From 2e94e37d7bdb632bae4879985518c6a175d21f12 Mon Sep 17 00:00:00 2001 From: Evan Light Date: Mon, 11 Aug 2014 16:40:44 -0400 Subject: [PATCH 1/5] Add support for granting and revoking DB access to Cloud Databases. --- lib/fog/rackspace/databases.rb | 2 ++ .../rackspace/models/databases/database.rb | 13 ++++++++++++ .../requests/databases/grant_user_access.rb | 21 +++++++++++++++++++ .../requests/databases/revoke_user_access.rb | 15 +++++++++++++ 4 files changed, 51 insertions(+) create mode 100644 lib/fog/rackspace/requests/databases/grant_user_access.rb create mode 100644 lib/fog/rackspace/requests/databases/revoke_user_access.rb diff --git a/lib/fog/rackspace/databases.rb b/lib/fog/rackspace/databases.rb index c2be0f9c9..5eb0d532a 100644 --- a/lib/fog/rackspace/databases.rb +++ b/lib/fog/rackspace/databases.rb @@ -51,6 +51,8 @@ module Fog request :list_users request :create_user request :delete_user + request :grant_user_access + request :revoke_user_access class Mock < Fog::Rackspace::Service def request(params) diff --git a/lib/fog/rackspace/models/databases/database.rb b/lib/fog/rackspace/models/databases/database.rb index a9f277b9f..b45cac55f 100644 --- a/lib/fog/rackspace/models/databases/database.rb +++ b/lib/fog/rackspace/models/databases/database.rb @@ -21,6 +21,19 @@ module Fog true end + def grant_access_for(user) + requires :identity, :instance + user_name = user.respond_to?(:name) ? user.name : user + service.grant_user_access(instance.identity, user_name, name) + end + + def revoke_access_for(user) + requires :identity, :instance + user_name = user.respond_to?(:name) ? user.name : user + service.revoke_user_access(instance.identity, user_name, name) + end + + private def instance diff --git a/lib/fog/rackspace/requests/databases/grant_user_access.rb b/lib/fog/rackspace/requests/databases/grant_user_access.rb new file mode 100644 index 000000000..5b7018794 --- /dev/null +++ b/lib/fog/rackspace/requests/databases/grant_user_access.rb @@ -0,0 +1,21 @@ +module Fog + module Rackspace + class Databases + class Real + def grant_user_access(instance_id, user_name, *databases) + data = { :databases => [] } + databases.each do |db_name| + data[:databases] << { :name => db_name } + end + + request( + :body => Fog::JSON.encode(data), + :expects => 202, + :method => 'PUT', + :path => "instances/#{instance_id}/users/#{user_name}/databases" + ) + end + end + end + end +end diff --git a/lib/fog/rackspace/requests/databases/revoke_user_access.rb b/lib/fog/rackspace/requests/databases/revoke_user_access.rb new file mode 100644 index 000000000..a88e1f57d --- /dev/null +++ b/lib/fog/rackspace/requests/databases/revoke_user_access.rb @@ -0,0 +1,15 @@ +module Fog + module Rackspace + class Databases + class Real + def revoke_user_access(instance_id, user_name, database) + request( + :expects => 202, + :method => 'DELETE', + :path => "instances/#{instance_id}/users/#{user_name}/databases/#{database}" + ) + end + end + end + end +end From fc242385f60ca459981ef0bf0d78cdc180c5caea Mon Sep 17 00:00:00 2001 From: Evan Light Date: Wed, 13 Aug 2014 14:22:23 -0400 Subject: [PATCH 2/5] Handle host specification on database users --- lib/fog/rackspace/models/databases/database.rb | 6 ++---- lib/fog/rackspace/models/databases/user.rb | 5 +++++ lib/fog/rackspace/models/databases/users.rb | 2 ++ .../requests/databases/grant_user_access.rb | 15 +++++++++++++-- .../requests/databases/revoke_user_access.rb | 15 +++++++++++++-- 5 files changed, 35 insertions(+), 8 deletions(-) diff --git a/lib/fog/rackspace/models/databases/database.rb b/lib/fog/rackspace/models/databases/database.rb index b45cac55f..ad89a7ee7 100644 --- a/lib/fog/rackspace/models/databases/database.rb +++ b/lib/fog/rackspace/models/databases/database.rb @@ -23,14 +23,12 @@ module Fog def grant_access_for(user) requires :identity, :instance - user_name = user.respond_to?(:name) ? user.name : user - service.grant_user_access(instance.identity, user_name, name) + service.grant_user_access(instance.identity, user, name) end def revoke_access_for(user) requires :identity, :instance - user_name = user.respond_to?