Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CE06F10598 for ; Fri, 20 Sep 2013 00:51:08 +0000 (UTC) Received: (qmail 92403 invoked by uid 500); 20 Sep 2013 00:51:08 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 92358 invoked by uid 500); 20 Sep 2013 00:51:08 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 92347 invoked by uid 99); 20 Sep 2013 00:51:08 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Sep 2013 00:51:08 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 3F4458A36CC; Fri, 20 Sep 2013 00:51:08 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mchen@apache.org To: commits@cloudstack.apache.org Date: Fri, 20 Sep 2013 00:51:08 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/2] git commit: updated refs/heads/rbac to 12b6e70 Updated Branches: refs/heads/rbac 7b4998fcd -> 12b6e700b Add missing table acl_group_role_map, as well as adding columns. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/35458861 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/35458861 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/35458861 Branch: refs/heads/rbac Commit: 354588611a680edcc3518aa46ebf5d0f91614eff Parents: 7b4998f Author: Min Chen Authored: Thu Sep 19 17:49:49 2013 -0700 Committer: Min Chen Committed: Thu Sep 19 17:49:49 2013 -0700 ---------------------------------------------------------------------- .../com/cloud/upgrade/dao/Upgrade420to430.java | 42 ++++++++++++++++++-- setup/db/db/schema-420to430.sql | 39 +++++++++++++----- 2 files changed, 68 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/35458861/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java index 9575fb1..0e97855 100644 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java @@ -24,9 +24,10 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.util.Map; -import org.apache.cloudstack.acl.RoleType; import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.RoleType; + import com.cloud.utils.PropertiesUtil; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.script.Script; @@ -62,6 +63,7 @@ public class Upgrade420to430 implements DbUpgrade { @Override public void performDataMigration(Connection conn) { populateACLGroupAccountMap(conn); + populateACLGroupRoleMap(conn); populateACLRoleBasedAPIPermission(conn); } @@ -74,7 +76,7 @@ public class Upgrade420to430 implements DbUpgrade { s_logger.debug("Populating acl_group_account_map table for existing accounts..."); try { acctInsert = conn - .prepareStatement("INSERT INTO `cloud`.`acl_group_account_map` (group_id, account_id) values(?, ?)"); + .prepareStatement("INSERT INTO `cloud`.`acl_group_account_map` (group_id, account_id, created) values(?, ?, Now())"); acctQuery = conn .prepareStatement("select id, type from `cloud`.`account` where removed is null"); rs = acctQuery.executeQuery(); @@ -110,13 +112,47 @@ public class Upgrade420to430 implements DbUpgrade { s_logger.debug("Completed populate acl_group_account_map for existing accounts."); } + // populate acl_group_role_map table for existing accounts + private void populateACLGroupRoleMap(Connection conn) { + PreparedStatement sqlInsert = null; + ResultSet rs = null; + + s_logger.debug("Populating acl_group_role_map table for default groups and roles..."); + try { + sqlInsert = conn + .prepareStatement("INSERT INTO `cloud`.`acl_group_role_map` (group_id, role_id, created) values(?, ?, Now())"); + for (int i = 1; i < 6; i++) { + // insert entry in acl_group_role_map table, 1 to 1 mapping for default group and role + sqlInsert.setLong(1, i); + sqlInsert.setLong(2, i); + sqlInsert.executeUpdate(); + } + } catch (SQLException e) { + String msg = "Unable to populate acl_group_role_map for default groups and roles." + e.getMessage(); + s_logger.error(msg); + throw new CloudRuntimeException(msg, e); + } finally { + try { + if (rs != null) { + rs.close(); + } + + if (sqlInsert != null) { + sqlInsert.close(); + } + } catch (SQLException e) { + } + } + s_logger.debug("Completed populate acl_group_role_map for existing accounts."); + } + private void populateACLRoleBasedAPIPermission(Connection conn) { // read the commands.properties.in and populate the table PreparedStatement apiInsert = null; s_logger.debug("Populating acl_api_permission table for existing commands..."); try { - apiInsert = conn.prepareStatement("INSERT INTO `cloud`.`acl_api_permission` (role_id, api) values(?, ?)"); + apiInsert = conn.prepareStatement("INSERT INTO `cloud`.