Class: Posgra::Driver
- Inherits:
-
Object
- Object
- Posgra::Driver
- Includes:
- Logger::Helper, Utils::Helper
- Defined in:
- lib/posgra/driver.rb
Constant Summary collapse
- DEFAULT_ACL_PRIVS =
ENV['POSGRA_DEFAULT_ACL_PRIVS'] || 'arwdDxt'
- DEFAULT_ACL =
"{%s=#{DEFAULT_ACL_PRIVS}/%s}"- DEFAULT_ACL_BY_KIND =
{ 'S' => '{%s=rwU/%s}' }
- PRIVILEGE_TYPES =
{ 'a' => 'INSERT', 'r' => 'SELECT', 'w' => 'UPDATE', 'd' => 'DELETE', 'D' => 'TRUNCATE', 'x' => 'REFERENCES', 't' => 'TRIGGER', 'U' => 'USAGE', 'R' => 'RULE', 'X' => 'EXECUTE', 'C' => 'CREATE', 'T' => 'TEMPORARY', }
Instance Method Summary collapse
- #add_user_to_group(user, group) ⇒ Object
- #create_group(group) ⇒ Object
- #create_user(user) ⇒ Object
- #describe_grants ⇒ Object
- #describe_groups ⇒ Object
- #describe_objects(schema) ⇒ Object
- #describe_users ⇒ Object
- #drop_group(group) ⇒ Object
- #drop_user(user) ⇒ Object
- #drop_user_from_group(user, group) ⇒ Object
- #grant(role, priv, options, schema, object) ⇒ Object
- #grant_grant_option(role, priv, schema, object) ⇒ Object
-
#initialize(client, options = {}) ⇒ Driver
constructor
A new instance of Driver.
- #revoke(role, priv, schema, object) ⇒ Object
- #revoke_all_on_object(role, schema, object) ⇒ Object
- #revoke_all_on_schema(role, schema) ⇒ Object
- #roveke_grant_option(role, priv, schema, object) ⇒ Object
- #update_grant_options(role, priv, options, schema, object) ⇒ Object
Methods included from Utils::Helper
Methods included from Logger::Helper
Constructor Details
#initialize(client, options = {}) ⇒ Driver
Returns a new instance of Driver.
27 28 29 30 31 32 33 34 35 |
# File 'lib/posgra/driver.rb', line 27 def initialize(client, = {}) unless client.type_map_for_results.is_a?(PG::TypeMapAllStrings) raise 'PG::Connection#type_map_for_results must be PG::TypeMapAllStrings' end @client = client = @identifier = .fetch(:identifier) end |
Instance Method Details
#add_user_to_group(user, group) ⇒ Object
80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/posgra/driver.rb', line 80 def add_user_to_group(user, group) updated = false sql = "ALTER GROUP #{@client.escape_identifier(group)} ADD USER #{@client.escape_identifier(user)}" log(:info, sql, :color => :green) unless [:dry_run] exec(sql) updated = true end updated end |
#create_group(group) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/posgra/driver.rb', line 66 def create_group(group) updated = false sql = "CREATE GROUP #{@client.escape_identifier(group)}" log(:info, sql, :color => :cyan) unless [:dry_run] exec(sql) updated = true end updated end |
#create_user(user) ⇒ Object
37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/posgra/driver.rb', line 37 def create_user(user) updated = false password = @identifier.identify(user) sql = "CREATE USER #{@client.escape_identifier(user)} PASSWORD #{@client.escape_literal(password)}" log(:info, sql, :color => :cyan) unless [:dry_run] exec(sql) updated = true end updated end |
#describe_grants ⇒ Object
280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 |
# File 'lib/posgra/driver.rb', line 280 def describe_grants rs = exec " SELECT\n pg_class.relname,\n pg_namespace.nspname,\n pg_class.relacl,\n pg_user.usename,\n pg_class.relkind\n FROM\n pg_class\n INNER JOIN pg_namespace ON pg_class.relnamespace = pg_namespace.oid\n INNER JOIN pg_user ON pg_class.relowner = pg_user.usesysid\n WHERE\n pg_class.relkind NOT IN ('i')\n SQL\n\n grants_by_role = {}\n rs.each do |row|\n relname = row.fetch('relname')\n nspname = row.fetch('nspname')\n relacl = row.fetch('relacl')\n usename = row.fetch('usename')\n relkind = row.fetch('relkind')\n\n next unless matched?(relname, @options[:include_object], @options[:exclude_object])\n next unless matched?(nspname, @options[:include_schema], @options[:exclude_schema])\n\n parse_aclitems(relacl, usename, relkind).each do |aclitem|\n role = aclitem.fetch('grantee')\n privs = aclitem.fetch('privileges')\n next unless matched?(role, @options[:include_role], @options[:exclude_role])\n grants_by_role[role] ||= {}\n grants_by_role[role][nspname] ||= {}\n grants_by_role[role][nspname][relname] = privs\n end\n end\n\n grants_by_role\nend\n" |
#describe_groups ⇒ Object
257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 |
# File 'lib/posgra/driver.rb', line 257 def describe_groups rs = exec " SELECT\n pg_group.groname,\n pg_user.usename\n FROM\n pg_group\n LEFT JOIN pg_user ON pg_user.usesysid = ANY(pg_group.grolist)\n SQL\n\n users_by_group = {}\n\n rs.each do |row|\n group = row.fetch('groname')\n user = row.fetch('usename')\n next unless [group, user].any? {|i| not i.nil? and matched?(i, @options[:include_role], @options[:exclude_role]) }\n users_by_group[group] ||= []\n users_by_group[group] << user if user\n end\n\n users_by_group\nend\n" |
#describe_objects(schema) ⇒ Object
