Esempio n. 1
0
    def do_bootstrap(self):
        """Perform the bootstrap actions.

        Create bootstrap user, project, and role so that CMS, humans, or
        scripts can continue to perform initial setup (domains, projects,
        services, endpoints, etc) of Keystone when standing up a new
        deployment.
        """
        self._get_config()

        if self.password is None:
            print(
                _('Either --bootstrap-password argument or '
                  'OS_BOOTSTRAP_PASSWORD must be set.'))
            raise ValueError

        # NOTE(morganfainberg): Ensure the default domain is in-fact created
        default_domain = migration_helpers.get_default_domain()
        try:
            self.resource_manager.create_domain(domain_id=default_domain['id'],
                                                domain=default_domain)
            LOG.info(_LI('Created domain %s'), default_domain['id'])
        except exception.Conflict:
            # NOTE(morganfainberg): Domain already exists, continue on.
            LOG.info(_LI('Domain %s already exists, skipping creation.'),
                     default_domain['id'])

        LOG.info(_LI('Creating project %s'), self.project_name)
        self.resource_manager.create_project(
            tenant_id=self.tenant_id,
            tenant={
                'enabled': True,
                'id': self.tenant_id,
                'domain_id': default_domain['id'],
                'description': 'Bootstrap project for initializing the '
                'cloud.',
                'name': self.project_name
            },
        )
        LOG.info(_LI('Creating user %s'), self.username)
        user = self.identity_manager.create_user(
            user_ref={
                'name': self.username,
                'enabled': True,
                'domain_id': default_domain['id'],
                'password': self.password
            })
        LOG.info(_LI('Creating Role %s'), self.role_name)
        self.role_manager.create_role(
            role_id=self.role_id,
            role={
                'name': self.role_name,
                'id': self.role_id
            },
        )
        self.assignment_manager.add_role_to_user_and_project(
            user_id=user['id'], tenant_id=self.tenant_id, role_id=self.role_id)
Esempio n. 2
0
    def do_bootstrap(self):
        """Perform the bootstrap actions.

        Create bootstrap user, project, and role so that CMS, humans, or
        scripts can continue to perform initial setup (domains, projects,
        services, endpoints, etc) of Keystone when standing up a new
        deployment.
        """
        self._get_config()

        if self.password is None:
            print(_('Either --bootstrap-password argument or '
                    'OS_BOOTSTRAP_PASSWORD must be set.'))
            raise ValueError

        # NOTE(morganfainberg): Ensure the default domain is in-fact created
        default_domain = migration_helpers.get_default_domain()
        try:
            self.resource_manager.create_domain(
                domain_id=default_domain['id'],
                domain=default_domain)
            LOG.info(_LI('Created domain %s'), default_domain['id'])
        except exception.Conflict:
            # NOTE(morganfainberg): Domain already exists, continue on.
            LOG.info(_LI('Domain %s already exists, skipping creation.'),
                     default_domain['id'])

        LOG.info(_LI('Creating project %s'), self.project_name)
        self.resource_manager.create_project(
            tenant_id=self.tenant_id,
            tenant={'enabled': True,
                    'id': self.tenant_id,
                    'domain_id': default_domain['id'],
                    'description': 'Bootstrap project for initializing the '
                                   'cloud.',
                    'name': self.project_name},
        )
        LOG.info(_LI('Creating user %s'), self.username)
        user = self.identity_manager.create_user(
            user_ref={'name': self.username,
                      'enabled': True,
                      'domain_id': default_domain['id'],
                      'password': self.password
                      }
        )
        LOG.info(_LI('Creating Role %s'), self.role_name)
        self.role_manager.create_role(
            role_id=self.role_id,
            role={'name': self.role_name,
                  'id': self.role_id},
        )
        self.assignment_manager.add_role_to_user_and_project(
            user_id=user['id'],
            tenant_id=self.tenant_id,
            role_id=self.role_id
        )
Esempio n. 3
0
 def setUp(self):
     super(CliBootStrapTestCaseWithEnvironment, self).setUp()
     self.password = uuid.uuid4().hex
     self.username = uuid.uuid4().hex
     self.project_name = uuid.uuid4().hex
     self.role_name = uuid.uuid4().hex
     self.default_domain = migration_helpers.get_default_domain()
     self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_PASSWORD", newvalue=self.password))
     self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_USERNAME", newvalue=self.username))
     self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_PROJECT_NAME", newvalue=self.project_name))
     self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_ROLE_NAME", newvalue=self.role_name))
Esempio n. 4
0
    def check_initial_table_structure(self):
        for table in INITIAL_TABLE_STRUCTURE:
            self.assertTableColumns(table, INITIAL_TABLE_STRUCTURE[table])

        # Ensure the default domain was properly created.
        default_domain = migration_helpers.get_default_domain()

        meta = sqlalchemy.MetaData()
        meta.bind = self.engine

        domain_table = sqlalchemy.Table('domain', meta, autoload=True)

        session = self.Session()
        q = session.query(domain_table)
        refs = q.all()

        self.assertEqual(1, len(refs))
        for k in default_domain.keys():
            self.assertEqual(default_domain[k], getattr(refs[0], k))
Esempio n. 5
0
    def check_initial_table_structure(self):
        for table in INITIAL_TABLE_STRUCTURE:
            self.assertTableColumns(table, INITIAL_TABLE_STRUCTURE[table])

        # Ensure the default domain was properly created.
        default_domain = migration_helpers.get_default_domain()

        meta = sqlalchemy.MetaData()
        meta.bind = self.engine

        domain_table = sqlalchemy.Table('domain', meta, autoload=True)

        session = self.Session()
        q = session.query(domain_table)
        refs = q.all()

        self.assertEqual(1, len(refs))
        for k in default_domain.keys():
            self.assertEqual(default_domain[k], getattr(refs[0], k))
Esempio n. 6
0
 def setUp(self):
     super(CliBootStrapTestCaseWithEnvironment, self).setUp()
     self.password = uuid.uuid4().hex
     self.username = uuid.uuid4().hex
     self.project_name = uuid.uuid4().hex
     self.role_name = uuid.uuid4().hex
     self.default_domain = migration_helpers.get_default_domain()
     self.useFixture(
         fixtures.EnvironmentVariable('OS_BOOTSTRAP_PASSWORD',
                                      newvalue=self.password))
     self.useFixture(
         fixtures.EnvironmentVariable('OS_BOOTSTRAP_USERNAME',
                                      newvalue=self.username))
     self.useFixture(
         fixtures.EnvironmentVariable('OS_BOOTSTRAP_PROJECT_NAME',
                                      newvalue=self.project_name))
     self.useFixture(
         fixtures.EnvironmentVariable('OS_BOOTSTRAP_ROLE_NAME',
                                      newvalue=self.role_name))
Esempio n. 7
0
    def do_bootstrap(self):
        """Perform the bootstrap actions.

