTOFF = <%= @two_digit_year_cutoff %> - <%- end -%> - <%- end -%> -END - -IF NOT EXISTS (select * from sys.databases WHERE name = '<%= @db_name %>') - THROW 51000, 'DATABASE CREATION FAILED', 10 diff --git a/templates/create/login/permission.sql.epp b/templates/create/login/permission.sql.epp new file mode 100644 index 00000000..f2f3feb6 --- /dev/null +++ b/templates/create/login/permission.sql.epp @@ -0,0 +1,15 @@ +USE [master]; +DECLARE @perm_state varchar(250), @error_msg varchar(250), @permission varchar(250); +<% $permissions.each |$requested_permission| { %> + <% $permission = $requested_permission.upcase %> +BEGIN + <% if $with_grant_option == false { %> + IF 'GRANT_WITH_GRANT_OPTION' = <%= epp('sqlserver/snippets/login/get_perm_state.sql.epp', { 'login' => $login }) %> + REVOKE GRANT OPTION FOR <%= $permission %> TO [<%= $login %>] CASCADE; + <% } %> + <%= $_state %> <%= $permission %> TO [<%= $login %>]<% if $with_grant_option == true { %> WITH GRANT OPTION<% } %>; +END +BEGIN + <%= epp('sqlserver/snippets/login/permission/exists.sql.epp', { 'login' => $login, '_state' => $_state, 'with_grant_option' => $with_grant_option}) %> +END +<% } %> diff --git a/templates/create/login/permission.sql.erb b/templates/create/login/permission.sql.erb deleted file mode 100644 index 80c878b3..00000000 --- a/templates/create/login/permission.sql.erb +++ /dev/null @@ -1,17 +0,0 @@ -USE [master]; -DECLARE @perm_state varchar(250), @error_msg varchar(250), @permission varchar(250); -<% @permissions.each do |requested_permission| - permission = requested_permission.upcase -%> -SET @permission = '<%= permission %>' -BEGIN - <% if @with_grant_option == false %> - IF 'GRANT_WITH_GRANT_OPTION' = <%= scope.function_template(['sqlserver/snippets/login/get_perm_state.sql.erb']) %> - REVOKE GRANT OPTION FOR <%= permission %> TO [<%= @login %>] CASCADE; - <% end %> - <%= @_state %> <%= permission %> TO [<%= @login %>]<% if @with_grant_option == true %> WITH GRANT OPTION<% end %>; -END -BEGIN - <%= scope.function_template(['sqlserver/snippets/login/permission/exists.sql.erb']) %> -END -<% end %> diff --git a/templates/create/role.sql.epp b/templates/create/role.sql.epp new file mode 100644 index 00000000..bfba8298 --- /dev/null +++ b/templates/create/role.sql.epp @@ -0,0 +1,10 @@ +USE [<%= $database %>]; +BEGIN + <%= epp('sqlserver/snippets/role/exists.sql.epp', $role_exists_parameters) %> + CREATE <% if $type == 'SERVER' { %>SERVER <% } %>ROLE [<%= $role %>]<% if $authorization { %> AUTHORIZATION [<%= $authorization %>]<% } %>; + <% if $authorization { %> + <%= epp('sqlserver/snippets/role/owner_check.sql.epp', $role_owner_check_parameters) %> + ALTER AUTHORIZATION ON <% if $type =='SERVER' { %>SERVER <% } %>ROLE::[<%= $role %>] TO [<%= $authorization %>]; + <% } %> +END +<%= epp('sqlserver/query/role_exists.sql.epp', $query_role_exists_parameters) %> diff --git a/templates/create/role.sql.erb b/templates/create/role.sql.erb deleted file mode 100644 index 57441b2a..00000000 --- a/templates/create/role.sql.erb +++ /dev/null @@ -1,10 +0,0 @@ -USE [<%= @database %>]; -BEGIN - <%= scope.function_template(['sqlserver/snippets/role/exists.sql.erb']) %> - CREATE <% if @type == 'SERVER' %>SERVER <% end %>ROLE [<%= @role %>]<% if @authorization %> AUTHORIZATION [<%= @authorization %>]<% end %>; - <% if @authorization %> - <%= scope.function_template(['sqlserver/snippets/role/owner_check.sql.erb']) %> - ALTER AUTHORIZATION ON <% if @type =='SERVER' %>SERVER <% end %>ROLE::[<%= @role %>] TO [<%= @authorization %>]; - <% end %> -END -<%= scope.function_template(['sqlserver/query/role_exists.sql.erb']) %> diff --git a/templates/create/role/members.sql.epp b/templates/create/role/members.sql.epp new file mode 100644 index 00000000..8a3abe16 --- /dev/null +++ b/templates/create/role/members.sql.epp @@ -0,0 +1,30 @@ +USE [<%= $database %>]; +DECLARE + @role varchar(128) = '<%= $role %>', + @member varchar(128), + @error_msg varchar(250); + +<%- $members.each |$member| { -%> +BEGIN +SET @member = '<%= $member %>'; +<%= epp('sqlserver/snippets/role/member_exists.sql.epp', { 'type' => $type }) -%> + ALTER <% if $type == 'SERVER' { %>SERVER <% } %>ROLE [<%= $role %>] ADD MEMBER [<%= $member %>]; + +<%= epp('sqlserver/snippets/role/member_exists.sql.epp', { 'type' => $type }) -%> + THROW 51000, 'Failed to add member [<%= $member %>] to Role [<%= $role %>]', 10 +END +<% } -%> + +<% if $members_purge { %> +<%= epp('sqlserver/snippets/role/populate_purge_members.sql.epp', { 'type' => $type, 'role' => $role, 'members' => $members }) -%> + +DECLARE @sql varchar(250), @row int = 1, @row_count int; +SET @row_count = (SELECT COUNT(*) FROM @purge_members); + +WHILE(@row <= @row_count) +BEGIN + SET @sql = 'ALTER <% if $type == 'SERVER' { %>SERVER <% } %>ROLE [<%= $role %>] DROP MEMBER [' + (SELECT member FROM @purge_members WHERE ID = @row) + '];' + EXEC(@sql) + SET @row += 1 +END +<% } %> diff --git a/templates/create/role/members.sql.erb b/templates/create/role/members.sql.erb deleted file mode 100644 index b05e4009..00000000 --- a/templates/create/role/members.sql.erb +++ /dev/null @@ -1,30 +0,0 @@ -USE [<%= @database %>]; -DECLARE - @role varchar(128) = '<%= @role %>', - @member varchar(128), - @error_msg varchar(250); - -<%- @members.each do |member| -%> -BEGIN -SET @member = '<%= member %>'; -<%= scope.function_template(['sqlserver/snippets/role/member_exists.sql.erb']) -%> - ALTER <% if @type == 'SERVER' %>SERVER <% end %>ROLE [<%= @role %>] ADD MEMBER [<%= member %>]; - -<%= scope.function_template(['sqlserver/snippets/role/member_exists.sql.erb']) -%> - THROW 51000, 'Failed to add member [<%= member %>] to Role [<%= @role %>]', 10 -END -<% end -%> - -<% if @members_purge %> -<%= scope.function_template(['sqlserver/snippets/role/populate_purge_members.sql.erb']) -%> - -DECLARE @sql varchar(250), @row int = 1, @row_count int; -SET @row_count = (SELECT COUNT(*) FROM @purge_members); - -WHILE(@row <= @row_count) -BEGIN - SET @sql = 'ALTER <% if @type == 'SERVER' %>SERVER <% end %>ROLE [<%= @role %>] DROP MEMBER [' + (SELECT member FROM @purge_members WHERE ID = @row) + '];' - EXEC(@sql) - SET @row += 1 -END -<% end %> diff --git a/templates/create/role/permissions.sql.epp b/templates/create/role/permissions.sql.epp new file mode 100644 index 00000000..77f0b15e --- /dev/null +++ b/templates/create/role/permissions.sql.epp @@ -0,0 +1,14 @@ +USE [<%= $database %>]; +<%= epp('sqlserver/snippets/role/declare_and_set_variables.sql.epp', $role_declare_and_set_variables_parameters) -%> + +<% $permissions.each |$requested_permission| { %> + <% $permission = $requested_permission.upcase %> +SET @permission = '<%= $permission %>'; +<% if $with_grant_option == false { %> + IF 'GRANT_WITH_GRANT_OPTION' = <%= epp('sqlserver/snippets/principal/permission/get_perm_state.sql.epp', { 'type' => $type }) -%> + BEGIN + REVOKE GRANT OPTION FOR <%= $permission %> TO [<%= $role %>] CASCADE; + END + <% } -%> + <%= $_state %> <%= $permission %> TO [<%= $role %>]<% if $with_grant_option == true { %> WITH GRANT OPTION<% } %>; +<% } %> diff --git a/templates/create/role/permissions.sql.erb b/templates/create/role/permissions.sql.erb deleted file mode 100644 index ef7582fa..00000000 --- a/templates/create/role/permissions.sql.erb +++ /dev/null @@ -1,15 +0,0 @@ -USE [<%= @database %>]; -<%= scope.function_template(['sqlserver/snippets/role/declare_and_set_variables.sql.erb']) -%> - -<% @permissions.each do |requested_permission| - permission = requested_permission.upcase -%> -SET @permission = '<%= permission %>'; -<% if @with_grant_option == false %> - IF 'GRANT_WITH_GRANT_OPTION' = <%= scope.function_template(['sqlserver/snippets/principal/permission/get_perm_state.sql.erb']) -%> - BEGIN - REVOKE GRANT OPTION FOR <%= permission %> TO [<%= @role %>] CASCADE; - END - <% end -%> - <%= @_state %> <%= permission %> TO [<%= @role %>]<% if @with_grant_option == true %> WITH GRANT OPTION<% end %>; -<% end %> diff --git a/templates/create/sp_configure.sql.epp b/templates/create/sp_configure.sql.epp new file mode 100644 index 00000000..b6424517 --- /dev/null +++ b/templates/create/sp_configure.sql.epp @@ -0,0 +1,8 @@ +DECLARE @return_value INT +EXECUTE @return_value = sp_configure @configname = N'<%= $config_name %>', @configvalue = <%= $value %> +IF @return_value != 0 + THROW 51000,'Unable to update `<%= $config_name %>`', 10 +<% if $reconfigure { -%> +ELSE + RECONFIGURE <% if $with_override { %>WITH OVERRIDE<% } %> +<% } -%> diff --git a/templates/create/sp_configure.sql.erb b/templates/create/sp_configure.sql.erb deleted file mode 100644 index 496b4ba1..00000000 --- a/templates/create/sp_configure.sql.erb +++ /dev/null @@ -1,8 +0,0 @@ -DECLARE @return_value INT -EXECUTE @return_value = sp_configure @configname = N'<%= @config_name %>', @configvalue = <%= @value %> -IF @return_value != 0 - THROW 51000,'Unable to update `<%= @config_name %>`', 10 -<% if @reconfigure -%> -ELSE - RECONFIGURE <% if @with_override %>WITH OVERRIDE<% end %> -<% end -%> diff --git a/templates/create/user/permission.sql.epp b/templates/create/user/permission.sql.epp new file mode 100644 index 00000000..d097e276 --- /dev/null +++ b/templates/create/user/permission.sql.epp @@ -0,0 +1,16 @@ +USE [<%= $database %>]; +DECLARE @perm_state varchar(250), @error_msg varchar(250), @permission varchar(250); +<% $permissions.each |$requested_permission| { %> + <% $permission = $requested_permission.upcase %> +SET @permission = '<%= $permission %>'; +BEGIN + <% if $with_grant_option == false { %> + IF 'GRANT_WITH_GRANT_OPTION' = <%= epp('sqlserver/snippets/user/permission/get_perm_state.sql.epp', { 'user' => $user }) %> + REVOKE GRANT OPTION FOR <%= $permission %> TO [<%= $user %>] CASCADE; + <% } %> + <%= $_state %> <%= $permission %> TO [<%= $user %>]<% if $with_grant_option == true { %> WITH GRANT OPTION<% } %>; +END +BEGIN + <%= epp('sqlserver/snippets/user/permission/exists.sql.epp', $user_permission_exists_parameters) %> +END +<% } %> diff --git a/templates/create/user/permission.sql.erb b/templates/create/user/permission.sql.erb deleted file mode 100644 index 641da46e..00000000 --- a/templates/create/user/permission.sql.erb +++ /dev/null @@ -1,17 +0,0 @@ -USE [<%= @database %>]; -DECLARE @perm_state varchar(250), @error_msg varchar(250), @permission varchar(250); -<% @permissions.each do |requested_permission| - permission = requested_permission.upcase -%> -SET @permission = '<%= permission %>' -BEGIN - <% if @with_grant_option == false %> - IF 'GRANT_WITH_GRANT_OPTION' = <%= scope.function_template(['sqlserver/snippets/user/permission/get_perm_state.sql.erb']) %> - REVOKE GRANT OPTION FOR <%= permission %> TO [<%= @user %>] CASCADE; - <% end %> - <%= @_state %> <%= permission %> TO [<%= @user %>]<% if @with_grant_option == true %> WITH GRANT OPTION<% end %>; -END -BEGIN - <%= scope.function_template(['sqlserver/snippets/user/permission/exists.sql.erb']) %> -END -<% end %> diff --git a/templates/delete/database.sql.erb b/templates/delete/database.sql.epp similarity index 71% rename from templates/delete/database.sql.erb rename to templates/delete/database.sql.epp index 37d2c6ed..56639322 100644 --- a/templates/delete/database.sql.erb +++ b/templates/delete/database.sql.epp @@ -1,11 +1,11 @@ USE [master]; /* Delete Database Backup and Restore History from MSDB System Database */ -EXEC msdb.dbo.sp_delete_database_backuphistory @database_name = N'<%= @db_name %>'; +EXEC msdb.dbo.sp_delete_database_backuphistory @database_name = N'<%= $db_name %>'; /* Query to Get Exclusive Access of SQL Server Database before Dropping the Database */ -ALTER DATABASE [<%= @db_name %>] SET SINGLE_USER WITH ROLLBACK IMMEDIATE; +ALTER DATABASE [<%= $db_name %>] SET SINGLE_USER WITH ROLLBACK IMMEDIATE; /* Query to Drop Database in SQL Server */ -DROP DATABASE [<%= @db_name %>]; +DROP DATABASE [<%= $db_name %>]; diff --git a/templates/delete/role.sql.epp b/templates/delete/role.sql.epp new file mode 100644 index 00000000..a0bf04c6 --- /dev/null +++ b/templates/delete/role.sql.epp @@ -0,0 +1,18 @@ +USE [<%= $database %>]; +BEGIN + DECLARE @cmd AS NVARCHAR(MAX) = N''; + + SELECT @cmd = @cmd + ' + ALTER <% if $type == 'SERVER' { %>SERVER <% } %>ROLE [<%= $role %>] DROP MEMBER ' + QUOTENAME(members.[name]) + ';' + FROM sys.<%= $type.downcase %>_role_members AS rolemembers + JOIN sys.<%= $type.downcase %>_principals AS roles + ON roles.[principal_id] = rolemembers.[role_principal_id] + JOIN sys.<%= $type.downcase %>_principals AS members + ON members.[principal_id] = rolemembers.[member_principal_id] + WHERE roles.name = '<%= $role %>' + + EXEC(@cmd); + + DROP <% if $type == 'SERVER' { %>SERVER <% } %>ROLE [<%= $role %>]; +END +<%= epp('sqlserver/query/role_exists.sql.epp', $query_role_exists_parameters) %> diff --git a/templates/delete/role.sql.erb b/templates/delete/role.sql.erb deleted file mode 100644 index 1352aa7e..00000000 --- a/templates/delete/role.sql.erb +++ /dev/null @@ -1,18 +0,0 @@ -USE [<%= @database %>]; -BEGIN - DECLARE @cmd AS NVARCHAR(MAX) = N''; - - SELECT @cmd = @cmd + ' - ALTER <% if @type == 'SERVER' %>SERVER <% end %>ROLE [<%= @role %>] DROP MEMBER ' + QUOTENAME(members.