diff --git a/.env.dev b/.env.dev index f9518fe9f..db7fba29b 100644 --- a/.env.dev +++ b/.env.dev @@ -16,7 +16,7 @@ LAYMAN_AUTHN_MODULES=layman.authn.oauth2,layman.authn.http_header LAYMAN_AUTHN_HTTP_HEADER_NAME=a0468616f9968eaecdc3377988aba650 GRANT_CREATE_PUBLIC_WORKSPACE=EVERYONE GRANT_PUBLISH_IN_PUBLIC_WORKSPACE=EVERYONE -LAYMAN_ROLE_SERVICE_URI=postgresql://docker:docker@postgresql:5432/gis?autosave=conservative&schema=_role_service +LAYMAN_ROLE_SERVICE_URI=postgresql://docker:docker@postgresql:5432/gis?schema=_role_service # connection parameters to PostgreSQL database LAYMAN_PG_HOST=postgresql diff --git a/.env.test b/.env.test index 9633a26d1..219359460 100644 --- a/.env.test +++ b/.env.test @@ -16,7 +16,7 @@ LAYMAN_AUTHN_MODULES=layman.authn.http_header LAYMAN_AUTHN_HTTP_HEADER_NAME=a0468616f9968eaecdc3377988aba650 GRANT_CREATE_PUBLIC_WORKSPACE=EVERYONE GRANT_PUBLISH_IN_PUBLIC_WORKSPACE=EVERYONE -LAYMAN_ROLE_SERVICE_URI=postgresql://docker:docker@postgresql:5432/layman_test?autosave=conservative&schema=_role_service +LAYMAN_ROLE_SERVICE_URI=postgresql://docker:docker@postgresql:5432/layman_test?schema=_role_service # connection parameters to PostgreSQL database LAYMAN_PG_HOST=postgresql diff --git a/src/layman/upgrade/upgrade_v1_23.py b/src/layman/upgrade/upgrade_v1_23.py index b777cb5de..06de9bb99 100644 --- a/src/layman/upgrade/upgrade_v1_23.py +++ b/src/layman/upgrade/upgrade_v1_23.py @@ -29,13 +29,7 @@ def adjust_db_for_roles(): def create_role_service_schema(): - logger.info(f' Create internal role service schema') - - drop_temporary_views = f"""drop schema if exists "{ROLE_SERVICE_SCHEMA}" CASCADE;""" - db_util.run_statement(drop_temporary_views) - - create_schema = f"""CREATE SCHEMA "{ROLE_SERVICE_SCHEMA}" AUTHORIZATION {settings.LAYMAN_PG_USER};""" - db_util.run_statement(create_schema) + logger.info(f' Complete internal role service schema') create_role_table = f"""create table {ROLE_SERVICE_SCHEMA}.bussiness_roles( id integer GENERATED ALWAYS AS IDENTITY, @@ -72,7 +66,7 @@ def create_role_service_schema(): ;""" db_util.run_statement(create_layman_users_user_roles_view) - create_admin_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_roles + create_admin_roles_view = f"""CREATE view {ROLE_SERVICE_SCHEMA}.admin_roles as select 'ADMIN' as name UNION ALL @@ -82,7 +76,7 @@ def create_role_service_schema(): ;""" db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE, )) - create_admin_user_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_user_roles + create_admin_user_roles_view = f"""CREATE view {ROLE_SERVICE_SCHEMA}.admin_user_roles as select %s as username, %s as rolename UNION ALL @@ -97,10 +91,10 @@ def create_role_service_schema(): ;""" db_util.run_statement(create_admin_user_roles_view, (settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.GEOSERVER_ADMIN_USER, settings.LAYMAN_GS_ROLE, )) - create_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.roles + create_roles_view = f"""create or replace view {ROLE_SERVICE_SCHEMA}.roles as -select name, - parent +select name::varchar(64), + parent::varchar(64) from {ROLE_SERVICE_SCHEMA}.bussiness_roles UNION ALL select name, @@ -113,10 +107,10 @@ def create_role_service_schema(): ;""" db_util.run_statement(create_roles_view) - create_user_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.user_roles + create_user_roles_view = f"""create or replace view {ROLE_SERVICE_SCHEMA}.user_roles as -select username, - rolename +select username::varchar(64), + rolename::varchar(64) from {ROLE_SERVICE_SCHEMA}.bussiness_user_roles UNION ALL select username, @@ -129,11 +123,4 @@ def create_role_service_schema(): ;""" db_util.run_statement(create_user_roles_view) - create_other_tables = f""" - create