You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/12/09 20:30:35 UTC
git commit: updated refs/heads/rbac to 288a811
Updated Branches:
refs/heads/rbac a416f6c3c -> 288a81180
Populate default group, policy, account mapping.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/288a8118
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/288a8118
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/288a8118
Branch: refs/heads/rbac
Commit: 288a81180c0164622c86604cb1be761a38ac2977
Parents: a416f6c
Author: Min Chen <mi...@citrix.com>
Authored: Mon Dec 9 11:29:39 2013 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Mon Dec 9 11:29:39 2013 -0800
----------------------------------------------------------------------
.../com/cloud/upgrade/dao/Upgrade421to430.java | 34 --------------------
setup/db/db/schema-421to430.sql | 10 +++++-
2 files changed, 9 insertions(+), 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/288a8118/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
index 94a0c91..1e6179e 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
@@ -63,7 +63,6 @@ public class Upgrade421to430 implements DbUpgrade {
@Override
public void performDataMigration(Connection conn) {
populateACLGroupAccountMap(conn);
- populateACLGroupPolicyMap(conn);
//populateACLRoleBasedAPIPermission(conn);
}
@@ -112,39 +111,6 @@ public class Upgrade421to430 implements DbUpgrade {
s_logger.debug("Completed populate acl_group_account_map for existing accounts.");
}
- // populate acl_group_policy_map table for existing accounts
- private void populateACLGroupPolicyMap(Connection conn) {
- PreparedStatement sqlInsert = null;
- ResultSet rs = null;
-
- s_logger.debug("Populating acl_group_policy_map table for default groups and policies...");
- try {
- sqlInsert = conn
- .prepareStatement("INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(?, ?, Now())");
- for (int i = 1; i < 6; i++) {
- // insert entry in acl_group_policy_map table, 1 to 1 mapping for default group and policy
- sqlInsert.setLong(1, i);
- sqlInsert.setLong(2, i);
- sqlInsert.executeUpdate();
- }
- } catch (SQLException e) {
- String msg = "Unable to populate acl_group_policy_map for default groups and policies." + e.getMessage();
- s_logger.error(msg);
- throw new CloudRuntimeException(msg, e);
- } finally {
- try {
- if (rs != null) {
- rs.close();
- }
-
- if (sqlInsert != null) {
- sqlInsert.close();
- }
- } catch (SQLException e) {
- }
- }
- s_logger.debug("Completed populate acl_group_policy_map for existing accounts.");
- }
private void populateACLRoleBasedAPIPermission(Connection conn) {
// read the commands.properties.in and populate the table
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/288a8118/setup/db/db/schema-421to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql
index 01c2daf..f15f2e4 100644
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@@ -378,7 +378,8 @@ INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, domain_id,
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, domain_id, account_id, created, policy_type) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), 1, 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, domain_id, account_id, created, policy_type) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), 1, 1, Now(), 'Static');
INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, domain_id, account_id, created, policy_type) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), 1, 1, Now(), 'Static');
-INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, domain_id, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), 1, 1, Now(), 'Dynamic');
+-- RESOURCE_OWNER dynamic policy we will handle that inside java logic
+-- INSERT IGNORE INTO `cloud`.`acl_policy` (id, name, description, uuid, domain_id, account_id, created, policy_type) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), 1, 1, Now(), 'Dynamic');
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, domain_id, account_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), 1, 1, Now());
@@ -387,6 +388,13 @@ INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, domain_id,
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, domain_id, account_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin group', UUID(), 1, 1, Now());
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, domain_id, account_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin group', UUID(), 1, 1, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(1, 1, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(2, 2, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(3, 3, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(4, 4, Now());
+INSERT INTO `cloud`.`acl_group_policy_map` (group_id, policy_id, created) values(5, 5, Now());
+
+
CREATE OR REPLACE VIEW `cloud`.`acl_policy_view` AS
select
acl_policy.id id,