Change the unique properties of secret consumers

This makes the resource_id unique together with
service and resource_type (in addition to secret_id).
Additionaly the auto-generated alembic migration also
adds the missing foreign key for project_id.

Change-Id: I4b266782638a4f79357df2b1fe26ea3427479abf
This commit is contained in:
Grzegorz Grasza 2022-09-12 14:39:11 +02:00 committed by Douglas Mendizábal
parent d8ffdf91e5
commit dd94fa2f41
4 changed files with 60 additions and 3 deletions

View File

@ -353,6 +353,8 @@ class SecretConsumersController(controllers.ACLMixin):
consumer = self.consumer_repo.get_by_values( consumer = self.consumer_repo.get_by_values(
self.secret_id, self.secret_id,
data["service"],
data["resource_type"],
data["resource_id"], data["resource_id"],
suppress_exception=True suppress_exception=True
) )
@ -374,7 +376,7 @@ class SecretConsumersController(controllers.ACLMixin):
_consumer_not_found() _consumer_not_found()
ret_data = self._return_secret_data(self.secret_id) ret_data = self._return_secret_data(self.secret_id)
LOG.info('Deleted a consumer for project: %s', LOG.info('Deleted a secret consumer for project: %s',
external_project_id) external_project_id)
return ret_data return ret_data

View File

@ -0,0 +1,49 @@
# Copyright 2022 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
"""Update secret consumers unique constraint to mach the updated spec
Revision ID: 8c74e2d7f1ff
Revises: 0f8c192a061f
Create Date: 2022-09-12 13:03:26.428642
"""
# revision identifiers, used by Alembic.
revision = '8c74e2d7f1ff'
down_revision = '0f8c192a061f'
from alembic import op
import sqlalchemy as sa
def upgrade():
with op.batch_alter_table('secret_consumer_metadata') as batch_op:
batch_op.alter_column('project_id',
existing_type=sa.VARCHAR(length=36),
nullable=True)
batch_op.drop_constraint(
'_secret_consumer_resource_uc', type_='unique')
batch_op.create_unique_constraint(
constraint_name='_secret_consumer_resource_uc',
columns=['secret_id', 'service', 'resource_type', 'resource_id'])
batch_op.create_index(
index_name=op.f('ix_secret_consumer_metadata_project_id'),
columns=['project_id'],
unique=False)
batch_op.create_foreign_key(constraint_name=op.f('fk_project_id'),
referent_table='projects',
local_cols=['project_id'],
remote_cols=['id'])

View File

@ -1528,7 +1528,8 @@ class SecretConsumerMetadatum(BASE, SoftDeleteMixIn, ModelBase):
__table_args__ = ( __table_args__ = (
sa.UniqueConstraint( sa.UniqueConstraint(
"secret_id", "resource_id", name="_secret_consumer_resource_uc" "secret_id", "service", "resource_type", "resource_id",
name="_secret_consumer_resource_uc"
), ),
) )

View File

@ -2507,7 +2507,8 @@ class SecretConsumerRepo(BaseRepo):
return entities, offset, limit, total return entities, offset, limit, total
def get_by_values(self, secret_id, resource_id, suppress_exception=False, def get_by_values(self, secret_id, service, resource_type, resource_id,
suppress_exception=False,
show_deleted=False, session=None): show_deleted=False, session=None):
session = self.get_session(session) session = self.get_session(session)
@ -2515,6 +2516,8 @@ class SecretConsumerRepo(BaseRepo):
query = session.query(models.SecretConsumerMetadatum) query = session.query(models.SecretConsumerMetadatum)
query = query.filter_by( query = query.filter_by(
secret_id=secret_id, secret_id=secret_id,
service=service,
resource_type=resource_type,
resource_id=resource_id, resource_id=resource_id,
) )
@ -2547,6 +2550,8 @@ class SecretConsumerRepo(BaseRepo):
# Get the existing entry and reuse it by clearing the deleted flags # Get the existing entry and reuse it by clearing the deleted flags
existing_consumer = self.get_by_values( existing_consumer = self.get_by_values(
new_consumer.secret_id, new_consumer.secret_id,
new_consumer.service,
new_consumer.resource_type,
new_consumer.resource_id, new_consumer.resource_id,
show_deleted=True show_deleted=True
) )