Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: get/add/remove roles #162

Closed
wants to merge 55 commits into from
Closed

Feature: get/add/remove roles #162

Show file tree
Hide file tree
Changes from 49 commits
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
b630368
add: role module
jkrilov Dec 12, 2022
fe6bc29
add: role module tests
jkrilov Dec 12, 2022
e826245
add: changelog fragment
jkrilov Dec 12, 2022
57c7cac
fix: linting errors
jkrilov Dec 12, 2022
9bdfcf4
fix: documentation role and version
jkrilov Dec 12, 2022
2412029
fix: test data
jkrilov Dec 12, 2022
00eaf21
feat: turn on verbosity
jkrilov Dec 12, 2022
abc1a71
feat: add additional output
jkrilov Dec 13, 2022
e97255e
fix: verify test
jkrilov Dec 13, 2022
4be3e02
fix: count logic
jkrilov Dec 13, 2022
4c659ff
Fix: check removed rolled
jkrilov Dec 13, 2022
96ad14e
Fix: role comparison
jkrilov Dec 13, 2022
244fe65
feat: test role objects
jkrilov Dec 13, 2022
0a8fc02
test: roles
jkrilov Dec 13, 2022
29648d9
test: all roles
jkrilov Dec 13, 2022
479ba3a
test: object
jkrilov Dec 13, 2022
3a1aea0
fix: param
jkrilov Dec 14, 2022
5b0a65b
fix: serialize
jkrilov Dec 14, 2022
f286bc7
test: system user
jkrilov Dec 17, 2022
c7c23ba
test: serialize
jkrilov Dec 18, 2022
26e0c96
test: fail better
jkrilov Dec 18, 2022
9a59477
test: itt through roles
jkrilov Dec 18, 2022
764fd0b
test: user
jkrilov Dec 18, 2022
bd7a699
fix: join
jkrilov Dec 18, 2022
fbeec6f
fix: existing role output
jkrilov Dec 19, 2022
7441153
feat: add verify drop test
jkrilov Dec 19, 2022
0ee8687
feat: roles will be optional now
jkrilov Dec 19, 2022
1e75d18
fix: comments and output
jkrilov Dec 19, 2022
56bcc78
fix: object output
jkrilov Dec 19, 2022
a3b8e14
feat: simplify role logic
jkrilov Dec 19, 2022
2febb13
feat: change role to singular
jkrilov Dec 20, 2022
52edfae
feat: rename role to role_member
jkrilov Dec 22, 2022
7dce00e
feat: update doc fragment
jkrilov Dec 22, 2022
c74bff7
add: role_member_info module
jkrilov Dec 22, 2022
db98d7e
add: role_member_info tests
jkrilov Dec 22, 2022
9864b75
fix: serialization
jkrilov Dec 22, 2022
47fabaa
remove: unused vars
jkrilov Dec 22, 2022
a6703e3
add: options to docs
jkrilov Dec 22, 2022
5ae70a6
fix: convert to json
jkrilov Dec 22, 2022
2537b0f
fix: json output
jkrilov Dec 22, 2022
21a0dad
fix: json options
jkrilov Dec 22, 2022
e7d2646
fix: string output
jkrilov Dec 23, 2022
c62591c
test: server 2022
jkrilov Dec 25, 2022
ad04e62
feat: enum as strings
jkrilov Dec 26, 2022
4055b70
fix: string
jkrilov Dec 26, 2022
f6822ff
remove: redundant winrm step
jkrilov Dec 26, 2022
15ec85d
remove: redundant winrm step
jkrilov Dec 26, 2022
62e8f46
revert: winrm
jkrilov Dec 26, 2022
9bae6b1
feat: serialize
jkrilov Dec 27, 2022
2d02303
remove: role info
jkrilov Mar 10, 2023
a497097
Update plugins/modules/role_member_info.py
jkrilov Mar 10, 2023
5334e6b
Update tests/integration/targets/role_member/tasks/main.yml
jkrilov Mar 10, 2023
78e9874
Merge pull request #2 from Joey40/main
jkrilov Mar 10, 2023
843093c
Merge branch 'main' into feat/add_remove_roles
lowlydba Aug 12, 2023
96a62a0
Merge branch 'main' into feat/add_remove_roles
lowlydba Aug 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ansible-test-windows.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ jobs:
fail-fast: false
matrix:
os:
- windows-2019
- windows-2022
lowlydba marked this conversation as resolved.
Show resolved Hide resolved
ansible:
- stable-2.11
- stable-2.12
Expand Down
3 changes: 3 additions & 0 deletions changelogs/fragments/add_roles_module.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
minor_changes:
- New module to add/remove database role members.
- New module to get role member information.
2 changes: 0 additions & 2 deletions changelogs/fragments/fix_doc_example.yml
View file
Open in desktop

This file was deleted.

