Giter VIP home page Giter VIP logo

forty's Introduction

Forty

Build Status Gem Version

Define Postgres users, groups and their permissions as code and let Forty enforce this state in your Postgres database. Forty will create users/groups which are present in the configuration file but missing from the database, and will delete users/groups which are present in the database but missing from the configuration file. An extensive example can be found here.

Example

If you have Docker installed, you can run docker-compose -f docker-compose_demo.yml up on your machine to see an example in action. This will spin up a Postgres instance with the system user postgres and another admin user demo_admin_user. The file acl.json specifies a few more users and groups (and their permissions) who are not yet present in the database. When calling Forty's sync method, the configuration will be synced to the database.

Usage

To configure Forty, simply require it in your script and configure the library as well as a Postgres database. You will need to specify a user for the Postgres database which has access to all realms that you want to manage. In case you want to allow it to delete users, Forty will reassign objects that are defined in Forty.configuration.schemas to the user defined as Forty.configuration.master_username and delete all other objects in "unmanaged" schemas.

Configuration

require 'forty'

Forty.configure do |config|
    config.master_username = 'postgres' # the root user; no permissions will be synced for this user
    config.acl_file = 'acl.json'        # the file with users, groups and permissions
    config.schemas = ['postgres']       # a list of schemas to be caught by wildcard identifiers in `acl.json`
end

Forty.database do |db|
    db.host = '127.0.0.1'
    db.port = 5432
    db.user = 'postgres'    # the user to be used to sync permissions. must have full access to everything!
    db.password = 'secret'
    db.database = 'postgres'
end

In case you want to send an email with credentials and connection details to a user:

Forty.mailer do |mail|
  mail.smtp_address = '[email protected]' # sender address
  mail.smtp_host = 'localhost'              # SMTP server address
  mail.smtp_port = 587                      # SMTP server port
  mail.smtp_username = 'someone'
  mail.smtp_password = 'very_secret'
  mail.smtp_authentication = :login         # refer to Ruby's mail gem for available options
  mail.smtp_encryption = :tls               # refer to Ruby's mail gem for available options
  mail.templates = { user_created: 'mail_template_user_created.erb' } # see example/mail_template_user_created.erb for available placeholders
  mail.enabled = true                       # whether or not emails should be sent, defaults to false
end

Execution

You can either sync immediately by calling the command somewhere in your Ruby code:

# ./some_ruby_script.rb

require 'forty'

Forty.sync  # this starts the sync immediately

Or import Forty's Rake tasks and call it from elsewhere; especially useful if you want to run this in Docker:

# Rakefile

require 'forty/rake/task'

Which will give you the following command:

$ rake acl:sync:all

ACL File

Define users, groups and permissions in a JSON formatted file. (A more sophisticated example can be found here.)

{
    "users": {
        "some_readonly_user": {
            "groups": [
                "all_tables_readonly"
            ]
        }
    },
    "groups": {
        "all_tables_readonly": {
            "permissions": [
                {
                    "type": "table",
                    "identifiers": [
                        "*.*"
                    ],
                    "privileges": [
                        "select"
                    ]
                }
            ]
        }
    }
}

Installation

Add this line to your application's Gemfile:

gem 'forty'

And then execute:

$ bundle

Or install it yourself as:

$ gem install forty

Contributing

  1. Fork it ( https://github.com/moertel/forty/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

forty's People

Contributors

moertel avatar

Stargazers

Dennis avatar mick delaney avatar avatar Ludwig Ostrowski avatar

Watchers

James Cloos avatar avatar avatar

Forkers

ch0ronomato

forty's Issues

Privilege 'UPDATE' has wrong identifier

Granting update privilege to a user breaks the sync:

11:26:33 | grunwald☂ glados: ~/dev/forty (table-acl-fix *% u=) [#1|+2|-1] $ git diff
diff --git a/example/acl.json b/example/acl.json
index cfb0a2f..07f561b 100644
--- a/example/acl.json
+++ b/example/acl.json
@@ -21,7 +21,8 @@
                     ],
                     "privileges": [
                         "select",
-                        "insert"
+                        "insert",
+                        "update"
                     ]
                 }
             ]
11:26:08 | grunwald☂ glados: ~/dev/forty (table-acl-fix *% u=) [#1|+2|-1] $ docker-compose -f demo_docker-compose.yml up -d postgres_demo_db
Starting forty_postgres_demo_db_1 ... done
11:26:13 | grunwald☂ glados: ~/dev/forty (table-acl-fix *% u=) [#1|+2|-1] $ docker-compose -f demo_docker-compose.yml run some_app
Starting forty_postgres_demo_db_1 ... done
[Forty] [INFO] Create example schemas and tables
NOTICE:  schema "some_schema" already exists, skipping
NOTICE:  schema "another_schema" already exists, skipping
NOTICE:  relation "some_table" already exists, skipping
NOTICE:  relation "another_table" already exists, skipping
[Forty] [WARN] Dry mode disabled, executing on production
[Forty] [INFO] Starting sync...
    ____           __
   / __/___  _____/ /___  __
  / /_/ __ \/ ___/ __/ / / /
 / __/ /_/ / /  / /_/ /_/ /
/_/  \____/_/   \__/\__, /  Database ACL Sync
                   /____/   v0.3.0

===============================================================================

Running in PRODUCTION-MODE (enforcing state)

Configuration:
    Master user:    demo_admin_user
    Synced schemas: some_schema, another_schema
    System users:   postgres
    System groups:  pg_signal_backend

===============================================================================

rake aborted!
TypeError: no implicit conversion of Array into Integer
/lib/forty/privilege.rb:17:in `slice!'
/lib/forty/privilege.rb:17:in `block in parse_privileges_from_string'
/lib/forty/privilege.rb:15:in `each'
/lib/forty/privilege.rb:15:in `parse_privileges_from_string'
/lib/forty/sync.rb:745:in `block in _parse_current_permissions'
/lib/forty/sync.rb:739:in `each'
/lib/forty/sync.rb:739:in `_parse_current_permissions'
/lib/forty/sync.rb:698:in `block in _parse_current_acl'
/lib/forty/sync.rb:695:in `each'
/lib/forty/sync.rb:695:in `_parse_current_acl'
/lib/forty/sync.rb:484:in `_get_current_table_acl'
/lib/forty/sync.rb:368:in `_revoke_all_privileges'
/lib/forty/sync.rb:348:in `_delete_user'
/lib/forty/sync.rb:77:in `block in sync_users'
/lib/forty/sync.rb:77:in `each'
/lib/forty/sync.rb:77:in `sync_users'
/lib/forty/sync.rb:37:in `run'
/lib/forty/sync.rb:12:in `sync'
/lib/forty/rake/task.rb:15:in `block (3 levels) in install_tasks'
/usr/local/bundle/gems/rake-11.3.0/exe/rake:27:in `<top (required)>'
/usr/local/bin/bundle:22:in `load'
/usr/local/bin/bundle:22:in `<main>'
Tasks: TOP => acl:sync:all
(See full trace by running task with --trace)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.