openstack
/
keystone
Code Issues Proposed changes

sql: Squash ussuri migrations 

Make the following changes to the new "initial" migrations.

- Drop foreign key constraints on 'domain_id' columns of 'user' and
  'identity_provider' tables (072)
- Add 'authorization_ttl' column to 'identity_provider' table (073)
- Add 'expiring_user_group_membership' table (073)

This concludes our squashing. We won't squash the 079 migrations, added in
Xena, since this would break fast forward upgrades. Future changes will instead
(finally) focus on the switch to alembic.

Change-Id: Ia1495cd4683d6631be2691e816734d01b03037a3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This commit is contained in:
Stephen Finucane 2022-01-10 16:59:56 +00:00
parent 10b67ba1f5
commit 3e2b01d5f6
26 changed files with 39 additions and 487 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
keystone/common/sql/contract_repo/versions/067_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/contract_repo/versions/068_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/contract_repo/versions/069_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/contract_repo/versions/070_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/contract_repo/versions/071_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

47
keystone/common/sql/contract_repo/versions/072_contract_drop_domain_id_fk.py
View File

@ -1,47 +0,0 @@
# Copyright 2019 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
import migrate
import sqlalchemy as sql
def upgrade(migrate_engine):
meta = sql.MetaData()
meta.bind = migrate_engine
user = sql.Table('user', meta, autoload=True)
project = sql.Table('project', meta, autoload=True)
fk_name = [
c for c in user.constraints
if isinstance(c, sql.ForeignKeyConstraint)
and c.column_keys == ['domain_id']
][0].name
fk_constraint = migrate.ForeignKeyConstraint(
columns=[user.c.domain_id], refcolumns=[project.c.id])
fk_constraint.name = fk_name
fk_constraint.drop()
identity_provider = sql.Table('identity_provider', meta, autoload=True)
fk_name = [
c for c in identity_provider.constraints
if isinstance(c, sql.ForeignKeyConstraint)
and c.column_keys == ['domain_id']
][0].name
fk_constraint = migrate.ForeignKeyConstraint(
columns=[identity_provider.c.domain_id], refcolumns=[project.c.id])
fk_constraint.name = fk_name
fk_constraint.drop()

15
keystone/common/sql/contract_repo/versions/073_contract_expiring_group_membership.py
View File

@ -1,15 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
def upgrade(migrate_engine):
pass

0
keystone/common/sql/contract_repo/versions/066_contract_initial_migration.py → keystone/common/sql/contract_repo/versions/073_contract_initial_migration.py
View File

18
keystone/common/sql/data_migration_repo/versions/067_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/data_migration_repo/versions/068_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/data_migration_repo/versions/069_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/data_migration_repo/versions/070_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/data_migration_repo/versions/071_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

20
keystone/common/sql/data_migration_repo/versions/072_migrate_drop_domain_id_fk.py
View File

@ -1,20 +0,0 @@
# Copyright 2019 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

15
keystone/common/sql/data_migration_repo/versions/073_migrate_expiring_group_membership.py
View File

@ -1,15 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
def upgrade(migrate_engine):
pass

0
keystone/common/sql/data_migration_repo/versions/066_migrate_initial_migration.py → keystone/common/sql/data_migration_repo/versions/073_migrate_initial_migration.py
View File

18
keystone/common/sql/expand_repo/versions/067_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/expand_repo/versions/068_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/expand_repo/versions/069_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/expand_repo/versions/070_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

18
keystone/common/sql/expand_repo/versions/071_placeholder.py
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

20
keystone/common/sql/expand_repo/versions/072_expand_drop_domain_id_fk.py
View File

@ -1,20 +0,0 @@
# Copyright 2019 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This is a placeholder for Train backports. Do not use this number for new
# Ussuri work. New Ussuri work starts after all the placeholders.
def upgrade(migrate_engine):
pass

47
keystone/common/sql/expand_repo/versions/073_expand_expiring_group_membership.py
View File

@ -1,47 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import sqlalchemy as sql
def upgrade(migrate_engine):
meta = sql.MetaData()
meta.bind = migrate_engine
identity_provider = sql.Table('identity_provider', meta, autoload=True)
authorization_ttl = sql.Column('authorization_ttl', sql.Integer,
nullable=True)
identity_provider.create_column(authorization_ttl)
user_table = sql.Table('user', meta, autoload=True)
group_table = sql.Table('group', meta, autoload=True)
idp_table = sql.Table('identity_provider', meta, autoload=True)
expiring_user_group_membership = sql.Table(
'expiring_user_group_membership', meta,
sql.Column('user_id', sql.String(64),
sql.ForeignKey(user_table.c.id), primary_key=True),
sql.Column('group_id', sql.String(64),
sql.ForeignKey(group_table.c.id), primary_key=True),
sql.Column('idp_id',
sql.String(64),
sql.ForeignKey(idp_table.c.id,
ondelete='CASCADE'),
primary_key=True),
sql.Column('last_verified', sql.DateTime(), nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8'
)
expiring_user_group_membership.create(migrate_engine, checkfirst=True)

45
keystone/common/sql/expand_repo/versions/066_expand_initial_migration.py → keystone/common/sql/expand_repo/versions/073_expand_initial_migration.py
View File