`acl_api_permission` (role_id, api, created) values(?, ?, Now())"); Map commandMap = PropertiesUtil.processConfigFile(new String[] { "commands.properties" }); for (Map.Entry entry : commandMap.entrySet()) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/35458861/setup/db/db/schema-420to430.sql ---------------------------------------------------------------------- diff --git a/setup/db/db/schema-420to430.sql b/setup/db/db/schema-420to430.sql index fb09369..12c496c 100644 --- a/setup/db/db/schema-420to430.sql +++ b/setup/db/db/schema-420to430.sql @@ -286,6 +286,7 @@ CREATE VIEW `cloud`.`template_view` AS CREATE TABLE `cloud`.`acl_group` ( `id` bigint unsigned NOT NULL UNIQUE auto_increment, `name` varchar(255) NOT NULL, + `description` varchar(255) default NULL, `uuid` varchar(40), `removed` datetime COMMENT 'date the group was removed', `created` datetime COMMENT 'date the group was created', @@ -298,6 +299,8 @@ CREATE TABLE `cloud`.`acl_group_account_map` ( `id` bigint unsigned NOT NULL auto_increment, `group_id` bigint unsigned NOT NULL, `account_id` bigint unsigned NOT NULL, + `removed` datetime COMMENT 'date the account was removed from the group', + `created` datetime COMMENT 'date the account was assigned to the group', PRIMARY KEY (`id`), CONSTRAINT `fk_acl_group_vm_map___group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE, CONSTRAINT `fk_acl_group_vm_map___account_id` FOREIGN KEY(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE @@ -306,6 +309,7 @@ CREATE TABLE `cloud`.`acl_group_account_map` ( CREATE TABLE `cloud`.`acl_role` ( `id` bigint unsigned NOT NULL UNIQUE auto_increment, `name` varchar(255) NOT NULL, + `description` varchar(255) default NULL, `uuid` varchar(40), `removed` datetime COMMENT 'date the role was removed', `created` datetime COMMENT 'date the role was created', @@ -314,23 +318,36 @@ CREATE TABLE `cloud`.`acl_role` ( CONSTRAINT `uc_acl_role__uuid` UNIQUE (`uuid`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; +CREATE TABLE `cloud`.`acl_group_role_map` ( + `id` bigint unsigned NOT NULL auto_increment, + `group_id` bigint unsigned NOT NULL, + `role_id` bigint unsigned NOT NULL, + `removed` datetime COMMENT 'date the role was revoked from the group', + `created` datetime COMMENT 'date the role was granted to the group', + PRIMARY KEY (`id`), + CONSTRAINT `fk_acl_group_role_map___group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE, + CONSTRAINT `fk_acl_group_role_map___role_id` FOREIGN KEY(`role_id`) REFERENCES `acl_role` (`id`) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + -INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (1,'NORMAL', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (2, 'ADMIN', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (3, 'DOMAIN_ADMIN', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_role` (id, name, uuid, created) VALUES (5, 'READ_ONLY_ADMIN', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (1,'NORMAL', 'Domain user role', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (2, 'ADMIN', 'Root admin role', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (1, 'NORMAL', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (2, 'ADMIN', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (3, 'DOMAIN_ADMIN', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', UUID(), Now()); -INSERT IGNORE INTO `cloud`.`acl_group` (id, name, uuid, created) VALUES (5, 'READ_ONLY_ADMIN', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin group', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), Now()); +INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), Now()); CREATE TABLE `cloud`.`acl_api_permission` ( `id` bigint unsigned NOT NULL UNIQUE auto_increment, `role_id` bigint unsigned NOT NULL, `api` varchar(255) NOT NULL, + `removed` datetime COMMENT 'date the permission was revoked', + `created` datetime COMMENT 'date the permission was granted', PRIMARY KEY (`id`), CONSTRAINT `fk_acl_api_permission___role_id` FOREIGN KEY(`role_id`) REFERENCES `acl_role` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -341,6 +358,8 @@ CREATE TABLE `cloud`.`acl_entity_permission` ( `entity_type` varchar(100) NOT NULL, `entity_id` bigint unsigned NOT NULL, `access_type` varchar(40) NOT NULL, + `removed` datetime COMMENT 'date the permission was revoked', + `created` datetime COMMENT 'date the permission was granted', PRIMARY KEY (`id`), CONSTRAINT `fk_acl_entity_permission___group_id` FOREIGN KEY(`group_id`) REFERENCES `acl_group` (`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8;