Skip to content
This repository has been archived by the owner on May 31, 2024. It is now read-only.
/ gratan Public archive

Gratan is a tool to manage MySQL permissions. It defines the state of MySQL permissions using Ruby DSL, and updates permissions according to DSL.

License

Notifications You must be signed in to change notification settings

codenize-tools/gratan

Repository files navigation

Gratan

Gratan is a tool to manage MySQL permissions.

It defines the state of MySQL permissions using Ruby DSL, and updates permissions according to DSL.

Gem Version Build Status

Notice

  • >= 0.3.0
    • Support template
  • >= 0.3.1
    • Fix <secret> password

Installation

Add this line to your application's Gemfile:

gem 'gratan'

And then execute:

$ bundle

Or install it yourself as:

$ gem install gratan

Usage

gratan -e -o Grantfile
vi Grantfile
gratan -a --dry-run
gratan -a

Help

Usage: gratan [options]
        --host HOST
        --port PORT
        --socket SOCKET
        --username USERNAME
        --password PASSWORD
        --database DATABASE
    -a, --apply
    -f, --file FILE
        --dry-run
    -e, --export
        --with-identifier
        --split
        --chunk-by-user
    -o, --output FILE
        --ignore-user REGEXP
        --target-user REGEXP
        --ignore-object REGEXP
        --enable-expired
        --ignore-not-exist
        --ignore-password-secret
        --skip-disable-log-bin
        --override-sql-mode
        --use-show-create-user
        --no-color
        --debug
        --auto-identify OUTPUT
        --csv-identify CSV
        --mysql2-options JSON
    -h, --help

A default connection to a database can be established by setting the following environment variables:

  • GRATAN_DB_HOST: database host
  • GRATAN_DB_PORT: database port
  • GRATAN_DB_SOCKET: database socket
  • GRATAN_DB_DATABASE: database database name
  • GRATAN_DB_USERNAME: database user
  • GRATAN_DB_PASSWORD: database password

Grantfile example

require 'other/grantfile'

user "scott", "%" do
  on "*.*" do
    grant "USAGE"
  end

  on "test.*", expired: '2014/10/08', identified: "PASSWORD '*ABCDEF'" do
    grant "SELECT"
    grant "INSERT"
  end

  on /^foo\.prefix_/ do
    grant "SELECT"
    grant "INSERT"
  end
end

user "scott", ["localhost", "192.168.%"], expired: '2014/10/10' do
  on "*.*", with: 'GRANT OPTION' do
    grant "ALL PRIVILEGES"
  end
end

Use template

template 'all db template' do
  on '*.*' do
    grant 'SELECT'
  end
end

template 'test db template' do
  grant context.default

  context.extra.each do |priv|
    grant priv
  end
end

user 'scott', 'localhost', identified: 'tiger' do
  include_template 'all db template'

  on 'test.*' do
    context.default = 'SELECT'
    include_template 'test db template', extra: ['INSERT', 'UPDATE']
  end
end

Run tests

bundle install
docker-compose up -d
bundle exec rake
# MYSQL57=1 bundle exec rake

Similar tools

What does "Gratan" mean?

About

Gratan is a tool to manage MySQL permissions. It defines the state of MySQL permissions using Ruby DSL, and updates permissions according to DSL.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages