def do_bootstrap(self):
"""Perform the bootstrap actions.
Create bootstrap user, project, and role so that CMS, humans, or
scripts can continue to perform initial setup (domains, projects,
services, endpoints, etc) of Keystone when standing up a new
deployment.
"""
self._get_config()
if self.password is None:
print(
_('Either --bootstrap-password argument or '
'OS_BOOTSTRAP_PASSWORD must be set.'))
raise ValueError
# NOTE(morganfainberg): Ensure the default domain is in-fact created
default_domain = migration_helpers.get_default_domain()
try:
self.resource_manager.create_domain(domain_id=default_domain['id'],
domain=default_domain)
LOG.info(_LI('Created domain %s'), default_domain['id'])
except exception.Conflict:
# NOTE(morganfainberg): Domain already exists, continue on.
LOG.info(_LI('Domain %s already exists, skipping creation.'),
default_domain['id'])
LOG.info(_LI('Creating project %s'), self.project_name)
self.resource_manager.create_project(
tenant_id=self.tenant_id,
tenant={
'enabled': True,
'id': self.tenant_id,
'domain_id': default_domain['id'],
'description': 'Bootstrap project for initializing the '
'cloud.',
'name': self.project_name
},
)
LOG.info(_LI('Creating user %s'), self.username)
user = self.identity_manager.create_user(
user_ref={
'name': self.username,
'enabled': True,
'domain_id': default_domain['id'],
'password': self.password
})
LOG.info(_LI('Creating Role %s'), self.role_name)
self.role_manager.create_role(
role_id=self.role_id,
role={
'name': self.role_name,
'id': self.role_id
},
)
self.assignment_manager.add_role_to_user_and_project(
user_id=user['id'], tenant_id=self.tenant_id, role_id=self.role_id)
def do_bootstrap(self):
"""Perform the bootstrap actions.
Create bootstrap user, project, and role so that CMS, humans, or
scripts can continue to perform initial setup (domains, projects,
services, endpoints, etc) of Keystone when standing up a new
deployment.
"""
self._get_config()
if self.password is None:
print(_('Either --bootstrap-password argument or '
'OS_BOOTSTRAP_PASSWORD must be set.'))
raise ValueError
# NOTE(morganfainberg): Ensure the default domain is in-fact created
default_domain = migration_helpers.get_default_domain()
try:
self.resource_manager.create_domain(
domain_id=default_domain['id'],
domain=default_domain)
LOG.info(_LI('Created domain %s'), default_domain['id'])
except exception.Conflict:
# NOTE(morganfainberg): Domain already exists, continue on.
LOG.info(_LI('Domain %s already exists, skipping creation.'),
default_domain['id'])
LOG.info(_LI('Creating project %s'), self.project_name)
self.resource_manager.create_project(
tenant_id=self.tenant_id,
tenant={'enabled': True,
'id': self.tenant_id,
'domain_id': default_domain['id'],
'description': 'Bootstrap project for initializing the '
'cloud.',
'name': self.project_name},
)
LOG.info(_LI('Creating user %s'), self.username)
user = self.identity_manager.create_user(
user_ref={'name': self.username,
'enabled': True,
'domain_id': default_domain['id'],
'password': self.password
}
)
LOG.info(_LI('Creating Role %s'), self.role_name)
self.role_manager.create_role(
role_id=self.role_id,
role={'name': self.role_name,
'id': self.role_id},
)
self.assignment_manager.add_role_to_user_and_project(
user_id=user['id'],
tenant_id=self.tenant_id,
role_id=self.role_id
)
def setUp(self):
super(CliBootStrapTestCaseWithEnvironment, self).setUp()
self.password = uuid.uuid4().hex
self.username = uuid.uuid4().hex
self.project_name = uuid.uuid4().hex
self.role_name = uuid.uuid4().hex
self.default_domain = migration_helpers.get_default_domain()
self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_PASSWORD", newvalue=self.password))
self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_USERNAME", newvalue=self.username))
self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_PROJECT_NAME", newvalue=self.project_name))
self.useFixture(fixtures.EnvironmentVariable("OS_BOOTSTRAP_ROLE_NAME", newvalue=self.role_name))
def check_initial_table_structure(self):
for table in INITIAL_TABLE_STRUCTURE:
self.assertTableColumns(table, INITIAL_TABLE_STRUCTURE[table])
# Ensure the default domain was properly created.
default_domain = migration_helpers.get_default_domain()
meta = sqlalchemy.MetaData()
meta.bind = self.engine
domain_table = sqlalchemy.Table('domain', meta, autoload=True)
session = self.Session()
q = session.query(domain_table)
refs = q.all()
self.assertEqual(1, len(refs))
for k in default_domain.keys():
self.assertEqual(default_domain[k], getattr(refs[0], k))
def check_initial_table_structure(self):
for table in INITIAL_TABLE_STRUCTURE:
self.assertTableColumns(table, INITIAL_TABLE_STRUCTURE[table])
# Ensure the default domain was properly created.
default_domain = migration_helpers.get_default_domain()
meta = sqlalchemy.MetaData()
meta.bind = self.engine
domain_table = sqlalchemy.Table('domain', meta, autoload=True)
session = self.Session()
q = session.query(domain_table)
refs = q.all()
self.assertEqual(1, len(refs))
for k in default_domain.keys():
self.assertEqual(default_domain[k], getattr(refs[0], k))
def setUp(self):
super(CliBootStrapTestCaseWithEnvironment, self).setUp()
self.password = uuid.uuid4().hex
self.username = uuid.uuid4().hex
self.project_name = uuid.uuid4().hex
self.role_name = uuid.uuid4().hex
self.default_domain = migration_helpers.get_default_domain()
self.useFixture(
fixtures.EnvironmentVariable('OS_BOOTSTRAP_PASSWORD',
newvalue=self.password))
self.useFixture(
fixtures.EnvironmentVariable('OS_BOOTSTRAP_USERNAME',
newvalue=self.username))
self.useFixture(
fixtures.EnvironmentVariable('OS_BOOTSTRAP_PROJECT_NAME',
newvalue=self.project_name))
self.useFixture(
fixtures.EnvironmentVariable('OS_BOOTSTRAP_ROLE_NAME',
newvalue=self.role_name))
def do_bootstrap(self):
"""Perform the bootstrap actions.
Create bootstrap user, project, and role so that CMS, humans, or
scripts can continue to perform initial setup (domains, projects,
services, endpoints, etc) of Keystone when standing up a new
deployment.
"""
self._get_config()
if self.password is None:
print(
_('Either --bootstrap-password argument or '
'OS_BOOTSTRAP_PASSWORD must be set.'))
raise ValueError
# NOTE(morganfainberg): Ensure the default domain is in-fact created
default_domain = migration_helpers.get_default_domain()
try:
self.resource_manager.create_domain(domain_id=default_domain['id'],
domain=default_domain)
LOG.info(_LI('Created domain %s'), default_domain['id'])
except exception.Conflict:
# NOTE(morganfainberg): Domain already exists, continue on.
LOG.info(_LI('Domain %s already exists, skipping creation.'),
default_domain['id'])
try:
self.resource_manager.create_project(
project_id=self.project_id,
project={
'enabled': True,
'id': self.project_id,
'domain_id': default_domain['id'],
'description': 'Bootstrap project for initializing '
'the cloud.',
'name': self.project_name
})
LOG.info(_LI('Created project %s'), self.project_name)
except exception.Conflict:
LOG.info(_LI('Project %s already exists, skipping creation.'),
self.project_name)
project = self.resource_manager.get_project_by_name(
self.project_name, default_domain['id'])
self.project_id = project['id']
# NOTE(morganfainberg): Do not create the user if it already exists.
try:
user = self.identity_manager.create_user(
user_ref={
'name': self.username,
'enabled': True,
'domain_id': default_domain['id'],
'password': self.password
})
LOG.info(_LI('Created user %s'), self.username)
except exception.Conflict:
LOG.info(_LI('User %s already exists, skipping creation.'),
self.username)
user = self.identity_manager.get_user_by_name(
self.username, default_domain['id'])
# NOTE(morganfainberg): Do not create the role if it already exists.
try:
self.role_manager.create_role(
role_id=self.role_id,
role={
'name': self.role_name,
'id': self.role_id
},
)
LOG.info(_LI('Created Role %s'), self.role_name)
except exception.Conflict:
LOG.info(_LI('Role %s exists, skipping creation.'), self.role_name)
# NOTE(davechen): There is no backend method to get the role
# by name, so build the hints to list the roles and filter by
# name instead.
hints = driver_hints.Hints()
hints.add_filter('name', self.role_name)
role = self.role_manager.list_roles(hints)
self.role_id = role[0]['id']
# NOTE(morganfainberg): Handle the case that the role assignment has
# already occurred.
try:
self.assignment_manager.add_role_to_user_and_project(
user_id=user['id'],
tenant_id=self.project_id,
role_id=self.role_id)
LOG.info(
_LI('Granted %(role)s on %(project)s to user'
' %(username)s.'), {
'role': self.role_name,
'project': self.project_name,
'username': self.username
})
except exception.Conflict:
LOG.info(
_LI('User %(username)s already has %(role)s on '
'%(project)s.'), {
'username': self.username,
'role': self.role_name,
'project': self.project_name
})
def upgrade(migrate_engine):
meta = sql.MetaData()
meta.bind = migrate_engine
if migrate_engine.name == 'mysql':
# In Folsom we explicitly converted migrate_version to UTF8.
migrate_engine.execute(
'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8')