        Create bootstrap user, project, and role so that CMS, humans, or
        scripts can continue to perform initial setup (domains, projects,
        services, endpoints, etc) of Keystone when standing up a new
        deployment.
        """
        self._get_config()

        if self.password is None:
            print(
                _('Either --bootstrap-password argument or '
                  'OS_BOOTSTRAP_PASSWORD must be set.'))
            raise ValueError

        # NOTE(morganfainberg): Ensure the default domain is in-fact created
        default_domain = migration_helpers.get_default_domain()
        try:
            self.resource_manager.create_domain(domain_id=default_domain['id'],
                                                domain=default_domain)
            LOG.info(_LI('Created domain %s'), default_domain['id'])
        except exception.Conflict:
            # NOTE(morganfainberg): Domain already exists, continue on.
            LOG.info(_LI('Domain %s already exists, skipping creation.'),
                     default_domain['id'])

        try:
            self.resource_manager.create_project(
                project_id=self.project_id,
                project={
                    'enabled': True,
                    'id': self.project_id,
                    'domain_id': default_domain['id'],
                    'description': 'Bootstrap project for initializing '
                    'the cloud.',
                    'name': self.project_name
                })
            LOG.info(_LI('Created project %s'), self.project_name)
        except exception.Conflict:
            LOG.info(_LI('Project %s already exists, skipping creation.'),
                     self.project_name)
            project = self.resource_manager.get_project_by_name(
                self.project_name, default_domain['id'])
            self.project_id = project['id']

        # NOTE(morganfainberg): Do not create the user if it already exists.
        try:
            user = self.identity_manager.create_user(
                user_ref={
                    'name': self.username,
                    'enabled': True,
                    'domain_id': default_domain['id'],
                    'password': self.password
                })
            LOG.info(_LI('Created user %s'), self.username)
        except exception.Conflict:
            LOG.info(_LI('User %s already exists, skipping creation.'),
                     self.username)
            user = self.identity_manager.get_user_by_name(
                self.username, default_domain['id'])

        # NOTE(morganfainberg): Do not create the role if it already exists.
        try:
            self.role_manager.create_role(
                role_id=self.role_id,
                role={
                    'name': self.role_name,
                    'id': self.role_id
                },
            )
            LOG.info(_LI('Created Role %s'), self.role_name)
        except exception.Conflict:
            LOG.info(_LI('Role %s exists, skipping creation.'), self.role_name)
            # NOTE(davechen): There is no backend method to get the role
            # by name, so build the hints to list the roles and filter by
            # name instead.
            hints = driver_hints.Hints()
            hints.add_filter('name', self.role_name)
            role = self.role_manager.list_roles(hints)
            self.role_id = role[0]['id']

        # NOTE(morganfainberg): Handle the case that the role assignment has
        # already occurred.
        try:
            self.assignment_manager.add_role_to_user_and_project(
                user_id=user['id'],
                tenant_id=self.project_id,
                role_id=self.role_id)
            LOG.info(
                _LI('Granted %(role)s on %(project)s to user'
                    ' %(username)s.'), {
                        'role': self.role_name,
                        'project': self.project_name,
                        'username': self.username
                    })
        except exception.Conflict:
            LOG.info(
                _LI('User %(username)s already has %(role)s on '
                    '%(project)s.'), {
                        'username': self.username,
                        'role': self.role_name,
                        'project': self.project_name
                    })
Esempio n. 8
0
def upgrade(migrate_engine):
    meta = sql.MetaData()
    meta.bind = migrate_engine

    if migrate_engine.name == 'mysql':
        # In Folsom we explicitly converted migrate_version to UTF8.
        migrate_engine.execute(
            'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8')
        # Set default DB charset to UTF8.
        migrate_engine.execute('ALTER DATABASE %s DEFAULT CHARACTER SET utf8' %
                               migrate_engine.url.database)

    credential = sql.Table('credential',
                           meta,
                           sql.Column('id',
                                      sql.String(length=64),
                                      primary_key=True),
                           sql.Column('user_id',
                                      sql.String(length=64),
                                      nullable=False),
                           sql.Column('project_id', sql.String(length=64)),
                           sql.Column('blob', ks_sql.JsonBlob, nullable=False),
                           sql.Column('type',
                                      sql.String(length=255),
                                      nullable=False),
                           sql.Column('extra', ks_sql.JsonBlob.impl),
                           mysql_engine='InnoDB',
                           mysql_charset='utf8')

    domain = sql.Table('domain',
                       meta,
                       sql.Column('id',
                                  sql.String(length=64),
                                  primary_key=True),
                       sql.Column('name',
                                  sql.String(length=64),
                                  nullable=False),
                       sql.Column('enabled',
                                  sql.Boolean,
                                  default=True,
                                  nullable=False),
                       sql.Column('extra', ks_sql.JsonBlob.impl),
                       mysql_engine='InnoDB',
                       mysql_charset='utf8')

    endpoint = sql.Table('endpoint',
                         meta,
                         sql.Column('id',
                                    sql.String(length=64),
                                    primary_key=True),
                         sql.Column('legacy_endpoint_id',
                                    sql.String(length=64)),
                         sql.Column('interface',
                                    sql.String(length=8),
                                    nullable=False),
                         sql.Column('service_id',
                                    sql.String(length=64),
                                    nullable=False),
                         sql.Column('url', sql.Text, nullable=False),
                         sql.Column('extra', ks_sql.JsonBlob.impl),
                         sql.Column('enabled',
                                    sql.Boolean,
                                    nullable=False,
                                    default=True,
                                    server_default='1'),
                         sql.Column('region_id',
                                    sql.String(length=255),
                                    nullable=True),
                         mysql_engine='InnoDB',
                         mysql_charset='utf8')

    group = sql.Table('group',
                      meta,
                      sql.Column('id', sql.String(length=64),
                                 primary_key=True),
                      sql.Column('domain_id',
                                 sql.String(length=64),
                                 nullable=False),
                      sql.Column('name', sql.String(length=64),
                                 nullable=False),
                      sql.Column('description', sql.Text),
                      sql.Column('extra', ks_sql.JsonBlob.impl),
                      mysql_engine='InnoDB',
                      mysql_charset='utf8')

    policy = sql.Table('policy',
                       meta,
                       sql.Column('id',
                                  sql.String(length=64),
                                  primary_key=True),
                       sql.Column('type',
                                  sql.String(length=255),
                                  nullable=False),
                       sql.Column('blob', ks_sql.JsonBlob, nullable=False),
                       sql.Column('extra', ks_sql.JsonBlob.impl),
                       mysql_engine='InnoDB',
                       mysql_charset='utf8')

