[
https://issues.apache.org/jira/browse/CLOUDSTACK-8562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15242039#comment-15242039
]
ASF GitHub Bot commented on CLOUDSTACK-8562:
--------------------------------------------
Github user jburwell commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1489#discussion_r59801500
--- Diff: engine/schema/src/com/cloud/upgrade/dao/Upgrade481to490.java ---
@@ -53,6 +62,139 @@ public boolean supportsRollingUpgrade() {
@Override
public void performDataMigration(Connection conn) {
+ setupRolesAndPermissionsForDynamicRBAC(conn);
+ }
+
+ private void createDefaultRole(final Connection conn, final Long id,
final String name, final RoleType roleType) {
+ final String insertSql = String.format("INSERT INTO
`cloud`.`roles` (`id`, `uuid`, `name`, `role_type`, `description`) values (%d,
UUID(), '%s', '%s', 'Default %s role');",
+ id, name, roleType.name(), roleType.name().toLowerCase());
+ try ( PreparedStatement updatePstmt =
conn.prepareStatement(insertSql) ) {
+ updatePstmt.executeUpdate();
+ } catch (SQLException e) {
+ throw new CloudRuntimeException("Unable to create default role
with id: " + id + " name: " + name, e);
+ }
+ }
+
+ private void createRoleMapping(final Connection conn, final Long
roleId, final String apiName) {
+ final String insertSql = String.format("INSERT INTO
`cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`) values
(UUID(), %d, '%s', 'ALLOW') ON DUPLICATE KEY UPDATE rule=rule;",
+ roleId, apiName);
+ try ( PreparedStatement updatePstmt =
conn.prepareStatement(insertSql)) {
+ updatePstmt.executeUpdate();
+ } catch (SQLException ignored) {
+ s_logger.debug("Unable to insert mapping for role id:" +
roleId + " apiName: " + apiName);
+ }
+ }
+
+ private void addRoleColumnAndMigrateAccountTable(final Connection
conn, final RoleType[] roleTypes) {
+ final String alterTableSql = "ALTER TABLE `cloud`.`account` ADD
COLUMN `role_id` bigint(20) unsigned COMMENT 'role id for this account' AFTER
`type`, " +
+ "ADD KEY `fk_account__role_id` (`role_id`), " +
+ "ADD CONSTRAINT `fk_account__role_id` FOREIGN KEY
(`role_id`) REFERENCES `roles` (`id`);";
+ try (PreparedStatement pstmt =
conn.prepareStatement(alterTableSql)) {
+ pstmt.executeUpdate();
+ s_logger.info("Altered cloud.account table and added column
role_id");
+ } catch (SQLException e) {
+ if (e.getMessage().contains("role_id")) {
+ s_logger.warn("cloud.account table already has the role_id
column, skipping altering table and migration of accounts");
+ return;
+ } else {
+ throw new CloudRuntimeException("Unable to create column
quota_calculated in table cloud_usage.cloud_usage", e);
+ }
+ }
+ migrateAccountsToDefaultRoles(conn, roleTypes);
+ }
+
+ private void migrateAccountsToDefaultRoles(final Connection conn,
final RoleType[] roleTypes) {
+ try (PreparedStatement selectStatement =
conn.prepareStatement("SELECT `id`, `type` FROM `cloud`.`account`;");
+ ResultSet selectResultSet = selectStatement.executeQuery()) {
+ while (selectResultSet.next()) {
+ Long accountId = selectResultSet.getLong(1);
+ Short accountType = selectResultSet.getShort(2);
+ Long roleId = null;
+ for (RoleType roleType : roleTypes) {
+ if (roleType.getAccountType() == accountType) {
+ roleId = roleType.getId();
+ break;
+ }
+ }
+ if (roleId == null) {
+ continue;
+ }
+ try (PreparedStatement updateStatement =
conn.prepareStatement("UPDATE `cloud`.`account` SET role_id = ? WHERE id =
?;")) {
+ updateStatement.setLong(1, roleId);
+ updateStatement.setLong(2, accountId);
+ updateStatement.executeUpdate();
+ updateStatement.close();
+
+ } catch (SQLException e) {
+ s_logger.error("Failed to update cloud.account role_id
for account id:" + accountId + " with exception: " + e.getMessage());
+ throw new CloudRuntimeException("Exception while
updating cloud.account role_id", e);
+ }
+ }
+ } catch (SQLException e) {
+ throw new CloudRuntimeException("Exception while migrating
existing account table's role_id column to a role based on account type", e);
+ }
+ s_logger.debug("Done migrating existing accounts to use one of
default roles based on account type");
+ }
+
+ private void setupRolesAndPermissionsForDynamicRBAC(final Connection
conn) {
+ try ( PreparedStatement selectStatement =
conn.prepareStatement("SELECT * FROM `cloud`.`roles`");
+ ResultSet resultSet = selectStatement.executeQuery()) {
--- End diff --
``resultSet`` is a resource that needs to closed. Please add it to the
enclosing try with resources block.
> User Definable Roles
> --------------------
>
> Key: CLOUDSTACK-8562
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8562
> Project: CloudStack
> Issue Type: New Feature
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Reporter: Paul Angus
> Assignee: Rohit Yadav
>
> Static command.properties moved to database and made user definable
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