# Set default DB charset to UTF8.
migrate_engine.execute('ALTER DATABASE %s DEFAULT CHARACTER SET utf8' %
migrate_engine.url.database)
credential = sql.Table('credential',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('user_id',
sql.String(length=64),
nullable=False),
sql.Column('project_id', sql.String(length=64)),
sql.Column('blob', ks_sql.JsonBlob, nullable=False),
sql.Column('type',
sql.String(length=255),
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
domain = sql.Table('domain',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('name',
sql.String(length=64),
nullable=False),
sql.Column('enabled',
sql.Boolean,
default=True,
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
endpoint = sql.Table('endpoint',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('legacy_endpoint_id',
sql.String(length=64)),
sql.Column('interface',
sql.String(length=8),
nullable=False),
sql.Column('service_id',
sql.String(length=64),
nullable=False),
sql.Column('url', sql.Text, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('enabled',
sql.Boolean,
nullable=False,
default=True,
server_default='1'),
sql.Column('region_id',
sql.String(length=255),
nullable=True),
mysql_engine='InnoDB',
mysql_charset='utf8')
group = sql.Table('group',
meta,
sql.Column('id', sql.String(length=64),
primary_key=True),
sql.Column('domain_id',
sql.String(length=64),
nullable=False),
sql.Column('name', sql.String(length=64),
nullable=False),
sql.Column('description', sql.Text),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
policy = sql.Table('policy',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('type',
sql.String(length=255),
nullable=False),
sql.Column('blob', ks_sql.JsonBlob, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
project = sql.Table('project',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('name',
sql.String(length=64),
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('description', sql.Text),
sql.Column('enabled', sql.Boolean),
sql.Column('domain_id',
sql.String(length=64),
nullable=False),
sql.Column('parent_id', sql.String(64), nullable=True),
mysql_engine='InnoDB',
mysql_charset='utf8')
role = sql.Table('role',
meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=255),
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
service = sql.Table('service',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('type', sql.String(length=255)),
sql.Column('enabled',
sql.Boolean,
nullable=False,
default=True,
server_default='1'),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
token = sql.Table('token',
meta,
sql.Column('id', sql.String(length=64),
primary_key=True),
sql.Column('expires', sql.DateTime, default=None),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('valid',
sql.Boolean,
default=True,
nullable=False),
sql.Column('trust_id', sql.String(length=64)),
sql.Column('user_id', sql.String(length=64)),
mysql_engine='InnoDB',
mysql_charset='utf8')
trust = sql.Table('trust',
meta,
sql.Column('id', sql.String(length=64),
primary_key=True),
sql.Column('trustor_user_id',
sql.String(length=64),
nullable=False),
sql.Column('trustee_user_id',
sql.String(length=64),
nullable=False),
sql.Column('project_id', sql.String(length=64)),
sql.Column('impersonation', sql.Boolean, nullable=False),
sql.Column('deleted_at', sql.DateTime),
sql.Column('expires_at', sql.DateTime),
sql.Column('remaining_uses', sql.Integer, nullable=True),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
trust_role = sql.Table('trust_role',
meta,
sql.Column('trust_id',
sql.String(length=64),
primary_key=True,
nullable=False),
sql.Column('role_id',
sql.String(length=64),
primary_key=True,
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
user = sql.Table('user',
meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=255),
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('password', sql.String(length=128)),
sql.Column('enabled', sql.Boolean),
sql.Column('domain_id',
sql.String(length=64),
nullable=False),
sql.Column('default_project_id', sql.String(length=64)),
mysql_engine='InnoDB',
mysql_charset='utf8')
user_group_membership = sql.Table('user_group_membership',
meta,
sql.Column('user_id',
sql.String(length=64),
primary_key=True),
sql.Column('group_id',
sql.String(length=64),
primary_key=True),
mysql_engine='InnoDB',
mysql_charset='utf8')
region = sql.Table('region',
meta,
sql.Column('id', sql.String(255), primary_key=True),
sql.Column('description',
sql.String(255),
nullable=False),
sql.Column('parent_region_id',
sql.String(255),
nullable=True),
sql.Column('extra', sql.Text()),
mysql_engine='InnoDB',
mysql_charset='utf8')
assignment = sql.Table(
'assignment',
meta,
sql.Column('type',
sql.Enum(assignment_sql.AssignmentType.USER_PROJECT,
assignment_sql.AssignmentType.GROUP_PROJECT,
assignment_sql.AssignmentType.USER_DOMAIN,
assignment_sql.AssignmentType.GROUP_DOMAIN,
name='type'),
nullable=False),
sql.Column('actor_id', sql.String(64), nullable=False),
sql.Column('target_id', sql.String(64), nullable=False),
sql.Column('role_id', sql.String(64), nullable=False),
sql.Column('inherited', sql.Boolean, default=False, nullable=False),
sql.PrimaryKeyConstraint('type', 'actor_id', 'target_id', 'role_id'),
mysql_engine='InnoDB',
mysql_charset='utf8')
mapping = sql.Table('id_mapping',
meta,
sql.Column('public_id',
sql.String(64),
primary_key=True),
sql.Column('domain_id', sql.String(64),
nullable=False),
sql.Column('local_id', sql.String(64), nullable=False),
sql.Column('entity_type',
sql.Enum(mapping_backend.EntityType.USER,
mapping_backend.EntityType.GROUP,
name='entity_type'),
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
domain_config_whitelist = sql.Table('whitelisted_config',
meta,
sql.Column('domain_id',
sql.String(64),
primary_key=True),
sql.Column('group',
sql.String(255),
primary_key=True),
sql.Column('option',
sql.String(255),
primary_key=True),
sql.Column('value',
ks_sql.JsonBlob.impl,
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
domain_config_sensitive = sql.Table('sensitive_config',
meta,
sql.Column('domain_id',
sql.String(64),
primary_key=True),
sql.Column('group',
sql.String(255),
primary_key=True),
sql.Column('option',
sql.String(255),
primary_key=True),
sql.Column('value',
ks_sql.JsonBlob.impl,
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
# create all tables
tables = [
credential, domain, endpoint, group, policy, project, role, service,
token, trust, trust_role, user, user_group_membership, region,
assignment, mapping, domain_config_whitelist, domain_config_sensitive
]
for table in tables:
try:
table.create()
except Exception:
LOG.exception('Exception while creating table: %r', table)
raise
# Unique Constraints
migrate.UniqueConstraint(user.c.domain_id,
user.c.name,
name='ixu_user_name_domain_id').create()
migrate.UniqueConstraint(group.c.domain_id,
group.c.name,
name='ixu_group_name_domain_id').create()
migrate.UniqueConstraint(role.c.name, name='ixu_role_name').create()
migrate.UniqueConstraint(project.c.domain_id,
project.c.name,
name='ixu_project_name_domain_id').create()
migrate.UniqueConstraint(domain.c.name, name='ixu_domain_name').create()
migrate.UniqueConstraint(mapping.c.domain_id,
mapping.c.local_id,
mapping.c.entity_type,
name='domain_id').create()
# Indexes
sql.Index('ix_token_expires', token.c.expires).create()
sql.Index('ix_token_expires_valid', token.c.expires,
token.c.valid).create()
sql.Index('ix_actor_id', assignment.c.actor_id).create()
sql.Index('ix_token_user_id', token.c.user_id).create()
sql.Index('ix_token_trust_id', token.c.trust_id).create()
# NOTE(stevemar): The two indexes below were named 'service_id' and
# 'group_id' in 050_fk_consistent_indexes.py, and need to be preserved
sql.Index('service_id', endpoint.c.service_id).create()
sql.Index('group_id', user_group_membership.c.group_id).create()
fkeys = [
{
'columns': [endpoint.c.service_id],
'references': [service.c.id]
},
{
'columns': [user_group_membership.c.group_id],
'references': [group.c.id],
'name': 'fk_user_group_membership_group_id'
},
{
'columns': [user_group_membership.c.user_id],
'references': [user.c.id],
'name': 'fk_user_group_membership_user_id'
},
{
'columns': [project.c.domain_id],
'references': [domain.c.id],
'name': 'fk_project_domain_id'
},
{
'columns': [endpoint.c.region_id],
'references': [region.c.id],
'name': 'fk_endpoint_region_id'
},
{
'columns': [project.c.parent_id],
'references': [project.c.id],
'name': 'project_parent_id_fkey'
},
]
if migrate_engine.name == 'sqlite':
# NOTE(stevemar): We need to keep this FK constraint due to 073, but
# only for sqlite, once we collapse 073 we can remove this constraint
fkeys.append({
'columns': [assignment.c.role_id],
'references': [role.c.id],
'name': 'fk_assignment_role_id'
})
for fkey in fkeys:
migrate.ForeignKeyConstraint(columns=fkey['columns'],
refcolumns=fkey['references'],
name=fkey.get('name')).create()