    project = sql.Table('project',
                        meta,
                        sql.Column('id',
                                   sql.String(length=64),
                                   primary_key=True),
                        sql.Column('name',
                                   sql.String(length=64),
                                   nullable=False),
                        sql.Column('extra', ks_sql.JsonBlob.impl),
                        sql.Column('description', sql.Text),
                        sql.Column('enabled', sql.Boolean),
                        sql.Column('domain_id',
                                   sql.String(length=64),
                                   nullable=False),
                        sql.Column('parent_id', sql.String(64), nullable=True),
                        mysql_engine='InnoDB',
                        mysql_charset='utf8')

    role = sql.Table('role',
                     meta,
                     sql.Column('id', sql.String(length=64), primary_key=True),
                     sql.Column('name', sql.String(length=255),
                                nullable=False),
                     sql.Column('extra', ks_sql.JsonBlob.impl),
                     mysql_engine='InnoDB',
                     mysql_charset='utf8')

    service = sql.Table('service',
                        meta,
                        sql.Column('id',
                                   sql.String(length=64),
                                   primary_key=True),
                        sql.Column('type', sql.String(length=255)),
                        sql.Column('enabled',
                                   sql.Boolean,
                                   nullable=False,
                                   default=True,
                                   server_default='1'),
                        sql.Column('extra', ks_sql.JsonBlob.impl),
                        mysql_engine='InnoDB',
                        mysql_charset='utf8')

    token = sql.Table('token',
                      meta,
                      sql.Column('id', sql.String(length=64),
                                 primary_key=True),
                      sql.Column('expires', sql.DateTime, default=None),
                      sql.Column('extra', ks_sql.JsonBlob.impl),
                      sql.Column('valid',
                                 sql.Boolean,
                                 default=True,
                                 nullable=False),
                      sql.Column('trust_id', sql.String(length=64)),
                      sql.Column('user_id', sql.String(length=64)),
                      mysql_engine='InnoDB',
                      mysql_charset='utf8')

    trust = sql.Table('trust',
                      meta,
                      sql.Column('id', sql.String(length=64),
                                 primary_key=True),
                      sql.Column('trustor_user_id',
                                 sql.String(length=64),
                                 nullable=False),
                      sql.Column('trustee_user_id',
                                 sql.String(length=64),
                                 nullable=False),
                      sql.Column('project_id', sql.String(length=64)),
                      sql.Column('impersonation', sql.Boolean, nullable=False),
                      sql.Column('deleted_at', sql.DateTime),
                      sql.Column('expires_at', sql.DateTime),
                      sql.Column('remaining_uses', sql.Integer, nullable=True),
                      sql.Column('extra', ks_sql.JsonBlob.impl),
                      mysql_engine='InnoDB',
                      mysql_charset='utf8')

    trust_role = sql.Table('trust_role',
                           meta,
                           sql.Column('trust_id',
                                      sql.String(length=64),
                                      primary_key=True,
                                      nullable=False),
                           sql.Column('role_id',
                                      sql.String(length=64),
                                      primary_key=True,
                                      nullable=False),
                           mysql_engine='InnoDB',
                           mysql_charset='utf8')

    user = sql.Table('user',
                     meta,
                     sql.Column('id', sql.String(length=64), primary_key=True),
                     sql.Column('name', sql.String(length=255),
                                nullable=False),
                     sql.Column('extra', ks_sql.JsonBlob.impl),
                     sql.Column('password', sql.String(length=128)),
                     sql.Column('enabled', sql.Boolean),
                     sql.Column('domain_id',
                                sql.String(length=64),
                                nullable=False),
                     sql.Column('default_project_id', sql.String(length=64)),
                     mysql_engine='InnoDB',
                     mysql_charset='utf8')

    user_group_membership = sql.Table('user_group_membership',
                                      meta,
                                      sql.Column('user_id',
                                                 sql.String(length=64),
                                                 primary_key=True),
                                      sql.Column('group_id',
                                                 sql.String(length=64),
                                                 primary_key=True),
                                      mysql_engine='InnoDB',
                                      mysql_charset='utf8')

    region = sql.Table('region',
                       meta,
                       sql.Column('id', sql.String(255), primary_key=True),
                       sql.Column('description',
                                  sql.String(255),
                                  nullable=False),
                       sql.Column('parent_region_id',
                                  sql.String(255),
                                  nullable=True),
                       sql.Column('extra', sql.Text()),
                       mysql_engine='InnoDB',
                       mysql_charset='utf8')

    assignment = sql.Table(
        'assignment',
        meta,
        sql.Column('type',
                   sql.Enum(assignment_sql.AssignmentType.USER_PROJECT,
                            assignment_sql.AssignmentType.GROUP_PROJECT,
                            assignment_sql.AssignmentType.USER_DOMAIN,
                            assignment_sql.AssignmentType.GROUP_DOMAIN,
                            name='type'),
                   nullable=False),
        sql.Column('actor_id', sql.String(64), nullable=False),
        sql.Column('target_id', sql.String(64), nullable=False),
        sql.Column('role_id', sql.String(64), nullable=False),
        sql.Column('inherited', sql.Boolean, default=False, nullable=False),
        sql.PrimaryKeyConstraint('type', 'actor_id', 'target_id', 'role_id'),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    mapping = sql.Table('id_mapping',
                        meta,
                        sql.Column('public_id',
                                   sql.String(64),
                                   primary_key=True),
                        sql.Column('domain_id', sql.String(64),
                                   nullable=False),
                        sql.Column('local_id', sql.String(64), nullable=False),
                        sql.Column('entity_type',
                                   sql.Enum(mapping_backend.EntityType.USER,
                                            mapping_backend.EntityType.GROUP,
                                            name='entity_type'),
                                   nullable=False),
                        mysql_engine='InnoDB',
                        mysql_charset='utf8')

    domain_config_whitelist = sql.Table('whitelisted_config',
                                        meta,
                                        sql.Column('domain_id',
                                                   sql.String(64),
                                                   primary_key=True),
                                        sql.Column('group',
                                                   sql.String(255),
                                                   primary_key=True),
                                        sql.Column('option',
                                                   sql.String(255),
                                                   primary_key=True),
                                        sql.Column('value',
                                                   ks_sql.JsonBlob.impl,
                                                   nullable=False),
                                        mysql_engine='InnoDB',
                                        mysql_charset='utf8')

    domain_config_sensitive = sql.Table('sensitive_config',
                                        meta,
                                        sql.Column('domain_id',
                                                   sql.String(64),
                                                   primary_key=True),
                                        sql.Column('group',
                                                   sql.String(255),
                                                   primary_key=True),
                                        sql.Column('option',
                                                   sql.String(255),
                                                   primary_key=True),
                                        sql.Column('value',
                                                   ks_sql.JsonBlob.impl,
                                                   nullable=False),
                                        mysql_engine='InnoDB',
                                        mysql_charset='utf8')

    # create all tables
    tables = [
        credential, domain, endpoint, group, policy, project, role, service,
        token, trust, trust_role, user, user_group_membership, region,
        assignment, mapping, domain_config_whitelist, domain_config_sensitive
    ]

    for table in tables:
        try:
            table.create()
        except Exception:
            LOG.exception('Exception while creating table: %r', table)
            raise