(:name) ? user.name : user - service.revoke_user_access(instance.identity, user_name, name) + service.revoke_user_access(instance.identity, user, name) end diff --git a/lib/fog/rackspace/models/databases/user.rb b/lib/fog/rackspace/models/databases/user.rb index f46744782..fb4c13ff6 100644 --- a/lib/fog/rackspace/models/databases/user.rb +++ b/lib/fog/rackspace/models/databases/user.rb @@ -8,6 +8,11 @@ module Fog attribute :password attribute :databases + attribute :host + + def initialize(params = {}) + super + end def save requires :identity, :instance, :password diff --git a/lib/fog/rackspace/models/databases/users.rb b/lib/fog/rackspace/models/databases/users.rb index bfad020e5..2561a043a 100644 --- a/lib/fog/rackspace/models/databases/users.rb +++ b/lib/fog/rackspace/models/databases/users.rb @@ -15,6 +15,8 @@ module Fog def get(user_name) data = retrieve_users.find { |database| database['name'] == user_name } + require 'pry' + binding.pry data && new(data) end diff --git a/lib/fog/rackspace/requests/databases/grant_user_access.rb b/lib/fog/rackspace/requests/databases/grant_user_access.rb index 5b7018794..3251cfef6 100644 --- a/lib/fog/rackspace/requests/databases/grant_user_access.rb +++ b/lib/fog/rackspace/requests/databases/grant_user_access.rb @@ -2,7 +2,18 @@ module Fog module Rackspace class Databases class Real - def grant_user_access(instance_id, user_name, *databases) + def grant_user_access(instance_id, user, *databases) + user = + if user.respond_to?(:name) && user.respond_to?(:host) + if user.host == '%' + user.name + else + "#{user.name}@#{user.host}" + end + else + user + end + data = { :databases => [] } databases.each do |db_name| data[:databases] << { :name => db_name } @@ -12,7 +23,7 @@ module Fog :body => Fog::JSON.encode(data), :expects => 202, :method => 'PUT', - :path => "instances/#{instance_id}/users/#{user_name}/databases" + :path => "instances/#{instance_id}/users/#{user}/databases" ) end end diff --git a/lib/fog/rackspace/requests/databases/revoke_user_access.rb b/lib/fog/rackspace/requests/databases/revoke_user_access.rb index a88e1f57d..7ae3597c6 100644 --- a/lib/fog/rackspace/requests/databases/revoke_user_access.rb +++ b/lib/fog/rackspace/requests/databases/revoke_user_access.rb @@ -2,11 +2,22 @@ module Fog module Rackspace class Databases class Real - def revoke_user_access(instance_id, user_name, database) + def revoke_user_access(instance_id, user, database) + user = + if user.respond_to?(:name) && user.respond_to?(:host) + if user.host == '%' + user.name + else + "#{user.name}@#{user.host}" + end + else + user + end + request( :expects => 202, :method => 'DELETE', - :path => "instances/#{instance_id}/users/#{user_name}/databases/#{database}" + :path => "instances/#{instance_id}/users/#{user}/databases/#{database}" ) end end From 72aae6d99001d288036d459f7fa2ecde5f909049 Mon Sep 17 00:00:00 2001 From: Evan Light Date: Wed, 13 Aug 2014 22:39:40 -0600 Subject: [PATCH 3/5] create_user, grant_user_access, and revoke_user_access now support host access restrictions --- lib/fog/rackspace/models/databases/user.rb | 2 +- lib/fog/rackspace/requests/databases/create_user.rb | 3 ++- .../requests/databases/grant_user_access.rb | 10 +++++----- .../requests/databases/revoke_user_access.rb | 12 ++++++------ tests/rackspace/models/databases/database_tests.rb | 12 ++++++++++++ 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/lib/fog/rackspace/models/databases/user.rb b/lib/fog/rackspace/models/databases/user.rb index fb4c13ff6..1bdb939fd 100644 --- a/lib/fog/rackspace/models/databases/user.rb +++ b/lib/fog/rackspace/models/databases/user.rb @@ -16,7 +16,7 @@ module Fog def save requires :identity, :instance, :password - service.create_user(instance.identity, identity, password, :databases => databases) + service.create_user(instance.identity, identity, password, :databases => databases, :host => host) true end diff --git a/lib/fog/rackspace/requests/databases/create_user.rb b/lib/fog/rackspace/requests/databases/create_user.rb index d197a3ee3..dbc9997c7 100644 --- a/lib/fog/rackspace/requests/databases/create_user.rb +++ b/lib/fog/rackspace/requests/databases/create_user.rb @@ -7,7 +7,8 @@ module Fog 'users' => [{ 'name' => name, 'password' => password, - 'databases' => options[:databases] || [] + 'databases' => options[:databases] || [], + 'host' => options[:host] || '%' }] } diff --git a/lib/fog/rackspace/requests/databases/grant_user_access.rb b/lib/fog/rackspace/requests/databases/grant_user_access.rb index 3251cfef6..c41c9f3c2 100644 --- a/lib/fog/rackspace/requests/databases/grant_user_access.rb +++ b/lib/fog/rackspace/requests/databases/grant_user_access.rb @@ -5,11 +5,11 @@ module Fog def grant_user_access(instance_id, user, *databases) user = if user.respond_to?(:name) && user.respond_to?(:host) - if user.host == '%' - user.name - else - "#{user.name}@#{user.host}" - end + host_str = + if user.host && user.host != '' && user.host != '%' + "@#{user.host}" + end.to_s + user.name + host_str else user end diff --git a/lib/fog/rackspace/requests/databases/revoke_user_access.rb b/lib/fog/rackspace/requests/databases/revoke_user_access.rb index 7ae3597c6..4b07e5b5c 100644 --- a/lib/fog/rackspace/requests/databases/revoke_user_access.rb +++ b/lib/fog/rackspace/requests/databases/revoke_user_access.rb @@ -3,13 +3,13 @@ module Fog class Databases class Real def revoke_user_access(instance_id, user, database) - user = + user = if user.respond_to?(:name) && user.respond_to?(:host) - if user.host == '%' - user.name - else - "#{user.name}@#{user.host}" - end + host_str = + if user.host && user.host != '' && user.host != '%' + "@#{user.host}" + end.to_s + user.name + host_str else user end diff --git a/tests/rackspace/models/databases/database_tests.rb b/tests/rackspace/models/databases/database_tests.rb index 34169ddff..95157fde2 100644 --- a/tests/rackspace/models/databases/database_tests.rb +++ b/tests/rackspace/models/databases/database_tests.rb @@ -13,5 +13,17 @@ Shindo.tests('Fog::Rackspace::Databases | database', ['rackspace']) do model_tests(instance.databases, { :name => "db_#{Time.now.to_i.to_s}" }, false) + user_no_host = instance.users.create(:name => "foo", :password => "foo") + user_with_host = instance.users.create(:name => "bar", :host => "10.20.30.40", :password => "bar") + + db = instance.databases.create(:name => "Test_#{Time.now.to_i}") + + db.grant_access_for(user_no_host) + db.grant_access_for(user_with_host) + + db.revoke_access_for(user_no_host) + db.revoke_access_for(user_with_host) + + instance.destroy end From 9deffda1a1f14999eab7bc87f2a5e2b41953de17 Mon Sep 17 00:00:00 2001 From: Evan Light Date: Wed, 13 Aug 2014 22:42:49 -0600 Subject: [PATCH 4/5] Oops. Added that initializer just so I could pry inside of it. Don't need it now! --- lib/fog/rackspace/models/databases/user.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/fog/rackspace/models/databases/user.rb b/lib/fog/rackspace/models/databases/user.rb index 1bdb939fd..95ca05b24 100644 --- a/lib/fog/rackspace/models/databases/user.rb +++ b/lib/fog/rackspace/models/databases/user.rb @@ -10,10 +10,6 @@ module Fog attribute :databases attribute :host - def initialize(params = {}) - super - end - def save requires :identity, :instance, :password service.create_user(instance.identity, identity, password, :databases => databases, :host => host) From d80d3e7c2ce48dab876e3fcbfbf45afc5f23cf99 Mon Sep 17 00:00:00 2001 From: Evan Light Date: Wed, 13 Aug 2014 22:44:06 -0600 Subject: [PATCH 5/5] Oops another pry call to remove... --- lib/fog/rackspace/models/databases/users.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/fog/rackspace/models/databases/users.rb b/lib/fog/rackspace/models/databases/users.rb index 2561a043a..bfad020e5 100644 --- a/lib/fog/rackspace/models/databases/users.rb +++ b/lib/fog/rackspace/models/databases/users.rb @@ -15,8 +15,6 @@ module Fog def get(user_name) data = retrieve_users.find { |database| database['name'] == user_name } - require 'pry' - binding.pry data && new(data) end