def do_bootstrap(self): """Perform the bootstrap actions. Create bootstrap user, project, and role so that CMS, humans, or scripts can continue to perform initial setup (domains, projects, services, endpoints, etc) of Keystone when standing up a new deployment. """ self._get_config() if self.password is None: print( _('Either --bootstrap-password argument or ' 'OS_BOOTSTRAP_PASSWORD must be set.')) raise ValueError # NOTE(morganfainberg): Ensure the default domain is in-fact created default_domain = migration_helpers.get_default_domain() try: self.resource_manager.create_domain(domain_id=default_domain['id'], domain=default_domain) LOG.info(_LI('Created domain %s'), default_domain['id']) except exception.Conflict: # NOTE(morganfainberg): Domain already exists, continue on. LOG.info(_LI('Domain %s already exists, skipping creation.'), default_domain['id']) LOG.info(_LI('Creating project %s'), self.project_name) self.resource_manager.create_project( tenant_id=self.tenant_id, tenant={ 'enabled': True, 'id': self.tenant_id, 'domain_id': default_domain['id'], 'description': 'Bootstrap project for initializing the ' 'cloud.', 'name': self.project_name }, ) LOG.info(_LI('Creating user %s'), self.username) user = self.identity_manager.create_user( user_ref={ 'name': self.username, 'enabled': True, 'domain_id': default_domain['id'], 'password': self.password }) LOG.info(_LI('Creating Role %s'), self.role_name) self.role_manager.create_role( role_id=self.role_id, role={ 'name': self.role_name, 'id': self.role_id }, ) self.assignment_manager.add_role_to_user_and_project( user_id=user['id'], tenant_id=self.tenant_id, role_id=self.role_id)
def do_bootstrap(self): """Perform the bootstrap actions. Create bootstrap user, project, and role so that CMS, humans, or scripts can continue to perform initial setup (domains, projects, services, endpoints, etc) of Keystone when standing up a new deployment. """ self._get_config() if self.password is None: print(_('Either --bootstrap-password argument or ' 'OS_BOOTSTRAP_PASSWORD must be set.')) raise ValueError # NOTE(morganfainberg): Ensure the default domain is in-fact created default_domain = migration_helpers.get_default_domain() try: self.resource_manager.create_domain( domain_id=default_domain['id'], domain=default_domain) LOG.info(_LI('Created domain %s'), default_domain['id']) except exception.Conflict: # NOTE(morganfainberg): Domain already exists, continue on. LOG.info(_LI('Domain %s already exists, skipping creation.'), default_domain['id']) LOG.info(_LI('Creating project %s'), self.project_name) self.resource_manager.create_project( tenant_id=self.tenant_id, tenant={'enabled': True, 'id': self.tenant_id, 'domain_id': default_domain['id'], 'description': 'Bootstrap project for initializing the ' 'cloud.', 'name': self.project_name}, ) LOG.info(_LI('Creating user %s'), self.username) user = self.identity_manager.create_user( user_ref={'name': self.username, 'enabled': True, 'domain_id': default_domain['id'], 'password': self.password } ) LOG.info(_LI('Creating Role %s'), self.role_name) self.role_manager.create_role( role_id=self.role_id, role={'name': self.role_name, 'id': self.role_id}, ) self.assignment_manager.add_role_to_user_and_project( user_id=user['id'], tenant_id=self.tenant_id, role_id=self.role_id )
def setUp(self): super(CliBootStrapTestCaseWithEnvironment, self).setUp() self.password = uuid.uuid4().hex self.username = uuid.uuid4().hex self.project_name = uuid.uuid4().hex self.role_name = uuid.uuid4().hex self.default_domain = migration_helpers.get_default_domain() self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_PASSWORD", newvalue=self.password)) self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_USERNAME", newvalue=self.username)) self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_PROJECT_NAME", newvalue=self.project_name)) self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_ROLE_NAME", newvalue=self.role_name))
def check_initial_table_structure(self): for table in INITIAL_TABLE_STRUCTURE: self.assertTableColumns(table, INITIAL_TABLE_STRUCTURE[table]) # Ensure the default domain was properly created. default_domain = migration_helpers.get_default_domain() meta = sqlalchemy.MetaData() meta.bind = self.engine domain_table = sqlalchemy.Table('domain', meta, autoload=True) session = self.Session() q = session.query(domain_table) refs = q.all() self.assertEqual(1, len(refs)) for k in default_domain.keys(): self.assertEqual(default_domain[k], getattr(refs[0], k))
def check_initial_table_structure(self): for table in INITIAL_TABLE_STRUCTURE: self.assertTableColumns(table, INITIAL_TABLE_STRUCTURE[table]) # Ensure the default domain was properly created. default_domain = migration_helpers.get_default_domain() meta = sqlalchemy.MetaData() meta.bind = self.engine domain_table = sqlalchemy.Table('domain', meta, autoload=True) session = self.Session() q = session.query(domain_table) refs = q.all() self.assertEqual(1, len(refs)) for k in default_domain.keys(): self.assertEqual(default_domain[k], getattr(refs[0], k))
def setUp(self): super(CliBootStrapTestCaseWithEnvironment, self).setUp() self.password = uuid.uuid4().hex self.username = uuid.uuid4().hex self.project_name = uuid.uuid4().hex self.role_name = uuid.uuid4().hex self.default_domain = migration_helpers.get_default_domain() self.useFixture( fixtures.EnvironmentVariable('OS_BOOTSTRAP_PASSWORD', newvalue=self.password)) self.useFixture( fixtures.EnvironmentVariable('OS_BOOTSTRAP_USERNAME', newvalue=self.username)) self.useFixture( fixtures.EnvironmentVariable('OS_BOOTSTRAP_PROJECT_NAME', newvalue=self.project_name)) self.useFixture( fixtures.EnvironmentVariable('OS_BOOTSTRAP_ROLE_NAME', newvalue=self.role_name))