    # Unique Constraints
    migrate.UniqueConstraint(user.c.domain_id,
                             user.c.name,
                             name='ixu_user_name_domain_id').create()
    migrate.UniqueConstraint(group.c.domain_id,
                             group.c.name,
                             name='ixu_group_name_domain_id').create()
    migrate.UniqueConstraint(role.c.name, name='ixu_role_name').create()
    migrate.UniqueConstraint(project.c.domain_id,
                             project.c.name,
                             name='ixu_project_name_domain_id').create()
    migrate.UniqueConstraint(domain.c.name, name='ixu_domain_name').create()
    migrate.UniqueConstraint(mapping.c.domain_id,
                             mapping.c.local_id,
                             mapping.c.entity_type,
                             name='domain_id').create()

    # Indexes
    sql.Index('ix_token_expires', token.c.expires).create()
    sql.Index('ix_token_expires_valid', token.c.expires,
              token.c.valid).create()
    sql.Index('ix_actor_id', assignment.c.actor_id).create()
    sql.Index('ix_token_user_id', token.c.user_id).create()
    sql.Index('ix_token_trust_id', token.c.trust_id).create()
    # NOTE(stevemar): The two indexes below were named 'service_id' and
    # 'group_id' in 050_fk_consistent_indexes.py, and need to be preserved
    sql.Index('service_id', endpoint.c.service_id).create()
    sql.Index('group_id', user_group_membership.c.group_id).create()

    fkeys = [
        {
            'columns': [endpoint.c.service_id],
            'references': [service.c.id]
        },
        {
            'columns': [user_group_membership.c.group_id],
            'references': [group.c.id],
            'name': 'fk_user_group_membership_group_id'
        },
        {
            'columns': [user_group_membership.c.user_id],
            'references': [user.c.id],
            'name': 'fk_user_group_membership_user_id'
        },
        {
            'columns': [project.c.domain_id],
            'references': [domain.c.id],
            'name': 'fk_project_domain_id'
        },
        {
            'columns': [endpoint.c.region_id],
            'references': [region.c.id],
            'name': 'fk_endpoint_region_id'
        },
        {
            'columns': [project.c.parent_id],
            'references': [project.c.id],
            'name': 'project_parent_id_fkey'
        },
    ]

    if migrate_engine.name == 'sqlite':
        # NOTE(stevemar): We need to keep this FK constraint due to 073, but
        # only for sqlite, once we collapse 073 we can remove this constraint
        fkeys.append({
            'columns': [assignment.c.role_id],
            'references': [role.c.id],
            'name': 'fk_assignment_role_id'
        })

    for fkey in fkeys:
        migrate.ForeignKeyConstraint(columns=fkey['columns'],
                                     refcolumns=fkey['references'],
                                     name=fkey.get('name')).create()

    # Create the default domain.
    session = orm.sessionmaker(bind=migrate_engine)()
    domain.insert(migration_helpers.get_default_domain()).execute()
    session.commit()
Esempio n. 9
0
    def do_bootstrap(self):
        """Perform the bootstrap actions.

        Create bootstrap user, project, and role so that CMS, humans, or
        scripts can continue to perform initial setup (domains, projects,
        services, endpoints, etc) of Keystone when standing up a new
        deployment.
        """
        self._get_config()

        if self.password is None:
            print(_('Either --bootstrap-password argument or '
                    'OS_BOOTSTRAP_PASSWORD must be set.'))
            raise ValueError

        # NOTE(morganfainberg): Ensure the default domain is in-fact created
        default_domain = migration_helpers.get_default_domain()
        try:
            self.resource_manager.create_domain(
                domain_id=default_domain['id'],
                domain=default_domain)
            LOG.info(_LI('Created domain %s'), default_domain['id'])
        except exception.Conflict:
            # NOTE(morganfainberg): Domain already exists, continue on.
            LOG.info(_LI('Domain %s already exists, skipping creation.'),
                     default_domain['id'])

        try:
            self.resource_manager.create_project(
                project_id=self.project_id,
                project={'enabled': True,
                         'id': self.project_id,
                         'domain_id': default_domain['id'],
                         'description': 'Bootstrap project for initializing '
                                        'the cloud.',
                         'name': self.project_name}
            )
            LOG.info(_LI('Created project %s'), self.project_name)
        except exception.Conflict:
            LOG.info(_LI('Project %s already exists, skipping creation.'),
                     self.project_name)
            project = self.resource_manager.get_project_by_name(
                self.project_name, default_domain['id'])
            self.project_id = project['id']

        # NOTE(morganfainberg): Do not create the user if it already exists.
        try:
            user = self.identity_manager.create_user(
                user_ref={'name': self.username,
                          'enabled': True,
                          'domain_id': default_domain['id'],
                          'password': self.password
                          }
            )
            LOG.info(_LI('Created user %s'), self.username)
        except exception.Conflict:
            LOG.info(_LI('User %s already exists, skipping creation.'),
                     self.username)
            user = self.identity_manager.get_user_by_name(self.username,
                                                          default_domain['id'])

        # NOTE(morganfainberg): Do not create the role if it already exists.
        try:
            self.role_manager.create_role(
                role_id=self.role_id,
                role={'name': self.role_name,
                      'id': self.role_id},
            )
            LOG.info(_LI('Created Role %s'), self.role_name)
        except exception.Conflict:
            LOG.info(_LI('Role %s exists, skipping creation.'), self.role_name)
            # NOTE(davechen): There is no backend method to get the role
            # by name, so build the hints to list the roles and filter by
            # name instead.
            hints = driver_hints.Hints()
            hints.add_filter('name', self.role_name)
            role = self.role_manager.list_roles(hints)
            self.role_id = role[0]['id']

        # NOTE(morganfainberg): Handle the case that the role assignment has
        # already occurred.
        try:
            self.assignment_manager.add_role_to_user_and_project(
                user_id=user['id'],
                tenant_id=self.project_id,
                role_id=self.role_id
            )
            LOG.info(_LI('Granted %(role)s on %(project)s to user'
                         ' %(username)s.'),
                     {'role': self.role_name,
                      'project': self.project_name,
                      'username': self.username})
        except exception.Conflict:
            LOG.info(_LI('User %(username)s already has %(role)s on '
                         '%(project)s.'),
                     {'username': self.username,
                      'role': self.role_name,
                      'project': self.project_name})
Esempio n. 10
0
def upgrade(migrate_engine):
    meta = sql.MetaData()
    meta.bind = migrate_engine

    if migrate_engine.name == 'mysql':
        # In Folsom we explicitly converted migrate_version to UTF8.
        migrate_engine.execute(
            'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8')
        # Set default DB charset to UTF8.
        migrate_engine.execute(
            'ALTER DATABASE %s DEFAULT CHARACTER SET utf8' %
            migrate_engine.url.database)

