You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2022/06/01 19:44:09 UTC

[GitHub] [trafficcontrol] zrhoffman commented on a diff in pull request #6802: Squash database migrations

zrhoffman commented on code in PR #6802:
URL: https://github.com/apache/trafficcontrol/pull/6802#discussion_r887237658


##########
traffic_ops/app/db/create_tables.sql:
##########
@@ -37,6 +37,7 @@ CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog;
 

Review Comment:
   Let's set the admin user aside for now. Other roles are missing permissions, compared to what they had in a db dump after `db/admin load_schema` + `db/admin upgrade` on master:
   
   The `read-only` role is missing a permission:
   
   ```diff
   @@ -63,7 +60,6 @@
    3	CDN-SNAPSHOT:READ	A_TIMESTAMP
    3	COORDINATE:READ	A_TIMESTAMP
    3	DELIVERY-SERVICE:READ	A_TIMESTAMP
   -3	DELIVERY-SERVICE-SAFE:UPDATE	A_TIMESTAMP
    3	DIVISION:READ	A_TIMESTAMP
    3	DS-REQUEST:READ	A_TIMESTAMP
    3	DS-SECURITY-KEY:READ	A_TIMESTAMP
   ```
   
   The `portal` user is missing a permission:
   
   ```diff
   -5	DELIVERY-SERVICE-SAFE:UPDATE	A_TIMESTAMP
   ```
   
   The `steering` user is missing permissions:
   
   ```diff
   -6	ASN:READ	A_TIMESTAMP
   -6	ASYNC-STATUS:READ	A_TIMESTAMP
   -6	CACHE-GROUP:READ	A_TIMESTAMP
   -6	CAPABILITY:READ	A_TIMESTAMP
   -6	CDN:READ	A_TIMESTAMP
   -6	CDN-SNAPSHOT:READ	A_TIMESTAMP
   -6	COORDINATE:READ	A_TIMESTAMP
    6	DELIVERY-SERVICE:READ	A_TIMESTAMP
   -6	DELIVERY-SERVICE-SAFE:UPDATE	A_TIMESTAMP
   -6	DIVISION:READ	A_TIMESTAMP
   -6	DS-REQUEST:CREATE	A_TIMESTAMP
   -6	DS-REQUEST:DELETE	A_TIMESTAMP
   -6	DS-REQUEST:READ	A_TIMESTAMP
   -6	DS-REQUEST:UPDATE	A_TIMESTAMP
   -6	DS-SECURITY-KEY:READ	A_TIMESTAMP
   -6	FEDERATION:CREATE	A_TIMESTAMP
   -6	FEDERATION:DELETE	A_TIMESTAMP
   -6	FEDERATION:READ	A_TIMESTAMP
   -6	FEDERATION-RESOLVER:CREATE	A_TIMESTAMP
   -6	FEDERATION-RESOLVER:DELETE	A_TIMESTAMP
   -6	FEDERATION-RESOLVER:READ	A_TIMESTAMP
   -6	FEDERATION:UPDATE	A_TIMESTAMP
   -6	ISO:READ	A_TIMESTAMP
   -6	JOB:CREATE	A_TIMESTAMP
   -6	JOB:DELETE	A_TIMESTAMP
   -6	JOB:READ	A_TIMESTAMP
   -6	JOB:UPDATE	A_TIMESTAMP
   -6	LOG:READ	A_TIMESTAMP
   -6	MONITOR-CONFIG:READ	A_TIMESTAMP
   -6	ORIGIN:READ	A_TIMESTAMP
   -6	PARAMETER:READ	A_TIMESTAMP
   -6	PHYSICAL-LOCATION:READ	A_TIMESTAMP
   -6	PLUGIN-READ	A_TIMESTAMP
   -6	PROFILE:READ	A_TIMESTAMP
   -6	REGION:READ	A_TIMESTAMP
   -6	ROLE:READ	A_TIMESTAMP
   -6	SERVER-CAPABILITY:READ	A_TIMESTAMP
   -6	SERVER-CHECK:READ	A_TIMESTAMP
   -6	SERVER:READ	A_TIMESTAMP
   -6	SERVICE-CATEGORY:READ	A_TIMESTAMP
   -6	STAT:CREATE	A_TIMESTAMP
   -6	STATIC-DN:READ	A_TIMESTAMP
   -6	STAT:READ	A_TIMESTAMP
   -6	STATUS:READ	A_TIMESTAMP
    6	STEERING:CREATE	A_TIMESTAMP
    6	STEERING:DELETE	A_TIMESTAMP
   -6	STEERING:READ	A_TIMESTAMP
    6	STEERING:UPDATE	A_TIMESTAMP
   -6	TENANT:READ	A_TIMESTAMP
   -6	TOPOLOGY:READ	A_TIMESTAMP
   -6	TRAFFIC-VAULT:READ	A_TIMESTAMP
   -6	TYPE:READ	A_TIMESTAMP
   -6	USER:READ	A_TIMESTAMP
   ```
   
