You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by rhtyd <gi...@git.apache.org> on 2016/08/19 12:05:29 UTC

[GitHub] cloudstack pull request #1649: CLOUDSTACK-9463: Fix dynamic-roles migrate sc...

GitHub user rhtyd opened a pull request:

    https://github.com/apache/cloudstack/pull/1649

    CLOUDSTACK-9463: Fix dynamic-roles migrate script for old format

    The old commands.properties format included the full class name such as:
    
    createAccount=com.cloud.api.commands.CreateAccountCmd;1
    
    The migration script did not consider this format and fails. With this fix
    the migration script will process both the formats, including processing a
    commands.properties file with mixed format, for example:
    
        $ cat commands.properties
        ### Account commands
        createAccount=1
        deleteAccount=2
        markDefaultZoneForAccount=com.cloud.api.commands.MarkDefaultZoneForAccountCmd;3
    
        $ python scripts/util/migrate-dynamicroles.py -d -f commands.properties
        Apache CloudStack Role Permission Migration Tool
        (c) Apache CloudStack Authors and the ASF, under the Apache License, Version 2.0
    
        Running this migration tool will remove any default-role permissions from cloud.role_permissions. Do you want to continue? [y/N]y
        The commands.properties file has been deprecated and moved at: commands.properties.deprecated
        Running SQL query: DELETE FROM `cloud`.`role_permissions` WHERE `role_id` in (1,2,3,4);
        Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 1, '*', 'ALLOW', 0);
        Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 2, 'deleteAccount', 'ALLOW', 0);
        Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 2, 'markDefaultZoneForAccount', 'ALLOW', 1);
        Static role permissions from commands.properties have been migrated into the db
        Running SQL query: UPDATE `cloud`.`configuration` SET value='true' where name='dynamic.apichecker.enabled'
        Dynamic role based API checker has been enabled!
    
    
    /cc @jburwell @karuturi @PaulAngus 
    
    Since we don't have any upgrade/marvin tests for this, the changes have been verified with above test as the script works against a commands.properties. A manual verification by anyone else would be required to validate the changes.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/shapeblue/cloudstack 4.9-upgraderolescriptfix

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1649.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1649
    
----
commit f699fd4a15c8e58c534e98d8436beedf3b54fdc5
Author: Rohit Yadav <ro...@shapeblue.com>
Date:   2016-08-19T11:57:20Z

    CLOUDSTACK-9463: Fix dynamic-roles migrate script for old format
    
    The old commands.properties format included the full class name such as:
    
    createAccount=com.cloud.api.commands.CreateAccountCmd;1
    
    The migration script did not consider this format and fails. With this fix
    the migration script will process both the formats, including processing a
    commands.properties file with mixed format, for example:
    
        $ cat commands.properties
        ### Account commands
        createAccount=1
        deleteAccount=2
        markDefaultZoneForAccount=com.cloud.api.commands.MarkDefaultZoneForAccountCmd;3
    
        $ python scripts/util/migrate-dynamicroles.py -d -f commands.properties
        Apache CloudStack Role Permission Migration Tool
        (c) Apache CloudStack Authors and the ASF, under the Apache License, Version 2.0
    
        Running this migration tool will remove any default-role permissions from cloud.role_permissions. Do you want to continue? [y/N]y
        The commands.properties file has been deprecated and moved at: commands.properties.deprecated
        Running SQL query: DELETE FROM `cloud`.`role_permissions` WHERE `role_id` in (1,2,3,4);
        Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 1, '*', 'ALLOW', 0);
        Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 2, 'deleteAccount', 'ALLOW', 0);
        Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 2, 'markDefaultZoneForAccount', 'ALLOW', 1);
        Static role permissions from commands.properties have been migrated into the db
        Running SQL query: UPDATE `cloud`.`configuration` SET value='true' where name='dynamic.apichecker.enabled'
        Dynamic role based API checker has been enabled!
    
    Signed-off-by: Rohit Yadav <ro...@shapeblue.com>

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1649: CLOUDSTACK-9463: Fix dynamic-roles migrate script fo...

Posted by blueorangutan <gi...@git.apache.org>.

Github user blueorangutan commented on the issue:

    https://github.com/apache/cloudstack/pull/1649
  
    @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1649: CLOUDSTACK-9463: Fix dynamic-roles migrate script fo...

Posted by rhtyd <gi...@git.apache.org>.

Github user rhtyd commented on the issue:

    https://github.com/apache/cloudstack/pull/1649
  
    This change is limited to the migration script and does not impact CloudStack. Manual tests confirmed the fix works with both new and old commands.properties.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1649: CLOUDSTACK-9463: Fix dynamic-roles migrate script fo...

Posted by blueorangutan <gi...@git.apache.org>.

Github user blueorangutan commented on the issue:

    https://github.com/apache/cloudstack/pull/1649
  
    Packaging result: \u2714centos6 \u2714centos7 \u2714debian repo: http://packages.shapeblue.com/cloudstack/pr/1649
    Job ID-93


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1649: CLOUDSTACK-9463: Fix dynamic-roles migrate script fo...

Posted by rhtyd <gi...@git.apache.org>.

Github user rhtyd commented on the issue:

    https://github.com/apache/cloudstack/pull/1649
  
    Test run:
    
    python scripts/util/migrate-dynamicroles.py -d -f commands.properties
    Apache CloudStack Role Permission Migration Tool
    (c) Apache CloudStack Authors and the ASF, under the Apache License, Version 2.0
    
    Running this migration tool will remove any default-role permissions from cloud.role_permissions. Do you want to continue? [y/N]y
    The commands.properties file has been deprecated and moved at: commands.properties.deprecated
    Running SQL query: DELETE FROM `cloud`.`role_permissions` WHERE `role_id` in (1,2,3,4);
    Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 1, '*', 'ALLOW', 0);
    Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 2, 'deleteAccount', 'ALLOW', 0);
    Running SQL query: INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 2, 'markDefaultZoneForAccount', 'ALLOW', 1);
    Static role permissions from commands.properties have been migrated into the db
    Running SQL query: UPDATE `cloud`.`configuration` SET value='true' where name='dynamic.apichecker.enabled'
    Dynamic role based API checker has been enabled!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1649: CLOUDSTACK-9463: Fix dynamic-roles migrate script fo...

Posted by rhtyd <gi...@git.apache.org>.

Github user rhtyd commented on the issue:

    https://github.com/apache/cloudstack/pull/1649
  
    @blueorangutan package


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack issue #1649: CLOUDSTACK-9463: Fix dynamic-roles migrate script fo...

Posted by PaulAngus <gi...@git.apache.org>.

Github user PaulAngus commented on the issue:

    https://github.com/apache/cloudstack/pull/1649
  
    LGTM tested against a client's customised commands.properties file.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] cloudstack pull request #1649: CLOUDSTACK-9463: Fix dynamic-roles migrate sc...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/cloudstack/pull/1649


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---