feat: updates to MSSQL user create process (#295)

shane-borden · Shane Borden · web-flow · commit 9d1110a85508 · 2023-09-07T14:13:07.000-05:00
* bug: 299460067 fix user ddl + add drop method

* bug: fix syntax for user creation

* chore: bump version to 4.3.18

---------

Co-authored-by: Shane Borden &lt;shaneborden@google.com&gt;
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 4.3.17
+current_version = 4.3.18
 commit = False
 tag = False
 
diff --git a/scripts/collector/oracle/collect-data.sh b/scripts/collector/oracle/collect-data.sh
@@ -16,7 +16,7 @@
 
 ### Setup directories needed for execution
 #############################################################################
-OpVersion="4.3.17"
+OpVersion="4.3.18"
 dbmajor=""
 
 LOCALE=$(echo $LANG | cut -d '.' -f 1)
diff --git a/scripts/collector/sqlserver/createUserWithSQLAuth.ps1 b/scripts/collector/sqlserver/createUserWithSQLAuth.ps1
@@ -73,11 +73,11 @@ if ([string]::IsNullorEmpty($serverName)) {
 
 if ([string]::IsNullorEmpty($port)) {
     Write-Output "Creating Collection User in $serverName"
-    sqlcmd -S $serverName -i sql\createCollectionUser.sql -l 30 -m 1 -v collectionUser=$collectionUserName collectionPass=$collectionUserPass
+    sqlcmd -S $serverName -i sql\createCollectionUser.sql -d master -U $user -P $pass -l 30 -m 1 -v collectionUser=$collectionUserName collectionPass=$collectionUserPass
 } else {
     $serverName = "$serverName,$port"
     Write-Output "Creating Collection User in $serverName, using PORT $port"
-    sqlcmd -S $serverName -i sql\createCollectionUser.sql -l 30 -m 1 -v collectionUser=$collectionUserName collectionPass=$collectionUserPass
+    sqlcmd -S $serverName -i sql\createCollectionUser.sql -d master -U $user -P $pass -l 30 -m 1 -v collectionUser=$collectionUserName collectionPass=$collectionUserPass
 }
 
 Exit 0
diff --git a/scripts/collector/sqlserver/createUserWithWindowsAuth.ps1 b/scripts/collector/sqlserver/createUserWithWindowsAuth.ps1
@@ -63,9 +63,9 @@ if ([string]::IsNullorEmpty($serverName)) {
 
 if ([string]::IsNullorEmpty($port)) {
     Write-Output "Creating Collection User in $serverName"
-    sqlcmd -S $serverName -i sql\createCollectionUser.sql -l 30 -m 1 -v collectionUser=$collectionUserName collectionPass=$collectionUserPass
+    sqlcmd -S $serverName -i sql\createCollectionUser.sql -d master -l 30 -m 1 -v collectionUser=$collectionUserName collectionPass=$collectionUserPass
 } else {
     $serverName = "$serverName,$port"
     Write-Output "Creating Collection User in $serverName, using PORT $port"
-    sqlcmd -S $serverName -i sql\createCollectionUser.sql -l 30 -m 1 -v collectionUser=$collectionUserName collectionPass=$collectionUserPass
+    sqlcmd -S $serverName -i sql\createCollectionUser.sql -d master -l 30 -m 1 -v collectionUser=$collectionUserName collectionPass=$collectionUserPass
 }
diff --git a/scripts/collector/sqlserver/instanceReview.ps1 b/scripts/collector/sqlserver/instanceReview.ps1
@@ -126,7 +126,7 @@ $current_ts = $values[4]
 $pkey = $values[5]
 $dmaSourceId = $dmaSourceId[0]
 
-$op_version = "4.3.17"
+$op_version = "4.3.18"
 
