FM-1900 Add User defined type

.travis.yml

@@ -5,6 +5,7 @@ script: "bundle exec rake spec SPEC_OPTS='--format documentation'"
 rvm:
   - 1.9.3
   - 2.0.0
+  - 2.1.5  
 env:
   matrix:
     - PUPPET_GEM_VERSION="~> 3.7.1"

Gemfile

@@ -4,7 +4,7 @@ group :development, :test do
   gem 'nokogiri'
   gem 'mime-types', '<2.0',     :require => false
   gem 'rake',                   :require => false
-  gem 'rspec-puppet',           :require => false
+  gem 'rspec-puppet', '~>1.0',  :require => false
   gem 'puppetlabs_spec_helper', :require => false
   gem 'puppet-lint',            :require => false
   gem 'simplecov',              :require => false

lib/puppet/provider/sqlserver.rb

@@ -54,8 +54,8 @@ def self.run_authenticated_sqlcmd(query, opts)
         #We want to not fail the exec but fail the overall process once we get the clean result back, otherwise we report the temp file which is meaningless
         result = Puppet::Util::Execution.execute(['powershell.exe', '-noprofile', '-executionpolicy', 'unrestricted', temp_ps1.path], {:failonfail => false}) #We expect some things to fail in order to run as an only if
         debug("Return result #{result}")
-        if opts[:failonfail] && result.match(/ERROR/)
-          fail(result)
+        if opts[:failonfail] && result.match(/THROW CAUGHT/)
+          fail(result.gsub('THROW CAUGHT:',''))
         end
         return result
       ensure

manifests/user.pp

@@ -0,0 +1,41 @@
+##
+#
+#
+#
+##
+define sqlserver::user (
+  $database,
+  $ensure         = 'present',
+  $user           = $title,
+  $default_schema = undef,
+  $instance       = 'MSSQLSERVER',
+  $login          = undef,
+  $password       = undef,
+  $force_delete   = false,
+)
+{
+  sqlserver_validate_instance_name($instance)
+
+  $is_windows_user = sqlserver_is_domain_or_local_user($login)
+
+  if $password {
+    validate_re($password, '^.{1,128}$', 'Password must be equal or less than 128 characters')
+    if $is_windows_user and $login != undef{
+      fail('Can not provide password when using a Windows Login')
+    }
+  }
+  validate_re($database, '^.{1,128}$','Database name must be between 1 and 128 characters')
+
+  $create_delete = $ensure ? {
+    present => 'create',
+    absent  => 'delete',
+  }
+
+  sqlserver_tsql{ "user-${instance}-${database}-${user}":
+    instance => $instance,
+    command  => template("sqlserver/${create_delete}/user.sql.erb"),
+    onlyif   => template('sqlserver/query/user_exists.sql.erb'),
+    require  => Sqlserver::Config[$instance]
+  }
+
+}

