cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [1/2] git commit: updated refs/heads/rbac to 12b6e70
Date Fri, 20 Sep 2013 00:51:08 GMT
Updated Branches:
  refs/heads/rbac 7b4998fcd -> 12b6e700b


Add missing table acl_group_role_map, as well as adding columns.

Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/35458861
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/35458861
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/35458861

Branch: refs/heads/rbac
Commit: 354588611a680edcc3518aa46ebf5d0f91614eff
Parents: 7b4998f
Author: Min Chen <min.chen@citrix.com>
Authored: Thu Sep 19 17:49:49 2013 -0700
Committer: Min Chen <min.chen@citrix.com>
Committed: Thu Sep 19 17:49:49 2013 -0700

----------------------------------------------------------------------
 .../com/cloud/upgrade/dao/Upgrade420to430.java  | 42 ++++++++++++++++++--
 setup/db/db/schema-420to430.sql                 | 39 +++++++++++++-----
 2 files changed, 68 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/35458861/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java
index 9575fb1..0e97855 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java
@@ -24,9 +24,10 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Map;
 
-import org.apache.cloudstack.acl.RoleType;
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.acl.RoleType;
+
 import com.cloud.utils.PropertiesUtil;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.script.Script;
@@ -62,6 +63,7 @@ public class Upgrade420to430 implements DbUpgrade {
     @Override
     public void performDataMigration(Connection conn) {
         populateACLGroupAccountMap(conn);
+        populateACLGroupRoleMap(conn);
         populateACLRoleBasedAPIPermission(conn);
     }
 
@@ -74,7 +76,7 @@ public class Upgrade420to430 implements DbUpgrade {
         s_logger.debug("Populating acl_group_account_map table for existing accounts...");
         try {
             acctInsert = conn
-                    .prepareStatement("INSERT INTO `cloud`.`acl_group_account_map` (group_id,
account_id) values(?, ?)");
+                    .prepareStatement("INSERT INTO `cloud`.`acl_group_account_map` (group_id,
account_id, created) values(?, ?, Now())");
             acctQuery = conn
                     .prepareStatement("select id, type from `cloud`.`account` where removed
is null");
             rs = acctQuery.executeQuery();
@@ -110,13 +112,47 @@ public class Upgrade420to430 implements DbUpgrade {
         s_logger.debug("Completed populate acl_group_account_map for existing accounts.");
     }
 
+    // populate acl_group_role_map table for existing accounts
+    private void populateACLGroupRoleMap(Connection conn) {
+        PreparedStatement sqlInsert = null;
+        ResultSet rs = null;
+
+        s_logger.debug("Populating acl_group_role_map table for default groups and roles...");
+        try {
+            sqlInsert = conn
+                    .prepareStatement("INSERT INTO `cloud`.`acl_group_role_map` (group_id,
role_id, created) values(?, ?, Now())");
+            for (int i = 1; i < 6; i++) {
+                // insert entry in acl_group_role_map table, 1 to 1 mapping for default group
and role
+                sqlInsert.setLong(1, i);
+                sqlInsert.setLong(2, i);
+                sqlInsert.executeUpdate();
+            }
+        } catch (SQLException e) {
+            String msg = "Unable to populate acl_group_role_map for default groups and roles."
+ e.getMessage();
+            s_logger.error(msg);
+            throw new CloudRuntimeException(msg, e);
+        } finally {
+            try {
+                if (rs != null) {
+                    rs.close();
+                }
+
+                if (sqlInsert != null) {
+                    sqlInsert.close();
+                }
+            } catch (SQLException e) {
+            }
+        }
+        s_logger.debug("Completed populate acl_group_role_map for existing accounts.");
+    }
+
     private void populateACLRoleBasedAPIPermission(Connection conn) {
         // read the commands.properties.in and populate the table
         PreparedStatement apiInsert = null;
 
         s_logger.debug("Populating acl_api_permission table for existing commands...");
         try {
-            apiInsert = conn.prepareStatement("INSERT INTO `cloud`.`acl_api_permission` (role_id,
api) values(?, ?)");
+            apiInsert = conn.prepareStatement("INSERT INTO `cloud`.`acl_api_permission` (role_id,
api, created) values(?, ?, Now())");
 