 if ($ignorePerfmon -eq "true") {
     $perfCounterLabel = "NoPerfCounter"
diff --git a/scripts/collector/sqlserver/sql/addCollectionUserPermissions.sql b/scripts/collector/sqlserver/sql/addCollectionUserPermissions.sql
@@ -0,0 +1,75 @@
+/*
+Copyright 2023 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+*/
+
+SET NOCOUNT ON;
+SET LANGUAGE us_english;
+
+DECLARE @dbname VARCHAR(50);
+DECLARE @COLLECTION_USER VARCHAR(256);
+DECLARE @PRODUCT_VERSION AS INTEGER
+
+DECLARE db_cursor CURSOR FOR 
+SELECT name
+FROM MASTER.sys.databases 
+WHERE name NOT IN ('model','msdb','distribution','reportserver', 'reportservertempdb','resource','rdsadmin')
+AND state = 0;
+
+SELECT @PRODUCT_VERSION = CONVERT(INTEGER, PARSENAME(CONVERT(nvarchar, SERVERPROPERTY('productversion')), 4));
+SELECT @COLLECTION_USER = N'$(collectionUser)'
+
+BEGIN
+    IF EXISTS 
+        (SELECT name  
+        FROM master.sys.server_principals
+        WHERE name = @COLLECTION_USER)
+    BEGIN
+        exec('GRANT VIEW SERVER STATE TO [' + @COLLECTION_USER + ']');
+        exec('GRANT SELECT ALL USER SECURABLES TO [' + @COLLECTION_USER + ']');
+        exec('GRANT VIEW ANY DATABASE TO [' + @COLLECTION_USER + ']');
+        exec('GRANT VIEW ANY DEFINITION TO [' + @COLLECTION_USER + ']');
+        exec('GRANT VIEW SERVER STATE TO [' + @COLLECTION_USER + ']');
+        IF @PRODUCT_VERSION > 15
+            BEGIN
+                exec('GRANT VIEW SERVER PERFORMANCE STATE TO [' + @COLLECTION_USER + ']');
+                exec('GRANT VIEW SERVER SECURITY STATE TO [' + @COLLECTION_USER + ']');
+                exec('GRANT VIEW ANY PERFORMANCE DEFINITION TO [' + @COLLECTION_USER + ']');
+                exec('GRANT VIEW ANY SECURITY DEFINITION TO [' + @COLLECTION_USER + ']');
+            END;
+    END;
+END;
+
+OPEN db_cursor  
+FETCH NEXT FROM db_cursor INTO @dbname  
+
+WHILE @@FETCH_STATUS = 0
+BEGIN
+    BEGIN
+        exec ('
+        use [' + @dbname + '];
+        IF EXISTS (SELECT [name]
+           FROM [sys].[database_principals]
+           WHERE [type] = N''S'' AND [name] = N''' + @COLLECTION_USER + ''')
+           BEGIN
+             GRANT VIEW DATABASE STATE TO [' + @COLLECTION_USER + '];
+           END');
+    END;
+
+    FETCH NEXT FROM db_cursor INTO @dbname;
+END;
+
+CLOSE db_cursor  
+DEALLOCATE db_cursor
diff --git a/scripts/collector/sqlserver/sql/createCollectionUser.sql b/scripts/collector/sqlserver/sql/createCollectionUser.sql
@@ -20,35 +20,38 @@ SET LANGUAGE us_english;
 
 DECLARE @dbname VARCHAR(50);
 DECLARE @COLLECTION_USER VARCHAR(256);
+DECLARE @COLLECTION_PASS VARCHAR(256);
 DECLARE @PRODUCT_VERSION AS INTEGER
 
-SELECT @PRODUCT_VERSION = CONVERT(INTEGER, PARSENAME(CONVERT(nvarchar, SERVERPROPERTY('productversion')), 4));
 DECLARE db_cursor CURSOR FOR 
 SELECT name
 FROM MASTER.sys.databases 
 WHERE name NOT IN ('model','msdb','distribution','reportserver', 'reportservertempdb','resource','rdsadmin')
 AND state = 0;
 