def do_bootstrap(self): """Perform the bootstrap actions. Create bootstrap user, project, and role so that CMS, humans, or scripts can continue to perform initial setup (domains, projects, services, endpoints, etc) of Keystone when standing up a new deployment. """ self._get_config() if self.password is None: print( _('Either --bootstrap-password argument or ' 'OS_BOOTSTRAP_PASSWORD must be set.')) raise ValueError # NOTE(morganfainberg): Ensure the default domain is in-fact created default_domain = migration_helpers.get_default_domain() try: self.resource_manager.create_domain(domain_id=default_domain['id'], domain=default_domain) LOG.info(_LI('Created domain %s'), default_domain['id']) except exception.Conflict: # NOTE(morganfainberg): Domain already exists, continue on. LOG.info(_LI('Domain %s already exists, skipping creation.'), default_domain['id']) try: self.resource_manager.create_project( project_id=self.project_id, project={ 'enabled': True, 'id': self.project_id, 'domain_id': default_domain['id'], 'description': 'Bootstrap project for initializing ' 'the cloud.', 'name': self.project_name }) LOG.info(_LI('Created project %s'), self.project_name) except exception.Conflict: LOG.info(_LI('Project %s already exists, skipping creation.'), self.project_name) project = self.resource_manager.get_project_by_name( self.project_name, default_domain['id']) self.project_id = project['id'] # NOTE(morganfainberg): Do not create the user if it already exists. try: user = self.identity_manager.create_user( user_ref={ 'name': self.username, 'enabled': True, 'domain_id': default_domain['id'], 'password': self.password }) LOG.info(_LI('Created user %s'), self.username) except exception.Conflict: LOG.info(_LI('User %s already exists, skipping creation.'), self.username) user = self.identity_manager.get_user_by_name( self.username, default_domain['id']) # NOTE(morganfainberg): Do not create the role if it already exists. try: self.role_manager.create_role( role_id=self.role_id, role={ 'name': self.role_name, 'id': self.role_id }, ) LOG.info(_LI('Created Role %s'), self.role_name) except exception.Conflict: LOG.info(_LI('Role %s exists, skipping creation.'), self.role_name) # NOTE(davechen): There is no backend method to get the role # by name, so build the hints to list the roles and filter by # name instead. hints = driver_hints.Hints() hints.add_filter('name', self.role_name) role = self.role_manager.list_roles(hints) self.role_id = role[0]['id'] # NOTE(morganfainberg): Handle the case that the role assignment has # already occurred. try: self.assignment_manager.add_role_to_user_and_project( user_id=user['id'], tenant_id=self.project_id, role_id=self.role_id) LOG.info( _LI('Granted %(role)s on %(project)s to user' ' %(username)s.'), { 'role': self.role_name, 'project': self.project_name, 'username': self.username }) except exception.Conflict: LOG.info( _LI('User %(username)s already has %(role)s on ' '%(project)s.'), { 'username': self.username, 'role': self.role_name, 'project': self.project_name })
def upgrade(migrate_engine): meta = sql.MetaData() meta.bind = migrate_engine if migrate_engine.name == 'mysql': # In Folsom we explicitly converted migrate_version to UTF8. migrate_engine.execute( 'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8') # Set default DB charset to UTF8. migrate_engine.execute('ALTER DATABASE %s DEFAULT CHARACTER SET utf8' % migrate_engine.url.database) credential = sql.Table('credential', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('user_id', sql.String(length=64), nullable=False), sql.Column('project_id', sql.String(length=64)), sql.Column('blob', ks_sql.JsonBlob, nullable=False), sql.Column('type', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') domain = sql.Table('domain', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('enabled', sql.Boolean, default=True, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') endpoint = sql.Table('endpoint', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('legacy_endpoint_id', sql.String(length=64)), sql.Column('interface', sql.String(length=8), nullable=False), sql.Column('service_id', sql.String(length=64), nullable=False), sql.Column('url', sql.Text, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('enabled', sql.Boolean, nullable=False, default=True, server_default='1'), sql.Column('region_id', sql.String(length=255), nullable=True), mysql_engine='InnoDB', mysql_charset='utf8') group = sql.Table('group', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('description', sql.Text), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') policy = sql.Table('policy', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('type', sql.String(length=255), nullable=False), sql.Column('blob', ks_sql.JsonBlob, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') project = sql.Table('project', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('description', sql.Text), sql.Column('enabled', sql.Boolean), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('parent_id', sql.String(64), nullable=True), mysql_engine='InnoDB', mysql_charset='utf8') role = sql.Table('role', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') service = sql.Table('service', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('type', sql.String(length=255)), sql.Column('enabled', sql.Boolean, nullable=False, default=True, server_default='1'), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') token = sql.Table('token', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('expires', sql.DateTime, default=None), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('valid', sql.Boolean, default=True, nullable=False), sql.Column('trust_id', sql.String(length=64)), sql.Column('user_id', sql.String(length=64)), mysql_engine='InnoDB', mysql_charset='utf8') trust = sql.Table('trust', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('trustor_user_id', sql.String(length=64), nullable=False), sql.Column('trustee_user_id', sql.String(length=64), nullable=False), sql.Column('project_id', sql.String(length=64)), sql.Column('impersonation', sql.Boolean, nullable=False), sql.Column('deleted_at', sql.DateTime), sql.Column('expires_at', sql.DateTime), sql.Column('remaining_uses', sql.Integer, nullable=True), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') trust_role = sql.Table('trust_role', meta, sql.Column('trust_id', sql.String(length=64), primary_key=True, nullable=False), sql.Column('role_id', sql.String(length=64), primary_key=True, nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') user = sql.Table('user', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('password', sql.String(length=128)), sql.Column('enabled', sql.Boolean), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('default_project_id', sql.String(length=64)), mysql_engine='InnoDB', mysql_charset='utf8') user_group_membership = sql.Table('user_group_membership', meta, sql.Column('user_id', sql.String(length=64), primary_key=True), sql.Column('group_id', sql.String(length=64), primary_key=True), mysql_engine='InnoDB', mysql_charset='utf8') region = sql.Table('region', meta, sql.Column('id', sql.String(255), primary_key=True), sql.Column('description', sql.String(255), nullable=False), sql.Column('parent_region_id', sql.String(255), nullable=True), sql.Column('extra', sql.Text()), mysql_engine='InnoDB', mysql_charset='utf8') assignment = sql.Table( 'assignment', meta, sql.Column('type', sql.Enum(assignment_sql.AssignmentType.USER_PROJECT, assignment_sql.AssignmentType.GROUP_PROJECT, assignment_sql.AssignmentType.USER_DOMAIN, assignment_sql.AssignmentType.GROUP_DOMAIN, name='type'), nullable=False), sql.Column('actor_id', sql.String(64), nullable=False), sql.Column('target_id', sql.String(64), nullable=False), sql.Column('role_id', sql.String(64), nullable=False), sql.Column('inherited', sql.Boolean, default=False, nullable=False), sql.PrimaryKeyConstraint('type', 'actor_id', 'target_id', 'role_id'), mysql_engine='InnoDB', mysql_charset='utf8') mapping = sql.Table('id_mapping', meta, sql.Column('public_id', sql.String(64), primary_key=True), sql.Column('domain_id', sql.String(64), nullable=False), sql.Column('local_id', sql.String(64), nullable=False), sql.Column('entity_type', sql.Enum(mapping_backend.EntityType.USER, mapping_backend.EntityType.GROUP, name='entity_type'), nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') domain_config_whitelist = sql.Table('whitelisted_config', meta, sql.Column('domain_id', sql.String(64), primary_key=True), sql.Column('group', sql.String(255), primary_key=True), sql.Column('option', sql.String(255), primary_key=True), sql.Column('value', ks_sql.JsonBlob.impl, nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') domain_config_sensitive = sql.Table('sensitive_config', meta, sql.Column('domain_id', sql.String(64), primary_key=True), sql.Column('group', sql.String(255), primary_key=True), sql.Column('option', sql.String(255), primary_key=True), sql.Column('value', ks_sql.JsonBlob.impl, nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') # create all tables tables = [ credential, domain, endpoint, group, policy, project, role, service, token, trust, trust_role, user, user_group_membership, region, assignment, mapping, domain_config_whitelist, domain_config_sensitive ] for table in tables: try: table.create() except Exception: LOG.exception('Exception while creating table: %r', table) raise # Unique Constraints migrate.UniqueConstraint(user.c.domain_id, user.c.name, name='ixu_user_name_domain_id').create() migrate.UniqueConstraint(group.c.domain_id, group.c.name, name='ixu_group_name_domain_id').create() migrate.UniqueConstraint(role.c.name, name='ixu_role_name').create() migrate.UniqueConstraint(project.c.domain_id, project.c.name, name='ixu_project_name_domain_id').create() migrate.UniqueConstraint(domain.c.name, name='ixu_domain_name').create() migrate.UniqueConstraint(mapping.c.domain_id, mapping.c.local_id, mapping.c.entity_type, name='domain_id').create() # Indexes sql.Index('ix_token_expires', token.c.expires).create() sql.Index('ix_token_expires_valid', token.c.expires, token.c.valid).create() sql.Index('ix_actor_id', assignment.c.actor_id).create() sql.Index('ix_token_user_id', token.c.user_id).create() sql.Index('ix_token_trust_id', token.c.trust_id).create() # NOTE(stevemar): The two indexes below were named 'service_id' and # 'group_id' in 050_fk_consistent_indexes.py, and need to be preserved sql.Index('service_id', endpoint.c.service_id).create() sql.Index('group_id', user_group_membership.c.group_id).create() fkeys = [ { 'columns': [endpoint.c.service_id], 'references': [service.c.id] }, { 'columns': [user_group_membership.c.group_id], 'references': [group.c.id], 'name': 