[name]) + ';' - FROM sys.<%= @type.downcase %>_role_members AS rolemembers - JOIN sys.<%= @type.downcase %>_principals AS roles - ON roles.[principal_id] = rolemembers.[role_principal_id] - JOIN sys.<%= @type.downcase %>_principals AS members - ON members.[principal_id] = rolemembers.[member_principal_id] - WHERE roles.name = '<%= @role %>' - - EXEC(@cmd); - - DROP <% if @type == 'SERVER' %>SERVER <% end %>ROLE [<%= @role %>]; -END -<%= scope.function_template(['sqlserver/query/role_exists.sql.erb']) %> diff --git a/templates/instance_config.epp b/templates/instance_config.epp new file mode 100644 index 00000000..e0259b1e --- /dev/null +++ b/templates/instance_config.epp @@ -0,0 +1,5 @@ +<% if $admin_login_type == 'SQL_LOGIN' { %> +{ "instance": "<%= $_instance %>","admin":"<%= $admin_user %>","pass":"<%= $admin_pass %>" } +<% }else { %> +{ "instance": "<%= $_instance %>","admin":"","pass":"" } +<% } %> diff --git a/templates/instance_config.erb b/templates/instance_config.erb deleted file mode 100644 index 9b9f75ad..00000000 --- a/templates/instance_config.erb +++ /dev/null @@ -1,5 +0,0 @@ -<%- if @admin_login_type == 'SQL_LOGIN' %> -{ "instance": "<%= @_instance %>","admin":"<%= @admin_user %>","pass":"<%= @admin_pass %>" } -<%- else %> -{ "instance": "<%= @_instance %>","admin":"","pass":"" } -<%- end %> diff --git a/templates/query/database_exists.sql.epp b/templates/query/database_exists.sql.epp new file mode 100644 index 00000000..bc68c8fe --- /dev/null +++ b/templates/query/database_exists.sql.epp @@ -0,0 +1,43 @@ +-- QUICK CHECK before most costly query +IF <% if $ensure == 'present' { %>NOT<% } %> EXISTS(SELECT name from sys.databases WHERE name = '<%= $db_name %>') + THROW 51000, 'The database does <% if $ensure == 'present' { %>not<% } %> exist', 10 +<% if $ensure == 'present' { %> + <%= epp("sqlserver/snippets/database/containment_exists.sql.epp", $database_check_exists_parameters['containment']) %> + THROW 51000, 'Database property containment not in correct state', 10 + <%= epp("sqlserver/snippets/database/compatibility_exists.sql.epp", $database_check_exists_parameters['compatibility']) %> + THROW 51000, 'Database property compatibility not in correct state', 10 + <% if $collation_name { %> + <%= epp("sqlserver/snippets/database/collation_exists.sql.epp", $database_check_exists_parameters['collation']) %> + THROW 51000, 'Database property collation not in correct state', 10 + <% } %> + <% if $containment == 'PARTIAL' { %> + <% if $default_fulltext_language { %> + <%= epp("sqlserver/snippets/database/default_fulltext_language_exists.sql.epp", $database_check_exists_parameters['default_fulltext_language']) %> + THROW 51000, 'Database property default_fulltext_language not in correct state', 10 + <% } %> + <% if $default_language { %> + <%= epp("sqlserver/snippets/database/default_language_exists.sql.epp", $database_check_exists_parameters['default_language']) %> + THROW 51000, 'Database property default_language not in correct state', 10 + <% } %> + <% if $db_chaining { %> + <%= epp("sqlserver/snippets/database/db_chaining_exists.sql.epp", $database_check_exists_parameters['db_chaining']) %> + THROW 51000, 'Database property db_chaining not in correct state', 10 + <% } %> + <% if $nested_triggers { %> + <%= epp("sqlserver/snippets/database/nested_triggers_exists.sql.epp", $database_check_exists_parameters['nested_triggers']) %> + THROW 51000, 'Database property nested_triggers not in correct state', 10 + <% } %> + <% if $transform_noise_words { %> + <%= epp("sqlserver/snippets/database/transform_noise_words_exists.sql.epp", $database_check_exists_parameters['transform_noise_words']) %> + THROW 51000, 'Database property transform_noise_words not in correct state', 10 + <% } %> + <% if $trustworthy { %> + <%= epp("sqlserver/snippets/database/trustworthy_exists.sql.epp", $database_check_exists_parameters['trustworthy']) %> + THROW 51000, 'Database property trustworthy not in correct state', 10 + <% } %> + <% if $two_digit_year_cutoff { %> + <%= epp("sqlserver/snippets/database/two_digit_year_cutoff_exists.sql.epp", $database_check_exists_parameters['two_digit_year_cutoff']) %> + THROW 51000, 'Database property two_digit_year_cutoff not in correct state', 10 + <% } %> + <% } %> +<% } %> diff --git a/templates/query/database_exists.sql.erb b/templates/query/database_exists.sql.erb deleted file mode 100644 index 640dbe2d..00000000 --- a/templates/query/database_exists.sql.erb +++ /dev/null @@ -1,24 +0,0 @@ --- QUICK CHECK before most costly query -IF <% if @ensure == 'present' %>NOT<% end %> EXISTS(SELECT name from sys.databases WHERE name = '<%= @db_name %>') - THROW 51000, 'The database does <% if @ensure == 'present' %>not<% end %> exist', 10 -<% if @ensure == 'present' - checkTemplates = [] - checkTemplates << 'containment' - checkTemplates << 'compatibility' - checkTemplates << 'collation' if @collation_name %> -<% if @containment == 'PARTIAL' - checkTemplates << 'default_fulltext_language' if @default_fulltext_language - checkTemplates << 'default_language' if @default_language - checkTemplates << 'db_chaining' if @db_chaining - checkTemplates << 'nested_triggers' if @nested_triggers - checkTemplates << 'transform_noise_words' if @transform_noise_words - checkTemplates << 'trustworthy' if @trustworthy - checkTemplates << 'two_digit_year_cutoff' if @two_digit_year_cutoff - end -%> -<%-checkTemplates.each do |check| -%> -<%= scope.function_template(["sqlserver/snippets/database/#{check}_exists.sql.erb"]) %> - THROW 51000, 'Database property <%= check %> not in correct state', 10 -<%- end -%> -<% end - #end ensure present section - -%> diff --git a/templates/query/login/permission_exists.sql.epp b/templates/query/login/permission_exists.sql.epp new file mode 100644 index 00000000..b67d7047 --- /dev/null +++ b/templates/query/login/permission_exists.sql.epp @@ -0,0 +1,7 @@ +USE [master]; +DECLARE @perm_state varchar(250), @error_msg varchar(250), @permission varchar(250); +<% $permissions.each |$requested_permission| { -%> + <% $permission = $requested_permission.upcase %> +SET @permission = '<%= $permission %>' +<%= epp('sqlserver/snippets/login/permission/exists.sql.epp', $login_permission_exists_parameters) %> +<% } %> diff --git a/templates/query/login/permission_exists.sql.erb b/templates/query/login/permission_exists.sql.erb deleted file mode 100644 index d45bd27e..00000000 --- a/templates/query/login/permission_exists.sql.erb +++ /dev/null @@ -1,8 +0,0 @@ -USE [master]; -DECLARE @perm_state varchar(250), @error_msg varchar(250), @permission varchar(250); -<% @permissions.each do |requested_permission| - permission = requested_permission.upcase -%> -SET @permission = '<%= permission %>' -<%= scope.function_template(['sqlserver/snippets/login/permission/exists.sql.erb']) %> -<% end %> diff --git a/templates/query/login_exists.sql.erb b/templates/query/login_exists.sql.epp similarity index 57% rename from templates/query/login_exists.sql.erb rename to templates/query/login_exists.sql.epp index 95e0560e..e3598d0b 100644 --- a/templates/query/login_exists.sql.erb +++ b/templates/query/login_exists.sql.epp @@ -1,18 +1,18 @@ DECLARE - @login as varchar(255) = '<%= @login %>', - @is_disabled as tinyint = <%= @disabled ? 1 : 0 %>, - @connect_sql_perm as char(1) = '<%= @disabled ? 'D' : 'G' %>', - @check_expiration as tinyint = <%= @check_expiration ? 1 : 0 %>, - @check_policy as tinyint = <%= @check_policy ? 1 : 0 %>, - @type_desc as varchar(50) = '<%= @login_type %>', - @default_db as varchar(255) = '<%= @default_database %>', - @default_lang as varchar(50) = '<%= @default_language %>', + @login as varchar(255) = '<%= $login %>', + @is_disabled as tinyint = <% if $disabled { %><%=1%><% }else { %><%=0%><% } %>, + @connect_sql_perm as char(1) = '<% if $disabled { %><%='D'%><% }else { %><%='G'%><% } %>', + @check_expiration as tinyint = <% if $check_expiration { %><%=1%><% }else { %><%=0%><% } %>, + @check_policy as tinyint = <% if $check_policy { %><%=1%><% }else { %><%=0%><% } %>, + @type_desc as varchar(50) = '<%= $login_type %>', + @default_db as varchar(255) = '<%= $default_database %>', + @default_lang as varchar(50) = '<%= $default_language %>', @principal_type as varchar(255) = NULL; -IF <% if @ensure == 'present' %>NOT<% end %> EXISTS(SELECT name FROM sys.server_principals WHERE name = '<%= @login %>') - THROW 51000, 'ERROR: The login is not <%= @ensure %>', 10 +IF <% if $ensure == 'present' { %>NOT<% } %> EXISTS(SELECT name FROM sys.server_principals WHERE name = '<%= $login %>') + THROW 51000, 'ERROR: The login is not <%= $ensure %>', 10 -<% if @ensure == 'present' %> +<% if $ensure == 'present' { %> BEGIN /* Check if account exists in the correct state */ SET @principal_type = (SELECT p.[type] FROM sys.server_principals p @@ -23,19 +23,19 @@ SET @principal_type = (SELECT p.[type] FROM sys.server_principals p AND p.default_language_name = @default_lang -- Only check disabled status if it's not a WINDOWS_GROUP AND (p.type_desc = 'WINDOWS_GROUP' OR p.is_disabled = @is_disabled) - <% if @login_type == 'SQL_LOGIN' %> + <% if $login_type == 'SQL_LOGIN' { %> AND s.is_policy_checked = @check_policy AND s.is_expiration_checked = @check_expiration - <% end %> - <% if @login_type == 'WINDOWS_LOGIN' %> + <% } %> + <% if $login_type == 'WINDOWS_LOGIN' { %> AND ((p.type_desc = 'WINDOWS_LOGIN') OR (p.type_desc = 'WINDOWS_GROUP')) - <% else %> + <% }else { %> AND p.type_desc = @type_desc - <% end %> + <% } %> ) IF (@principal_type IS NULL) THROW 51000, 'ERROR: The login is not in the correct state', 10 -<% if @login_type == 'WINDOWS_LOGIN' %> +<% if $login_type == 'WINDOWS_LOGIN' { %> /* Look for the CONNECT SQL server permission on the WINDOWS_GROUP */ IF (@principal_type = 'G') BEGIN @@ -48,19 +48,19 @@ BEGIN AND sp.state = @connect_sql_perm ) THROW 51000, 'ERROR: The group login is not in the correct state', 10 END -<% end %> +<% } %> /* If it does exist check for each role is in the correct state */ -<% @svrroles.each do |role, enable_bit| %> +<% $svrroles.each |$role, $enable_bit| { %> IF (SELECT COUNT(me.role_principal_id) from sys.server_role_members me JOIN sys.server_principals rol ON me.role_principal_id = rol.principal_id JOIN sys.server_principals pri ON me.member_principal_id = pri.principal_id WHERE rol.type_desc = 'SERVER_ROLE' - AND rol.name = '<%= role %>' - AND pri.name = '<%= @login %>') != <%= enable_bit %> - THROW 51000, 'ERROR: a role is not correct for <%= role %>', 10 -<% end %> + AND rol.name = '<%= $role %>' + AND pri.name = '<%= $login %>') != <%= $enable_bit %> + THROW 51000, 'ERROR: a role is not correct for <%= $role %>', 10 +<% } %> END -<% end %> +<% } %> diff --git a/templates/query/role/member_exists.sql.epp b/templates/query/role/member_exists.sql.epp new file mode 100644 index 00000000..4c34e2d3 --- /dev/null +++ b/templates/query/role/member_exists.sql.epp @@ -0,0 +1,22 @@ +USE [<%= $database %>]; +DECLARE + @role varchar(128) = '<%= $role %>', + @member varchar(128), + @error_msg varchar(250); + +<% $members.each |$member| { -%> +SET @member = '<%= $member %>'; +SET @error_msg = 'The member [<%= $member %>] is <% if $ensure == 'present' { %>not <% } %>a member of the role [<%=$role %>]'; +<%= epp('sqlserver/snippets/role/member_exists.sql.epp', { 'type' => $type }) -%> + THROW 51000, @error_msg, 10; +<% } %> + +<% if $members_purge { %> +IF EXISTS( +SELECT m.name FROM sys.<%= $type.downcase %>_role_members rm + JOIN sys.<%= $type.downcase %>_principals r ON rm.role_principal_id = r.principal_id + JOIN sys.<%= $type.downcase %>_principals m ON rm.member_principal_id = m.principal_id + WHERE r.name = '<%= $role %>' + <% if !$members.empty { %>AND m.name NOT IN (<%= $members.map |$m| { "'${m}'" }.join(',') %>)<% } %> +) THROW 51000, 'Unlisted Members in Role, will be purged', 10; +<% } %> diff --git a/templates/query/role/member_exists.sql.erb b/templates/query/role/member_exists.sql.erb deleted file mode 100644 index d532083b..00000000 --- a/templates/query/role/member_exists.sql.erb +++ /dev/null @@ -1,22 +0,0 @@ -USE [<%= @database %>]; -DECLARE - @role varchar(128) = '<%= @role %>', - @member varchar(128), - @error_msg varchar(250); - -<% @members.each do |member| %> -SET @member = '<%= member %>'; -SET @error_msg = 'The member [<%= member %>] is <% if @ensure == 'present'%>not <% end %>a member of the role [<%=@role %>]'; -<%= scope.function_template(['sqlserver/snippets/role/member_exists.sql.erb']) -%> - THROW 51000, @error_msg, 10; -<% end -%> - -<% if @members_purge %> -IF EXISTS( -SELECT m.name FROM sys.<%= @type.downcase %>_role_members rm - JOIN sys.<%= @type.downcase %>_principals r ON rm.role_principal_id = r.principal_id - JOIN sys.<%= @type.downcase %>_principals m ON rm.member_principal_id = m.principal_id - WHERE r.name = '<%= @role %>' - <% if !@members.empty? %>AND m.name NOT IN (<%= @members.collect{|m| "'#{m}'"}.join(',') %>)<% end %> -) THROW 51000, 'Unlisted Members in Role, will be purged', 10; -<% end -%> diff --git a/templates/query/role/permission_exists.sql.epp b/templates/query/role/permission_exists.sql.epp new file mode 100644 index 00000000..18270a1d --- /dev/null +++ b/templates/query/role/permission_exists.sql.epp @@ -0,0 +1,8 @@ +USE [<%= $database %>]; +<%= epp('sqlserver/snippets/role/declare_and_set_variables.sql.epp', $role_declare_and_set_variables_parameters) -%> + +<% $permissions.each |$requested_permission| { %> + <% $permission = $requested_permission.upcase %> +SET @permission = '<%= $permission %>'; +<%= epp('sqlserver/snippets/principal/permission/exists.sql.epp', { 'type' => $type }) -%> +<% } %> diff --git a/templates/query/role/permission_exists.sql.erb b/templates/query/role/permission_exists.sql.erb deleted file mode 100644 index 37eebcfe..00000000 --- a/templates/query/role/permission_exists.sql.erb +++ /dev/null @@ -1,9 +0,0 @@ -USE [<%= @database %>]; -<%= scope.function_template(['sqlserver/snippets/role/declare_and_set_variables.sql.erb']) -%> - -<% @permissions.each do |requested_permission| - permission = requested_permission.upcase -%> -SET @permission = '<%= permission %>'; -<%= scope.function_template(['sqlserver/snippets/principal/permission/exists.sql.erb']) -%> -<% end -%> diff --git a/templates/query/role_exists.sql.epp b/templates/query/role_exists.sql.epp new file mode 100644 index 00000000..7597dfc9 --- /dev/null +++ b/templates/query/role_exists.sql.epp @@ -0,0 +1,7 @@ +USE [<%= $database %>]; +<%= epp('sqlserver/snippets/role/exists.sql.epp', $role_exists_parameters) %> + THROW 51000, 'The <%= $type %> ROLE [<%= $role %>] does <% if $ensure == 'present' { %>not<% } %> exist', 10 +<% if $ensure == 'present' and $authorization { -%> + <%= epp('sqlserver/snippets/role/owner_check.sql.epp', $role_owner_check_parameters) %> + THROW 51000, 'The <%= $type %> ROLE [<%= $role %>] does not have the correct owner of [<%= $authorization %>]', 10 +<% } %> diff --git a/templates/query/role_exists.sql.erb b/templates/query/role_exists.sql.erb deleted file mode 100644 index 61ed61a0..00000000 --- a/templates/query/role_exists.sql.erb +++ /dev/null @@ -1,7 +0,0 @@ -USE [<%= @database %>]; -<%= scope.function_template(['sqlserver/snippets/role/exists.sql.erb']) %> - THROW 51000, 'The <%= @type %> ROLE [<%= @role %>] does <% if @ensure == 'present' %>not<% end %> exist', 10 -<% if @ensure == 'present' && @authorization -%> - <%= scope.function_template(['sqlserver/snippets/role/owner_check.sql.erb']) %> - THROW 51000, 'The <%= @type %> ROLE [<%= @role %>] does not have the correct owner of [<%= @authorization %>]', 10 -<% end -%> diff --git a/templates/query/sp_configure.sql.epp b/templates/query/sp_configure.sql.epp new file mode 100644 index 00000000..fdf15a5d --- /dev/null +++ b/templates/query/sp_configure.sql.epp @@ -0,0 +1,3 @@ +USE master; +IF EXISTS(SELECT * FROM sys.configurations WHERE name = '<%= $config_name %>' AND value_in_use != <%= $value %>) + THROW 51000, 'sp_configure `<%= $config_name %>` is not in the correct state', 10 diff --git a/templates/query/sp_configure.sql.erb b/templates/query/sp_configure.sql.erb deleted file mode 100644 index b6db5e8d..00000000 --- a/templates/query/sp_configure.sql.erb +++ /dev/null @@ -1,3 +0,0 @@ -USE master; -IF EXISTS(SELECT * FROM sys.configurations WHERE name = '<%= @config_name %>' AND value_in_use != <%= @value %>) - THROW 51000, 'sp_configure `<%= @config_name %>` is not in the correct state', 10 diff --git a/templates/query/user/permission_exists.sql.epp b/templates/query/user/permission_exists.sql.epp new file mode 100644 index 00000000..3d99358d --- /dev/null +++ b/templates/query/user/permission_exists.sql.epp @@ -0,0 +1,7 @@ +USE [<%= $database %>]; + +DECLARE @perm_state varchar(250), @error_msg varchar(250), @permission varchar(250); +<% $permissions.each |$requested_permission| { %> + <% $permission = $requested_permission.upcase %> +<%= epp('sqlserver/snippets/user/permission/exists.sql.epp', $user_permission_exists_parameters) %> +<% } %> diff --git a/templates/query/user/permission_exists.sql.erb b/templates/query/user/permission_exists.sql.erb deleted file mode 100644 index 6faad555..00000000 --- a/templates/query/user/permission_exists.sql.erb +++ /dev/null @@ -1,9 +0,0 @@ -USE [<%= @database %>]; - -DECLARE @perm_state varchar(250), @error_msg varchar(250), @permission varchar(250); -<% @permissions.each do |requested_permission| - permission = requested_permission.upcase -%> -SET @permission = '<%= permission %>' -<%= scope.function_template(['sqlserver/snippets/user/permission/exists.sql.erb']) %> -<% end %> diff --git a/templates/query/user_exists.sql.epp b/templates/query/user_exists.sql.epp new file mode 100644 index 00000000..31bc944d --- /dev/null +++ b/templates/query/user_exists.sql.epp @@ -0,0 +1,4 @@ +-- Need to use exec instead of use statement as this will trigger try catch +USE [<%= $database %>]; +IF <% if $ensure == 'present' { %>NOT<% } %> EXISTS(SELECT name FROM sys.database_principals WHERE type in ('U','S','G') AND name = '<%= $user %>') + THROW 51000, 'User [<%= $user %>] does not exist for database [<%= $database %>]', 10 diff --git a/templates/query/user_exists.sql.erb b/templates/query/user_exists.sql.erb deleted file mode 100644 index 7fa0af5a..00000000 --- a/templates/query/user_exists.sql.erb +++ /dev/null @@ -1,4 +0,0 @@ --- Need to use exec instead of use statement as this will trigger try catch -USE [<%= @database %>]; -IF <% if @ensure == 'present' %>NOT<% end %> EXISTS(SELECT name FROM sys.database_principals WHERE type in ('U','S','G') AND name = '<%= @user %>') - THROW 51000, 'User [<%= @user %>] does not exist for database [<%= @database %>]', 10 diff --git a/templates/restart_service.ps1.epp b/templates/restart_service.ps1.epp new file mode 100644 index 00000000..3da46b81 --- /dev/null +++ b/templates/restart_service.ps1.epp @@ -0,0 +1,2 @@ +Restart-Service -Name '<%= $service_name %>' -Force + diff --git a/templates/restart_service.ps1.erb b/templates/restart_service.ps1.erb deleted file mode 100644 index 69921225..00000000 --- a/templates/restart_service.ps1.erb +++ /dev/null @@ -1,2 +0,0 @@ -Restart-Service -Name '<%= @service_name %>' -Force - diff --git a/templates/snippets/database/collation_exists.sql.epp b/templates/snippets/database/collation_exists.sql.epp new file mode 100644 index 00000000..d2fc786b --- /dev/null +++ b/templates/snippets/database/collation_exists.sql.epp @@ -0,0 +1 @@ +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND collation_name = '<%= $collation_name %>') diff --git a/templates/snippets/database/collation_exists.sql.erb b/templates/snippets/database/collation_exists.sql.erb deleted file mode 100644 index 90340282..00000000 --- a/templates/snippets/database/collation_exists.sql.erb +++ /dev/null @@ -1 +0,0 @@ -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND collation_name = '<%= @collation_name %>') diff --git a/templates/snippets/database/compatibility_exists.sql.epp b/templates/snippets/database/compatibility_exists.sql.epp new file mode 100644 index 00000000..56cc80d6 --- /dev/null +++ b/templates/snippets/database/compatibility_exists.sql.epp @@ -0,0 +1 @@ +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND compatibility_level = <%= $compatibility %>) diff --git a/templates/snippets/database/compatibility_exists.sql.erb b/templates/snippets/database/compatibility_exists.sql.erb deleted file mode 100644 index 7d8e45fc..00000000 --- a/templates/snippets/database/compatibility_exists.sql.erb +++ /dev/null @@ -1 +0,0 @@ -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND compatibility_level = <%= @compatibility %>) diff --git a/templates/snippets/database/containment_exists.sql.epp b/templates/snippets/database/containment_exists.sql.epp new file mode 100644 index 00000000..a04a3f8a --- /dev/null +++ b/templates/snippets/database/containment_exists.sql.epp @@ -0,0 +1 @@ +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND containment_desc = '<%= $containment %>') diff --git a/templates/snippets/database/containment_exists.sql.erb b/templates/snippets/database/containment_exists.sql.erb deleted file mode 100644 index 4a140ea8..00000000 --- a/templates/snippets/database/containment_exists.sql.erb +++ /dev/null @@ -1 +0,0 @@ -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND containment_desc = '<%= @containment %>') diff --git a/templates/snippets/database/db_chaining_exists.sql.epp b/templates/snippets/database/db_chaining_exists.sql.epp new file mode 100644 index 00000000..b087c9ca --- /dev/null +++ b/templates/snippets/database/db_chaining_exists.sql.epp @@ -0,0 +1 @@ +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND is_db_chaining_on = <% if $db_chaining == 'ON' { %><%=1%><% }else { %><%=0%><% } %>) diff --git a/templates/snippets/database/db_chaining_exists.sql.erb b/templates/snippets/database/db_chaining_exists.sql.erb deleted file mode 100644 index 29d21339..00000000 --- a/templates/snippets/database/db_chaining_exists.sql.erb +++ /dev/null @@ -1 +0,0 @@ -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND is_db_chaining_on = <%= @db_chaining == 'ON' ? 1 : 0 %>) diff --git a/templates/snippets/database/default_fulltext_language_exists.sql.erb b/templates/snippets/database/default_fulltext_language_exists.sql.epp similarity index 50% rename from templates/snippets/database/default_fulltext_language_exists.sql.erb rename to templates/snippets/database/default_fulltext_language_exists.sql.epp index 5b13c6ba..88689084 100644 --- a/templates/snippets/database/default_fulltext_language_exists.sql.erb +++ b/templates/snippets/database/default_fulltext_language_exists.sql.epp @@ -1,3 +1,3 @@ DECLARE @default_fulltext_lcid as INT -SELECT @default_fulltext_lcid = CONVERT(INT, lcid) FROM sys.syslanguages WHERE name = N'<%= @default_fulltext_language %>' OR alias = N'<%= @default_fulltext_language %>' -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND default_fulltext_language_lcid = @default_fulltext_lcid) +SELECT @default_fulltext_lcid = CONVERT(INT, lcid) FROM sys.syslanguages WHERE name = N'<%= $default_fulltext_language %>' OR alias = N'<%= $default_fulltext_language %>' +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND default_fulltext_language_lcid = @default_fulltext_lcid) diff --git a/templates/snippets/database/default_language_exists.sql.erb b/templates/snippets/database/default_language_exists.sql.epp similarity index 52% rename from templates/snippets/database/default_language_exists.sql.erb rename to templates/snippets/database/default_language_exists.sql.epp index 839dc8c1..60589015 100644 --- a/templates/snippets/database/default_language_exists.sql.erb +++ b/templates/snippets/database/default_language_exists.sql.epp @@ -1,3 +1,3 @@ DECLARE @default_language_lcid as INT -SELECT @default_language_lcid = CONVERT(INT,lcid) FROM sys.syslanguages WHERE name = N'<%= @default_language %>' OR alias = N'<%= @default_language %>' -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND DEFAULT_LANGUAGE_LCID = @default_language_lcid) +SELECT @default_language_lcid = CONVERT(INT,lcid) FROM sys.syslanguages WHERE name = N'<%= $default_language %>' OR alias = N'<%= $default_language %>' +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND DEFAULT_LANGUAGE_LCID = @default_language_lcid) diff --git a/templates/snippets/database/nested_triggers_exists.sql.epp b/templates/snippets/database/nested_triggers_exists.sql.epp new file mode 100644 index 00000000..062b20e3 --- /dev/null +++ b/templates/snippets/database/nested_triggers_exists.sql.epp @@ -0,0 +1 @@ +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND is_nested_triggers_on = <% if $nested_triggers == 'ON' { %><%=1%><% }else { %><%=0%><% } %>) diff --git a/templates/snippets/database/nested_triggers_exists.sql.erb b/templates/snippets/database/nested_triggers_exists.sql.erb deleted file mode 100644 index 59a3a4c2..00000000 --- a/templates/snippets/database/nested_triggers_exists.sql.erb +++ /dev/null @@ -1 +0,0 @@ -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND is_nested_triggers_on = <%= @nested_triggers == 'ON' ? 1 : 0 %>) diff --git a/templates/snippets/database/transform_noise_words_exists.sql.epp b/templates/snippets/database/transform_noise_words_exists.sql.epp new file mode 100644 index 00000000..113b4f0c --- /dev/null +++ b/templates/snippets/database/transform_noise_words_exists.sql.epp @@ -0,0 +1 @@ +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND is_transform_noise_words_on = <% if $transform_noise_words == 'ON' { %><%=1%><% }else { %><%=0%><% } %>) diff --git a/templates/snippets/database/transform_noise_words_exists.sql.erb b/templates/snippets/database/transform_noise_words_exists.sql.erb deleted file mode 100644 index 753ad376..00000000 --- a/templates/snippets/database/transform_noise_words_exists.sql.erb +++ /dev/null @@ -1 +0,0 @@ -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND is_transform_noise_words_on = <%= @transform_noise_words == 'ON' ? 