cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8562) User Definable Roles
Date Fri, 22 Apr 2016 12:48:14 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15253863#comment-15253863
] 

ASF GitHub Bot commented on CLOUDSTACK-8562:
--------------------------------------------

Github user jburwell commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1489#discussion_r60732582
  
    --- Diff: engine/schema/src/com/cloud/upgrade/dao/Upgrade481to490.java ---
    @@ -53,6 +62,139 @@ public boolean supportsRollingUpgrade() {
     
         @Override
         public void performDataMigration(Connection conn) {
    +        setupRolesAndPermissionsForDynamicRBAC(conn);
    +    }
    +
    +    private void createDefaultRole(final Connection conn, final Long id, final String
name, final RoleType roleType) {
    +        final String insertSql = String.format("INSERT INTO `cloud`.`roles` (`id`, `uuid`,
`name`, `role_type`, `description`) values (%d, UUID(), '%s', '%s', 'Default %s role');",
    +                id, name, roleType.name(), roleType.name().toLowerCase());
    +        try ( PreparedStatement updatePstmt = conn.prepareStatement(insertSql) ) {
    +            updatePstmt.executeUpdate();
    +        } catch (SQLException e) {
    +            throw new CloudRuntimeException("Unable to create default role with id: "
+ id + " name: " + name, e);
    +        }
    +    }
    +
    +    private void createRoleMapping(final Connection conn, final Long roleId, final String
apiName) {
    +        final String insertSql = String.format("INSERT INTO `cloud`.`role_permissions`
(`uuid`, `role_id`, `rule`, `permission`) values (UUID(), %d, '%s', 'ALLOW') ON DUPLICATE
KEY UPDATE rule=rule;",
    +                roleId, apiName);
    +        try ( PreparedStatement updatePstmt = conn.prepareStatement(insertSql)) {
    +            updatePstmt.executeUpdate();
    +        } catch (SQLException ignored) {
    +            s_logger.debug("Unable to insert mapping for role id:" + roleId + " apiName:
" + apiName);
    +        }
    +    }
    +
    +    private void addRoleColumnAndMigrateAccountTable(final Connection conn, final RoleType[]
roleTypes) {
    +        final String alterTableSql = "ALTER TABLE `cloud`.`account` ADD COLUMN `role_id`
bigint(20) unsigned COMMENT 'role id for this account' AFTER `type`, " +
    +                "ADD KEY `fk_account__role_id` (`role_id`), " +
    +                "ADD CONSTRAINT `fk_account__role_id` FOREIGN KEY (`role_id`) REFERENCES
`roles` (`id`);";
    +        try (PreparedStatement pstmt = conn.prepareStatement(alterTableSql)) {
    +            pstmt.executeUpdate();
    +            s_logger.info("Altered cloud.account table and added column role_id");
    +        } catch (SQLException e) {
    +            if (e.getMessage().contains("role_id")) {
    +                s_logger.warn("cloud.account table already has the role_id column, skipping
altering table and migration of accounts");
    +                return;
    +            } else {
    +                throw new CloudRuntimeException("Unable to create column quota_calculated
in table cloud_usage.cloud_usage", e);
    +            }
    +        }
    +        migrateAccountsToDefaultRoles(conn, roleTypes);
    +    }
    +
    +    private void migrateAccountsToDefaultRoles(final Connection conn, final RoleType[]
roleTypes) {
    +        try (PreparedStatement selectStatement = conn.prepareStatement("SELECT `id`,
`type` FROM `cloud`.`account`;");
    +             ResultSet selectResultSet = selectStatement.executeQuery()) {
    +            while (selectResultSet.next()) {
    +                Long accountId = selectResultSet.getLong(1);
    +                Short accountType = selectResultSet.getShort(2);
    +                Long roleId = null;
    +                for (RoleType roleType : roleTypes) {
    +                    if (roleType.getAccountType() == accountType) {
    +                        roleId = roleType.getId();
    +                        break;
    +                    }
    +                }
    +                if (roleId == null) {
    +                    continue;
    +                }
    +                try (PreparedStatement updateStatement = conn.prepareStatement("UPDATE
`cloud`.`account` SET role_id = ? WHERE id = ?;")) {
    +                    updateStatement.setLong(1, roleId);
    +                    updateStatement.setLong(2, accountId);
    +                    updateStatement.executeUpdate();
    +                    updateStatement.close();
    +
    +                } catch (SQLException e) {
    +                    s_logger.error("Failed to update cloud.account role_id for account
id:" + accountId + " with exception: " + e.getMessage());
    +                    throw new CloudRuntimeException("Exception while updating cloud.account
role_id", e);
    +                }
    +            }
    --- End diff --
    
    so the upgrade process can leave the database in an inconsistent state?


> User Definable Roles
> --------------------
>
>                 Key: CLOUDSTACK-8562
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8562
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>            Reporter: Paul Angus
>            Assignee: Rohit Yadav
>
> Static command.properties moved to database and made user definable



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message