'fk_user_group_membership_group_id' }, { 'columns': [user_group_membership.c.user_id], 'references': [user.c.id], 'name': 'fk_user_group_membership_user_id' }, { 'columns': [project.c.domain_id], 'references': [domain.c.id], 'name': 'fk_project_domain_id' }, { 'columns': [endpoint.c.region_id], 'references': [region.c.id], 'name': 'fk_endpoint_region_id' }, { 'columns': [project.c.parent_id], 'references': [project.c.id], 'name': 'project_parent_id_fkey' }, ] if migrate_engine.name == 'sqlite': # NOTE(stevemar): We need to keep this FK constraint due to 073, but # only for sqlite, once we collapse 073 we can remove this constraint fkeys.append({ 'columns': [assignment.c.role_id], 'references': [role.c.id], 'name': 'fk_assignment_role_id' }) for fkey in fkeys: migrate.ForeignKeyConstraint(columns=fkey['columns'], refcolumns=fkey['references'], name=fkey.get('name')).create() # Create the default domain. session = orm.sessionmaker(bind=migrate_engine)() domain.insert(migration_helpers.get_default_domain()).execute() session.commit()
def do_bootstrap(self): """Perform the bootstrap actions. Create bootstrap user, project, and role so that CMS, humans, or scripts can continue to perform initial setup (domains, projects, services, endpoints, etc) of Keystone when standing up a new deployment. """ self._get_config() if self.password is None: print(_('Either --bootstrap-password argument or ' 'OS_BOOTSTRAP_PASSWORD must be set.')) raise ValueError # NOTE(morganfainberg): Ensure the default domain is in-fact created default_domain = migration_helpers.get_default_domain() try: self.resource_manager.create_domain( domain_id=default_domain['id'], domain=default_domain) LOG.info(_LI('Created domain %s'), default_domain['id']) except exception.Conflict: # NOTE(morganfainberg): Domain already exists, continue on. LOG.info(_LI('Domain %s already exists, skipping creation.'), default_domain['id']) try: self.resource_manager.create_project( project_id=self.project_id, project={'enabled': True, 'id': self.project_id, 'domain_id': default_domain['id'], 'description': 'Bootstrap project for initializing ' 'the cloud.', 'name': self.project_name} ) LOG.info(_LI('Created project %s'), self.project_name) except exception.Conflict: LOG.info(_LI('Project %s already exists, skipping creation.'), self.project_name) project = self.resource_manager.get_project_by_name( self.project_name, default_domain['id']) self.project_id = project['id'] # NOTE(morganfainberg): Do not create the user if it already exists. try: user = self.identity_manager.create_user( user_ref={'name': self.username, 'enabled': True, 'domain_id': default_domain['id'], 'password': self.password } ) LOG.info(_LI('Created user %s'), self.username) except exception.Conflict: LOG.info(_LI('User %s already exists, skipping creation.'), self.username) user = self.identity_manager.get_user_by_name(self.username, default_domain['id']) # NOTE(morganfainberg): Do not create the role if it already exists. try: self.role_manager.create_role( role_id=self.role_id, role={'name': self.role_name, 'id': self.role_id}, ) LOG.info(_LI('Created Role %s'), self.role_name) except exception.Conflict: LOG.info(_LI('Role %s exists, skipping creation.'), self.role_name) # NOTE(davechen): There is no backend method to get the role # by name, so build the hints to list the roles and filter by # name instead. hints = driver_hints.Hints() hints.add_filter('name', self.role_name) role = self.role_manager.list_roles(hints) self.role_id = role[0]['id'] # NOTE(morganfainberg): Handle the case that the role assignment has # already occurred. try: self.assignment_manager.add_role_to_user_and_project( user_id=user['id'], tenant_id=self.project_id, role_id=self.role_id ) LOG.info(_LI('Granted %(role)s on %(project)s to user' ' %(username)s.'), {'role': self.role_name, 'project': self.project_name, 'username': self.username}) except exception.Conflict: LOG.info(_LI('User %(username)s already has %(role)s on ' '%(project)s.'), {'username': self.username, 'role': self.role_name, 'project': self.project_name})
def upgrade(migrate_engine): meta = sql.MetaData() meta.bind = migrate_engine if migrate_engine.name == 'mysql': # In Folsom we explicitly converted migrate_version to UTF8. migrate_engine.execute( 'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8') # Set default DB charset to UTF8. migrate_engine.execute( 'ALTER DATABASE %s DEFAULT CHARACTER SET utf8' % migrate_engine.url.database) credential = sql.Table( 'credential', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('user_id', sql.String(length=64), nullable=False), sql.Column('project_id', sql.String(length=64)), sql.Column('blob', ks_sql.JsonBlob, nullable=False), sql.Column('type', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') domain = sql.Table( 'domain', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('enabled', sql.Boolean, default=True, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') endpoint = sql.Table( 'endpoint', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('legacy_endpoint_id', sql.String(length=64)), sql.Column('interface', sql.String(length=8), nullable=False), sql.Column('service_id', sql.String(length=64), nullable=False), sql.Column('url', sql.Text, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('enabled', sql.Boolean, nullable=False, default=True, server_default='1'), sql.Column('region_id', sql.String(length=255), nullable=True), mysql_engine='InnoDB', mysql_charset='utf8') group = sql.Table( 