Skip to content

FM1901 Add delete user capabilities #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 9, 2015
Merged

FM1901 Add delete user capabilities #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
sudo: false
language: ruby
bundler_args: --without development
script: "bundle exec rake spec SPEC_OPTS='--format documentation'"
Expand Down
5 changes: 4 additions & 1 deletion lib/puppet/provider/sqlserver.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,10 @@ def self.run_authenticated_sqlcmd(query, opts)
result = Puppet::Util::Execution.execute(['powershell.exe', '-noprofile', '-executionpolicy', 'unrestricted', temp_ps1.path], {:failonfail => false}) #We expect some things to fail in order to run as an only if
debug("Return result #{result}")
if opts[:failonfail] && result.match(/THROW CAUGHT/)
fail(result.gsub('THROW CAUGHT:',''))
fail(result.gsub('THROW CAUGHT:', ''))
end
if result.match(/Msg \d+, Level 16/)
fail(result)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah the level 16 errors... good times.

end
return result
ensure
Expand Down
6 changes: 6 additions & 0 deletions lib/puppet/templates/authenticated_query.ps1.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@ $result = sqlcmd.exe -i '<%= input_file %>' -h-1 -W -s ',' <% if @instance != 'M
Write-Error -Message ($result | where {$_ -match "Incorrect syntax"} | select -First 1)
exit(10)
}
if($result -match "Msg \d+, Level 16"){
$msg = $result -join ' '
Write-Host $msg
Write-Error -Message "ERROR: $msg"
exit(10)
}
}
catch{
Write-Host $_
Expand Down
37 changes: 34 additions & 3 deletions manifests/user.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,38 @@
##
# == Define Resource Type: sqlserver::user
#
# === Requirement/Dependencies:
#
# Requires defined type {sqlserver::config} in order to execute against the SQL Server instance
#
# === Examples
#
# sqlserver::user{'myUser':
# database => 'loggingDatabase',
# login => 'myUser',
# }
#
# === Parameters
# [user]
# The username you want to manage, defaults to the title
#
# [database]
# The database you want the user to be created as
#
# [ensure]
# Ensure present or absent
#
# [default_schema]
# SQL schema you would like to default to, typically 'dbo'
#
# [instance]
# The named instance you want to manage against
#
# [login]
# The login to associate the user with, by default SQL Server will assume user and login match if left empty
#
# [password]
# The password for the user, can only be used when the database is a contained database.
#
##
define sqlserver::user (
Expand All @@ -11,20 +43,19 @@
$instance = 'MSSQLSERVER',
$login = undef,
$password = undef,
$force_delete = false,
)
{
sqlserver_validate_instance_name($instance)

$is_windows_user = sqlserver_is_domain_or_local_user($login)

if $password {
validate_re($password, '^.{1,128}$', 'Password must be equal or less than 128 characters')
sqlserver_validate_range($password, 1, 128, 'Password must be equal or less than 128 characters')
if $is_windows_user and $login != undef{
fail('Can not provide password when using a Windows Login')
}
}
validate_re($database, '^.{1,128}$','Database name must be between 1 and 128 characters')
sqlserver_validate_range($database, 1, 128, 'Database name must be between 1 and 128 characters')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍


$create_delete = $ensure ? {
present => 'create',
Expand Down
17 changes: 16 additions & 1 deletion spec/defines/user_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@
let(:additional_params) { {:user => 'myMachineName/myUser'} }
let(:sqlserver_tsql_title) { 'user-MSSQLSERVER-myDatabase-myMachineName/myUser' }
let(:should_contain_command) { [
"USE [myDatabase]",
"USE [myDatabase];",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

'CREATE USER [myMachineName/myUser]'
] }
it_should_behave_like 'sqlserver_tsql command'
Expand All @@ -93,9 +93,24 @@
] }
it_should_behave_like 'sqlserver_tsql command'
end

describe 'have dependency on Sqlserver::Config[MSSQLSERVER]' do
it 'should require ::config' do
should contain_sqlserver_tsql(sqlserver_tsql_title).with_require('Sqlserver::Config[MSSQLSERVER]')
end
end

describe 'when ensure => absent' do
let(:additional_params) { {:ensure => 'absent'} }
let(:sqlserver_contain_command) { [
'USE [loggingDb];\nDROP [loggingUser]',
"\nIF EXISTS(SELECT name FROM sys.database_principals WHERE name = 'loggingUser')\n THROW",
] }
let(:sqlserver_contain_onlyif) { [
"\nIF EXISTS(SELECT name FROM sys.database_principals WHERE type in ('U','S','G') AND name = 'loggingUser')\n",
] }
it_should_behave_like 'sqlserver_tsql command'
it_should_behave_like 'sqlserver_tsql onlyif'
end

end
3 changes: 1 addition & 2 deletions templates/create/user.sql.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
-- Need to use exec instead of use statement as this will trigger try catch
USE [<%= @database %>];
<% if @password %>
IF EXISTS(select containment from sys.databases WHERE name = '<%= @database %>' AND containment = 0)
THROW 51000, 'Database must be contained in order to use passwords', 0
THROW 51000, 'Database must be contained in order to use passwords', 10
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does the 0 versus the 10 signify?

<% end %>
CREATE USER [<%= @user %>]
<% if @login -%>
Expand Down
4 changes: 4 additions & 0 deletions templates/delete/user.sql.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
USE [<%= @database %>];
DROP USER [<%= @user %>];
IF EXISTS(SELECT name FROM sys.database_principals WHERE name = '<%= @user %>')
THROW 51000, 'Failed to drop user <%= @user %>', 10