# Create the default domain.
session = orm.sessionmaker(bind=migrate_engine)()
domain.insert(migration_helpers.get_default_domain()).execute()
session.commit()
def do_bootstrap(self):
"""Perform the bootstrap actions.
Create bootstrap user, project, and role so that CMS, humans, or
scripts can continue to perform initial setup (domains, projects,
services, endpoints, etc) of Keystone when standing up a new
deployment.
"""
self._get_config()
if self.password is None:
print(_('Either --bootstrap-password argument or '
'OS_BOOTSTRAP_PASSWORD must be set.'))
raise ValueError
# NOTE(morganfainberg): Ensure the default domain is in-fact created
default_domain = migration_helpers.get_default_domain()
try:
self.resource_manager.create_domain(
domain_id=default_domain['id'],
domain=default_domain)
LOG.info(_LI('Created domain %s'), default_domain['id'])
except exception.Conflict:
# NOTE(morganfainberg): Domain already exists, continue on.
LOG.info(_LI('Domain %s already exists, skipping creation.'),
default_domain['id'])
try:
self.resource_manager.create_project(
project_id=self.project_id,
project={'enabled': True,
'id': self.project_id,
'domain_id': default_domain['id'],
'description': 'Bootstrap project for initializing '
'the cloud.',
'name': self.project_name}
)
LOG.info(_LI('Created project %s'), self.project_name)
except exception.Conflict:
LOG.info(_LI('Project %s already exists, skipping creation.'),
self.project_name)
project = self.resource_manager.get_project_by_name(
self.project_name, default_domain['id'])
self.project_id = project['id']
# NOTE(morganfainberg): Do not create the user if it already exists.
try:
user = self.identity_manager.create_user(
user_ref={'name': self.username,
'enabled': True,
'domain_id': default_domain['id'],
'password': self.password
}
)
LOG.info(_LI('Created user %s'), self.username)
except exception.Conflict:
LOG.info(_LI('User %s already exists, skipping creation.'),
self.username)
user = self.identity_manager.get_user_by_name(self.username,
default_domain['id'])
# NOTE(morganfainberg): Do not create the role if it already exists.
try:
self.role_manager.create_role(
role_id=self.role_id,
role={'name': self.role_name,
'id': self.role_id},
)
LOG.info(_LI('Created Role %s'), self.role_name)
except exception.Conflict:
LOG.info(_LI('Role %s exists, skipping creation.'), self.role_name)
# NOTE(davechen): There is no backend method to get the role
# by name, so build the hints to list the roles and filter by
# name instead.
hints = driver_hints.Hints()
hints.add_filter('name', self.role_name)
role = self.role_manager.list_roles(hints)
self.role_id = role[0]['id']
# NOTE(morganfainberg): Handle the case that the role assignment has
# already occurred.
try:
self.assignment_manager.add_role_to_user_and_project(
user_id=user['id'],
tenant_id=self.project_id,
role_id=self.role_id
)
LOG.info(_LI('Granted %(role)s on %(project)s to user'
' %(username)s.'),
{'role': self.role_name,
'project': self.project_name,
'username': self.username})
except exception.Conflict:
LOG.info(_LI('User %(username)s already has %(role)s on '
'%(project)s.'),
{'username': self.username,
'role': self.role_name,
'project': self.project_name})
def upgrade(migrate_engine):
meta = sql.MetaData()
meta.bind = migrate_engine
if migrate_engine.name == 'mysql':
# In Folsom we explicitly converted migrate_version to UTF8.
migrate_engine.execute(
'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8')