119 changes: 119 additions & 0 deletions plugins/modules/role_member.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
#!powershell
# -*- coding: utf-8 -*-

# (c) 2022, John McCall (@lowlydba)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

#AnsibleRequires -CSharpUtil Ansible.Basic
#AnsibleRequires -PowerShell ansible_collections.lowlydba.sqlserver.plugins.module_utils._SqlServerUtils
#Requires -Modules @{ ModuleName="dbatools"; ModuleVersion="1.1.112" }

$ErrorActionPreference = "Stop"

$spec = @{
supports_check_mode = $true
options = @{
database = @{type = 'str'; required = $true }
username = @{type = 'str'; required = $true }
roles = @{type = 'list'; elements = 'str'; required = $false }
state = @{type = 'str'; required = $false; default = 'present'; choices = @('present', 'absent') }
}
}

$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec, @(Get-LowlyDbaSqlServerAuthSpec))
$sqlInstance, $sqlCredential = Get-SqlCredential -Module $module
$username = $module.Params.username
$database = $module.Params.database
$roles = $module.Params.roles
$state = $module.Params.state
$checkMode = $module.CheckMode

$module.Result.changed = $false

$getRoleSplat = @{
SqlInstance = $sqlInstance
SqlCredential = $sqlCredential
Database = $database
EnableException = $true
}
$module.Result.roles = $roles
$existingRoleObjects = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username }
$existingRoles = @()
# build an array of roles for the selected user
foreach ($roleObject in $existingRoleObjects) {
$existingRoles += $roleObject.role
}
# Always return a list of existing roles if any exist
if ($null -ne $existingRoleObjects) {
$module.Result.existingRoles = $existingRoles
}
else {
$module.Result.noRoles = "'$username' doesn't have any existing roles assigned on '$database'"
}
jkrilov marked this conversation as resolved.
Show resolved Hide resolved

if ($state -eq "absent") {
# loop through all roles to remove and see if any are assigned to the user
$removeRoles = @()
foreach ($roleObject in $existingRoleObjects) {
if ($roles.Contains($roleObject.role)) {
$removeRoles += $roleObject.role
}
}

$module.Result.removeRoles = $removeRoles
if ($removeRoles) {
try {
$removeRolesSplat = @{
SqlInstance = $sqlInstance
SqlCredential = $sqlCredential
User = $username
Database = $database
Role = $removeRoles
EnableException = $true
WhatIf = $checkMode
Confirm = $false
Verbose = $true
}
$output = Remove-DbaDbRoleMember @removeRolesSplat
$module.Result.changed = $true
}
catch {
$module.FailJson("Removing role failed: $($_.Exception.Message)", $_)
}
}
}
elseif ($state -eq "present") {
# compare the list of roles to add vs the existing roles for the user and get the difference
$addRoles = $roles | Where-Object { $existingRoles -NotContains $_ }
$module.Result.addRoles = $addRoles
if ($null -ne $addRoles) {
try {
$addRolesSplat = @{
SqlInstance = $sqlInstance
SqlCredential = $sqlCredential
User = $username
Database = $database
Role = $addRoles
EnableException = $true
WhatIf = $checkMode
Confirm = $false
Verbose = $true
}
$output = Add-DbaDbRoleMember @addRolesSplat
$module.Result.changed = $true
}
catch {
$module.FailJson("Adding role failed: $($_.Exception.Message)", $_)
}
}
}
try {
if ($null -ne $output) {
$resultData = ConvertTo-SerializableObject -InputObject $output
$module.Result.data = $resultData
}
$module.ExitJson()
}
catch {
$module.FailJson("Failure: $($_.Exception.Message)", $_)
}
73 changes: 73 additions & 0 deletions plugins/modules/role_member.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-

# (c) 2022, John McCall (@lowlydba)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

DOCUMENTATION = r'''
---
module: role_member
short_description: Add or remove one or more roles for a given user in a specific database.
description:
- Add or remove one or more roles for a given user in a specific database.
version_added: 1.4.0
options:
username:
description:
- Name of the user
type: str
required: true
database:
description:
- Database for the user
type: str
required: true
roles:
description:
- Specifies a comma separated list of one or more roles to add or remove
type: list
elements: str
required: false

author:
- "Joe Krilov (@joey40)"
- "John McCall (@lowlydba)"
requirements:
- L(dbatools,https://www.powershellgallery.com/packages/dbatools/) PowerShell module
extends_documentation_fragment:
- lowlydba.sqlserver.sql_credentials
- lowlydba.sqlserver.attributes.check_mode
- lowlydba.sqlserver.attributes.platform_all
- lowlydba.sqlserver.state
'''