             Map<String, String> commandMap = PropertiesUtil.processConfigFile(new String[]
{ "commands.properties" });
             for (Map.Entry<String, String> entry : commandMap.entrySet()) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/35458861/setup/db/db/schema-420to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-420to430.sql b/setup/db/db/schema-420to430.sql
index fb09369..12c496c 100644
--- a/setup/db/db/schema-420to430.sql
+++ b/setup/db/db/schema-420to430.sql
@@ -286,6 +286,7 @@ CREATE VIEW `cloud`.`template_view` AS
 CREATE TABLE `cloud`.`acl_group` (
   `id` bigint unsigned NOT NULL UNIQUE auto_increment,
   `name` varchar(255) NOT NULL,
+  `description` varchar(255) default NULL,
   `uuid` varchar(40),
   `removed` datetime COMMENT 'date the group was removed',
   `created` datetime COMMENT 'date the group was created',
@@ -298,6 +299,8 @@ CREATE TABLE `cloud`.`acl_group_account_map` (
   `id` bigint unsigned NOT NULL auto_increment,
   `group_id` bigint unsigned NOT NULL,
   `account_id` bigint unsigned NOT NULL,
+  `removed` datetime COMMENT 'date the account was removed from the group',
+  `created` datetime COMMENT 'date the account was assigned to the group',  
   PRIMARY KEY  (`id`),
   CONSTRAINT `fk_acl_group_vm_map___group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group`
(`id`) ON DELETE CASCADE,
   CONSTRAINT `fk_acl_group_vm_map___account_id` FOREIGN KEY(`account_id`) REFERENCES `account`
(`id`) ON DELETE CASCADE
@@ -306,6 +309,7 @@ CREATE TABLE `cloud`.`acl_group_account_map` (
 CREATE TABLE `cloud`.`acl_role` (
   `id` bigint unsigned NOT NULL UNIQUE auto_increment,
   `name` varchar(255) NOT NULL,
+  `description` varchar(255) default NULL,  
   `uuid` varchar(40),
   `removed` datetime COMMENT 'date the role was removed',
   `created` datetime COMMENT 'date the role was created',
@@ -314,23 +318,36 @@ CREATE TABLE `cloud`.`acl_role` (
   CONSTRAINT `uc_acl_role__uuid` UNIQUE (`uuid`)  
 ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
 
+CREATE TABLE `cloud`.`acl_group_role_map` (
+  `id` bigint unsigned NOT NULL auto_increment,
+  `group_id` bigint unsigned NOT NULL,
+  `role_id` bigint unsigned NOT NULL,
+  `removed` datetime COMMENT 'date the role was revoked from the group',
+  `created` datetime COMMENT 'date the role was granted to the group',   
+  PRIMARY KEY  (`id`),
+  CONSTRAINT `fk_acl_group_role_map___group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group`
(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_acl_group_role_map___role_id` FOREIGN KEY(`role_id`) REFERENCES `acl_role`
(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;        
+
 
-INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (1,'NORMAL', UUID(),
Now());
-INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (2, 'ADMIN', UUID(),
Now());
-INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (3, 'DOMAIN_ADMIN',
UUID(), Now());
-INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN',
UUID(), Now());
-INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (5, 'READ_ONLY_ADMIN',
UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (1,'NORMAL',
'Domain user role', UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (2, 'ADMIN',
'Root admin role', UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (3, 'DOMAIN_ADMIN',
'Domain admin role', UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN',
'Resource domain admin role', UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (5, 'READ_ONLY_ADMIN',
'Read only admin role', UUID(), Now());
 
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (1, 'NORMAL', UUID(),
Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (2, 'ADMIN', UUID(),
Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (3, 'DOMAIN_ADMIN',
UUID(), Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN',
UUID(), Now());
-INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (5, 'READ_ONLY_ADMIN',
UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (1,
'NORMAL', 'Domain user group', UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (2,
'ADMIN', 'Root admin group', UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (3,
'DOMAIN_ADMIN', 'Domain admin group', UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (4,
'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), Now());
+INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (5,
'READ_ONLY_ADMIN', 'Read only admin group', UUID(), Now());
 
 CREATE TABLE `cloud`.`acl_api_permission` (
   `id` bigint unsigned NOT NULL UNIQUE auto_increment,
   `role_id` bigint unsigned NOT NULL,
   `api` varchar(255) NOT NULL,
+  `removed` datetime COMMENT 'date the permission was revoked',
+  `created` datetime COMMENT 'date the permission was granted',  
   PRIMARY KEY  (`id`),
   CONSTRAINT `fk_acl_api_permission___role_id` FOREIGN KEY(`role_id`) REFERENCES `acl_role`
(`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@@ -341,6 +358,8 @@ CREATE TABLE `cloud`.`acl_entity_permission` (
   `entity_type` varchar(100) NOT NULL,
   `entity_id` bigint unsigned NOT NULL,
   `access_type` varchar(40) NOT NULL,  
+  `removed` datetime COMMENT 'date the permission was revoked',
+  `created` datetime COMMENT 'date the permission was granted',   
   PRIMARY KEY  (`id`),
   CONSTRAINT `fk_acl_entity_permission___group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group`
(`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;


Mime
View raw message