# Set default DB charset to UTF8.
migrate_engine.execute(
'ALTER DATABASE %s DEFAULT CHARACTER SET utf8' %
migrate_engine.url.database)
credential = sql.Table(
'credential', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('user_id', sql.String(length=64), nullable=False),
sql.Column('project_id', sql.String(length=64)),
sql.Column('blob', ks_sql.JsonBlob, nullable=False),
sql.Column('type', sql.String(length=255), nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
domain = sql.Table(
'domain', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=64), nullable=False),
sql.Column('enabled', sql.Boolean, default=True, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
endpoint = sql.Table(
'endpoint', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('legacy_endpoint_id', sql.String(length=64)),
sql.Column('interface', sql.String(length=8), nullable=False),
sql.Column('service_id', sql.String(length=64), nullable=False),
sql.Column('url', sql.Text, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('enabled', sql.Boolean, nullable=False, default=True,
server_default='1'),
sql.Column('region_id', sql.String(length=255), nullable=True),
mysql_engine='InnoDB',
mysql_charset='utf8')
group = sql.Table(
'group', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('domain_id', sql.String(length=64), nullable=False),
sql.Column('name', sql.String(length=64), nullable=False),
sql.Column('description', sql.Text),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
policy = sql.Table(
'policy', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('type', sql.String(length=255), nullable=False),
sql.Column('blob', ks_sql.JsonBlob, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
project = sql.Table(
'project', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=64), nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('description', sql.Text),
sql.Column('enabled', sql.Boolean),
sql.Column('domain_id', sql.String(length=64), nullable=False),
sql.Column('parent_id', sql.String(64), nullable=True),
mysql_engine='InnoDB',
mysql_charset='utf8')
role = sql.Table(
'role', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=255), nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
service = sql.Table(
'service', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('type', sql.String(length=255)),
sql.Column('enabled', sql.Boolean, nullable=False, default=True,
server_default='1'),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
token = sql.Table(
'token', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('expires', sql.DateTime, default=None),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('valid', sql.Boolean, default=True, nullable=False),
sql.Column('trust_id', sql.String(length=64)),
sql.Column('user_id', sql.String(length=64)),
mysql_engine='InnoDB',
mysql_charset='utf8')
trust = sql.Table(
'trust', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('trustor_user_id', sql.String(length=64), nullable=False),
sql.Column('trustee_user_id', sql.String(length=64), nullable=False),
sql.Column('project_id', sql.String(length=64)),
sql.Column('impersonation', sql.Boolean, nullable=False),
sql.Column('deleted_at', sql.DateTime),
sql.Column('expires_at', sql.DateTime),
sql.Column('remaining_uses', sql.Integer, nullable=True),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
trust_role = sql.Table(
'trust_role', meta,
sql.Column('trust_id', sql.String(length=64), primary_key=True,
nullable=False),
sql.Column('role_id', sql.String(length=64), primary_key=True,
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
user = sql.Table(
'user', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=255), nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('password', sql.String(length=128)),
sql.Column('enabled', sql.Boolean),
sql.Column('domain_id', sql.String(length=64), nullable=False),
sql.Column('default_project_id', sql.String(length=64)),
mysql_engine='InnoDB',
mysql_charset='utf8')
user_group_membership = sql.Table(
'user_group_membership', meta,
sql.Column('user_id', sql.String(length=64), primary_key=True),
sql.Column('group_id', sql.String(length=64), primary_key=True),
mysql_engine='InnoDB',
mysql_charset='utf8')
region = sql.Table(
'region',
meta,
sql.Column('id', sql.String(255), primary_key=True),
sql.Column('description', sql.String(255), nullable=False),
sql.Column('parent_region_id', sql.String(255), nullable=True),
sql.Column('extra', sql.Text()),
mysql_engine='InnoDB',
mysql_charset='utf8')
assignment = sql.Table(
'assignment',
meta,
sql.Column('type', sql.Enum(
assignment_sql.AssignmentType.USER_PROJECT,
assignment_sql.AssignmentType.GROUP_PROJECT,
assignment_sql.AssignmentType.USER_DOMAIN,
assignment_sql.AssignmentType.GROUP_DOMAIN,
name='type'),
nullable=False),
sql.Column('actor_id', sql.String(64), nullable=False),
sql.Column('target_id', sql.String(64), nullable=False),
sql.Column('role_id', sql.String(64), nullable=False),
sql.Column('inherited', sql.Boolean, default=False, nullable=False),
sql.PrimaryKeyConstraint('type', 'actor_id', 'target_id', 'role_id'),
mysql_engine='InnoDB',
mysql_charset='utf8')
mapping = sql.Table(
'id_mapping',
meta,
sql.Column('public_id', sql.String(64), primary_key=True),
sql.Column('domain_id', sql.String(64), nullable=False),
sql.Column('local_id', sql.String(64), nullable=False),
sql.Column('entity_type', sql.Enum(
mapping_backend.EntityType.USER,
mapping_backend.EntityType.GROUP,
name='entity_type'),
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
domain_config_whitelist = sql.Table(
'whitelisted_config',
meta,