spec/defines/user_spec.rb

@@ -0,0 +1,101 @@
+require 'spec_helper'
+require File.expand_path(File.join(File.dirname(__FILE__), 'manifest_shared_examples.rb'))
+
+RSpec.describe 'sqlserver::user', :type => :define do
+  include_context 'manifests' do
+    let(:title) { 'loggingUser' }
+    let(:sqlserver_tsql_title) { 'user-MSSQLSERVER-myDatabase-loggingUser' }
+    let(:params) { {:user => 'loggingUser', :database => 'myDatabase'} }
+  end
+
+  describe 'should fail when password above 128 characters' do
+    o = [('a'..'z'), ('A'..'Z'), (0..9)].map { |i| i.to_a }.flatten
+    string = (0...129).map { o[rand(o.length)] }.join
+    let(:additional_params) { {:password => string} }
+    let(:raise_error_check) { 'Password must be equal or less than 128 characters' }
+    it_should_behave_like 'validation error'
+  end
+
+  describe 'should fail when database above 128 characters' do
+    o = [('a'..'z'), ('A'..'Z'), (0..9)].map { |i| i.to_a }.flatten
+    string = (0...129).map { o[rand(o.length)] }.join
+    let(:additional_params) { {:database => string} }
+    let(:raise_error_check) { 'Database name must be between 1 and 128 characters' }
+    let(:sqlserver_tsql_title) { "user-MSSQLSERVER-#{string}-loggingUser" }
+    it_should_behave_like 'validation error'
+  end
+
+  describe 'should contain correct sql syntax for check' do
+    let(:should_contain_onlyif) { [
+        "USE [myDatabase]",
+        "\nIF NOT EXISTS(SELECT name FROM sys.database_principals WHERE type in ('U','S','G') AND name = 'loggingUser')\n",
+        "THROW 51000, 'User [loggingUser] does not exist for database [myDatabase]', 10\n"
+    ] }
+    let(:should_contain_command) { [
+        "USE [myDatabase]",
+        /CREATE USER \[loggingUser\]\n\s+FROM LOGIN \[mySysLogin\]/
+    ] }
+    let(:should_not_contain_command) { [
+        'PASSWORD',
+        'DEFAULT_SCHEMA',
+        'WITH'
+    ] }
+    let(:additional_params) { {:login => 'mySysLogin'} }
+    it_should_behave_like 'sqlserver_tsql onlyif'
+    it_should_behave_like 'sqlserver_tsql command'
+    it_should_behave_like 'sqlserver_tsql without_command'
+  end
+
+  describe 'when a password is specified' do
+    password = 'Pupp3t1@'
+    let(:additional_params) { {:password => password} }
+    let(:should_contain_command) { [
+        "USE [myDatabase];",
+        /CREATE USER \[loggingUser\]\n\s+WITH PASSWORD = '#{password}'/
+    ] }
+    let(:should_not_contain_command) { [
+        'DEFAULT_SCHEMA',
+    ] }
+    it_should_behave_like 'sqlserver_tsql onlyif'
+    it_should_behave_like 'sqlserver_tsql command'
+    it_should_behave_like 'sqlserver_tsql without_command'
+  end
+
+  describe 'when a default_schema is specified' do
+    let(:additional_params) { {:default_schema => 'dbo'} }
+    let(:should_contain_command) { [
+        "USE [myDatabase]",
+        /CREATE USER \[loggingUser\]\n\s+WITH\s+DEFAULT_SCHEMA = dbo/
+    ] }
+    let(:should_not_contain_command) { [
+        'PASSWORD',
+    ] }
+    it_should_behave_like 'sqlserver_tsql command'
+    it_should_behave_like 'sqlserver_tsql without_command'
+  end
+
+  describe 'when providing windows user' do
+    let(:additional_params) { {:user => 'myMachineName/myUser'} }
+    let(:sqlserver_tsql_title) { 'user-MSSQLSERVER-myDatabase-myMachineName/myUser' }
+    let(:should_contain_command) { [
+        "USE [myDatabase]",
+        'CREATE USER [myMachineName/myUser]'
+    ] }
+    it_should_behave_like 'sqlserver_tsql command'
+  end
+
+  describe 'when providing a windows user and login' do
+    let(:additional_params) { {:user => 'myMachineName/myUser', :login => 'myMachineName/myUser'} }
+    let(:sqlserver_tsql_title) { 'user-MSSQLSERVER-myDatabase-myMachineName/myUser' }
+    let(:should_contain_command) { [
+        "USE [myDatabase]",
+        /CREATE USER \[myMachineName\/myUser\]\n\s+FROM LOGIN \[myMachineName\/myUser\]/
+    ] }
+    it_should_behave_like 'sqlserver_tsql command'
+  end
+  describe 'have dependency on Sqlserver::Config[MSSQLSERVER]' do
+    it 'should require ::config' do
+      should contain_sqlserver_tsql(sqlserver_tsql_title).with_require('Sqlserver::Config[MSSQLSERVER]')
+    end
+  end
+end

templates/create/user.sql.erb

@@ -0,0 +1,19 @@
+-- Need to use exec instead of use statement as this will trigger try catch
+USE [<%= @database %>];
+<% if @password %>
+    IF EXISTS(select containment from sys.databases WHERE name = '<%= @database %>' AND containment = 0)
+	    THROW 51000, 'Database must be contained in order to use passwords', 0
+<% end %>
+CREATE USER [<%= @user %>]
+<% if @login -%>
+    FROM LOGIN [<%= @login %>]
+<% else -%>
+    <% if @password -%>
+    WITH PASSWORD = '<%= @password %>'
+    <% end -%>
+<% end -%>
+<% if @default_schema -%>
+    <% if @password -%>,<% else -%>
+    WITH <% end -%>
+    DEFAULT_SCHEMA = <%= @default_schema %>
+<% end -%>

templates/query/user_exists.sql.erb

@@ -0,0 +1,4 @@
+-- Need to use exec instead of use statement as this will trigger try catch
+USE [<%= @database %>];
+IF <% if @ensure == 'present' %>NOT<% end %> EXISTS(SELECT name FROM sys.database_principals WHERE type in ('U','S','G') AND name = '<%= @user %>')
+    THROW 51000, 'User [<%= @user %>] does not exist for database [<%= @database %>]', 10