    credential = sql.Table(
        'credential', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('user_id', sql.String(length=64), nullable=False),
        sql.Column('project_id', sql.String(length=64)),
        sql.Column('blob', ks_sql.JsonBlob, nullable=False),
        sql.Column('type', sql.String(length=255), nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    domain = sql.Table(
        'domain', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('name', sql.String(length=64), nullable=False),
        sql.Column('enabled', sql.Boolean, default=True, nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    endpoint = sql.Table(
        'endpoint', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('legacy_endpoint_id', sql.String(length=64)),
        sql.Column('interface', sql.String(length=8), nullable=False),
        sql.Column('service_id', sql.String(length=64), nullable=False),
        sql.Column('url', sql.Text, nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        sql.Column('enabled', sql.Boolean, nullable=False, default=True,
                   server_default='1'),
        sql.Column('region_id', sql.String(length=255), nullable=True),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    group = sql.Table(
        'group', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('domain_id', sql.String(length=64), nullable=False),
        sql.Column('name', sql.String(length=64), nullable=False),
        sql.Column('description', sql.Text),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    policy = sql.Table(
        'policy', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('type', sql.String(length=255), nullable=False),
        sql.Column('blob', ks_sql.JsonBlob, nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    project = sql.Table(
        'project', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('name', sql.String(length=64), nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        sql.Column('description', sql.Text),
        sql.Column('enabled', sql.Boolean),
        sql.Column('domain_id', sql.String(length=64), nullable=False),
        sql.Column('parent_id', sql.String(64), nullable=True),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    role = sql.Table(
        'role', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('name', sql.String(length=255), nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    service = sql.Table(
        'service', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('type', sql.String(length=255)),
        sql.Column('enabled', sql.Boolean, nullable=False, default=True,
                   server_default='1'),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    token = sql.Table(
        'token', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('expires', sql.DateTime, default=None),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        sql.Column('valid', sql.Boolean, default=True, nullable=False),
        sql.Column('trust_id', sql.String(length=64)),
        sql.Column('user_id', sql.String(length=64)),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    trust = sql.Table(
        'trust', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('trustor_user_id', sql.String(length=64), nullable=False),
        sql.Column('trustee_user_id', sql.String(length=64), nullable=False),
        sql.Column('project_id', sql.String(length=64)),
        sql.Column('impersonation', sql.Boolean, nullable=False),
        sql.Column('deleted_at', sql.DateTime),
        sql.Column('expires_at', sql.DateTime),
        sql.Column('remaining_uses', sql.Integer, nullable=True),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    trust_role = sql.Table(
        'trust_role', meta,
        sql.Column('trust_id', sql.String(length=64), primary_key=True,
                   nullable=False),
        sql.Column('role_id', sql.String(length=64), primary_key=True,
                   nullable=False),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    user = sql.Table(
        'user', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('name', sql.String(length=255), nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        sql.Column('password', sql.String(length=128)),
        sql.Column('enabled', sql.Boolean),
        sql.Column('domain_id', sql.String(length=64), nullable=False),
        sql.Column('default_project_id', sql.String(length=64)),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    user_group_membership = sql.Table(
        'user_group_membership', meta,
        sql.Column('user_id', sql.String(length=64), primary_key=True),
        sql.Column('group_id', sql.String(length=64), primary_key=True),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    region = sql.Table(
        'region',
        meta,
        sql.Column('id', sql.String(255), primary_key=True),
        sql.Column('description', sql.String(255), nullable=False),
        sql.Column('parent_region_id', sql.String(255), nullable=True),
        sql.Column('extra', sql.Text()),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    assignment = sql.Table(
        'assignment',
        meta,
        sql.Column('type', sql.Enum(
            assignment_sql.AssignmentType.USER_PROJECT,
            assignment_sql.AssignmentType.GROUP_PROJECT,
            assignment_sql.AssignmentType.USER_DOMAIN,
            assignment_sql.AssignmentType.GROUP_DOMAIN,
            name='type'),
            nullable=False),
        sql.Column('actor_id', sql.String(64), nullable=False),
        sql.Column('target_id', sql.String(64), nullable=False),
        sql.Column('role_id', sql.String(64), nullable=False),
        sql.Column('inherited', sql.Boolean, default=False, nullable=False),
        sql.PrimaryKeyConstraint('type', 'actor_id', 'target_id', 'role_id'),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    mapping = sql.Table(
        'id_mapping',
        meta,
        sql.Column('public_id', sql.String(64), primary_key=True),
        sql.Column('domain_id', sql.String(64), nullable=False),
        sql.Column('local_id', sql.String(64), nullable=False),
        sql.Column('entity_type', sql.Enum(
            mapping_backend.EntityType.USER,
            mapping_backend.EntityType.GROUP,
            name='entity_type'),
            nullable=False),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    domain_config_whitelist = sql.Table(
        'whitelisted_config',
        meta,
        sql.Column('domain_id', sql.String(64), primary_key=True),
        sql.Column('group', sql.String(255), primary_key=True),
        sql.Column('option', sql.String(255), primary_key=True),
        sql.Column('value', ks_sql.JsonBlob.impl, nullable=False),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    domain_config_sensitive = sql.Table(
        'sensitive_config',
        meta,
        sql.Column('domain_id', sql.String(64), primary_key=True),
        sql.Column('group', sql.String(255), primary_key=True),
        sql.Column('option', sql.String(255), primary_key=True),
        sql.Column('value', ks_sql.JsonBlob.impl, nullable=False),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    # create all tables
    tables = [credential, domain, endpoint, group, policy, project, role,
              service, token, trust, trust_role, user, user_group_membership,
              region, assignment, mapping, domain_config_whitelist,
              domain_config_sensitive]

    for table in tables:
        try:
            table.create()
        except Exception:
            LOG.exception('Exception while creating table: %r', table)
            raise

    # Unique Constraints
    migrate.UniqueConstraint(user.c.domain_id,
                             user.c.name,
                             name='ixu_user_name_domain_id').create()
    migrate.UniqueConstraint(group.c.domain_id,
                             group.c.name,
                             name='ixu_group_name_domain_id').create()
    migrate.UniqueConstraint(role.c.name,
                             name='ixu_role_name').create()
    migrate.UniqueConstraint(project.c.domain_id,
                             project.c.name,
                             name='ixu_project_name_domain_id').create()
    migrate.UniqueConstraint(domain.c.name,
                             name='ixu_domain_name').create()
    migrate.UniqueConstraint(mapping.c.domain_id,
                             mapping.c.local_id,
                             mapping.c.entity_type,
                             name='domain_id').create()