sql.Column('domain_id', sql.String(64), primary_key=True),
sql.Column('group', sql.String(255), primary_key=True),
sql.Column('option', sql.String(255), primary_key=True),
sql.Column('value', ks_sql.JsonBlob.impl, nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
domain_config_sensitive = sql.Table(
'sensitive_config',
meta,
sql.Column('domain_id', sql.String(64), primary_key=True),
sql.Column('group', sql.String(255), primary_key=True),
sql.Column('option', sql.String(255), primary_key=True),
sql.Column('value', ks_sql.JsonBlob.impl, nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
# create all tables
tables = [credential, domain, endpoint, group, policy, project, role,
service, token, trust, trust_role, user, user_group_membership,
region, assignment, mapping, domain_config_whitelist,
domain_config_sensitive]
for table in tables:
try:
table.create()
except Exception:
LOG.exception('Exception while creating table: %r', table)
raise
# Unique Constraints
migrate.UniqueConstraint(user.c.domain_id,
user.c.name,
name='ixu_user_name_domain_id').create()
migrate.UniqueConstraint(group.c.domain_id,
group.c.name,
name='ixu_group_name_domain_id').create()
migrate.UniqueConstraint(role.c.name,
name='ixu_role_name').create()
migrate.UniqueConstraint(project.c.domain_id,
project.c.name,
name='ixu_project_name_domain_id').create()
migrate.UniqueConstraint(domain.c.name,
name='ixu_domain_name').create()
migrate.UniqueConstraint(mapping.c.domain_id,
mapping.c.local_id,
mapping.c.entity_type,
name='domain_id').create()
# Indexes
sql.Index('ix_token_expires', token.c.expires).create()
sql.Index('ix_token_expires_valid', token.c.expires,
token.c.valid).create()
sql.Index('ix_actor_id', assignment.c.actor_id).create()
sql.Index('ix_token_user_id', token.c.user_id).create()
sql.Index('ix_token_trust_id', token.c.trust_id).create()
# NOTE(stevemar): The two indexes below were named 'service_id' and
# 'group_id' in 050_fk_consistent_indexes.py, and need to be preserved
sql.Index('service_id', endpoint.c.service_id).create()
sql.Index('group_id', user_group_membership.c.group_id).create()
fkeys = [
{'columns': [endpoint.c.service_id],
'references': [service.c.id]},
{'columns': [user_group_membership.c.group_id],
'references': [group.c.id],
'name': 'fk_user_group_membership_group_id'},
{'columns': [user_group_membership.c.user_id],
'references':[user.c.id],
'name': 'fk_user_group_membership_user_id'},
{'columns': [project.c.domain_id],
'references': [domain.c.id],
'name': 'fk_project_domain_id'},
{'columns': [endpoint.c.region_id],
'references': [region.c.id],
'name': 'fk_endpoint_region_id'},
{'columns': [project.c.parent_id],
'references': [project.c.id],
'name': 'project_parent_id_fkey'},
]
if migrate_engine.name == 'sqlite':
# NOTE(stevemar): We need to keep this FK constraint due to 073, but
# only for sqlite, once we collapse 073 we can remove this constraint
fkeys.append(
{'columns': [assignment.c.role_id],
'references': [role.c.id],
'name': 'fk_assignment_role_id'})
for fkey in fkeys:
migrate.ForeignKeyConstraint(columns=fkey['columns'],
refcolumns=fkey['references'],
name=fkey.get('name')).create()
# Create the default domain.
session = orm.sessionmaker(bind=migrate_engine)()
domain.insert(migration_helpers.get_default_domain()).execute()
session.commit()
def upgrade(migrate_engine):
meta = sql.MetaData()
meta.bind = migrate_engine
if migrate_engine.name == 'mysql':
# In Folsom we explicitly converted migrate_version to UTF8.
migrate_engine.execute(
'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8')
# Set default DB charset to UTF8.
migrate_engine.execute('ALTER DATABASE %s DEFAULT CHARACTER SET utf8' %
migrate_engine.url.database)
credential = sql.Table('credential',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('user_id',
sql.String(length=64),
nullable=False),
sql.Column('project_id', sql.String(length=64)),
sql.Column('blob', ks_sql.JsonBlob, nullable=False),
sql.Column('type',
sql.String(length=255),
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
domain = sql.Table('domain',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('name',
sql.String(length=64),
nullable=False),
sql.Column('enabled',
sql.Boolean,
default=True,
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
endpoint = sql.Table('endpoint',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('legacy_endpoint_id',
sql.String(length=64)),
sql.Column('interface',
sql.String(length=8),
nullable=False),
sql.Column('region', sql.String(length=255)),
sql.Column('service_id',
sql.String(length=64),
nullable=False),
sql.Column('url', sql.Text, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
group = sql.Table('group',
meta,
sql.Column('id', sql.String(length=64),
primary_key=True),
sql.Column('domain_id',
sql.String(length=64),
nullable=False),
sql.Column('name', sql.String(length=64),
nullable=False),
sql.Column('description', sql.Text),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
group_domain_metadata = sql.Table('group_domain_metadata',
meta,
sql.Column('group_id',
sql.String(length=64),
primary_key=True),
sql.Column('domain_id',
sql.String(length=64),
primary_key=True),
sql.Column('data', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
group_project_metadata = sql.Table('group_project_metadata',
meta,
sql.Column('group_id',
sql.String(length=64),
primary_key=True),
sql.Column('project_id',
sql.String(length=64),
primary_key=True),
sql.Column('data',
ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
policy = sql.Table('policy',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('type',
sql.String(length=255),
nullable=False),
sql.Column('blob', ks_sql.JsonBlob, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
project = sql.Table('project',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('name',
sql.String(length=64),
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('description', sql.Text),
sql.Column('enabled', sql.Boolean),
sql.Column('domain_id',
sql.String(length=64),
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
role = sql.Table('role',
meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=255),
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
service = sql.Table('service',
meta,
sql.Column('id',
sql.String(length=64),
primary_key=True),
sql.Column('type', sql.String(length=255)),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
token = sql.Table('token',
meta,
sql.Column('id', sql.String(length=64),
primary_key=True),
sql.Column('expires', sql.DateTime, default=None),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('valid',
sql.Boolean,
default=True,
nullable=False),
sql.Column('trust_id', sql.String(length=64)),
sql.Column('user_id', sql.String(length=64)),
mysql_engine='InnoDB',
mysql_charset='utf8')
trust = sql.Table('trust',
meta,
sql.Column('id', sql.String(length=64),
primary_key=True),
sql.Column('trustor_user_id',
sql.String(length=64),
nullable=False),
sql.Column('trustee_user_id',
sql.String(length=64),
nullable=False),
sql.Column('project_id', sql.String(length=64)),
sql.Column('impersonation', sql.Boolean, nullable=False),
sql.Column('deleted_at', sql.DateTime),
sql.Column('expires_at', sql.DateTime),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
trust_role = sql.Table('trust_role',
meta,
sql.Column('trust_id',
sql.String(length=64),
primary_key=True,
nullable=False),
sql.Column('role_id',
sql.String(length=64),
primary_key=True,
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
user = sql.Table('user',
meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=255),
nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('password', sql.String(length=128)),
sql.Column('enabled', sql.Boolean),
sql.Column('domain_id',
sql.String(length=64),
nullable=False),
sql.Column('default_project_id', sql.String(length=64)),
mysql_engine='InnoDB',
mysql_charset='utf8')
user_domain_metadata = sql.Table('user_domain_metadata',
meta,
sql.Column('user_id',
sql.String(length=64),
primary_key=True),
sql.Column('domain_id',
sql.String(length=64),
primary_key=True),
sql.Column('data', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
user_group_membership = sql.Table('user_group_membership',
meta,
sql.Column('user_id',
sql.String(length=64),
primary_key=True),
sql.Column('group_id',
sql.String(length=64),
primary_key=True),
mysql_engine='InnoDB',
mysql_charset='utf8')
user_project_metadata = sql.Table('user_project_metadata',
meta,
sql.Column('user_id',
sql.String(length=64),
primary_key=True),
sql.Column('project_id',
sql.String(length=64),
primary_key=True),
sql.Column('data', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
# create all tables
tables = [
credential, domain, endpoint, group, group_domain_metadata,
group_project_metadata, policy, project, role, service, token, trust,
trust_role, user, user_domain_metadata, user_group_membership,
user_project_metadata
]
for table in tables:
try:
table.create()
except Exception:
LOG.exception('Exception while creating table: %r', table)
raise
# Unique Constraints
migrate.UniqueConstraint(user.c.domain_id,
user.c.name,
name='ixu_user_name_domain_id').create()
migrate.UniqueConstraint(group.c.domain_id,
group.c.name,
name='ixu_group_name_domain_id').create()
migrate.UniqueConstraint(role.c.name, name='ixu_role_name').create()
migrate.UniqueConstraint(project.c.domain_id,
project.c.name,
name='ixu_project_name_domain_id').create()
migrate.UniqueConstraint(domain.c.name, name='ixu_domain_name').create()
# Indexes
sql.Index('ix_token_expires', token.c.expires).create()
sql.Index('ix_token_valid', token.c.valid).create()
fkeys = [{
'columns': [user_project_metadata.c.project_id],
'references': [project.c.id],
'name': 'fk_user_project_metadata_project_id'
}, {
'columns': [user_domain_metadata.c.domain_id],
'references': [domain.c.id],
'name': 'fk_user_domain_metadata_domain_id'
}, {
'columns': [group_project_metadata.c.project_id],
'references': [project.c.id],
'name': 'fk_group_project_metadata_project_id'
}, {
'columns': [group_domain_metadata.c.domain_id],
'references': [domain.c.id],
'name': 'fk_group_domain_metadata_domain_id'
}, {
'columns': [endpoint.c.service_id],
'references': [service.c.id]
}, {
'columns': [user_group_membership.c.group_id],
'references': [group.c.id],
'name': 'fk_user_group_membership_group_id'
}, {
'columns': [user_group_membership.c.user_id],
'references': [user.c.id],
'name': 'fk_user_group_membership_user_id'
}, {
'columns': [user.c.domain_id],
'references': [domain.c.id],
'name': 'fk_user_domain_id'
}, {
'columns': [group.c.domain_id],
'references': [domain.c.id],
'name': 'fk_group_domain_id'
}, {
'columns': [project.c.domain_id],
'references': [domain.c.id],
'name': 'fk_project_domain_id'
}]
for fkey in fkeys:
migrate.ForeignKeyConstraint(columns=fkey['columns'],
refcolumns=fkey['references'],
name=fkey.get('name')).create()
# Create the default domain.
session = orm.sessionmaker(bind=migrate_engine)()
domain.insert(migration_helpers.get_default_domain()).execute()
session.commit()
def upgrade(migrate_engine):
meta = sql.MetaData()
meta.bind = migrate_engine
if migrate_engine.name == 'mysql':
# In Folsom we explicitly converted migrate_version to UTF8.
sql_stmt = 'ALTER TABLE migrate_version CONVERT TO CHARACTER SET utf8;'
