148 lines
6.0 KiB
Ruby
148 lines
6.0 KiB
Ruby
#
|
|
# Author:: Seth Chisamore (<schisamo@chef.io>)
|
|
# Copyright:: 2011-2016 Chef Software, Inc.
|
|
# License:: Apache License, Version 2.0
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
require File.join(File.dirname(__FILE__), 'provider_database_sql_server')
|
|
|
|
class Chef
|
|
class Provider
|
|
class Database
|
|
class SqlServerUser < Chef::Provider::Database::SqlServer
|
|
include Chef::Mixin::ShellOut
|
|
|
|
def load_current_resource
|
|
Gem.clear_paths
|
|
begin
|
|
require 'tiny_tds'
|
|
rescue LoadError
|
|
Chef::Log.fatal('Could not load the required tiny_tds gem. Make sure to install this in your wrapper cookbook')
|
|
raise
|
|
end
|
|
@current_resource = Chef::Resource::DatabaseUser.new(@new_resource.name)
|
|
@current_resource.username(@new_resource.name)
|
|
@current_resource
|
|
end
|
|
|
|
def action_create
|
|
unless exists?(:logins)
|
|
if @new_resource.windows_user
|
|
db.execute("CREATE LOGIN [#{@new_resource.username}] FROM WINDOWS").do
|
|
else
|
|
db.execute("CREATE LOGIN [#{@new_resource.username}] WITH PASSWORD = '#{@new_resource.password}', CHECK_POLICY = OFF").do
|
|
end
|
|
@new_resource.updated_by_last_action(true)
|
|
end
|
|
unless exists?(:users)
|
|
if @new_resource.database_name
|
|
Chef::Log.info("#{@new_resource} creating user in '#{@new_resource.database_name}' database context.")
|
|
db.execute("USE [#{@new_resource.database_name}]").do
|
|
else
|
|
Chef::Log.info("#{@new_resource} database_name not provided, creating user in global context.")
|
|
end
|
|
db.execute("CREATE USER [#{@new_resource.username}] FOR LOGIN [#{@new_resource.username}]").do
|
|
@new_resource.updated_by_last_action(true)
|
|
end
|
|
ensure
|
|
close
|
|
end
|
|
|
|
def action_drop
|
|
if exists?(:users)
|
|
db.execute("DROP USER [#{@new_resource.username}]").do
|
|
@new_resource.updated_by_last_action(true)
|
|
end
|
|
if exists?(:logins)
|
|
db.execute("DROP LOGIN [#{@new_resource.username}]").do
|
|
@new_resource.updated_by_last_action(true)
|
|
end
|
|
ensure
|
|
close
|
|
end
|
|
|
|
def action_grant
|
|
if @new_resource.password || (@new_resource.windows_user && !exists?(:logins))
|
|
action_create
|
|
end
|
|
Chef::Application.fatal!('Please provide a database_name, SQL Server does not support global GRANT statements.') unless @new_resource.database_name
|
|
grant_statement = "GRANT #{@new_resource.privileges.join(', ')} ON DATABASE::[#{@new_resource.database_name}] TO [#{@new_resource.username}]"
|
|
Chef::Log.info("#{@new_resource} granting access with statement [#{grant_statement}]")
|
|
db.execute("USE [#{@new_resource.database_name}]").do
|
|
db.execute(grant_statement).do
|
|
@new_resource.updated_by_last_action(true)
|
|
ensure
|
|
close
|
|
end
|
|
|
|
def action_alter_roles
|
|
if @new_resource.password || (@new_resource.windows_user && !exists?(:logins))
|
|
action_create
|
|
end
|
|
Chef::Application.fatal!('Please provide a database_name, SQL Server does not support global GRANT statements.') unless @new_resource.database_name
|
|
db.execute("USE [#{@new_resource.database_name}]").do
|
|
@new_resource.sql_roles.each do |sql_role, role_action|
|
|
alter_statement = "ALTER ROLE [#{sql_role}] #{role_action} MEMBER [#{@new_resource.username}]"
|
|
Chef::Log.info("#{@new_resource} granting access with statement [#{alter_statement}]")
|
|
db.execute(alter_statement).do
|
|
end
|
|
@new_resource.updated_by_last_action(true)
|
|
ensure
|
|
close
|
|
end
|
|
|
|
def action_alter_sys_roles
|
|
if @new_resource.password || (@new_resource.windows_user && !exists?(:logins))
|
|
action_create
|
|
end
|
|
server_version = db.execute("SELECT SERVERPROPERTY('productversion')").each.first.values.first
|
|
Chef::Log.info("SQL Server Version: #{server_version.inspect}")
|
|
db.execute('USE [master]').do
|
|
@new_resource.sql_sys_roles.each do |sql_sys_role, role_action|
|
|
alter_statement = if server_version < '11.00.0000.00'
|
|
"EXEC sp_#{role_action.downcase}srvrolemember '#{@new_resource.username}', '#{sql_sys_role}'"
|
|
else
|
|
"ALTER SERVER ROLE #{sql_sys_role} #{role_action} MEMBER [#{@new_resource.username}]"
|
|
end
|
|
Chef::Log.info("#{@new_resource} granting server role membership with statement [#{alter_statement}]")
|
|
db.execute(alter_statement).do
|
|
end
|
|
@new_resource.updated_by_last_action(true)
|
|
ensure
|
|
close
|
|
end
|
|
|
|
private
|
|
|
|
def exists?(type = :users)
|
|
case type
|
|
when :users
|
|
table = 'database_principals'
|
|
if @new_resource.database_name
|
|
Chef::Log.debug("#{@new_resource} searching for existing user in '#{@new_resource.database_name}' database context.")
|
|
db.execute("USE [#{@new_resource.database_name}]").do
|
|
end
|
|
when :logins
|
|
table = 'server_principals'
|
|
end
|
|
|
|
result = db.execute("SELECT name FROM sys.#{table} WHERE name='#{@new_resource.username}'")
|
|
result.each.any?
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|