grant 0.0.1-beta.3

Manage database roles and privileges in GitOps style
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

use assert_cmd::prelude::*; // Add methods on commands
use indoc::indoc;
use predicates::prelude::*; // Used for writing assertions
use std::io::Write; // Write to files
use std::path::PathBuf;
use std::process::Command; // Run programs
use tempfile::NamedTempFile; // Create temporary files

#[test]
fn missing_arguments() {
    let mut cmd = Command::cargo_bin("grant").unwrap();
    cmd.assert().failure();
}

#[test]
/// `grant apply` must have --file or -f args
fn apply_missing_arguments() {
    let mut cmd = Command::cargo_bin("grant").unwrap();
    cmd.arg("apply")
        .assert()
        .failure()
        .stderr(predicate::str::contains("--file"));
}

/// `grant apply` with a config file
#[test]
fn apply_with_config_file() {
    // create a config file
    let _text = indoc! {r#"
        connection:
          type: "postgres"
          url: "postgres://postgres:postgres@localhost:5432/postgres"

        roles:
          - name: role_database_level
            type: database
            grants:
              - CREATE
              - TEMP
            databases:
              - postgres

          - name: role_schema_level
            type: schema
            grants:
              - CREATE
            databases:
              - postgres
            schemas:
              - public
          - name: role_all_schema
            type: table
            grants:
              - SELECT
              - INSERT
              - UPDATE
            databases:
              - postgres
            schemas:
              - public
            tables:
              - ALL

        users:
          - name: duyet
            password: 1234567890
            roles:
              - role_database_level
              - role_all_schema
              - role_schema_level
          - name: duyet2
            password: 1234567890
            roles:
              - role_database_level
              - role_all_schema
              - role_schema_level
    "#};

    let mut file = NamedTempFile::new().expect("failed to create temp file");
    file.write(_text.as_bytes())
        .expect("failed to write to temp file");
    let path = PathBuf::from(file.path().to_str().unwrap());

    let mut cmd = Command::cargo_bin("grant").unwrap();
    cmd.arg("apply")
        .arg("--file")
        .arg(path)
        .assert()
        .success()
        .stderr(predicate::str::contains(
            "Connected to database: postgres://postgres:postgres@localhost:5432/postgres",
        ))
        .stderr(predicate::str::contains("duyet"))
        .stderr(predicate::str::contains("duyet2"))
        // Look like this:
        // ┌────────┬───────────────────────────────────────────────────────────┬─────────┐
        // │ User   │ Database Privilege                                        │ Action  │
        // │ ---    │ ---                                                       │ ---     │
        // │ duyet  │ `role_database_level` for database: ["postgre+ │ updated │
        // │ duyet2 │ `role_database_level` for database: ["postgre+ │ updated │
        // └────────┴───────────────────────────────────────────────────────────┴─────────┘
        .stderr(predicate::str::contains(
            "│ duyet  │ `role_database_level` for database",
        ))
        .stderr(predicate::str::contains(
            "│ duyet2 │ `role_database_level` for database",
        ))
        // Look like this:
        // ┌────────┬───────────────────────────────────────────────────────┬─────────┐
        // │ User   │ Schema Privileges                                     │ Action  │
        // │ ---    │ ---                                                   │ ---     │
        // │ duyet  │ `role_schema_level` for schema: ["public"] │ updated │
        // │ duyet2 │ `role_schema_level` for schema: ["public"] │ updated │
        // └────────┴───────────────────────────────────────────────────────┴─────────┘
        .stderr(predicate::str::contains(
            "│ duyet  │ `role_schema_level` for schema",
        ))
        .stderr(predicate::str::contains(
            "│ duyet2 │ `role_schema_level` for schema",
        ))
        // Look like this:
        // ┌────────┬─────────────────────────────────────────────────┬─────────┐
        // │ User   │ Table Privileges                                │ Action  │
        // │ ---    │ ---                                             │ ---     │
        // │ duyet  │ `role_all_schema` for table: ["ALL"] │ updated │
        // │ duyet2 │ `role_all_schema` for table: ["ALL"] │ updated │
        // └────────┴─────────────────────────────────────────────────┴─────────┘
        .stderr(predicate::str::contains(
            "│ duyet  │ `role_all_schema` for table",
        ))
        .stderr(predicate::str::contains(
            "│ duyet2 │ `role_all_schema` for table",
        ))
        .stderr(predicate::str::contains("Summary"));
}