    # Indexes
    sql.Index('ix_token_expires', token.c.expires).create()
    sql.Index('ix_token_expires_valid', token.c.expires,
              token.c.valid).create()
    sql.Index('ix_actor_id', assignment.c.actor_id).create()
    sql.Index('ix_token_user_id', token.c.user_id).create()
    sql.Index('ix_token_trust_id', token.c.trust_id).create()
    # NOTE(stevemar): The two indexes below were named 'service_id' and
    # 'group_id' in 050_fk_consistent_indexes.py, and need to be preserved
    sql.Index('service_id', endpoint.c.service_id).create()
    sql.Index('group_id', user_group_membership.c.group_id).create()

    fkeys = [
        {'columns': [endpoint.c.service_id],
         'references': [service.c.id]},

        {'columns': [user_group_membership.c.group_id],
         'references': [group.c.id],
         'name': 'fk_user_group_membership_group_id'},

        {'columns': [user_group_membership.c.user_id],
         'references':[user.c.id],
         'name': 'fk_user_group_membership_user_id'},

        {'columns': [project.c.domain_id],
         'references': [domain.c.id],
         'name': 'fk_project_domain_id'},

        {'columns': [endpoint.c.region_id],
         'references': [region.c.id],
         'name': 'fk_endpoint_region_id'},

        {'columns': [project.c.parent_id],
         'references': [project.c.id],
         'name': 'project_parent_id_fkey'},
    ]

    if migrate_engine.name == 'sqlite':
        # NOTE(stevemar): We need to keep this FK constraint due to 073, but
        # only for sqlite, once we collapse 073 we can remove this constraint
        fkeys.append(
            {'columns': [assignment.c.role_id],
             'references': [role.c.id],
             'name': 'fk_assignment_role_id'})

    for fkey in fkeys:
        migrate.ForeignKeyConstraint(columns=fkey['columns'],
                                     refcolumns=fkey['references'],
                                     name=fkey.get('name')).create()

    # Create the default domain.
    session = orm.sessionmaker(bind=migrate_engine)()
    domain.insert(migration_helpers.get_default_domain()).execute()
    session.commit()
Esempio n. 11
0
def upgrade(migrate_engine):
    meta = sql.MetaData()
    meta.bind = migrate_engine

    if migrate_engine.name == 'mysql':
        # In Folsom we explicitly converted migrate_version to UTF8.
        migrate_engine.execute(
            'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8')
        # Set default DB charset to UTF8.
        migrate_engine.execute('ALTER DATABASE %s DEFAULT CHARACTER SET utf8' %
                               migrate_engine.url.database)

    credential = sql.Table('credential',
                           meta,
                           sql.Column('id',
                                      sql.String(length=64),
                                      primary_key=True),
                           sql.Column('user_id',
                                      sql.String(length=64),
                                      nullable=False),
                           sql.Column('project_id', sql.String(length=64)),
                           sql.Column('blob', ks_sql.JsonBlob, nullable=False),
                           sql.Column('type',
                                      sql.String(length=255),
                                      nullable=False),
                           sql.Column('extra', ks_sql.JsonBlob.impl),
                           mysql_engine='InnoDB',
                           mysql_charset='utf8')

    domain = sql.Table('domain',
                       meta,
                       sql.Column('id',
                                  sql.String(length=64),
                                  primary_key=True),
                       sql.Column('name',
                                  sql.String(length=64),
                                  nullable=False),
                       sql.Column('enabled',
                                  sql.Boolean,
                                  default=True,
                                  nullable=False),
                       sql.Column('extra', ks_sql.JsonBlob.impl),
                       mysql_engine='InnoDB',
                       mysql_charset='utf8')

    endpoint = sql.Table('endpoint',
                         meta,
                         sql.Column('id',
                                    sql.String(length=64),
                                    primary_key=True),
                         sql.Column('legacy_endpoint_id',
                                    sql.String(length=64)),
                         sql.Column('interface',
                                    sql.String(length=8),
                                    nullable=False),
                         sql.Column('region', sql.String(length=255)),
                         sql.Column('service_id',
                                    sql.String(length=64),
                                    nullable=False),
                         sql.Column('url', sql.Text, nullable=False),
                         sql.Column('extra', ks_sql.JsonBlob.impl),
                         mysql_engine='InnoDB',
                         mysql_charset='utf8')

    group = sql.Table('group',
                      meta,
                      sql.Column('id', sql.String(length=64),
                                 primary_key=True),
                      sql.Column('domain_id',
                                 sql.String(length=64),
                                 nullable=False),
                      sql.Column('name', sql.String(length=64),
                                 nullable=False),
                      sql.Column('description', sql.Text),
                      sql.Column('extra', ks_sql.JsonBlob.impl),
                      mysql_engine='InnoDB',
                      mysql_charset='utf8')

    group_domain_metadata = sql.Table('group_domain_metadata',
                                      meta,
                                      sql.Column('group_id',
                                                 sql.String(length=64),
                                                 primary_key=True),
                                      sql.Column('domain_id',
                                                 sql.String(length=64),
                                                 primary_key=True),
                                      sql.Column('data', ks_sql.JsonBlob.impl),
                                      mysql_engine='InnoDB',
                                      mysql_charset='utf8')

    group_project_metadata = sql.Table('group_project_metadata',
                                       meta,
                                       sql.Column('group_id',
                                                  sql.String(length=64),
                                                  primary_key=True),
                                       sql.Column('project_id',
                                                  sql.String(length=64),
                                                  primary_key=True),
                                       sql.Column('data',
                                                  ks_sql.JsonBlob.impl),
                                       mysql_engine='InnoDB',
                                       mysql_charset='utf8')

    policy = sql.Table('policy',
                       meta,
                       sql.Column('id',
                                  sql.String(length=64),
                                  primary_key=True),
                       sql.Column('type',
                                  sql.String(length=255),
                                  nullable=False),
                       sql.Column('blob', ks_sql.JsonBlob, nullable=False),
                       sql.Column('extra', ks_sql.JsonBlob.impl),
                       mysql_engine='InnoDB',
                       mysql_charset='utf8')

    project = sql.Table('project',
                        meta,
                        sql.Column('id',
                                   sql.String(length=64),
                                   primary_key=True),
                        sql.Column('name',
                                   sql.String(length=64),
                                   nullable=False),
                        sql.Column('extra', ks_sql.JsonBlob.impl),
                        sql.Column('description', sql.Text),
                        sql.Column('enabled', sql.Boolean),
                        sql.Column('domain_id',
                                   sql.String(length=64),
                                   nullable=False),
                        mysql_engine='InnoDB',
                        mysql_charset='utf8')

    role = sql.Table('role',
                     meta,
                     sql.Column('id', sql.String(length=64), primary_key=True),
                     sql.Column('name', sql.String(length=255),
                                nullable=False),
                     sql.Column('extra', ks_sql.JsonBlob.impl),
                     mysql_engine='InnoDB',
                     mysql_charset='utf8')

    service = sql.Table('service',
                        meta,
                        sql.Column('id',
                                   sql.String(length=64),
                                   primary_key=True),
                        sql.Column('type', sql.String(length=255)),
                        sql.Column('extra', ks_sql.JsonBlob.impl),
                        mysql_engine='InnoDB',
                        mysql_charset='utf8')

    token = sql.Table('token',
                      meta,
                      sql.Column('id', sql.String(length=64),
                                 primary_key=True),
                      sql.Column('expires', sql.DateTime, default=None),
                      sql.Column('extra', ks_sql.JsonBlob.impl),
                      sql.Column('valid',
                                 sql.Boolean,
                                 default=True,
                                 nullable=False),
                      sql.Column('trust_id', sql.String(length=64)),
                      sql.Column('user_id', sql.String(length=64)),
                      mysql_engine='InnoDB',
                      mysql_charset='utf8')

    trust = sql.Table('trust',
                      meta,
                      sql.Column('id', sql.String(length=64),
                                 primary_key=True),
                      sql.Column('trustor_user_id',
                                 sql.String(length=64),
                                 nullable=False),
                      sql.Column('trustee_user_id',
                                 sql.String(length=64),
                                 nullable=False),
                      sql.Column('project_id', sql.String(length=64)),
                      sql.Column('impersonation', sql.Boolean, nullable=False),
                      sql.Column('deleted_at', sql.DateTime),
                      sql.Column('expires_at', sql.DateTime),
                      sql.Column('extra', ks_sql.JsonBlob.impl),
                      mysql_engine='InnoDB',
                      mysql_charset='utf8')

    trust_role = sql.Table('trust_role',
                           meta,
                           sql.Column('trust_id',
                                      sql.String(length=64),
                                      primary_key=True,
                                      nullable=False),
                           sql.Column('role_id',
                                      sql.String(length=64),
                                      primary_key=True,
                                      nullable=False),
                           mysql_engine='InnoDB',
                           mysql_charset='utf8')

    user = sql.Table('user',
                     meta,
                     sql.Column('id', sql.String(length=64), primary_key=True),
                     sql.Column('name', sql.String(length=255),
                                nullable=False),
                     sql.Column('extra', ks_sql.JsonBlob.impl),
                     sql.Column('password', sql.String(length=128)),
                     sql.Column('enabled', sql.Boolean),
                     sql.Column('domain_id',
                                sql.String(length=64),
                                nullable=False),
                     sql.Column('default_project_id', sql.String(length=64)),
                     mysql_engine='InnoDB',
                     mysql_charset='utf8')

    user_domain_metadata = sql.Table('user_domain_metadata',
                                     meta,
                                     sql.Column('user_id',
                                                sql.String(length=64),
                                                primary_key=True),
                                     sql.Column('domain_id',
                                                sql.String(length=64),
                                                primary_key=True),
                                     sql.Column('data', ks_sql.JsonBlob.impl),
                                     mysql_engine='InnoDB',
                                     mysql_charset='utf8')

    user_group_membership = sql.Table('user_group_membership',
                                      meta,
                                      sql.Column('user_id',
                                                 sql.String(length=64),
                                                 primary_key=True),
                                      sql.Column('group_id',
                                                 sql.String(length=64),
                                                 primary_key=True),
                                      mysql_engine='InnoDB',
                                      mysql_charset='utf8')

    user_project_metadata = sql.Table('user_project_metadata',
                                      meta,
                                      sql.Column('user_id',
                                                 sql.String(length=64),
                                                 primary_key=True),
                                      sql.Column('project_id',
                                                 sql.String(length=64),
                                                 primary_key=True),
                                      sql.Column('data', ks_sql.JsonBlob.impl),
                                      mysql_engine='InnoDB',
                                      mysql_charset='utf8')

    # create all tables
    tables = [
        credential, domain, endpoint, group, group_domain_metadata,
        group_project_metadata, policy, project, role, service, token, trust,
        trust_role, user, user_domain_metadata, user_group_membership,
        user_project_metadata
    ]

    for table in tables:
        try:
            table.create()
        except Exception:
            LOG.exception('Exception while creating table: %r', table)
            raise

    # Unique Constraints
    migrate.UniqueConstraint(user.c.domain_id,
                             user.c.name,
                             name='ixu_user_name_domain_id').create()
    migrate.UniqueConstraint(group.c.domain_id,
                             group.c.name,
                             name='ixu_group_name_domain_id').create()
    migrate.UniqueConstraint(role.c.name, name='ixu_role_name').create()
    migrate.UniqueConstraint(project.c.domain_id,
                             project.c.name,
                             name='ixu_project_name_domain_id').create()
    migrate.UniqueConstraint(domain.c.name, name='ixu_domain_name').create()

    # Indexes
    sql.Index('ix_token_expires', token.c.expires).create()
    sql.Index('ix_token_valid', token.c.valid).create()

    fkeys = [{
        'columns': [user_project_metadata.c.project_id],
        'references': [project.c.id],
        'name': 'fk_user_project_metadata_project_id'
    }, {
        'columns': [user_domain_metadata.c.domain_id],
        'references': [domain.c.id],
        'name': 'fk_user_domain_metadata_domain_id'
    }, {
        'columns': [group_project_metadata.c.project_id],
        'references': [project.c.id],
        'name': 'fk_group_project_metadata_project_id'
    }, {
        'columns': [group_domain_metadata.c.domain_id],
        'references': [domain.c.id],
        'name': 'fk_group_domain_metadata_domain_id'
    }, {
        'columns': [endpoint.c.service_id],
        'references': [service.c.id]
    }, {
        'columns': [user_group_membership.c.group_id],
        'references': [group.c.id],
        'name': 'fk_user_group_membership_group_id'
    }, {
        'columns': [user_group_membership.c.user_id],
        'references': [user.c.id],
        'name': 'fk_user_group_membership_user_id'
    }, {
        'columns': [user.c.domain_id],
        'references': [domain.c.id],
        'name': 'fk_user_domain_id'
    }, {
        'columns': [group.c.domain_id],
        'references': [domain.c.id],
        'name': 'fk_group_domain_id'
    }, {
        'columns': [project.c.domain_id],
        'references': [domain.c.id],
        'name': 'fk_project_domain_id'
    }]

    for fkey in fkeys:
        migrate.ForeignKeyConstraint(columns=fkey['columns'],
                                     refcolumns=fkey['references'],
                                     name=fkey.get('name')).create()

