describe 'Gratan::Client#apply' do before(:each) do apply { <<-RUBY user 'scott', 'localhost', identified: 'tiger', required: 'SSL' do on '*.*' do grant 'SELECT' grant 'INSERT' end on 'test.*' do grant 'UPDATE' grant 'DELETE' end on 'mysql.user' do grant 'SELECT (user)' end end user 'bob', 'localhost' do on '*.*' do grant 'USAGE' end on 'test.*' do grant 'ALL PRIVILEGES' end end RUBY } end context 'when grant privs' do subject { client } it do apply(subject) { <<-RUBY user 'scott', 'localhost', identified: 'tiger', required: 'SSL' do on '*.*' do grant 'SELECT' grant 'INSERT' grant 'UPDATE' grant 'DELETE' end on 'test.*' do grant 'SELECT' grant 'INSERT' grant 'UPDATE' grant 'DELETE' end on 'mysql.user' do grant 'SELECT (user)' grant 'UPDATE (host)' end end user 'bob', 'localhost' do on '*.*' do grant 'USAGE' end on 'test.*' do grant 'ALL PRIVILEGES' end end RUBY } expect(show_grants).to match_array [ "GRANT ALL PRIVILEGES ON `test`.* TO 'bob'@'localhost'", "GRANT SELECT (user), UPDATE (host) ON `mysql`.`user` TO 'scott'@'localhost'", "GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL", "GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'scott'@'localhost'", "GRANT USAGE ON *.* TO 'bob'@'localhost'", ] end end context 'when revoke privs' do subject { client } it do apply(subject) { <<-RUBY user 'scott', 'localhost', identified: 'tiger', required: 'SSL' do on '*.*' do grant 'SELECT' end on 'mysql.user' do grant 'UPDATE (host)' end end user 'bob', 'localhost' do on '*.*' do grant 'USAGE' end on 'test.*' do grant 'ALL PRIVILEGES' end end RUBY } expect(show_grants).to match_array [ "GRANT ALL PRIVILEGES ON `test`.* TO 'bob'@'localhost'", "GRANT SELECT ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL", "GRANT UPDATE (host) ON `mysql`.`user` TO 'scott'@'localhost'", "GRANT USAGE ON *.* TO 'bob'@'localhost'", ] end end context 'when grant/revoke privs' do subject { client } it do apply(subject) { <<-RUBY user 'scott', 'localhost', identified: 'tiger', required: 'SSL' do on '*.*' do grant 'UPDATE' grant 'DELETE' end on 'test.*' do grant 'SELECT' grant 'INSERT' end on 'mysql.user' do grant 'UPDATE (host)' end end user 'mary', 'localhost' do on '*.*' do grant 'USAGE' end on 'test.*' do grant 'ALL PRIVILEGES' end end RUBY } expect(show_grants).to match_array [ "GRANT ALL PRIVILEGES ON `test`.* TO 'mary'@'localhost'", "GRANT SELECT, INSERT ON `test`.* TO 'scott'@'localhost'", "GRANT UPDATE (host) ON `mysql`.`user` TO 'scott'@'localhost'", "GRANT UPDATE, DELETE ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL", "GRANT USAGE ON *.* TO 'mary'@'localhost'", ] end end context 'when all privileges is normalized' do subject { client } it do result = apply(subject) { <<-RUBY user 'scott', 'localhost', required: 'SSL' do on '*.*' do grant 'SELECT' grant 'INSERT' end on 'test.*' do grant 'UPDATE' grant 'DELETE' end on 'mysql.user' do grant 'SELECT (user)' end end user 'bob', 'localhost' do on '*.*' do grant 'USAGE' end on 'test.*' do grant 'ALL' end end RUBY } expect(result).to be_falsey expect(show_grants).to match_array [ "GRANT ALL PRIVILEGES ON `test`.* TO 'bob'@'localhost'", "GRANT SELECT (user) ON `mysql`.`user` TO 'scott'@'localhost'", "GRANT SELECT, INSERT ON *.* TO 'scott'@'localhost' IDENTIFIED BY PASSWORD '*F2F68D0BB27A773C1D944270E5FAFED515A3FA40' REQUIRE SSL", "GRANT UPDATE, DELETE ON `test`.* TO 'scott'@'localhost'", "GRANT USAGE ON *.* TO 'bob'@'localhost'", ] end end end