1 : 0 %>) diff --git a/templates/snippets/database/trustworthy_exists.sql.epp b/templates/snippets/database/trustworthy_exists.sql.epp new file mode 100644 index 00000000..14de8f84 --- /dev/null +++ b/templates/snippets/database/trustworthy_exists.sql.epp @@ -0,0 +1 @@ +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= $db_name %>' AND is_trustworthy_on = <% if $trustworthy == 'ON' { %><%=1%><% }else { %><%=0%><% } %>) diff --git a/templates/snippets/database/trustworthy_exists.sql.erb b/templates/snippets/database/trustworthy_exists.sql.erb deleted file mode 100644 index ac6b1369..00000000 --- a/templates/snippets/database/trustworthy_exists.sql.erb +++ /dev/null @@ -1 +0,0 @@ -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = '<%= @db_name %>' AND is_trustworthy_on = <%= @trustworthy == 'ON' ? 1 : 0 %>) diff --git a/templates/snippets/database/two_digit_year_cutoff_exists.sql.erb b/templates/snippets/database/two_digit_year_cutoff_exists.sql.epp similarity index 52% rename from templates/snippets/database/two_digit_year_cutoff_exists.sql.erb rename to templates/snippets/database/two_digit_year_cutoff_exists.sql.epp index 3c77b722..b66e055d 100644 --- a/templates/snippets/database/two_digit_year_cutoff_exists.sql.erb +++ b/templates/snippets/database/two_digit_year_cutoff_exists.sql.epp @@ -1 +1 @@ -IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = N'<%= @db_name %>' AND two_digit_year_cutoff = <%= @two_digit_year_cutoff %>) +IF NOT EXISTS(SELECT name FROM sys.databases WHERE name = N'<%= $db_name %>' AND two_digit_year_cutoff = <%= $two_digit_year_cutoff %>) diff --git a/templates/snippets/login/get_perm_state.sql.erb b/templates/snippets/login/get_perm_state.sql.epp similarity index 87% rename from templates/snippets/login/get_perm_state.sql.erb rename to templates/snippets/login/get_perm_state.sql.epp index 82b3b4a3..6a54df4f 100644 --- a/templates/snippets/login/get_perm_state.sql.erb +++ b/templates/snippets/login/get_perm_state.sql.epp @@ -2,6 +2,6 @@ ISNULL( (SELECT perm.state_desc FROM sys.server_permissions perm JOIN sys.server_principals princ ON princ.principal_id = perm.grantee_principal_id WHERE princ.type IN ('U','S','G') - AND princ.name = '<%= @login %>' + AND princ.name = '<%= $login %>' AND perm.permission_name = @permission), 'REVOKE') diff --git a/templates/snippets/login/permission/exists.sql.epp b/templates/snippets/login/permission/exists.sql.epp new file mode 100644 index 00000000..9737964a --- /dev/null +++ b/templates/snippets/login/permission/exists.sql.epp @@ -0,0 +1,4 @@ +SET @perm_state = <%= epp('sqlserver/snippets/login/get_perm_state.sql.epp', { 'login' => $login }) %>; +SET @error_msg = 'EXPECTED login [<%= $login %>] to have permission [' + @permission + '] with <%= $_state %> but got ' + @perm_state; +IF @perm_state != '<% if $with_grant_option == true { %>GRANT_WITH_GRANT_OPTION<% }else { %><%= $_state %><% } %>' + THROW 51000, @error_msg, 10; diff --git a/templates/snippets/login/permission/exists.sql.erb b/templates/snippets/login/permission/exists.sql.erb deleted file mode 100644 index b0ab2ae3..00000000 --- a/templates/snippets/login/permission/exists.sql.erb +++ /dev/null @@ -1,4 +0,0 @@ -SET @perm_state = <%= scope.function_template(['sqlserver/snippets/login/get_perm_state.sql.erb']) %>; -SET @error_msg = 'EXPECTED login [<%= @login %>] to have permission [' + @permission + '] with <%= @_state %> but got ' + @perm_state; -IF @perm_state != '<% if @with_grant_option == true %>GRANT_WITH_GRANT_OPTION<% else %><%= @_state %><% end %>' - THROW 51000, @error_msg, 10; diff --git a/templates/snippets/principal/permission/exists.sql.erb b/templates/snippets/principal/permission/exists.sql.epp similarity index 63% rename from templates/snippets/principal/permission/exists.sql.erb rename to templates/snippets/principal/permission/exists.sql.epp index 6d609a4e..504b8cce 100644 --- a/templates/snippets/principal/permission/exists.sql.erb +++ b/templates/snippets/principal/permission/exists.sql.epp @@ -1,4 +1,4 @@ -SET @perm_state = <%= scope.function_template(['sqlserver/snippets/principal/permission/get_perm_state.sql.erb']) -%>; +SET @perm_state = <%= epp('sqlserver/snippets/principal/permission/get_perm_state.sql.epp', { 'type' => $type }) -%>; SET @error_msg = 'EXPECTED [' + @princ_name + '] to have permission [' + @permission + '] with ' + @state_desc + ' but got ' + @perm_state; IF @perm_state != @state_desc THROW 51000, @error_msg, 10; diff --git a/templates/snippets/principal/permission/get_perm_state.sql.erb b/templates/snippets/principal/permission/get_perm_state.sql.epp similarity index 54% rename from templates/snippets/principal/permission/get_perm_state.sql.erb rename to templates/snippets/principal/permission/get_perm_state.sql.epp index 73d0ec30..000b7e8b 100644 --- a/templates/snippets/principal/permission/get_perm_state.sql.erb +++ b/templates/snippets/principal/permission/get_perm_state.sql.epp @@ -1,6 +1,6 @@ ISNULL( - (SELECT state_desc FROM sys.<%= @type.downcase %>_permissions prem - JOIN sys.<%= @type.downcase %>_principals r ON r.principal_id = prem.grantee_principal_id + (SELECT state_desc FROM sys.<%= $type.downcase %>_permissions prem + JOIN sys.<%= $type.downcase %>_principals r ON r.principal_id = prem.grantee_principal_id WHERE r.name = @princ_name AND r.type_desc = @princ_type AND prem.permission_name = @permission), 'REVOKE') diff --git a/templates/snippets/role/declare_and_set_variables.sql.epp b/templates/snippets/role/declare_and_set_variables.sql.epp new file mode 100644 index 00000000..a707bd44 --- /dev/null +++ b/templates/snippets/role/declare_and_set_variables.sql.epp @@ -0,0 +1,11 @@ +DECLARE + @perm_state varchar(250), + @error_msg varchar(250), + @permission varchar(250), + @princ_name varchar(50), + @princ_type varchar(50), + @state_desc varchar(50); + +SET @princ_type = '<%= $type.upcase %>_ROLE'; +SET @princ_name = '<%= $role %>'; +SET @state_desc = '<% if $with_grant_option == true { %>GRANT_WITH_GRANT_OPTION<% }else { %><%= $_state %><% } %>'; diff --git a/templates/snippets/role/declare_and_set_variables.sql.erb b/templates/snippets/role/declare_and_set_variables.sql.erb deleted file mode 100644 index b92fad95..00000000 --- a/templates/snippets/role/declare_and_set_variables.sql.erb +++ /dev/null @@ -1,11 +0,0 @@ -DECLARE - @perm_state varchar(250), - @error_msg varchar(250), - @permission varchar(250), - @princ_name varchar(50), - @princ_type varchar(50), - @state_desc varchar(50); - -SET @princ_type = '<%= @type.upcase %>_ROLE'; -SET @princ_name = '<%= @role %>'; -SET @state_desc = '<% if @with_grant_option == true %>GRANT_WITH_GRANT_OPTION<% else %><%= @_state %><% end %>'; diff --git a/templates/snippets/role/exists.sql.epp b/templates/snippets/role/exists.sql.epp new file mode 100644 index 00000000..e30d2d8c --- /dev/null +++ b/templates/snippets/role/exists.sql.epp @@ -0,0 +1,3 @@ +IF <% if $ensure == 'present' { %>NOT <% } %>EXISTS( + SELECT name FROM sys.<%= $type.downcase %>_principals WHERE type_desc = '<%= $type %>_ROLE' AND name = '<%= $role %>' +) diff --git a/templates/snippets/role/exists.sql.erb b/templates/snippets/role/exists.sql.erb deleted file mode 100644 index e3c7a18b..00000000 --- a/templates/snippets/role/exists.sql.erb +++ /dev/null @@ -1,3 +0,0 @@ -IF <% if @ensure == 'present' %>NOT <% end %>EXISTS( - SELECT name FROM sys.<%= @type.downcase %>_principals WHERE type_desc = '<%= @type %>_ROLE' AND name = '<%= @role %>' -) diff --git a/templates/snippets/role/member_exists.sql.epp b/templates/snippets/role/member_exists.sql.epp new file mode 100644 index 00000000..7e0442bd --- /dev/null +++ b/templates/snippets/role/member_exists.sql.epp @@ -0,0 +1,5 @@ +IF NOT EXISTS ( + SELECT r.name [Role], m.name [Member] FROM sys.<%= $type.downcase %>_role_members rm + JOIN sys.<%= $type.downcase %>_principals r ON rm.role_principal_id = r.principal_id + JOIN sys.<%= $type.downcase %>_principals m ON rm.member_principal_id = m.principal_id + WHERE r.name = @role AND m.name = @member) diff --git a/templates/snippets/role/member_exists.sql.erb b/templates/snippets/role/member_exists.sql.erb deleted file mode 100644 index 124dad35..00000000 --- a/templates/snippets/role/member_exists.sql.erb +++ /dev/null @@ -1,5 +0,0 @@ -IF NOT EXISTS ( - SELECT r.name [Role], m.name [Member] FROM sys.<%= @type.downcase %>_role_members rm - JOIN sys.<%= @type.downcase %>_principals r ON rm.role_principal_id = r.principal_id - JOIN sys.<%= @type.downcase %>_principals m ON rm.member_principal_id = m.principal_id - WHERE r.name = @role AND m.name = @member) diff --git a/templates/snippets/role/owner_check.sql.epp b/templates/snippets/role/owner_check.sql.epp new file mode 100644 index 00000000..17085e7c --- /dev/null +++ b/templates/snippets/role/owner_check.sql.epp @@ -0,0 +1,4 @@ +IF NOT EXISTS( + SELECT p.name,r.name FROM sys.<%= $type.downcase %>_principals r + JOIN sys.<%= $type.downcase %>_principals p ON p.principal_id = r.owning_principal_id + WHERE r.type_desc = '<%= $type.upcase %>_ROLE' AND p.name = '<%= $authorization %>' AND r.name = '<%= $role %>') diff --git a/templates/snippets/role/owner_check.sql.erb b/templates/snippets/role/owner_check.sql.erb deleted file mode 100644 index 1bc9a194..00000000 --- a/templates/snippets/role/owner_check.sql.erb +++ /dev/null @@ -1,4 +0,0 @@ -IF NOT EXISTS( - SELECT p.name,r.name FROM sys.<%= @type.downcase %>_principals r - JOIN sys.<%= @type.downcase %>_principals p ON p.principal_id = r.owning_principal_id - WHERE r.type_desc = '<%= @type.upcase %>_ROLE' AND p.name = '<%= @authorization %>' AND r.name = '<%= @role %>') diff --git a/templates/snippets/role/populate_purge_members.sql.epp b/templates/snippets/role/populate_purge_members.sql.epp new file mode 100644 index 00000000..3bd97b7f --- /dev/null +++ b/templates/snippets/role/populate_purge_members.sql.epp @@ -0,0 +1,11 @@ +DECLARE @purge_members TABLE ( +ID int IDENTITY(1,1), +member varchar(128) +) +INSERT INTO @purge_members (member) ( +SELECT m.name FROM sys.<%= $type.downcase %>_role_members rm + JOIN sys.<%= $type.downcase %>_principals r ON rm.role_principal_id = r.principal_id + JOIN sys.<%= $type.downcase %>_principals m ON rm.member_principal_id = m.principal_id + WHERE r.name = '<%= $role %>' + <% if !$members.empty { %>AND m.name NOT IN (<%= $members.map |$m| { "'${m}'" }.join(',') %>)<% } %> + ); diff --git a/templates/snippets/role/populate_purge_members.sql.erb b/templates/snippets/role/populate_purge_members.sql.erb deleted file mode 100644 index f6d18dcc..00000000 --- a/templates/snippets/role/populate_purge_members.sql.erb +++ /dev/null @@ -1,11 +0,0 @@ -DECLARE @purge_members TABLE ( -ID int IDENTITY(1,1), -member varchar(128) -) -INSERT INTO @purge_members (member) ( -SELECT m.name FROM sys.<%= @type.downcase %>_role_members rm - JOIN sys.<%= @type.downcase %>_principals r ON rm.role_principal_id = r.principal_id - JOIN sys.<%= @type.downcase %>_principals m ON rm.member_principal_id = m.principal_id - WHERE r.name = '<%= @role %>' - <% if !@members.empty? %>AND m.name NOT IN (<%= @members.collect{|m| "'#{m}'"}.join(',') %>)<% end %> - ); diff --git a/templates/snippets/user/permission/exists.sql.epp b/templates/snippets/user/permission/exists.sql.epp new file mode 100644 index 00000000..3f403223 --- /dev/null +++ b/templates/snippets/user/permission/exists.sql.epp @@ -0,0 +1,4 @@ +SET @perm_state = <%= epp('sqlserver/snippets/user/permission/get_perm_state.sql.epp', { 'user' => $user }) %>; +SET @error_msg = 'EXPECTED user [<%= $user %>] to have permission [' + @permission + '] with <%= $_state %> but got ' + @perm_state; +IF @perm_state != '<% if $with_grant_option == true { %>GRANT_WITH_GRANT_OPTION<% }else { %><%= $_state %><% } %>' + THROW 51000, @error_msg, 10 diff --git a/templates/snippets/user/permission/exists.sql.erb b/templates/snippets/user/permission/exists.sql.erb deleted file mode 100644 index fba5c4de..00000000 --- a/templates/snippets/user/permission/exists.sql.erb +++ /dev/null @@ -1,4 +0,0 @@ -SET @perm_state = <%= scope.function_template(['sqlserver/snippets/user/permission/get_perm_state.sql.erb']) %>; -SET @error_msg = 'EXPECTED user [<%= @user %>] to have permission [' + @permission + '] with <%= @_state %> but got ' + @perm_state; -IF @perm_state != '<% if @with_grant_option == true %>GRANT_WITH_GRANT_OPTION<% else %><%= @_state %><% end %>' - THROW 51000, @error_msg, 10 diff --git a/templates/snippets/user/permission/get_perm_state.sql.erb b/templates/snippets/user/permission/get_perm_state.sql.epp similarity index 77% rename from templates/snippets/user/permission/get_perm_state.sql.erb rename to templates/snippets/user/permission/get_perm_state.sql.epp index 2e92789d..7d7dd1d2 100644 --- a/templates/snippets/user/permission/get_perm_state.sql.erb +++ b/templates/snippets/user/permission/get_perm_state.sql.epp @@ -1,5 +1,5 @@ ISNULL( (SELECT perm.state_desc FROM sys.database_principals princ JOIN sys.database_permissions perm ON perm.grantee_principal_id = princ.principal_id - WHERE princ.type in ('U','S','G') AND name = '<%= @user %>' AND permission_name = @permission), + WHERE princ.type in ('U','S','G') AND name = '<%= $user %>' AND permission_name = @permission), 'REVOKE')