diff --git a/src/layman/__init__.py b/src/layman/__init__.py index 491403ef1..9ceef916b 100644 --- a/src/layman/__init__.py +++ b/src/layman/__init__.py @@ -125,11 +125,6 @@ from .layer.prime_db_schema.wfs_wms_status import set_after_restart set_after_restart() - logger.info(f'Recreate Role Service admin role views') - from .authz.internal_role_service import ensure_admin_roles - - ensure_admin_roles() - pipe.multi() pipe.set(LAYMAN_DEPS_ADJUSTED_KEY, 'done') pipe.execute() diff --git a/src/layman/upgrade/upgrade_v1_23.py b/src/layman/upgrade/upgrade_v1_23.py index 1f6c82ff8..643c1bec5 100644 --- a/src/layman/upgrade/upgrade_v1_23.py +++ b/src/layman/upgrade/upgrade_v1_23.py @@ -2,7 +2,6 @@ from db import util as db_util from layman import settings -from layman.authz import internal_role_service logger = logging.getLogger(__name__) DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA @@ -72,7 +71,30 @@ def create_role_service_schema(): ;""" db_util.run_statement(create_layman_users_user_roles_view) - internal_role_service.ensure_admin_roles() + create_admin_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_roles + as + select 'ADMIN' as name + UNION ALL + select 'GROUP_ADMIN' + UNION ALL + select %s + ;""" + db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE, )) + + create_admin_user_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_user_roles + as + select %s as username, %s as rolename + UNION ALL + select %s, 'ADMIN' + UNION ALL + select %s, 'ADMIN' + union all + select w.name as username, + %s as rolename + from {settings.LAYMAN_PRIME_SCHEMA}.users u inner join + {settings.LAYMAN_PRIME_SCHEMA}.workspaces w on w.id = u.id_workspace + ;""" + db_util.run_statement(create_admin_user_roles_view, (settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.GEOSERVER_ADMIN_USER, settings.LAYMAN_GS_ROLE, )) create_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.roles as diff --git a/src/layman/upgrade/upgrade_v1_23_test.py b/src/layman/upgrade/upgrade_v1_23_test.py index deb1aef2d..0c43099e0 100644 --- a/src/layman/upgrade/upgrade_v1_23_test.py +++ b/src/layman/upgrade/upgrade_v1_23_test.py @@ -2,7 +2,6 @@ from db import util as db_util from layman import app, settings -from layman.authz import internal_role_service from layman.common.prime_db_schema import ensure_whole_user from test_tools import process_client from . import upgrade_v1_23 @@ -122,12 +121,6 @@ def test_create_role_service_schema(): assert result[0] + result[1] + result[2] == result[3] result = db_util.run_query(user_roles_query)[0] assert result[0] + result[1] + result[2] == result[3] - - internal_role_service.ensure_admin_roles() - result = db_util.run_query(roles_query)[0] - assert result[0] + result[1] + result[2] == result[3] - result = db_util.run_query(user_roles_query)[0] - assert result[0] + result[1] + result[2] == result[3] result = db_util.run_query(table_existence_query, ('role_props',))[0][0] assert result == 1 result = db_util.run_query(table_existence_query, ('group_roles',))[0][0] diff --git a/src/setup_geoserver.py b/src/setup_geoserver.py index 74e963d66..7b648f865 100644 --- a/src/setup_geoserver.py +++ b/src/setup_geoserver.py @@ -43,8 +43,8 @@ def ensure_jdbc_role_service_internal_schema(): wait_for_db(db_conn) logger.info(f" Checking internal role service DB schema") - schema_query = f'''SELECT COUNT(*) FROM information_schema.schemata WHERE schema_name = '{internal_service_schema}';''' - schema_exists = db_util.run_query(schema_query, uri_str=uri_str)[0][0] + schema_query = f'''SELECT COUNT(*) FROM information_schema.schemata WHERE schema_name = %s;''' + schema_exists = db_util.run_query(schema_query, (internal_service_schema, ), uri_str=uri_str)[0][0] if schema_exists == 0: logger.info(f" Setting up internal role service DB schema") statement = f""" @@ -61,6 +61,36 @@ def ensure_jdbc_role_service_internal_schema(): create view {internal_service_schema}.group_roles as select null::varchar as groupname, null::varchar as rolename; """ db_util.run_statement(statement, data=(settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.GEOSERVER_ADMIN_USER, ), uri_str=uri_str) + else: + prime_schema_exists = db_util.run_query(schema_query, (settings.LAYMAN_PRIME_SCHEMA, ), uri_str=uri_str)[0][0] + if prime_schema_exists: + logger.info(f' Recreate Role Service admin role views') + create_admin_roles_view = f"""CREATE OR REPLACE view {internal_service_schema}.admin_roles + as + select 'ADMIN' as name + UNION ALL + select 'GROUP_ADMIN' + UNION ALL + select %s + ;""" + db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE,), uri_str=uri_str) + + create_admin_user_roles_view = f"""CREATE OR REPLACE view {internal_service_schema}.admin_user_roles + as + select %s as username, %s as rolename + UNION ALL + select %s, 'ADMIN' + UNION ALL + select %s, 'ADMIN' + union all + select w.name as username, + %s as rolename + from {settings.LAYMAN_PRIME_SCHEMA}.users u inner join + {settings.LAYMAN_PRIME_SCHEMA}.workspaces w on w.id = u.id_workspace + ;""" + db_util.run_statement(create_admin_user_roles_view, ( + settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.GEOSERVER_ADMIN_USER, + settings.LAYMAN_GS_ROLE,), uri_str=uri_str) def main():