'group', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('description', sql.Text), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') policy = sql.Table( 'policy', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('type', sql.String(length=255), nullable=False), sql.Column('blob', ks_sql.JsonBlob, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') project = sql.Table( 'project', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('description', sql.Text), sql.Column('enabled', sql.Boolean), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('parent_id', sql.String(64), nullable=True), mysql_engine='InnoDB', mysql_charset='utf8') role = sql.Table( 'role', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') service = sql.Table( 'service', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('type', sql.String(length=255)), sql.Column('enabled', sql.Boolean, nullable=False, default=True, server_default='1'), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') token = sql.Table( 'token', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('expires', sql.DateTime, default=None), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('valid', sql.Boolean, default=True, nullable=False), sql.Column('trust_id', sql.String(length=64)), sql.Column('user_id', sql.String(length=64)), mysql_engine='InnoDB', mysql_charset='utf8') trust = sql.Table( 'trust', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('trustor_user_id', sql.String(length=64), nullable=False), sql.Column('trustee_user_id', sql.String(length=64), nullable=False), sql.Column('project_id', sql.String(length=64)), sql.Column('impersonation', sql.Boolean, nullable=False), sql.Column('deleted_at', sql.DateTime), sql.Column('expires_at', sql.DateTime), sql.Column('remaining_uses', sql.Integer, nullable=True), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') trust_role = sql.Table( 'trust_role', meta, sql.Column('trust_id', sql.String(length=64), primary_key=True, nullable=False), sql.Column('role_id', sql.String(length=64), primary_key=True, nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') user = sql.Table( 'user', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('password', sql.String(length=128)), sql.Column('enabled', sql.Boolean), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('default_project_id', sql.String(length=64)), mysql_engine='InnoDB', mysql_charset='utf8') user_group_membership = sql.Table( 'user_group_membership', meta, sql.Column('user_id', sql.String(length=64), primary_key=True), sql.Column('group_id', sql.String(length=64), primary_key=True), mysql_engine='InnoDB', mysql_charset='utf8') region = sql.Table( 'region', meta, sql.Column('id', sql.String(255), primary_key=True), sql.Column('description', sql.String(255), nullable=False), sql.Column('parent_region_id', sql.String(255), nullable=True), sql.Column('extra', sql.Text()), mysql_engine='InnoDB', mysql_charset='utf8') assignment = sql.Table( 'assignment', meta, sql.Column('type', sql.Enum( assignment_sql.AssignmentType.USER_PROJECT, assignment_sql.AssignmentType.GROUP_PROJECT, assignment_sql.AssignmentType.USER_DOMAIN, assignment_sql.AssignmentType.GROUP_DOMAIN, name='type'), nullable=False), sql.Column('actor_id', sql.String(64), nullable=False), sql.Column('target_id', sql.String(64), nullable=False), sql.Column('role_id', sql.String(64), nullable=False), sql.Column('inherited', sql.Boolean, default=False, nullable=False), sql.PrimaryKeyConstraint('type', 'actor_id', 'target_id', 'role_id'), mysql_engine='InnoDB', mysql_charset='utf8') mapping = sql.Table( 'id_mapping', meta, sql.Column('public_id', sql.String(64), primary_key=True), sql.Column('domain_id', sql.String(64), nullable=False), sql.Column('local_id', sql.String(64), nullable=False), sql.Column('entity_type', sql.Enum( mapping_backend.EntityType.USER, mapping_backend.EntityType.GROUP, name='entity_type'), nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') domain_config_whitelist = sql.Table( 'whitelisted_config', meta, sql.Column('domain_id', sql.String(64), primary_key=True), sql.Column('group', sql.String(255), primary_key=True), sql.Column('option', sql.String(255), primary_key=True), sql.Column('value', ks_sql.JsonBlob.impl, nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') domain_config_sensitive = sql.Table( 'sensitive_config', meta, sql.Column('domain_id', sql.String(64), primary_key=True), sql.Column('group', sql.String(255), primary_key=True), sql.Column('option', sql.String(255), primary_key=True), sql.Column('value', ks_sql.JsonBlob.impl, nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') # create all tables tables = [credential, domain, endpoint, group, policy, project, role, service, token, trust, trust_role, user, user_group_membership, region, assignment, mapping, domain_config_whitelist, domain_config_sensitive] for table in tables: try: table.create() except Exception: LOG.exception('Exception while creating table: %r', table) raise # Unique Constraints migrate.UniqueConstraint(user.c.domain_id, user.c.name, name='ixu_user_name_domain_id').create() migrate.UniqueConstraint(group.c.domain_id, group.c.name, name='ixu_group_name_domain_id').create() migrate.UniqueConstraint(role.c.name, name='ixu_role_name').create() migrate.UniqueConstraint(project.c.domain_id, project.c.name, name='ixu_project_name_domain_id').create() migrate.UniqueConstraint(domain.c.name, name='ixu_domain_name').create() migrate.UniqueConstraint(mapping.c.domain_id, mapping.c.local_id, mapping.c.entity_type, name='domain_id').create() # Indexes