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 |
# File 'lib/posgra/driver.rb', line 219 def describe_objects(schema) rs = exec " SELECT\n pg_class.relname,\n pg_namespace.nspname\n FROM\n pg_class\n INNER JOIN pg_namespace ON pg_class.relnamespace = pg_namespace.oid\n WHERE\n pg_namespace.nspname = \#{@client.escape_literal(schema)}\n AND pg_class.relkind NOT IN ('i')\n SQL\n\n objects = []\n\n rs.each do |row|\n relname = row.fetch('relname')\n next unless matched?(relname, @options[:include_object], @options[:exclude_object])\n objects << relname\n end\n\n objects\nend\n" |
#describe_users ⇒ Object
243 244 245 246 247 248 249 250 251 252 253 254 255 |
# File 'lib/posgra/driver.rb', line 243 def describe_users rs = exec('SELECT * FROM pg_user') = {} rs.each do |row| user = row.fetch('usename') next unless matched?(user, [:include_role], [:exclude_role]) [user] = row.select {|_, v| v == 't' }.keys end end |
#drop_group(group) ⇒ Object
108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/posgra/driver.rb', line 108 def drop_group(group) updated = false sql = "DROP GROUP #{@client.escape_identifier(group)}" log(:info, sql, :color => :red) unless [:dry_run] exec(sql) updated = true end updated end |
#drop_user(user) ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/posgra/driver.rb', line 52 def drop_user(user) updated = false sql = "DROP USER #{@client.escape_identifier(user)}" log(:info, sql, :color => :red) unless [:dry_run] exec(sql) updated = true end updated end |
#drop_user_from_group(user, group) ⇒ Object
94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'lib/posgra/driver.rb', line 94 def drop_user_from_group(user, group) updated = false sql = "ALTER GROUP #{@client.escape_identifier(group)} DROP USER #{@client.escape_identifier(user)}" log(:info, sql, :color => :cyan) unless [:dry_run] exec(sql) updated = true end updated end |
#grant(role, priv, options, schema, object) ⇒ Object
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
# File 'lib/posgra/driver.rb', line 146 def grant(role, priv, , schema, object) updated = false sql = "GRANT #{priv} ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} TO #{@client.escape_identifier(role)}" if ['is_grantable'] sql << ' WITH GRANT OPTION' end log(:info, sql, :color => :green) unless [:dry_run] exec(sql) updated = true end updated end |
#grant_grant_option(role, priv, schema, object) ⇒ Object
177 178 179 180 181 182 183 184 185 186 187 188 189 |
# File 'lib/posgra/driver.rb', line 177 def grant_grant_option(role, priv, schema, object) updated = false sql = "GRANT #{priv} ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} TO #{@client.escape_identifier(role)} WITH GRANT OPTION" log(:info, sql, :color => :green) unless [:dry_run] exec(sql) updated = true end updated end |
#revoke(role, priv, schema, object) ⇒ Object
205 206 207 208 209 210 211 212 213 214 215 216 217 |
# File 'lib/posgra/driver.rb', line 205 def revoke(role, priv, schema, object) updated = false sql = "REVOKE #{priv} ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} FROM #{@client.escape_identifier(role)}" log(:info, sql, :color => :green) unless [:dry_run] exec(sql) updated = true end updated end |
#revoke_all_on_object(role, schema, object) ⇒ Object
132 133 134 135 136 137 138 139 140 141 142 143 144 |
# File 'lib/posgra/driver.rb', line 132 def revoke_all_on_object(role, schema, object) updated = false sql = "REVOKE ALL ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} FROM #{@client.escape_identifier(role)}" log(:info, sql, :color => :green) unless [:dry_run] exec(sql) updated = true end updated end |
#revoke_all_on_schema(role, schema) ⇒ Object
122 123 124 125 126 127 128 129 130 |
# File 'lib/posgra/driver.rb', line 122 def revoke_all_on_schema(role, schema) updated = false describe_objects(schema).each do |object| updated = revoke_all_on_object(role, schema, object) || updated end updated end |
#roveke_grant_option(role, priv, schema, object) ⇒ Object
191 192 193 194 195 196 197 198 199 200 201 202 203 |
# File 'lib/posgra/driver.rb', line 191 def roveke_grant_option(role, priv, schema, object) updated = false sql = "REVOKE GRANT OPTION FOR #{priv} ON #{@client.escape_identifier(schema)}.#{@client.escape_identifier(object)} FROM #{@client.escape_identifier(role)}" log(:info, sql, :color => :green) unless [:dry_run] exec(sql) updated = true end updated end |
#update_grant_options(role, priv, options, schema, object) ⇒ Object
165 166 167 168 169 170 171 172 173 174 175 |
# File 'lib/posgra/driver.rb', line 165 def (role, priv, , schema, object) updated = false if .fetch('is_grantable') updated = grant_grant_option(role, priv, schema, object) else updated = roveke_grant_option(role, priv, schema, object) end updated end |