-USE [master]
+SELECT @PRODUCT_VERSION = CONVERT(INTEGER, PARSENAME(CONVERT(nvarchar, SERVERPROPERTY('productversion')), 4));
+SELECT @COLLECTION_USER = N'$(collectionUser)'
+SELECT @COLLECTION_PASS = N'$(collectionPass)'
+
 IF NOT EXISTS 
     (SELECT name  
      FROM master.sys.server_principals
-     WHERE name = N'$(collectionUser)')
+     WHERE name = @COLLECTION_USER)
 	BEGIN
-		CREATE LOGIN [$(collectionUser)] WITH PASSWORD=N'$(collectionPass)', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
+		exec ('CREATE LOGIN [' + @COLLECTION_USER + '] WITH PASSWORD=N''' + @COLLECTION_PASS + ''', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF');
 	END
 BEGIN
-	GRANT VIEW SERVER STATE TO [$(collectionUser)]
-	GRANT SELECT ALL USER SECURABLES TO [$(collectionUser)]
-	GRANT VIEW ANY DATABASE TO [$(collectionUser)]
-	GRANT VIEW ANY DEFINITION TO [$(collectionUser)]
-	GRANT VIEW SERVER STATE TO [$(collectionUser)]
+	exec ('GRANT VIEW SERVER STATE TO [' + @COLLECTION_USER + ']');
+	exec ('GRANT SELECT ALL USER SECURABLES TO [' + @COLLECTION_USER + ']');
+	exec ('GRANT VIEW ANY DATABASE TO [' + @COLLECTION_USER + ']');
+	exec ('GRANT VIEW ANY DEFINITION TO [' + @COLLECTION_USER + ']');
+	exec ('GRANT VIEW SERVER STATE TO [' + @COLLECTION_USER + ']');
     IF @PRODUCT_VERSION > 15
         BEGIN
-            GRANT VIEW SERVER PERFORMANCE STATE TO [$(collectionUser)]
-            GRANT VIEW SERVER SECURITY STATE TO [$(collectionUser)]
-            GRANT VIEW ANY PERFORMANCE DEFINITION TO [$(collectionUser)]
-            GRANT VIEW ANY SECURITY DEFINITION TO [$(collectionUser)]
+            exec('GRANT VIEW SERVER PERFORMANCE STATE TO [' + @COLLECTION_USER + ']');
+            exec('GRANT VIEW SERVER SECURITY STATE TO [' + @COLLECTION_USER + ']');
+            exec('GRANT VIEW ANY PERFORMANCE DEFINITION TO [' + @COLLECTION_USER + ']');
+            exec('GRANT VIEW ANY SECURITY DEFINITION TO [' + @COLLECTION_USER + ']');
         END;
 END;
 
@@ -60,8 +63,13 @@ BEGIN
     BEGIN
         exec ('
         use [' + @dbname + '];
-        CREATE USER [$(collectionUser)] FOR LOGIN [$(collectionUser)];
-        GRANT VIEW DATABASE STATE TO [$(collectionUser)]');
+        IF NOT EXISTS (SELECT [name]
+           FROM [sys].[database_principals]
+           WHERE [type] = N''S'' AND [name] = N''' + @COLLECTION_USER + ''')
+           BEGIN
+             CREATE USER [' + @COLLECTION_USER + '] FOR LOGIN  [' + @COLLECTION_USER + '];
+           END;
+        GRANT VIEW DATABASE STATE TO  [' + @COLLECTION_USER + ']');
     END;
 
     FETCH NEXT FROM db_cursor INTO @dbname;
diff --git a/scripts/collector/sqlserver/sql/dropCollectionUser.sql b/scripts/collector/sqlserver/sql/dropCollectionUser.sql
@@ -0,0 +1,62 @@
+/*
+Copyright 2023 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+*/
+
+SET NOCOUNT ON;
+SET LANGUAGE us_english;
+
+DECLARE @dbname VARCHAR(50);
+DECLARE @COLLECTION_USER VARCHAR(256);
+
+DECLARE db_cursor CURSOR FOR 
+SELECT name
+FROM MASTER.sys.databases 
+WHERE name NOT IN ('model','msdb','distribution','reportserver', 'reportservertempdb','resource','rdsadmin')
+AND state = 0;
+
+SELECT @COLLECTION_USER = N'$(collectionUser)'
+
+OPEN db_cursor  
+FETCH NEXT FROM db_cursor INTO @dbname  
+
+WHILE @@FETCH_STATUS = 0
+BEGIN
+    BEGIN
+        exec ('
+        use [' + @dbname + '];
+        IF EXISTS (SELECT [name]
+           FROM [sys].[database_principals]
+           WHERE [type] = N''S'' AND [name] = N''' + @COLLECTION_USER + ''')
+           BEGIN
+             DROP USER [' + @COLLECTION_USER + '];
+           END;
+        ');
+    END;
+
+    FETCH NEXT FROM db_cursor INTO @dbname;
+END;
+
+CLOSE db_cursor  
+DEALLOCATE db_cursor
+
+use [master];
+IF EXISTS 
+    (SELECT name  
+     FROM master.sys.server_principals
+     WHERE name = @COLLECTION_USER)
+	BEGIN
+		exec ('DROP LOGIN [' + @COLLECTION_USER + ']');
+	END;
diff --git a/scripts/masker/dma-collection-masker b/scripts/masker/dma-collection-masker
@@ -33,7 +33,7 @@ __all__ = [
     "run_masker",
 ]
 
-__version__ = "4.3.17"
+__version__ = "4.3.18"
 
 logger = logging.getLogger(__name__)
 

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ __all__ = [`
`33`	`33`	`"run_masker",`
`34`	`34`	`]`
`35`	`35`
`36`		`-__version__ = "4.3.17"`
	`36`	`+__version__ = "4.3.18"`
`37`	`37`
`38`	`38`	`logger = logging.getLogger(__name__)`
`39`	`39`