@ -194,6 +194,7 @@ def upgrade(migrate_engine):
sql.Column('enabled', sql.Boolean, nullable=False),
sql.Column('description', sql.Text(), nullable=True),
sql.Column('domain_id', sql.String(64), nullable=False),
sql.Column('authorization_ttl', sql.Integer, nullable=True),
mysql_engine='InnoDB',
mysql_charset='utf8',
)
@ -619,12 +620,7 @@ def upgrade(migrate_engine):
sql.Column('default_project_id', sql.String(length=64)),
sql.Column('created_at', sql.DateTime(), nullable=True),
sql.Column('last_active_at', sql.Date(), nullable=True),
sql.Column(
'domain_id',
sql.String(64),
sql.ForeignKey(project.c.id),
nullable=False,
),
sql.Column('domain_id', sql.String(64), nullable=False),
sql.UniqueConstraint('id', 'domain_id', name='ixu_user_id_domain_id'),
sql.Index('ix_default_project_id', 'default_project_id'),
mysql_engine='InnoDB',
@ -909,6 +905,32 @@ def upgrade(migrate_engine):
mysql_charset='utf8',
)
expiring_user_group_membership = sql.Table(
'expiring_user_group_membership',
meta,
sql.Column(
'user_id',
sql.String(64),
sql.ForeignKey(user.c.id),
primary_key=True,
),
sql.Column(
'group_id',
sql.String(64),
sql.ForeignKey(group.c.id),
primary_key=True,
),
sql.Column(
'idp_id',
sql.String(64),
sql.ForeignKey(identity_provider.c.id, ondelete='CASCADE'),
primary_key=True,
),
sql.Column('last_verified', sql.DateTime(), nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8',
)
# create all tables
tables = [
credential,
@ -958,6 +980,7 @@ def upgrade(migrate_engine):
application_credential_role,
access_rule,
app_cred_access_rule,
expiring_user_group_membership,
]
for table in tables:
@ -1017,11 +1040,6 @@ def upgrade(migrate_engine):
],
'ondelete': 'CASCADE',
},
{
'columns': [identity_provider.c.domain_id],
'references': [project.c.id],
'name': 'domain_id',
},
{
'columns': [local_user.c.user_id, local_user.c.domain_id],
'references': [user.c.id, user.c.domain_id],
@ -1132,3 +1150,8 @@ def upgrade(migrate_engine):
# FIXME(stephenfin): This should be dropped when we add the FK
# constraint to this column
sql.Index('registered_limit_id', limit.c.registered_limit_id).create()
# FIXME(stephenfin): These are leftover from when we removed a FK
# constraint and should probable be dropped
sql.Index('domain_id', identity_provider.c.domain_id).create()
sql.Index('domain_id', user.c.domain_id).create()

2
keystone/common/sql/upgrades.py
View File

@ -29,7 +29,7 @@ from keystone.i18n import _
USE_TRIGGERS = True
INITIAL_VERSION = 65
INITIAL_VERSION = 72
EXPAND_REPO = 'expand_repo'
DATA_MIGRATION_REPO = 'data_migration_repo'
CONTRACT_REPO = 'contract_repo'

45
keystone/tests/unit/test_sql_upgrade.py
View File

@ -142,7 +142,7 @@ INITIAL_TABLE_STRUCTURE = {
'id', 'policy_id', 'endpoint_id', 'service_id', 'region_id',
],
'identity_provider': [
'id', 'enabled', 'description', 'domain_id',
'id', 'enabled', 'description', 'domain_id', 'authorization_ttl',
],
'federation_protocol': [
'id', 'idp_id', 'mapping_id', 'remote_id_attribute',
@ -223,6 +223,9 @@ INITIAL_TABLE_STRUCTURE = {
'application_credential_access_rule': [
'application_credential_id', 'access_rule_id',
],
'expiring_user_group_membership': [
'user_id', 'group_id', 'idp_id', 'last_verified',
],
}
@ -633,46 +636,6 @@ class FullMigration(MigrateBase, unit.TestCase):
upgrades.INITIAL_VERSION + 2,
)
def test_migration_072_drop_domain_id_fk(self):
self.expand(71)
self.migrate(71)
self.contract(71)
self.assertTrue(self.does_fk_exist('user', 'domain_id'))
self.assertTrue(self.does_fk_exist('identity_provider', 'domain_id'))
self.expand(72)
self.migrate(72)
self.contract(72)
self.assertFalse(self.does_fk_exist('user', 'domain_id'))
self.assertFalse(self.does_fk_exist('identity_provider', 'domain_id'))
def test_migration_073_contract_expiring_group_membership(self):
self.expand(72)
self.migrate(72)
self.contract(72)
membership_table = 'expiring_user_group_membership'
self.assertTableDoesNotExist(membership_table)
idp_table = 'identity_provider'
self.assertTableColumns(
idp_table,
['id', 'domain_id', 'enabled', 'description'])
self.expand(73)
self.migrate(73)
self.contract(73)
self.assertTableColumns(
membership_table,
['user_id', 'group_id', 'idp_id', 'last_verified'])
self.assertTableColumns(
idp_table,
['id', 'domain_id', 'enabled', 'description',
'authorization_ttl'])
def test_migration_079_expand_update_local_id_limit(self):
self.expand(78)
self.migrate(78)