    # Create the default domain.
    session = orm.sessionmaker(bind=migrate_engine)()
    domain.insert(migration_helpers.get_default_domain()).execute()
    session.commit()
Esempio n. 12
0
def upgrade(migrate_engine):
    meta = sql.MetaData()
    meta.bind = migrate_engine

    if migrate_engine.name == 'mysql':
        # In Folsom we explicitly converted migrate_version to UTF8.
        sql_stmt = 'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8;'
        # Set default DB charset to UTF8.
        sql_stmt += ('ALTER DATABASE %s DEFAULT CHARACTER SET utf8;' %
                     migrate_engine.url.database)
        migrate_engine.execute(sql_stmt)

    credential = sql.Table(
        'credential', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('user_id', sql.String(length=64), nullable=False),
        sql.Column('project_id', sql.String(length=64)),
        sql.Column('blob', ks_sql.JsonBlob, nullable=False),
        sql.Column('type', sql.String(length=255), nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    domain = sql.Table(
        'domain', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('name', sql.String(length=64), nullable=False),
        sql.Column('enabled', sql.Boolean, default=True, nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    endpoint = sql.Table(
        'endpoint', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('legacy_endpoint_id', sql.String(length=64)),
        sql.Column('interface', sql.String(length=8), nullable=False),
        sql.Column('region', sql.String(length=255)),
        sql.Column('service_id', sql.String(length=64), nullable=False),
        sql.Column('url', sql.Text, nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    group = sql.Table(
        'group', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('domain_id', sql.String(length=64), nullable=False),
        sql.Column('name', sql.String(length=64), nullable=False),
        sql.Column('description', sql.Text),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    group_domain_metadata = sql.Table(
        'group_domain_metadata', meta,
        sql.Column('group_id', sql.String(length=64), primary_key=True),
        sql.Column('domain_id', sql.String(length=64), primary_key=True),
        sql.Column('data', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    group_project_metadata = sql.Table(
        'group_project_metadata', meta,
        sql.Column('group_id', sql.String(length=64), primary_key=True),
        sql.Column('project_id', sql.String(length=64), primary_key=True),
        sql.Column('data', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    policy = sql.Table(
        'policy', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('type', sql.String(length=255), nullable=False),
        sql.Column('blob', ks_sql.JsonBlob, nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    project = sql.Table(
        'project', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('name', sql.String(length=64), nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        sql.Column('description', sql.Text),
        sql.Column('enabled', sql.Boolean),
        sql.Column('domain_id', sql.String(length=64), nullable=False),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    role = sql.Table(
        'role', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('name', sql.String(length=255), nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    service = sql.Table(
        'service', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('type', sql.String(length=255)),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    token = sql.Table(
        'token', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('expires', sql.DateTime, default=None),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        sql.Column('valid', sql.Boolean, default=True, nullable=False),
        sql.Column('trust_id', sql.String(length=64)),
        sql.Column('user_id', sql.String(length=64)),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    trust = sql.Table(
        'trust', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('trustor_user_id', sql.String(length=64), nullable=False),
        sql.Column('trustee_user_id', sql.String(length=64), nullable=False),
        sql.Column('project_id', sql.String(length=64)),
        sql.Column('impersonation', sql.Boolean, nullable=False),
        sql.Column('deleted_at', sql.DateTime),
        sql.Column('expires_at', sql.DateTime),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    trust_role = sql.Table(
        'trust_role', meta,
        sql.Column('trust_id', sql.String(length=64), primary_key=True,
                   nullable=False),
        sql.Column('role_id', sql.String(length=64), primary_key=True,
                   nullable=False),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    user = sql.Table(
        'user', meta,
        sql.Column('id', sql.String(length=64), primary_key=True),
        sql.Column('name', sql.String(length=255), nullable=False),
        sql.Column('extra', ks_sql.JsonBlob.impl),
        sql.Column('password', sql.String(length=128)),
        sql.Column('enabled', sql.Boolean),
        sql.Column('domain_id', sql.String(length=64), nullable=False),
        sql.Column('default_project_id', sql.String(length=64)),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    user_domain_metadata = sql.Table(
        'user_domain_metadata', meta,
        sql.Column('user_id', sql.String(length=64), primary_key=True),
        sql.Column('domain_id', sql.String(length=64), primary_key=True),
        sql.Column('data', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    user_group_membership = sql.Table(
        'user_group_membership', meta,
        sql.Column('user_id', sql.String(length=64), primary_key=True),
        sql.Column('group_id', sql.String(length=64), primary_key=True),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    user_project_metadata = sql.Table(
        'user_project_metadata', meta,
        sql.Column('user_id', sql.String(length=64), primary_key=True),
        sql.Column('project_id', sql.String(length=64), primary_key=True),
        sql.Column('data', ks_sql.JsonBlob.impl),
        mysql_engine='InnoDB',
        mysql_charset='utf8')

    # create all tables
    tables = [credential, domain, endpoint, group, group_domain_metadata,
              group_project_metadata, policy, project, role, service,
              token, trust, trust_role, user, user_domain_metadata,
              user_group_membership, user_project_metadata]

    for table in tables:
        try:
            table.create()
        except Exception:
            LOG.exception('Exception while creating table: %r', table)
            raise

    # Unique Constraints
    migrate.UniqueConstraint(user.c.domain_id,
                             user.c.name,
                             name='ixu_user_name_domain_id').create()
    migrate.UniqueConstraint(group.c.domain_id,
                             group.c.name,
                             name='ixu_group_name_domain_id').create()
    migrate.UniqueConstraint(role.c.name,
                             name='ixu_role_name').create()
    migrate.UniqueConstraint(project.c.domain_id,
                             project.c.name,
                             name='ixu_project_name_domain_id').create()
    migrate.UniqueConstraint(domain.c.name,
                             name='ixu_domain_name').create()

    # Indexes
    sql.Index('ix_token_expires', token.c.expires).create()
    sql.Index('ix_token_expires_valid', token.c.expires,
              token.c.valid).create()

    fkeys = [
        {'columns': [user_project_metadata.c.project_id],
         'references': [project.c.id],
         'name': 'fk_user_project_metadata_project_id'},

        {'columns': [user_domain_metadata.c.domain_id],
         'references': [domain.c.id],
         'name': 'fk_user_domain_metadata_domain_id'},

        {'columns': [group_project_metadata.c.project_id],
         'references': [project.c.id],
         'name': 'fk_group_project_metadata_project_id'},

        {'columns': [group_domain_metadata.c.domain_id],
         'references': [domain.c.id],
         'name': 'fk_group_domain_metadata_domain_id'},

        {'columns': [endpoint.c.service_id],
         'references': [service.c.id]},

        {'columns': [user_group_membership.c.group_id],
         'references': [group.c.id],
         'name': 'fk_user_group_membership_group_id'},

        {'columns': [user_group_membership.c.user_id],
         'references':[user.c.id],
         'name': 'fk_user_group_membership_user_id'},

        {'columns': [user.c.domain_id],
         'references': [domain.c.id],
         'name': 'fk_user_domain_id'},

        {'columns': [group.c.domain_id],
         'references': [domain.c.id],
         'name': 'fk_group_domain_id'},

        {'columns': [project.c.domain_id],
         'references': [domain.c.id],
         'name': 'fk_project_domain_id'}
    ]

    for fkey in fkeys:
        migrate.ForeignKeyConstraint(columns=fkey['columns'],
                                     refcolumns=fkey['references'],
                                     name=fkey.get('name')).create()

    # Create the default domain.
    session = orm.sessionmaker(bind=migrate_engine)()
    domain.insert(migration_helpers.get_default_domain()).execute()
    session.commit()