   The `federation` user is missing permissions:
   
   ```
   -7	ASN:READ	A_TIMESTAMP
   -7	ASYNC-STATUS:READ	A_TIMESTAMP
   -7	CACHE-GROUP:READ	A_TIMESTAMP
   -7	CAPABILITY:READ	A_TIMESTAMP
   -7	CDN:READ	A_TIMESTAMP
   -7	CDN-SNAPSHOT:READ	A_TIMESTAMP
   -7	COORDINATE:READ	A_TIMESTAMP
    7	DELIVERY-SERVICE:READ	A_TIMESTAMP
   -7	DELIVERY-SERVICE-SAFE:UPDATE	A_TIMESTAMP
    7	DELIVERY-SERVICE:UPDATE	A_TIMESTAMP
   -7	DIVISION:READ	A_TIMESTAMP
   -7	DS-REQUEST:CREATE	A_TIMESTAMP
   -7	DS-REQUEST:DELETE	A_TIMESTAMP
   -7	DS-REQUEST:READ	A_TIMESTAMP
   -7	DS-REQUEST:UPDATE	A_TIMESTAMP
   -7	DS-SECURITY-KEY:READ	A_TIMESTAMP
   -7	FEDERATION:READ	A_TIMESTAMP
   -7	FEDERATION-RESOLVER:READ	A_TIMESTAMP
   -7	ISO:READ	A_TIMESTAMP
   -7	JOB:CREATE	A_TIMESTAMP
   -7	JOB:DELETE	A_TIMESTAMP
   -7	JOB:READ	A_TIMESTAMP
   -7	JOB:UPDATE	A_TIMESTAMP
   -7	LOG:READ	A_TIMESTAMP
   -7	MONITOR-CONFIG:READ	A_TIMESTAMP
   -7	ORIGIN:READ	A_TIMESTAMP
   -7	PARAMETER:READ	A_TIMESTAMP
   -7	PHYSICAL-LOCATION:READ	A_TIMESTAMP
   -7	PLUGIN-READ	A_TIMESTAMP
   -7	PROFILE:READ	A_TIMESTAMP
   -7	REGION:READ	A_TIMESTAMP
   -7	ROLE:READ	A_TIMESTAMP
   -7	SERVER-CAPABILITY:READ	A_TIMESTAMP
   -7	SERVER-CHECK:READ	A_TIMESTAMP
   -7	SERVER:READ	A_TIMESTAMP
   -7	SERVICE-CATEGORY:READ	A_TIMESTAMP
   -7	STAT:CREATE	A_TIMESTAMP
   -7	STATIC-DN:READ	A_TIMESTAMP
   -7	STAT:READ	A_TIMESTAMP
   -7	STATUS:READ	A_TIMESTAMP
   -7	STEERING:CREATE	A_TIMESTAMP
   -7	STEERING:DELETE	A_TIMESTAMP
   -7	STEERING:READ	A_TIMESTAMP
   -7	STEERING:UPDATE	A_TIMESTAMP
   -7	TENANT:READ	A_TIMESTAMP
   -7	TOPOLOGY:READ	A_TIMESTAMP
   -7	TRAFFIC-VAULT:READ	A_TIMESTAMP
   -7	TYPE:READ	A_TIMESTAMP
   -7	USER:READ	A_TIMESTAMP
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficcontrol.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org