Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Recreate Role Service admin role views in setup_geoserver #982

Closed
wants to merge 1 commit into from
Closed

Recreate Role Service admin role views in setup_geoserver #982

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions src/layman/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,11 +125,6 @@
from .layer.prime_db_schema.wfs_wms_status import set_after_restart
set_after_restart()

logger.info(f'Recreate Role Service admin role views')
from .authz.internal_role_service import ensure_admin_roles

ensure_admin_roles()

pipe.multi()
pipe.set(LAYMAN_DEPS_ADJUSTED_KEY, 'done')
pipe.execute()
Expand Down
26 changes: 24 additions & 2 deletions src/layman/upgrade/upgrade_v1_23.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

from db import util as db_util
from layman import settings
from layman.authz import internal_role_service

logger = logging.getLogger(__name__)
DB_SCHEMA = settings.LAYMAN_PRIME_SCHEMA
Expand Down Expand Up @@ -72,7 +71,30 @@ def create_role_service_schema():
;"""
db_util.run_statement(create_layman_users_user_roles_view)

internal_role_service.ensure_admin_roles()
create_admin_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_roles
as
select 'ADMIN' as name
UNION ALL
select 'GROUP_ADMIN'
UNION ALL
select %s
;"""
db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE, ))

create_admin_user_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_user_roles
as
select %s as username, %s as rolename
UNION ALL
select %s, 'ADMIN'
UNION ALL
select %s, 'ADMIN'
union all
select w.name as username,
%s as rolename
from {settings.LAYMAN_PRIME_SCHEMA}.users u inner join
{settings.LAYMAN_PRIME_SCHEMA}.workspaces w on w.id = u.id_workspace
;"""
db_util.run_statement(create_admin_user_roles_view, (settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.GEOSERVER_ADMIN_USER, settings.LAYMAN_GS_ROLE, ))

create_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.roles
as
Expand Down
7 changes: 0 additions & 7 deletions src/layman/upgrade/upgrade_v1_23_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

from db import util as db_util
from layman import app, settings
from layman.authz import internal_role_service
from layman.common.prime_db_schema import ensure_whole_user
from test_tools import process_client
from . import upgrade_v1_23
Expand Down Expand Up @@ -122,12 +121,6 @@ def test_create_role_service_schema():
assert result[0] + result[1] + result[2] == result[3]
result = db_util.run_query(user_roles_query)[0]
assert result[0] + result[1] + result[2] == result[3]

internal_role_service.ensure_admin_roles()
result = db_util.run_query(roles_query)[0]
assert result[0] + result[1] + result[2] == result[3]
result = db_util.run_query(user_roles_query)[0]
assert result[0] + result[1] + result[2] == result[3]
result = db_util.run_query(table_existence_query, ('role_props',))[0][0]
assert result == 1
result = db_util.run_query(table_existence_query, ('group_roles',))[0][0]
Expand Down
34 changes: 32 additions & 2 deletions src/setup_geoserver.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ def ensure_jdbc_role_service_internal_schema():
wait_for_db(db_conn)

logger.info(f" Checking internal role service DB schema")
schema_query = f'''SELECT COUNT(*) FROM information_schema.schemata WHERE schema_name = '{internal_service_schema}';'''
schema_exists = db_util.run_query(schema_query, uri_str=uri_str)[0][0]
schema_query = f'''SELECT COUNT(*) FROM information_schema.schemata WHERE schema_name = %s;'''
schema_exists = db_util.run_query(schema_query, (internal_service_schema, ), uri_str=uri_str)[0][0]
if schema_exists == 0:
logger.info(f" Setting up internal role service DB schema")
statement = f"""
Expand All @@ -61,6 +61,36 @@ def ensure_jdbc_role_service_internal_schema():
create view {internal_service_schema}.group_roles as select null::varchar as groupname, null::varchar as rolename;
"""
db_util.run_statement(statement, data=(settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.GEOSERVER_ADMIN_USER, ), uri_str=uri_str)
else:
prime_schema_exists = db_util.run_query(schema_query, (settings.LAYMAN_PRIME_SCHEMA, ), uri_str=uri_str)[0][0]
if prime_schema_exists:
logger.info(f' Recreate Role Service admin role views')
create_admin_roles_view = f"""CREATE OR REPLACE view {internal_service_schema}.admin_roles
as
select 'ADMIN' as name
UNION ALL
select 'GROUP_ADMIN'
UNION ALL
select %s
;"""
db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE,), uri_str=uri_str)

create_admin_user_roles_view = f"""CREATE OR REPLACE view {internal_service_schema}.admin_user_roles
as
select %s as username, %s as rolename
UNION ALL
select %s, 'ADMIN'
UNION ALL
select %s, 'ADMIN'
union all
select w.name as username,
%s as rolename
from {settings.LAYMAN_PRIME_SCHEMA}.users u inner join
{settings.LAYMAN_PRIME_SCHEMA}.workspaces w on w.id = u.id_workspace
;"""
db_util.run_statement(create_admin_user_roles_view, (
settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.GEOSERVER_ADMIN_USER,
settings.LAYMAN_GS_ROLE,), uri_str=uri_str)


def main():
Expand Down