sql.Index('ix_token_expires', token.c.expires).create() sql.Index('ix_token_expires_valid', token.c.expires, token.c.valid).create() sql.Index('ix_actor_id', assignment.c.actor_id).create() sql.Index('ix_token_user_id', token.c.user_id).create() sql.Index('ix_token_trust_id', token.c.trust_id).create() # NOTE(stevemar): The two indexes below were named 'service_id' and # 'group_id' in 050_fk_consistent_indexes.py, and need to be preserved sql.Index('service_id', endpoint.c.service_id).create() sql.Index('group_id', user_group_membership.c.group_id).create() fkeys = [ {'columns': [endpoint.c.service_id], 'references': [service.c.id]}, {'columns': [user_group_membership.c.group_id], 'references': [group.c.id], 'name': 'fk_user_group_membership_group_id'}, {'columns': [user_group_membership.c.user_id], 'references':[user.c.id], 'name': 'fk_user_group_membership_user_id'}, {'columns': [project.c.domain_id], 'references': [domain.c.id], 'name': 'fk_project_domain_id'}, {'columns': [endpoint.c.region_id], 'references': [region.c.id], 'name': 'fk_endpoint_region_id'}, {'columns': [project.c.parent_id], 'references': [project.c.id], 'name': 'project_parent_id_fkey'}, ] if migrate_engine.name == 'sqlite': # NOTE(stevemar): We need to keep this FK constraint due to 073, but # only for sqlite, once we collapse 073 we can remove this constraint fkeys.append( {'columns': [assignment.c.role_id], 'references': [role.c.id], 'name': 'fk_assignment_role_id'}) for fkey in fkeys: migrate.ForeignKeyConstraint(columns=fkey['columns'], refcolumns=fkey['references'], name=fkey.get('name')).create() # Create the default domain. session = orm.sessionmaker(bind=migrate_engine)() domain.insert(migration_helpers.get_default_domain()).execute() session.commit()
def upgrade(migrate_engine): meta = sql.MetaData() meta.bind = migrate_engine if migrate_engine.name == 'mysql': # In Folsom we explicitly converted migrate_version to UTF8. migrate_engine.execute( 'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8') # Set default DB charset to UTF8. migrate_engine.execute('ALTER DATABASE %s DEFAULT CHARACTER SET utf8' % migrate_engine.url.database) credential = sql.Table('credential', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('user_id', sql.String(length=64), nullable=False), sql.Column('project_id', sql.String(length=64)), sql.Column('blob', ks_sql.JsonBlob, nullable=False), sql.Column('type', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') domain = sql.Table('domain', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('enabled', sql.Boolean, default=True, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') endpoint = sql.Table('endpoint', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('legacy_endpoint_id', sql.String(length=64)), sql.Column('interface', sql.String(length=8), nullable=False), sql.Column('region', sql.String(length=255)), sql.Column('service_id', sql.String(length=64), nullable=False), sql.Column('url', sql.Text, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') group = sql.Table('group', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('description', sql.Text), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') group_domain_metadata = sql.Table('group_domain_metadata', meta, sql.Column('group_id', sql.String(length=64), primary_key=True), sql.Column('domain_id', sql.String(length=64), primary_key=True), sql.Column('data', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') group_project_metadata = sql.Table('group_project_metadata', meta, sql.Column('group_id', sql.String(length=64), primary_key=True), sql.Column('project_id', sql.String(length=64), primary_key=True), sql.Column('data', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') policy = sql.Table('policy', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('type', sql.String(length=255), nullable=False), sql.Column('blob', ks_sql.JsonBlob, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') project = sql.Table('project', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('description', sql.Text), sql.Column('enabled', sql.Boolean), sql.Column('domain_id', sql.String(length=64), nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') role = sql.Table('role', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') service = sql.Table('service', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('type', sql.String(length=255)), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') token = sql.Table('token', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('expires', sql.DateTime, default=None), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('valid', sql.Boolean, default=True, nullable=False), sql.Column('trust_id', sql.String(length=64)), sql.Column('user_id', sql.String(length=64)), mysql_engine='InnoDB', mysql_charset='utf8') trust = sql.Table('trust', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('trustor_user_id', sql.String(length=64), nullable=False), sql.Column('trustee_user_id', sql.String(length=64), nullable=False), sql.Column('project_id', sql.String(length=64)), sql.Column('impersonation', sql.Boolean, nullable=False), sql.Column('deleted_at', sql.DateTime), sql.Column('expires_at', sql.DateTime), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') trust_role = sql.Table('trust_role', meta, sql.Column('trust_id', sql.String(length=64), primary_key=True, nullable=False), sql.Column('role_id', sql.String(length=64), primary_key=True, nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') user = sql.Table('user', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('password', sql.String(length=128)), sql.Column('enabled', sql.Boolean), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('default_project_id', sql.String(length=64)), mysql_engine='InnoDB', mysql_charset='utf8') user_domain_metadata = sql.Table('user_domain_metadata', meta, sql.Column('user_id', sql.String(length=64), primary_key=True), sql.Column('domain_id', sql.String(length=64), primary_key=True), sql.Column('data', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') user_group_membership = sql.Table('user_group_membership', meta, sql.Column('user_id', sql.String(length=64), primary_key=True), sql.Column('group_id', sql.String(length=64), primary_key=True), mysql_engine='InnoDB', mysql_charset='utf8') user_project_metadata = sql.Table('user_project_metadata', meta, sql.Column('user_id', sql.String(length=64), primary_key=True), sql.Column('project_id', sql.String(length=64), primary_key=True), sql.Column('data', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') # create all tables tables = [ credential, domain, endpoint, group, group_domain_metadata, group_project_metadata, policy, project, role, service, token, trust, trust_role, user, user_domain_metadata, user_group_membership, user_project_metadata ] for table in tables: try: table.create() except Exception: LOG.exception('Exception while creating table: %r', table) raise # Unique Constraints migrate.UniqueConstraint(user.c.domain_id, user.c.name, name='ixu_user_name_domain_id').create() migrate.UniqueConstraint(group.c.domain_id, group.c.name, name='ixu_group_name_domain_id').create() migrate.UniqueConstraint(role.c.name, name='ixu_role_name').create() migrate.UniqueConstraint(project.c.domain_id, project.c.name, name='ixu_project_name_domain_id').create() migrate.UniqueConstraint(domain.c.name, name='ixu_domain_name').create() # Indexes sql.Index('ix_token_expires', token.c.expires).create() sql.Index('ix_token_valid', token.c.valid).create() fkeys = [{ 'columns': [user_project_metadata.c.project_id], 'references': [project.c.id], 'name': 'fk_user_project_metadata_project_id' }, { 'columns': [user_domain_metadata.c.domain_id], 'references': [domain.c.id], 'name': 'fk_user_domain_metadata_domain_id' }, { 'columns': [group_project_metadata.c.project_id], 'references': [project.c.id], 'name': 'fk_group_project_metadata_project_id' }, { 'columns': [group_domain_metadata.c.domain_id], 'references': [domain.c.id], 'name': 'fk_group_domain_metadata_domain_id' }, { 'columns': [endpoint.c.service_id], 'references': [service.c.id] }, { 'columns': [user_group_membership.c.group_id], 'references': [group.c.id], 'name': 'fk_user_group_membership_group_id' }, { 'columns': [user_group_membership.c.user_id], 'references': [user.c.id], 'name': 'fk_user_group_membership_user_id' }, { 'columns': [user.c.domain_id], 'references': [domain.c.id], 'name': 'fk_user_domain_id' }, { 'columns': [group.c.domain_id], 'references': [domain.c.id], 'name': 'fk_group_domain_id' }, { 'columns': [project.c.domain_id], 'references': [domain.c.id], 'name': 'fk_project_domain_id' }] for fkey in fkeys: migrate.ForeignKeyConstraint(columns=fkey['columns'], refcolumns=fkey['references'], name=fkey.get('name')).create() # Create the default domain. session = orm.sessionmaker(bind=migrate_engine)() domain.insert(migration_helpers.get_default_domain()).execute() session.commit()
def upgrade(migrate_engine): meta = sql.MetaData() meta.bind = migrate_engine if migrate_engine.name == 'mysql': # In Folsom we explicitly converted migrate_version to UTF8. sql_stmt = 'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8;' # Set default DB charset to UTF8. sql_stmt += ('ALTER DATABASE %s DEFAULT CHARACTER SET utf8;' % migrate_engine.url.database) migrate_engine.execute(sql_stmt) credential = sql.Table( 'credential', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('user_id', sql.String(length=64), nullable=False), sql.Column('project_id', sql.String(length=64)), sql.Column('blob', ks_sql.JsonBlob, nullable=False), sql.Column('type', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') domain = sql.Table( 'domain', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('enabled', sql.Boolean, default=True, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') endpoint = sql.Table( 'endpoint', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('legacy_endpoint_id', sql.String(length=64)), sql.Column('interface', sql.String(length=8), nullable=False), sql.Column('region', sql.String(length=255)), sql.Column('service_id', sql.String(length=64), nullable=False), sql.Column('url', sql.Text, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') group = sql.Table( 'group', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('description', sql.Text), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') group_domain_metadata = sql.Table( 'group_domain_metadata', meta, sql.Column('group_id', sql.String(length=64), primary_key=True), sql.Column('domain_id', sql.String(length=64), primary_key=True), sql.Column('data', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') group_project_metadata = sql.Table( 'group_project_metadata', meta, sql.Column('group_id', sql.String(length=64), primary_key=True), sql.Column('project_id', sql.String(length=64), primary_key=True), sql.Column('data', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') policy = sql.Table( 'policy', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('type', sql.String(length=255), nullable=False), sql.Column('blob', ks_sql.JsonBlob, nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') project = sql.Table( 'project', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=64), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('description', sql.Text), sql.Column('enabled', sql.Boolean), sql.Column('domain_id', sql.String(length=64), nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') role = sql.Table( 'role', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') service = sql.Table( 'service', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('type', sql.String(length=255)), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') token = sql.Table( 'token', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('expires', sql.DateTime, default=None), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('valid', sql.Boolean, default=True, nullable=False), sql.Column('trust_id', sql.String(length=64)), sql.Column('user_id', sql.String(length=64)), mysql_engine='InnoDB', mysql_charset='utf8') trust = sql.Table( 'trust', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('trustor_user_id', sql.String(length=64), nullable=False), sql.Column('trustee_user_id', sql.String(length=64), nullable=False), sql.Column('project_id', sql.String(length=64)), sql.Column('impersonation', sql.Boolean, nullable=False), sql.Column('deleted_at', sql.DateTime), sql.Column('expires_at', sql.DateTime), sql.Column('extra', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') trust_role = sql.Table( 'trust_role', meta, sql.Column('trust_id', sql.String(length=64), primary_key=True, nullable=False), sql.Column('role_id', sql.String(length=64), primary_key=True, nullable=False), mysql_engine='InnoDB', mysql_charset='utf8') user = sql.Table( 'user', meta, sql.Column('id', sql.String(length=64), primary_key=True), sql.Column('name', sql.String(length=255), nullable=False), sql.Column('extra', ks_sql.JsonBlob.impl), sql.Column('password', sql.String(length=128)), sql.Column('enabled', sql.Boolean), sql.Column('domain_id', sql.String(length=64), nullable=False), sql.Column('default_project_id', sql.String(length=64)), mysql_engine='InnoDB', mysql_charset='utf8') user_domain_metadata = sql.Table( 'user_domain_metadata', meta, sql.Column('user_id', sql.String(length=64), primary_key=True), sql.Column('domain_id', sql.String(length=64), primary_key=True), sql.Column('data', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') user_group_membership = sql.Table( 'user_group_membership', meta, sql.Column('user_id', sql.String(length=64), primary_key=True), sql.Column('group_id', sql.String(length=64), primary_key=True), mysql_engine='InnoDB', mysql_charset='utf8') user_project_metadata = sql.Table( 'user_project_metadata', meta, sql.Column('user_id', sql.String(length=64), primary_key=True), sql.Column('project_id', sql.String(length=64), primary_key=True), sql.Column('data', ks_sql.JsonBlob.impl), mysql_engine='InnoDB', mysql_charset='utf8') # create all tables tables = [credential, domain, endpoint, group, group_domain_metadata, group_project_metadata, policy, project, role, service, token, trust, trust_role, user, user_domain_metadata, user_group_membership, user_project_metadata] for table in tables: try: table.create() except Exception: LOG.exception('Exception while creating table: %r', table) raise # Unique Constraints migrate.UniqueConstraint(user.c.domain_id, user.c.name, name='ixu_user_name_domain_id').create() migrate.UniqueConstraint(group.c.domain_id, group.c.name, name='ixu_group_name_domain_id').create() migrate.UniqueConstraint(role.c.name, name='ixu_role_name').create() migrate.UniqueConstraint(project.c.domain_id, project.c.name, name='ixu_project_name_domain_id').create() migrate.UniqueConstraint(domain.c.name, name='ixu_domain_name').create() # Indexes sql.Index('ix_token_expires', token.c.expires).create() sql.Index('ix_token_expires_valid', token.c.expires, token.c.valid).create() fkeys = [ {'columns': [user_project_metadata.c.project_id], 'references': [project.c.id], 'name': 'fk_user_project_metadata_project_id'}, {'columns': [user_domain_metadata.c.domain_id], 'references': [domain.c.id], 'name': 'fk_user_domain_metadata_domain_id'}, {'columns': [group_project_metadata.c.project_id], 'references': [project.c.id], 'name': 'fk_group_project_metadata_project_id'}, {'columns': [group_domain_metadata.c.domain_id], 'references': [domain.c.id], 'name': 'fk_group_domain_metadata_domain_id'}, {'columns': [endpoint.c.service_id], 'references': [service.c.id]}, {'columns': [user_group_membership.c.group_id], 'references': [group.c.id], 'name': 'fk_user_group_membership_group_id'}, {'columns': [user_group_membership.c.user_id], 'references':[user.c.id], 'name': 'fk_user_group_membership_user_id'}, {'columns': [user.c.domain_id], 'references': [domain.c.id], 'name': 'fk_user_domain_id'}, {'columns': [group.c.domain_id], 'references': [domain.c.id], 'name': 'fk_group_domain_id'}, {'columns': [project.c.domain_id], 'references': [domain.c.id], 'name': 'fk_project_domain_id'} ] for fkey in fkeys: migrate.ForeignKeyConstraint(columns=fkey['columns'], refcolumns=fkey['references'], name=fkey.get('name')).create() # Create the default domain. session = orm.sessionmaker(bind=migrate_engine)() domain.insert(migration_helpers.get_default_domain()).execute() session.commit()