table {ROLE_SERVICE_SCHEMA}.role_props(rolename varchar(64) not null,propname varchar(64) not null, propvalue varchar(2048),primary key (rolename,propname)); - create table {ROLE_SERVICE_SCHEMA}.group_roles(groupname varchar(128) not null, rolename varchar(64) not null, primary key(groupname,rolename)); - create index group_roles_idx on {ROLE_SERVICE_SCHEMA}.group_roles(rolename,groupname); - """ - db_util.run_statement(create_other_tables) - gs_util.reload(settings.LAYMAN_GS_AUTH) diff --git a/src/layman/upgrade/upgrade_v1_23_test.py b/src/layman/upgrade/upgrade_v1_23_test.py index 0c43099e0..7451434b6 100644 --- a/src/layman/upgrade/upgrade_v1_23_test.py +++ b/src/layman/upgrade/upgrade_v1_23_test.py @@ -93,11 +93,29 @@ def test_create_role_service_schema(): (select count(*) from {ROLE_SERVICE_SCHEMA}.admin_user_roles) admin_user_roles, (select count(*) from {ROLE_SERVICE_SCHEMA}.user_roles) user_roles''' + # prepare simple schema in the same way as in setup_geoserver.py + prepare_simple_schema_statement = f""" +CREATE SCHEMA "{ROLE_SERVICE_SCHEMA}" AUTHORIZATION {settings.LAYMAN_PG_USER}; +create view {ROLE_SERVICE_SCHEMA}.roles as select 'ADMIN'::varchar(64) as name, null::varchar(64) as parent +union all select 'GROUP_ADMIN', null +union all select %s, null +; +create view {ROLE_SERVICE_SCHEMA}.role_props as select null::varchar(64) as rolename, null::varchar(64) as propname, null::varchar(2048) as propvalue; +create view {ROLE_SERVICE_SCHEMA}.user_roles as select %s::varchar(64) as username, 'ADMIN'::varchar(64) as rolename +union all select %s, %s +union all select %s, 'ADMIN' +; +create view {ROLE_SERVICE_SCHEMA}.group_roles as select null::varchar(128) as groupname, null::varchar(64) as rolename; + """ + with app.app_context(): ensure_whole_user(username, userinfo) db_util.run_statement(drop_statement) result = db_util.run_query(schema_existence_query)[0][0] assert result == 0 + db_util.run_statement(prepare_simple_schema_statement, data=( + settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, + settings.GEOSERVER_ADMIN_USER)) upgrade_v1_23.create_role_service_schema() diff --git a/src/setup_geoserver.py b/src/setup_geoserver.py index 7b648f865..0355f403c 100644 --- a/src/setup_geoserver.py +++ b/src/setup_geoserver.py @@ -49,16 +49,16 @@ def ensure_jdbc_role_service_internal_schema(): logger.info(f" Setting up internal role service DB schema") statement = f""" CREATE SCHEMA "{internal_service_schema}" AUTHORIZATION {settings.LAYMAN_PG_USER}; - create view {internal_service_schema}.roles as select 'ADMIN' as name, null as parent + create view {internal_service_schema}.roles as select 'ADMIN'::varchar(64) as name, null::varchar(64) as parent union all select 'GROUP_ADMIN', null union all select %s, null ; - create view {internal_service_schema}.role_props as select null::varchar as rolename, null::varchar as propname, null::varchar as propvalue; - create view {internal_service_schema}.user_roles as select %s as username, 'ADMIN' as rolename + create view {internal_service_schema}.role_props as select null::varchar(64) as rolename, null::varchar(64) as propname, null::varchar(2048) as propvalue; + create view {internal_service_schema}.user_roles as select %s::varchar(64) as username, 'ADMIN'::varchar(64) as rolename union all select %s, %s union all select %s, 'ADMIN' ; - create view {internal_service_schema}.group_roles as select null::varchar as groupname, null::varchar as rolename; + create view {internal_service_schema}.group_roles as select null::varchar(128) as groupname, null::varchar(64) as rolename; """ db_util.run_statement(statement, data=(settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.GEOSERVER_ADMIN_USER, ), uri_str=uri_str) else: