From e61f358149748e57081bf4f0521b1ed65f8e9a7a Mon Sep 17 00:00:00 2001
From: Jiri Kozel <jirik@users.noreply.github.com>
Date: Fri, 22 Dec 2023 10:14:51 +0100
Subject: [PATCH 1/4] Unify column types in setup_geoserver.py and
 upgrade_v1_23.py

---
 src/layman/upgrade/upgrade_v1_23.py | 8 ++++----
 src/setup_geoserver.py              | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/layman/upgrade/upgrade_v1_23.py b/src/layman/upgrade/upgrade_v1_23.py
index b777cb5de..f3b7fe6e3 100644
--- a/src/layman/upgrade/upgrade_v1_23.py
+++ b/src/layman/upgrade/upgrade_v1_23.py
@@ -99,8 +99,8 @@ def create_role_service_schema():
 
     create_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.roles
 as
-select name,
-       parent
+select name::varchar(64),
+       parent::varchar(64)
 from {ROLE_SERVICE_SCHEMA}.bussiness_roles
 UNION ALL
 select name,
@@ -115,8 +115,8 @@ def create_role_service_schema():
 
     create_user_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.user_roles
 as
-select username,
-       rolename
+select username::varchar(64),
+       rolename::varchar(64)
 from {ROLE_SERVICE_SCHEMA}.bussiness_user_roles
 UNION ALL
 select username,
diff --git a/src/setup_geoserver.py b/src/setup_geoserver.py
index 7b648f865..0355f403c 100644
--- a/src/setup_geoserver.py
+++ b/src/setup_geoserver.py
@@ -49,16 +49,16 @@ def ensure_jdbc_role_service_internal_schema():
         logger.info(f"    Setting up internal role service DB schema")
         statement = f"""
         CREATE SCHEMA "{internal_service_schema}" AUTHORIZATION {settings.LAYMAN_PG_USER};
-        create view {internal_service_schema}.roles as select 'ADMIN' as name, null as parent
+        create view {internal_service_schema}.roles as select 'ADMIN'::varchar(64) as name, null::varchar(64) as parent
         union all select 'GROUP_ADMIN', null
         union all select %s, null
         ;
-        create view {internal_service_schema}.role_props as select null::varchar as rolename, null::varchar as propname, null::varchar as propvalue;
-        create view {internal_service_schema}.user_roles as select %s as username, 'ADMIN' as rolename
+        create view {internal_service_schema}.role_props as select null::varchar(64) as rolename, null::varchar(64) as propname, null::varchar(2048) as propvalue;
+        create view {internal_service_schema}.user_roles as select %s::varchar(64) as username, 'ADMIN'::varchar(64) as rolename
         union all select %s, %s
         union all select %s, 'ADMIN'
         ;
-        create view {internal_service_schema}.group_roles as select null::varchar as groupname, null::varchar as rolename;
+        create view {internal_service_schema}.group_roles as select null::varchar(128) as groupname, null::varchar(64) as rolename;
     """
         db_util.run_statement(statement, data=(settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.GEOSERVER_ADMIN_USER, ), uri_str=uri_str)
     else:

From c0c3767d270c136918b59eba85b443c98597b79c Mon Sep 17 00:00:00 2001
From: Jiri Kozel <jirik@users.noreply.github.com>
Date: Fri, 22 Dec 2023 10:21:41 +0100
Subject: [PATCH 2/4] Re(create) only necessary views and tables in
 upgrade_v1_23.py

---
 src/layman/upgrade/upgrade_v1_23.py | 23 +++++------------------
 1 file changed, 5 insertions(+), 18 deletions(-)

diff --git a/src/layman/upgrade/upgrade_v1_23.py b/src/layman/upgrade/upgrade_v1_23.py
index f3b7fe6e3..06de9bb99 100644
--- a/src/layman/upgrade/upgrade_v1_23.py
+++ b/src/layman/upgrade/upgrade_v1_23.py
@@ -29,13 +29,7 @@ def adjust_db_for_roles():
 
 
 def create_role_service_schema():
-    logger.info(f'    Create internal role service schema')
-
-    drop_temporary_views = f"""drop schema if exists "{ROLE_SERVICE_SCHEMA}" CASCADE;"""
-    db_util.run_statement(drop_temporary_views)
-
-    create_schema = f"""CREATE SCHEMA "{ROLE_SERVICE_SCHEMA}" AUTHORIZATION {settings.LAYMAN_PG_USER};"""
-    db_util.run_statement(create_schema)
+    logger.info(f'    Complete internal role service schema')
 
     create_role_table = f"""create table {ROLE_SERVICE_SCHEMA}.bussiness_roles(
     id integer GENERATED ALWAYS AS IDENTITY,
@@ -72,7 +66,7 @@ def create_role_service_schema():
 ;"""
     db_util.run_statement(create_layman_users_user_roles_view)
 
-    create_admin_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_roles
+    create_admin_roles_view = f"""CREATE view {ROLE_SERVICE_SCHEMA}.admin_roles
     as
     select 'ADMIN' as name
     UNION ALL
@@ -82,7 +76,7 @@ def create_role_service_schema():
     ;"""
     db_util.run_statement(create_admin_roles_view, (settings.LAYMAN_GS_ROLE, ))
 
-    create_admin_user_roles_view = f"""CREATE OR REPLACE view {ROLE_SERVICE_SCHEMA}.admin_user_roles
+    create_admin_user_roles_view = f"""CREATE view {ROLE_SERVICE_SCHEMA}.admin_user_roles
     as
     select %s as username, %s as rolename
     UNION ALL
@@ -97,7 +91,7 @@ def create_role_service_schema():
     ;"""
     db_util.run_statement(create_admin_user_roles_view, (settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.GEOSERVER_ADMIN_USER, settings.LAYMAN_GS_ROLE, ))
 
-    create_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.roles
+    create_roles_view = f"""create or replace view {ROLE_SERVICE_SCHEMA}.roles
 as
 select name::varchar(64),
        parent::varchar(64)
@@ -113,7 +107,7 @@ def create_role_service_schema():
 ;"""
     db_util.run_statement(create_roles_view)
 
-    create_user_roles_view = f"""create view {ROLE_SERVICE_SCHEMA}.user_roles
+    create_user_roles_view = f"""create or replace view {ROLE_SERVICE_SCHEMA}.user_roles
 as
 select username::varchar(64),
        rolename::varchar(64)
@@ -129,11 +123,4 @@ def create_role_service_schema():
 ;"""
     db_util.run_statement(create_user_roles_view)
 
-    create_other_tables = f"""
-    create table {ROLE_SERVICE_SCHEMA}.role_props(rolename varchar(64) not null,propname varchar(64) not null, propvalue varchar(2048),primary key (rolename,propname));
-    create table {ROLE_SERVICE_SCHEMA}.group_roles(groupname varchar(128) not null, rolename varchar(64) not null,  primary key(groupname,rolename));
-    create index group_roles_idx on {ROLE_SERVICE_SCHEMA}.group_roles(rolename,groupname);
-    """
-    db_util.run_statement(create_other_tables)
-
     gs_util.reload(settings.LAYMAN_GS_AUTH)

From 5dac91e3bd14c3aa57189afb79fe05d6f3348c9b Mon Sep 17 00:00:00 2001
From: Jiri Kozel <jirik@users.noreply.github.com>
Date: Fri, 22 Dec 2023 10:22:23 +0100
Subject: [PATCH 3/4] Remove unnecessary autosave=conservative

---
 .env.dev  | 2 +-
 .env.test | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.env.dev b/.env.dev
index f9518fe9f..db7fba29b 100644
--- a/.env.dev
+++ b/.env.dev
@@ -16,7 +16,7 @@ LAYMAN_AUTHN_MODULES=layman.authn.oauth2,layman.authn.http_header
 LAYMAN_AUTHN_HTTP_HEADER_NAME=a0468616f9968eaecdc3377988aba650
 GRANT_CREATE_PUBLIC_WORKSPACE=EVERYONE
 GRANT_PUBLISH_IN_PUBLIC_WORKSPACE=EVERYONE
-LAYMAN_ROLE_SERVICE_URI=postgresql://docker:docker@postgresql:5432/gis?autosave=conservative&schema=_role_service
+LAYMAN_ROLE_SERVICE_URI=postgresql://docker:docker@postgresql:5432/gis?schema=_role_service
 
 # connection parameters to PostgreSQL database
 LAYMAN_PG_HOST=postgresql
diff --git a/.env.test b/.env.test
index 9633a26d1..219359460 100644
--- a/.env.test
+++ b/.env.test
@@ -16,7 +16,7 @@ LAYMAN_AUTHN_MODULES=layman.authn.http_header
 LAYMAN_AUTHN_HTTP_HEADER_NAME=a0468616f9968eaecdc3377988aba650
 GRANT_CREATE_PUBLIC_WORKSPACE=EVERYONE
 GRANT_PUBLISH_IN_PUBLIC_WORKSPACE=EVERYONE
-LAYMAN_ROLE_SERVICE_URI=postgresql://docker:docker@postgresql:5432/layman_test?autosave=conservative&schema=_role_service
+LAYMAN_ROLE_SERVICE_URI=postgresql://docker:docker@postgresql:5432/layman_test?schema=_role_service
 
 # connection parameters to PostgreSQL database
 LAYMAN_PG_HOST=postgresql

From ce839dd88a54fca5371fa3bd0245ad3c93ae75b0 Mon Sep 17 00:00:00 2001
From: Jiri Kozel <jirik@users.noreply.github.com>
Date: Fri, 22 Dec 2023 16:06:43 +0100
Subject: [PATCH 4/4] Fix test_create_role_service_schema in
 upgrade_v1_23_test.py

---
 src/layman/upgrade/upgrade_v1_23_test.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/layman/upgrade/upgrade_v1_23_test.py b/src/layman/upgrade/upgrade_v1_23_test.py
index 0c43099e0..7451434b6 100644
--- a/src/layman/upgrade/upgrade_v1_23_test.py
+++ b/src/layman/upgrade/upgrade_v1_23_test.py
@@ -93,11 +93,29 @@ def test_create_role_service_schema():
     (select count(*) from {ROLE_SERVICE_SCHEMA}.admin_user_roles) admin_user_roles,
     (select count(*) from {ROLE_SERVICE_SCHEMA}.user_roles) user_roles'''
 
+    # prepare simple schema in the same way as in setup_geoserver.py
+    prepare_simple_schema_statement = f"""
+CREATE SCHEMA "{ROLE_SERVICE_SCHEMA}" AUTHORIZATION {settings.LAYMAN_PG_USER};
+create view {ROLE_SERVICE_SCHEMA}.roles as select 'ADMIN'::varchar(64) as name, null::varchar(64) as parent
+union all select 'GROUP_ADMIN', null
+union all select %s, null
+;
+create view {ROLE_SERVICE_SCHEMA}.role_props as select null::varchar(64) as rolename, null::varchar(64) as propname, null::varchar(2048) as propvalue;
+create view {ROLE_SERVICE_SCHEMA}.user_roles as select %s::varchar(64) as username, 'ADMIN'::varchar(64) as rolename
+union all select %s, %s
+union all select %s, 'ADMIN'
+;
+create view {ROLE_SERVICE_SCHEMA}.group_roles as select null::varchar(128) as groupname, null::varchar(64) as rolename;
+    """
+
     with app.app_context():
         ensure_whole_user(username, userinfo)
         db_util.run_statement(drop_statement)
         result = db_util.run_query(schema_existence_query)[0][0]
         assert result == 0
+        db_util.run_statement(prepare_simple_schema_statement, data=(
+            settings.LAYMAN_GS_ROLE, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE,
+            settings.GEOSERVER_ADMIN_USER))
 
         upgrade_v1_23.create_role_service_schema()