Add a new table for system role assignments
This commit introduces an additive only database migration for a new database table. This table will be used only for system-level role assignments instead of tacking the functionality into the existing assignment table. The reason for this is that it will be easier to implement as a separate table and it will be easier to extend functionality in the future to support more complex system role assignments. bp system-scope Change-Id: Ia0722004b7b851c46e8a72780b3acd31f16f78a6
This commit is contained in:
parent
c449172a15
commit
bd729623f5
@ -0,0 +1,16 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade(migrate_engine):
|
||||||
|
# NOTE(lbragstad): System assignments only require additive changes.
|
||||||
|
pass
|
@ -0,0 +1,17 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade(migrate_engine):
|
||||||
|
# NOTE(lbragstad): A migration isn't required here since system assignments
|
||||||
|
# are a new feature in Queens.
|
||||||
|
pass
|
@ -0,0 +1,33 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import sqlalchemy as sql
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade(migrate_engine):
|
||||||
|
meta = sql.MetaData()
|
||||||
|
meta.bind = migrate_engine
|
||||||
|
system_assignment = sql.Table(
|
||||||
|
'system_assignment',
|
||||||
|
meta,
|
||||||
|
sql.Column('type', sql.String(64), nullable=False),
|
||||||
|
sql.Column('actor_id', sql.String(64), nullable=False),
|
||||||
|
sql.Column('target_id', sql.String(64), nullable=False),
|
||||||
|
sql.Column('role_id', sql.String(64), nullable=False),
|
||||||
|
sql.Column('inherited', sql.Boolean, default=False, nullable=False),
|
||||||
|
sql.PrimaryKeyConstraint(
|
||||||
|
'type', 'actor_id', 'target_id', 'role_id', 'inherited'
|
||||||
|
),
|
||||||
|
mysql_engine='InnoDB',
|
||||||
|
mysql_charset='utf8'
|
||||||
|
)
|
||||||
|
system_assignment.create()
|
@ -2491,6 +2491,46 @@ class FullMigration(SqlMigrateBase, unit.TestCase):
|
|||||||
|
|
||||||
session.close()
|
session.close()
|
||||||
|
|
||||||
|
def test_migration_031_adds_system_assignment_table(self):
|
||||||
|
self.expand(30)
|
||||||
|
self.migrate(30)
|
||||||
|
self.contract(30)
|
||||||
|
|
||||||
|
system_assignment_table_name = 'system_assignment'
|
||||||
|
self.assertTableDoesNotExist(system_assignment_table_name)
|
||||||
|
|
||||||
|
self.expand(31)
|
||||||
|
self.migrate(31)
|
||||||
|
self.contract(31)
|
||||||
|
|
||||||
|
self.assertTableExists(system_assignment_table_name)
|
||||||
|
self.assertTableColumns(
|
||||||
|
system_assignment_table_name,
|
||||||
|
['type', 'actor_id', 'target_id', 'role_id', 'inherited']
|
||||||
|
)
|
||||||
|
|
||||||
|
system_assignment_table = sqlalchemy.Table(
|
||||||
|
system_assignment_table_name, self.metadata, autoload=True
|
||||||
|
)
|
||||||
|
|
||||||
|
system_user = {
|
||||||
|
'type': 'UserSystem',
|
||||||
|
'target_id': uuid.uuid4().hex,
|
||||||
|
'actor_id': uuid.uuid4().hex,
|
||||||
|
'role_id': uuid.uuid4().hex,
|
||||||
|
'inherited': False
|
||||||
|
}
|
||||||
|
system_assignment_table.insert().values(system_user).execute()
|
||||||
|
|
||||||
|
system_group = {
|
||||||
|
'type': 'GroupSystem',
|
||||||
|
'target_id': uuid.uuid4().hex,
|
||||||
|
'actor_id': uuid.uuid4().hex,
|
||||||
|
'role_id': uuid.uuid4().hex,
|
||||||
|
'inherited': False
|
||||||
|
}
|
||||||
|
system_assignment_table.insert().values(system_group).execute()
|
||||||
|
|
||||||
|
|
||||||
class MySQLOpportunisticFullMigration(FullMigration):
|
class MySQLOpportunisticFullMigration(FullMigration):
|
||||||
FIXTURE = test_base.MySQLOpportunisticFixture
|
FIXTURE = test_base.MySQLOpportunisticFixture
|
||||||
|
Loading…
Reference in New Issue
Block a user