# Set default DB charset to UTF8.
sql_stmt += ('ALTER DATABASE %s DEFAULT CHARACTER SET utf8;' %
migrate_engine.url.database)
migrate_engine.execute(sql_stmt)
credential = sql.Table(
'credential', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('user_id', sql.String(length=64), nullable=False),
sql.Column('project_id', sql.String(length=64)),
sql.Column('blob', ks_sql.JsonBlob, nullable=False),
sql.Column('type', sql.String(length=255), nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
domain = sql.Table(
'domain', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=64), nullable=False),
sql.Column('enabled', sql.Boolean, default=True, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
endpoint = sql.Table(
'endpoint', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('legacy_endpoint_id', sql.String(length=64)),
sql.Column('interface', sql.String(length=8), nullable=False),
sql.Column('region', sql.String(length=255)),
sql.Column('service_id', sql.String(length=64), nullable=False),
sql.Column('url', sql.Text, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
group = sql.Table(
'group', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('domain_id', sql.String(length=64), nullable=False),
sql.Column('name', sql.String(length=64), nullable=False),
sql.Column('description', sql.Text),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
group_domain_metadata = sql.Table(
'group_domain_metadata', meta,
sql.Column('group_id', sql.String(length=64), primary_key=True),
sql.Column('domain_id', sql.String(length=64), primary_key=True),
sql.Column('data', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
group_project_metadata = sql.Table(
'group_project_metadata', meta,
sql.Column('group_id', sql.String(length=64), primary_key=True),
sql.Column('project_id', sql.String(length=64), primary_key=True),
sql.Column('data', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
policy = sql.Table(
'policy', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('type', sql.String(length=255), nullable=False),
sql.Column('blob', ks_sql.JsonBlob, nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
project = sql.Table(
'project', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=64), nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('description', sql.Text),
sql.Column('enabled', sql.Boolean),
sql.Column('domain_id', sql.String(length=64), nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
role = sql.Table(
'role', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=255), nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
service = sql.Table(
'service', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('type', sql.String(length=255)),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
token = sql.Table(
'token', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('expires', sql.DateTime, default=None),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('valid', sql.Boolean, default=True, nullable=False),
sql.Column('trust_id', sql.String(length=64)),
sql.Column('user_id', sql.String(length=64)),
mysql_engine='InnoDB',
mysql_charset='utf8')
trust = sql.Table(
'trust', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('trustor_user_id', sql.String(length=64), nullable=False),
sql.Column('trustee_user_id', sql.String(length=64), nullable=False),
sql.Column('project_id', sql.String(length=64)),
sql.Column('impersonation', sql.Boolean, nullable=False),
sql.Column('deleted_at', sql.DateTime),
sql.Column('expires_at', sql.DateTime),
sql.Column('extra', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
trust_role = sql.Table(
'trust_role', meta,
sql.Column('trust_id', sql.String(length=64), primary_key=True,
nullable=False),
sql.Column('role_id', sql.String(length=64), primary_key=True,
nullable=False),
mysql_engine='InnoDB',
mysql_charset='utf8')
user = sql.Table(
'user', meta,
sql.Column('id', sql.String(length=64), primary_key=True),
sql.Column('name', sql.String(length=255), nullable=False),
sql.Column('extra', ks_sql.JsonBlob.impl),
sql.Column('password', sql.String(length=128)),
sql.Column('enabled', sql.Boolean),
sql.Column('domain_id', sql.String(length=64), nullable=False),
sql.Column('default_project_id', sql.String(length=64)),
mysql_engine='InnoDB',
mysql_charset='utf8')
user_domain_metadata = sql.Table(
'user_domain_metadata', meta,
sql.Column('user_id', sql.String(length=64), primary_key=True),
sql.Column('domain_id', sql.String(length=64), primary_key=True),
sql.Column('data', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
user_group_membership = sql.Table(
'user_group_membership', meta,
sql.Column('user_id', sql.String(length=64), primary_key=True),
sql.Column('group_id', sql.String(length=64), primary_key=True),
mysql_engine='InnoDB',
mysql_charset='utf8')
user_project_metadata = sql.Table(
'user_project_metadata', meta,
sql.Column('user_id', sql.String(length=64), primary_key=True),
sql.Column('project_id', sql.String(length=64), primary_key=True),
sql.Column('data', ks_sql.JsonBlob.impl),
mysql_engine='InnoDB',
mysql_charset='utf8')
# create all tables
tables = [credential, domain, endpoint, group, group_domain_metadata,
group_project_metadata, policy, project, role, service,
token, trust, trust_role, user, user_domain_metadata,
user_group_membership, user_project_metadata]
for table in tables:
try:
table.create()
except Exception:
LOG.exception('Exception while creating table: %r', table)
raise
# Unique Constraints
migrate.UniqueConstraint(user.c.domain_id,
user.c.name,
name='ixu_user_name_domain_id').create()
migrate.UniqueConstraint(group.c.domain_id,
group.c.name,
name='ixu_group_name_domain_id').create()
migrate.UniqueConstraint(role.c.name,
name='ixu_role_name').create()
migrate.UniqueConstraint(project.c.domain_id,
project.c.name,
name='ixu_project_name_domain_id').create()
migrate.UniqueConstraint(domain.c.name,
name='ixu_domain_name').create()
# Indexes
sql.Index('ix_token_expires', token.c.expires).create()
sql.Index('ix_token_expires_valid', token.c.expires,
token.c.valid).create()
fkeys = [
{'columns': [user_project_metadata.c.project_id],
'references': [project.c.id],
'name': 'fk_user_project_metadata_project_id'},
{'columns': [user_domain_metadata.c.domain_id],
'references': [domain.c.id],
'name': 'fk_user_domain_metadata_domain_id'},
{'columns': [group_project_metadata.c.project_id],
'references': [project.c.id],
'name': 'fk_group_project_metadata_project_id'},
{'columns': [group_domain_metadata.c.domain_id],
'references': [domain.c.id],
'name': 'fk_group_domain_metadata_domain_id'},
{'columns': [endpoint.c.service_id],
'references': [service.c.id]},
{'columns': [user_group_membership.c.group_id],
'references': [group.c.id],
'name': 'fk_user_group_membership_group_id'},
{'columns': [user_group_membership.c.user_id],
'references':[user.c.id],
'name': 'fk_user_group_membership_user_id'},
{'columns': [user.c.domain_id],
'references': [domain.c.id],
'name': 'fk_user_domain_id'},
{'columns': [group.c.domain_id],
'references': [domain.c.id],
'name': 'fk_group_domain_id'},
{'columns': [project.c.domain_id],
'references': [domain.c.id],
'name': 'fk_project_domain_id'}
]
for fkey in fkeys:
migrate.ForeignKeyConstraint(columns=fkey['columns'],
refcolumns=fkey['references'],
name=fkey.get('name')).create()
# Create the default domain.
session = orm.sessionmaker(bind=migrate_engine)()
domain.insert(migration_helpers.get_default_domain()).execute()
session.commit()