EXAMPLES = r'''
- name: Add a single role for a user
lowlydba.sqlserver.role_member:
sql_instance: sql-01.myco.io
username: TheIntern
database: InternProject1
role: db_datareader

- name: Add multiple roles for a user
lowlydba.sqlserver.role_member:
sql_instance: sql-01.myco.io
username: TheIntern
database: InternProject1
role: db_datareader, db_datawriter

- name: Remove roles for a user
lowlydba.sqlserver.role_member:
sql_instance: sql-01.myco.io
username: TheIntern
database: InternProject1
role: db_datareader, db_datawriter
state: absent
'''

RETURN = r'''
data:
description: Output from the C(Add-DbaDbRoleMember), C(Get-DbaDbRoleMember), or C(Remove-DbaDbRoleMember) function.
returned: success, but not in check_mode.
type: dict
'''
59 changes: 59 additions & 0 deletions plugins/modules/role_member_info.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
#!powershell
# -*- coding: utf-8 -*-

# (c) 2022, John McCall (@lowlydba)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

#AnsibleRequires -CSharpUtil Ansible.Basic
#AnsibleRequires -PowerShell ansible_collections.lowlydba.sqlserver.plugins.module_utils._SqlServerUtils
#Requires -Modules @{ ModuleName="dbatools"; ModuleVersion="1.1.112" }

$ErrorActionPreference = "Stop"

$spec = @{
supports_check_mode = $true
options = @{
database = @{type = 'str'; required = $false }
username = @{type = 'str'; required = $false }
roles = @{type = 'list'; elements = 'str'; required = $false }
}
}

$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec, @(Get-LowlyDbaSqlServerAuthSpec))
$sqlInstance, $sqlCredential = Get-SqlCredential -Module $module
$username = $module.Params.username
$database = $module.Params.database
$roles = $module.Params.roles

$module.Result.changed = $false

try {
$getRoleSplat = @{
SqlInstance = $sqlInstance
SqlCredential = $sqlCredential
EnableException = $true
}
if ($null -ne $roles) {
$getRoleSplat.Add("Role", $roles)
}
if ($null -ne $database) {
$getRoleSplat.Add("Database", $database)
}
if ($null -ne $username) {
$output = Get-DbaDbRoleMember @getRoleSplat | Where-Object { $_.UserName -eq $username }
}
else {
$output = Get-DbaDbRoleMember @getRoleSplat
}

if ($null -ne $output) {
$resultData = ConvertTo-SerializableObject -InputObject $output
$module.Result.data = $resultData
}

$module.ExitJson()

}
catch {
$module.FailJson("Failure: $($_.Exception.Message)", $_)
}
62 changes: 62 additions & 0 deletions plugins/modules/role_member_info.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-

# (c) 2022, John McCall (@lowlydba)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

DOCUMENTATION = r'''
---
module: role_member_info
short_description: Returns basic information about a role or roles
description:
- Returns basic information about a role or roles.
version_added: 1.4.0
options:
username:
description:
- Name of the user
type: str
required: false
database:
description:
- Database for the user
type: str
required: false
roles:
description:
- Specifies a comma separated list of one or more roles
type: list
elements: str
required: false
author:
- "Joe Krilov (@joey40)"
- "John McCall (@lowlydba)"
requirements:
- L(dbatools,https://www.powershellgallery.com/packages/dbatools/) PowerShell module
extends_documentation_fragment:
- lowlydba.sqlserver.sql_credentials
- lowlydba.sqlserver.attributes.check_mode_read_only
- lowlydba.sqlserver.attributes.platform_all
'''

EXAMPLES = r'''
- name: Return member of the db_datareader and db_datawriter role on the 'InternProject1' DB
lowlydba.sqlserver.role_member_info:
sql_instance: sql-01.myco.io
database: InternProject1
role: db_datareader, db_datawriter

jkrilov marked this conversation as resolved.
Show resolved Hide resolved

- name: Return all roles for user 'TheIntern' on the 'InternProject1' DB
lowlydba.sqlserver.role_member_info:
sql_instance: sql-01.myco.io
username: TheIntern
database: InternProject1
'''

RETURN = r'''
data:
description: Output from the C(Get-DbaDbRoleMember) function.
returned: always
type: dict
'''
2 changes: 2 additions & 0 deletions tests/integration/targets/role_member/aliases
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
context/target
setup/once/setup_sqlserver
3 changes: 3 additions & 0 deletions tests/integration/targets/role_member/meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
dependencies:
- setup_sqlserver_test_plugins
Loading