Skip to content

Commit

Permalink
Recreate Role Service admin role views in setup_geoserver
Browse files Browse the repository at this point in the history
  • Loading branch information
index-git committed Dec 18, 2023
1 parent 71bf5e6 commit 847abb7
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 16 deletions.
5 changes: 0 additions & 5 deletions src/layman/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -125,11 +125,6 @@
from .layer.prime_db_schema.wfs_wms_status import set_after_restart
set_after_restart()

logger.info(f'Recreate Role Service admin role views')
from .authz.internal_role_service import ensure_admin_roles

ensure_admin_roles()

pipe.multi()
pipe.set(LAYMAN_DEPS_ADJUSTED_KEY, 'done')
pipe.execute()
Expand Down
26 changes: 24 additions & 2 deletions src/layman/upgrade/upgrade_v1_23.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

from db import util as db_util
from layman import settings
from layman.authz import internal_role_service

logger = logging.getLogger(__name__)
DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA
Expand Down Expand Up @@ -72,7 +71,30 @@ def create_role_service_schema():
;"""
db_util.run_statement(create_layman_users_user_roles_view)

internal_role_service.ensure_admin_roles()
create_admin_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_roles
as
select 'ADMIN' as name
UNION ALL
select 'GROUP_ADMIN'
UNION ALL
select %s
;"""
db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE, ))

create_admin_user_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_user_roles
as
select %s as username, %s as rolename
UNION ALL
select %s, 'ADMIN'
UNION ALL
select %s, 'ADMIN'
union all
select w.name as username,
%s as rolename
from {settings.LAYMAN_PRIME_SCHEMA}.users u inner join
{settings.LAYMAN_PRIME_SCHEMA}.workspaces w on w.id = u.id_workspace
;"""
db_util.run_statement(create_admin_user_roles_view, (settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.GEOSERVER_ADMIN_USER, settings.LAYMAN_GS_ROLE, ))

create_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.roles
as
Expand Down
7 changes: 0 additions & 7 deletions src/layman/upgrade/upgrade_v1_23_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

from db import util as db_util
from layman import app, settings
from layman.authz import internal_role_service
from layman.common.prime_db_schema import ensure_whole_user
from test_tools import process_client
from . import upgrade_v1_23
Expand Down Expand Up @@ -122,12 +121,6 @@ def test_create_role_service_schema():
assert result[0] + result[1] + result[2] == result[3]
result = db_util.run_query(user_roles_query)[0]
assert result[0] + result[1] + result[2] == result[3]

internal_role_service.ensure_admin_roles()
result = db_util.run_query(roles_query)[0]
assert result[0] + result[1] + result[2] == result[3]
result = db_util.run_query(user_roles_query)[0]
assert result[0] + result[1] + result[2] == result[3]
result = db_util.run_query(table_existence_query, ('role_props',))[0][0]
assert result == 1
result = db_util.run_query(table_existence_query, ('group_roles',))[0][0]
Expand Down
34 changes: 32 additions & 2 deletions src/setup_geoserver.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ def ensure_jdbc_role_service_internal_schema():
wait_for_db(db_conn)

logger.info(f" Checking internal role service DB schema")
schema_query = f'''SELECT COUNT(*) FROM information_schema.schemata WHERE schema_name = '{internal_service_schema}';'''
schema_exists = db_util.run_query(schema_query, uri_str=uri_str)[0][0]
schema_query = f'''SELECT COUNT(*) FROM information_schema.schemata WHERE schema_name = %s;'''
schema_exists = db_util.run_query(schema_query, (internal_service_schema, ), uri_str=uri_str)[0][0]
if schema_exists == 0:
logger.info(f" Setting up internal role service DB schema")
statement = f"""
Expand All @@ -61,6 +61,36 @@ def ensure_jdbc_role_service_internal_schema():
create view {internal_service_schema}.group_roles as select null::varchar as groupname, null::varchar as rolename;
"""
db_util.run_statement(statement, data=(settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.GEOSERVER_ADMIN_USER, ), uri_str=uri_str)
else:
prime_schema_exists = db_util.run_query(schema_query, (settings.LAYMAN_PRIME_SCHEMA, ), uri_str=uri_str)[0][0]
if prime_schema_exists:
logger.info(f' Recreate Role Service admin role views')
create_admin_roles_view = f"""CREATE OR REPLACE view {internal_service_schema}.admin_roles
as
select 'ADMIN' as name
UNION ALL
select 'GROUP_ADMIN'
UNION ALL
select %s
;"""
db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE,), uri_str=uri_str)

create_admin_user_roles_view = f"""CREATE OR REPLACE view {internal_service_schema}.admin_user_roles
as
select %s as username, %s as rolename
UNION ALL
select %s, 'ADMIN'
UNION ALL
select %s, 'ADMIN'
union all
select w.name as username,
%s as rolename
from {settings.LAYMAN_PRIME_SCHEMA}.users u inner join
{settings.LAYMAN_PRIME_SCHEMA}.workspaces w on w.id = u.id_workspace
;"""
db_util.run_statement(create_admin_user_roles_view, (
settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.GEOSERVER_ADMIN_USER,
settings.LAYMAN_GS_ROLE,), uri_str=uri_str)


def main():
Expand Down

0 comments on commit 847abb7

Please sign in to comment.