diff options
| author | Zuul <zuul@review.opendev.org> | 2022-02-08 13:45:57 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2022-02-08 13:45:57 +0000 |
| commit | 6ddaea05ae8f94572a9ba8d78d4bbde0d402ebd1 (patch) | |
| tree | 2fc5a128f759b316b81fbf86b96e3a2f127c0d62 | |
| parent | 9daad37b2f3d8cfe0587fb7a48dc3a856b139c85 (diff) | |
| parent | 6058ae332a9ef49bd8523a186479773592119a0e (diff) | |
| download | keystone-6ddaea05ae8f94572a9ba8d78d4bbde0d402ebd1.tar.gz | |
Merge "sql: Squash queens migrations"
44 files changed, 154 insertions, 1430 deletions
diff --git a/keystone/common/sql/contract_repo/versions/025_placeholder.py b/keystone/common/sql/contract_repo/versions/025_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/contract_repo/versions/025_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/contract_repo/versions/026_placeholder.py b/keystone/common/sql/contract_repo/versions/026_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/contract_repo/versions/026_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/contract_repo/versions/027_placeholder.py b/keystone/common/sql/contract_repo/versions/027_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/contract_repo/versions/027_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/contract_repo/versions/028_placeholder.py b/keystone/common/sql/contract_repo/versions/028_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/contract_repo/versions/028_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/contract_repo/versions/029_placeholder.py b/keystone/common/sql/contract_repo/versions/029_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/contract_repo/versions/029_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/contract_repo/versions/030_contract_add_project_tags_table.py b/keystone/common/sql/contract_repo/versions/030_contract_add_project_tags_table.py deleted file mode 100644 index 8aa15c1ef..000000000 --- a/keystone/common/sql/contract_repo/versions/030_contract_add_project_tags_table.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/contract_repo/versions/031_contract_system_assignment_table.py b/keystone/common/sql/contract_repo/versions/031_contract_system_assignment_table.py deleted file mode 100644 index 18a28170c..000000000 --- a/keystone/common/sql/contract_repo/versions/031_contract_system_assignment_table.py +++ /dev/null @@ -1,16 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - # NOTE(lbragstad): System assignments only require additive changes. - pass diff --git a/keystone/common/sql/contract_repo/versions/032_contract_add_expired_at_int_to_trust.py b/keystone/common/sql/contract_repo/versions/032_contract_add_expired_at_int_to_trust.py deleted file mode 100644 index 5839b8caa..000000000 --- a/keystone/common/sql/contract_repo/versions/032_contract_add_expired_at_int_to_trust.py +++ /dev/null @@ -1,51 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import datetime - -from migrate import UniqueConstraint -import pytz -import sqlalchemy as sql -from sqlalchemy.orm import sessionmaker - - -_epoch = datetime.datetime.fromtimestamp(0, tz=pytz.UTC) - - -def _convert_value_datetime_to_int(dt): - dt = dt.replace(tzinfo=pytz.utc) - return int((dt - _epoch).total_seconds() * 1000000) - - -def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - maker = sessionmaker(bind=migrate_engine) - session = maker() - - trust_table = sql.Table('trust', meta, autoload=True) - trusts = list(trust_table.select().execute()) - - for trust in trusts: - values = {} - if trust.expires_at is not None: - values['expires_at_int'] = _convert_value_datetime_to_int( - trust.expires_at) - - update = trust_table.update().where( - trust_table.c.id == trust.id).values(values) - session.execute(update) - session.commit() - - UniqueConstraint(table=trust_table, - name='duplicate_trust_constraint').drop() - session.close() diff --git a/keystone/common/sql/contract_repo/versions/033_contract_add_limits_tables.py b/keystone/common/sql/contract_repo/versions/033_contract_add_limits_tables.py deleted file mode 100644 index 8aa15c1ef..000000000 --- a/keystone/common/sql/contract_repo/versions/033_contract_add_limits_tables.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/contract_repo/versions/034_contract_add_application_credentials_table.py b/keystone/common/sql/contract_repo/versions/034_contract_add_application_credentials_table.py deleted file mode 100644 index 8aa15c1ef..000000000 --- a/keystone/common/sql/contract_repo/versions/034_contract_add_application_credentials_table.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/contract_repo/versions/035_contract_add_system_column_to_application_credential_table.py b/keystone/common/sql/contract_repo/versions/035_contract_add_system_column_to_application_credential_table.py deleted file mode 100644 index 192391a54..000000000 --- a/keystone/common/sql/contract_repo/versions/035_contract_add_system_column_to_application_credential_table.py +++ /dev/null @@ -1,23 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import sqlalchemy as sql - - -def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - - application_credential_table = sql.Table( - 'application_credential', meta, autoload=True - ) - application_credential_table.c.project_id.alter(nullable=True) diff --git a/keystone/common/sql/contract_repo/versions/036_contract_rename_application_credential_restriction_column.py b/keystone/common/sql/contract_repo/versions/036_contract_rename_application_credential_restriction_column.py deleted file mode 100644 index f8ef7e1a7..000000000 --- a/keystone/common/sql/contract_repo/versions/036_contract_rename_application_credential_restriction_column.py +++ /dev/null @@ -1,40 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import sqlalchemy as sql - - -def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - - application_credential_table = sql.Table( - 'application_credential', meta, autoload=True - ) - if migrate_engine.name == 'sqlite': - old_table = sql.Table('application_credential', meta, autoload=True) - new_table = sql.Table('application_credential_temp', meta, - autoload=True) - old_table.drop() - new_table.rename('application_credential') - else: - table = application_credential_table - # NOTE(cmurphy) because of lb#1744948, some deployments could already - # have made it past the expand step and be stuck on the contract step. - # If necessary, do the expand step here. - # At this point this API is not yet exposed and there should be no data - # in this table. - if 'unrestricted' not in table.columns: - unrestricted = sql.Column('unrestricted', sql.Boolean()) - table.create_column(unrestricted) - column = table.c.allow_application_credential_creation - column.drop() diff --git a/keystone/common/sql/contract_repo/versions/024_contract_initial_migration.py b/keystone/common/sql/contract_repo/versions/037_contract_initial_migration.py index 1cd34e617..1cd34e617 100644 --- a/keystone/common/sql/contract_repo/versions/024_contract_initial_migration.py +++ b/keystone/common/sql/contract_repo/versions/037_contract_initial_migration.py diff --git a/keystone/common/sql/contract_repo/versions/037_contract_remove_service_and_region_fk_for_registered_limit.py b/keystone/common/sql/contract_repo/versions/037_contract_remove_service_and_region_fk_for_registered_limit.py deleted file mode 100644 index 72a3f315f..000000000 --- a/keystone/common/sql/contract_repo/versions/037_contract_remove_service_and_region_fk_for_registered_limit.py +++ /dev/null @@ -1,36 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from migrate import ForeignKeyConstraint -import sqlalchemy as sql - - -def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - - registered_limit_table = sql.Table('registered_limit', meta, autoload=True) - service_table = sql.Table('service', meta, autoload=True) - region_table = sql.Table('region', meta, autoload=True) - - inspector = sql.inspect(migrate_engine) - for fk in inspector.get_foreign_keys('registered_limit'): - if fk['referred_table'] == 'service': - fkey = ForeignKeyConstraint([registered_limit_table.c.service_id], - [service_table.c.id], - name=fk['name']) - fkey.drop() - else: - fkey = ForeignKeyConstraint([registered_limit_table.c.region_id], - [region_table.c.id], - name=fk['name']) - fkey.drop() diff --git a/keystone/common/sql/data_migration_repo/versions/025_placeholder.py b/keystone/common/sql/data_migration_repo/versions/025_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/data_migration_repo/versions/025_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/026_placeholder.py b/keystone/common/sql/data_migration_repo/versions/026_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/data_migration_repo/versions/026_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/027_placeholder.py b/keystone/common/sql/data_migration_repo/versions/027_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/data_migration_repo/versions/027_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/028_placeholder.py b/keystone/common/sql/data_migration_repo/versions/028_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/data_migration_repo/versions/028_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/029_placeholder.py b/keystone/common/sql/data_migration_repo/versions/029_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/data_migration_repo/versions/029_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/030_migrate_add_project_tags_table.py b/keystone/common/sql/data_migration_repo/versions/030_migrate_add_project_tags_table.py deleted file mode 100644 index 8aa15c1ef..000000000 --- a/keystone/common/sql/data_migration_repo/versions/030_migrate_add_project_tags_table.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/031_migrate_system_assignment_table.py b/keystone/common/sql/data_migration_repo/versions/031_migrate_system_assignment_table.py deleted file mode 100644 index c02f78c4e..000000000 --- a/keystone/common/sql/data_migration_repo/versions/031_migrate_system_assignment_table.py +++ /dev/null @@ -1,17 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - # NOTE(lbragstad): A migration isn't required here since system assignments - # are a new feature in Queens. - pass diff --git a/keystone/common/sql/data_migration_repo/versions/032_migrate_add_expired_at_int_to_trust.py b/keystone/common/sql/data_migration_repo/versions/032_migrate_add_expired_at_int_to_trust.py deleted file mode 100644 index ce4496ee0..000000000 --- a/keystone/common/sql/data_migration_repo/versions/032_migrate_add_expired_at_int_to_trust.py +++ /dev/null @@ -1,22 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - # A migration here is not needed because the actual marshalling of data - # from the old column to the new column is done in the contract phase. This - # is because using triggers to convert datetime objects to integers is - # complex and error-prone. Instead, we'll migrate the data once all - # keystone nodes are on the Queens code-base. From an operator perspective, - # this shouldn't affect operability of a rolling upgrade since all nodes - # must be running Queens before the contract takes place. - pass diff --git a/keystone/common/sql/data_migration_repo/versions/033_migrate_add_limits_tables.py b/keystone/common/sql/data_migration_repo/versions/033_migrate_add_limits_tables.py deleted file mode 100644 index 8aa15c1ef..000000000 --- a/keystone/common/sql/data_migration_repo/versions/033_migrate_add_limits_tables.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/034_migrate_add_application_credentials_table.py b/keystone/common/sql/data_migration_repo/versions/034_migrate_add_application_credentials_table.py deleted file mode 100644 index 8aa15c1ef..000000000 --- a/keystone/common/sql/data_migration_repo/versions/034_migrate_add_application_credentials_table.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/035_migrate_add_system_column_to_application_credential_table.py b/keystone/common/sql/data_migration_repo/versions/035_migrate_add_system_column_to_application_credential_table.py deleted file mode 100644 index 8aa15c1ef..000000000 --- a/keystone/common/sql/data_migration_repo/versions/035_migrate_add_system_column_to_application_credential_table.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/036_migrate_rename_application_credential_restriction_column.py b/keystone/common/sql/data_migration_repo/versions/036_migrate_rename_application_credential_restriction_column.py deleted file mode 100644 index 8aa15c1ef..000000000 --- a/keystone/common/sql/data_migration_repo/versions/036_migrate_rename_application_credential_restriction_column.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/data_migration_repo/versions/024_migrate_initial_migration.py b/keystone/common/sql/data_migration_repo/versions/037_migrate_initial_migration.py index d05b151b8..d05b151b8 100644 --- a/keystone/common/sql/data_migration_repo/versions/024_migrate_initial_migration.py +++ b/keystone/common/sql/data_migration_repo/versions/037_migrate_initial_migration.py diff --git a/keystone/common/sql/data_migration_repo/versions/037_migrate_remove_service_and_region_fk_for_registered_limit.py b/keystone/common/sql/data_migration_repo/versions/037_migrate_remove_service_and_region_fk_for_registered_limit.py deleted file mode 100644 index 9cb40b454..000000000 --- a/keystone/common/sql/data_migration_repo/versions/037_migrate_remove_service_and_region_fk_for_registered_limit.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/expand_repo/versions/025_placeholder.py b/keystone/common/sql/expand_repo/versions/025_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/expand_repo/versions/025_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/expand_repo/versions/026_placeholder.py b/keystone/common/sql/expand_repo/versions/026_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/expand_repo/versions/026_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/expand_repo/versions/027_placeholder.py b/keystone/common/sql/expand_repo/versions/027_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/expand_repo/versions/027_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/expand_repo/versions/028_placeholder.py b/keystone/common/sql/expand_repo/versions/028_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/expand_repo/versions/028_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/expand_repo/versions/029_placeholder.py b/keystone/common/sql/expand_repo/versions/029_placeholder.py deleted file mode 100644 index a96cd6f36..000000000 --- a/keystone/common/sql/expand_repo/versions/029_placeholder.py +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is a placeholder for Pike backports. Do not use this number for new -# Queens work. New Queens work starts after all the placeholders. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/expand_repo/versions/030_expand_add_project_tags_table.py b/keystone/common/sql/expand_repo/versions/030_expand_add_project_tags_table.py deleted file mode 100644 index 71ff49d43..000000000 --- a/keystone/common/sql/expand_repo/versions/030_expand_add_project_tags_table.py +++ /dev/null @@ -1,44 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import sqlalchemy as sql - - -def upgrade(migrate_engine): - - meta = sql.MetaData() - meta.bind = migrate_engine - - project_table = sql.Table('project', meta, autoload=True) - - # NOTE(lamt) To allow tag name to be case sensitive for MySQL, the 'name' - # column needs to use collation, which is incompatible with Postgresql. - # Using unicode to mirror nova's server tag: - # https://github.com/openstack/nova/blob/master/nova/db/sqlalchemy/models.py - project_tags_table = sql.Table( - 'project_tag', - meta, - sql.Column('project_id', - sql.String(64), - sql.ForeignKey(project_table.c.id, ondelete='CASCADE'), - nullable=False, - primary_key=True), - sql.Column('name', - sql.Unicode(255), - nullable=False, - primary_key=True), - sql.UniqueConstraint('project_id', 'name'), - mysql_engine='InnoDB', - mysql_charset='utf8' - ) - - project_tags_table.create(migrate_engine, checkfirst=True) diff --git a/keystone/common/sql/expand_repo/versions/031_expand_system_assignment_table.py b/keystone/common/sql/expand_repo/versions/031_expand_system_assignment_table.py deleted file mode 100644 index 45af9863b..000000000 --- a/keystone/common/sql/expand_repo/versions/031_expand_system_assignment_table.py +++ /dev/null @@ -1,33 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import sqlalchemy as sql - - -def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - system_assignment = sql.Table( - 'system_assignment', - meta, - sql.Column('type', sql.String(64), nullable=False), - sql.Column('actor_id', sql.String(64), nullable=False), - sql.Column('target_id', sql.String(64), nullable=False), - sql.Column('role_id', sql.String(64), nullable=False), - sql.Column('inherited', sql.Boolean, default=False, nullable=False), - sql.PrimaryKeyConstraint( - 'type', 'actor_id', 'target_id', 'role_id', 'inherited' - ), - mysql_engine='InnoDB', - mysql_charset='utf8' - ) - system_assignment.create() diff --git a/keystone/common/sql/expand_repo/versions/032_expand_add_expired_at_int_to_trust.py b/keystone/common/sql/expand_repo/versions/032_expand_add_expired_at_int_to_trust.py deleted file mode 100644 index fd5d6ad65..000000000 --- a/keystone/common/sql/expand_repo/versions/032_expand_add_expired_at_int_to_trust.py +++ /dev/null @@ -1,35 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -from migrate import UniqueConstraint -import sqlalchemy as sql - -from keystone.common import sql as ks_sql - - -def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - - # NOTE(morgan): column is nullable here for migration purposes - # it is set to not-nullable in the contract phase to ensure we can handle - # rolling upgrades in a sane way. This differs from the model in - # keystone.identity.backends.sql_model by design. - expires_at = sql.Column('expires_at_int', ks_sql.DateTimeInt()) - trust_table = sql.Table('trust', meta, autoload=True) - trust_table.create_column(expires_at) - - UniqueConstraint('trustor_user_id', 'trustee_user_id', 'project_id', - 'impersonation', 'expires_at', 'expires_at_int', - table=trust_table, - name='duplicate_trust_constraint_expanded').create() diff --git a/keystone/common/sql/expand_repo/versions/033_expand_add_limits_tables.py b/keystone/common/sql/expand_repo/versions/033_expand_add_limits_tables.py deleted file mode 100644 index cd6149c14..000000000 --- a/keystone/common/sql/expand_repo/versions/033_expand_add_limits_tables.py +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2018 SUSE Linux Gmbh -# Copyright 2018 Huawei -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import migrate -import sqlalchemy as sql - - -def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - - service_table = sql.Table('service', meta, autoload=True) - region_table = sql.Table('region', meta, autoload=True) - project_table = sql.Table('project', meta, autoload=True) - - registered_limit_table = sql.Table( - 'registered_limit', - meta, - sql.Column('id', sql.String(length=64), primary_key=True), - sql.Column('service_id', - sql.String(255), - sql.ForeignKey(service_table.c.id)), - sql.Column('region_id', - sql.String(64), - sql.ForeignKey(region_table.c.id), nullable=True), - sql.Column('resource_name', sql.String(255)), - sql.Column('default_limit', sql.Integer, nullable=False), - sql.UniqueConstraint('service_id', 'region_id', 'resource_name'), - mysql_engine='InnoDB', - mysql_charset='utf8') - registered_limit_table.create(migrate_engine, checkfirst=True) - - limit_table = sql.Table( - 'limit', - meta, - sql.Column('id', sql.String(length=64), primary_key=True), - sql.Column('project_id', - sql.String(64), - sql.ForeignKey(project_table.c.id)), - sql.Column('service_id', sql.String(255)), - sql.Column('region_id', sql.String(64), nullable=True), - sql.Column('resource_name', sql.String(255)), - sql.Column('resource_limit', sql.Integer, nullable=False), - sql.UniqueConstraint('project_id', 'service_id', 'region_id', - 'resource_name'), - mysql_engine='InnoDB', - mysql_charset='utf8') - limit_table.create(migrate_engine, checkfirst=True) - - migrate.ForeignKeyConstraint( - columns=[limit_table.c.service_id, - limit_table.c.region_id, - limit_table.c.resource_name], - refcolumns=[registered_limit_table.c.service_id, - registered_limit_table.c.region_id, - registered_limit_table.c.resource_name]).create() diff --git a/keystone/common/sql/expand_repo/versions/034_expand_add_application_credential_table.py b/keystone/common/sql/expand_repo/versions/034_expand_add_application_credential_table.py deleted file mode 100644 index 3ddb812bb..000000000 --- a/keystone/common/sql/expand_repo/versions/034_expand_add_application_credential_table.py +++ /dev/null @@ -1,52 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import sqlalchemy as sql - -from keystone.common import sql as ks_sql - - -def upgrade(migrate_engine): - - meta = sql.MetaData() - meta.bind = migrate_engine - - application_credential = sql.Table( - 'application_credential', meta, - sql.Column('internal_id', sql.Integer, primary_key=True, - nullable=False), - sql.Column('id', sql.String(length=64), nullable=False), - sql.Column('name', sql.String(length=255), nullable=False), - sql.Column('secret_hash', sql.String(length=255), nullable=False), - sql.Column('description', sql.Text), - sql.Column('user_id', sql.String(length=64), nullable=False), - sql.Column('project_id', sql.String(64), nullable=False), - sql.Column('expires_at', ks_sql.DateTimeInt()), - sql.Column('allow_application_credential_creation', sql.Boolean), - sql.UniqueConstraint('user_id', 'name', - name='duplicate_app_cred_constraint'), - mysql_engine='InnoDB', - mysql_charset='utf8' - ) - - application_credential_role = sql.Table( - 'application_credential_role', meta, - sql.Column('application_credential_id', sql.Integer, - sql.ForeignKey(application_credential.c.internal_id, - ondelete='CASCADE'), - primary_key=True, nullable=False), - sql.Column('role_id', sql.String(length=64), primary_key=True, - nullable=False), - mysql_engine='InnoDB', mysql_charset='utf8') - - application_credential.create(migrate_engine, checkfirst=True) - application_credential_role.create(migrate_engine, checkfirst=True) diff --git a/keystone/common/sql/expand_repo/versions/035_expand_add_system_column_to_application_credential_table.py b/keystone/common/sql/expand_repo/versions/035_expand_add_system_column_to_application_credential_table.py deleted file mode 100644 index 7f389508a..000000000 --- a/keystone/common/sql/expand_repo/versions/035_expand_add_system_column_to_application_credential_table.py +++ /dev/null @@ -1,25 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import sqlalchemy as sql - - -def upgrade(migrate_engine): - - meta = sql.MetaData() - meta.bind = migrate_engine - - system = sql.Column('system', sql.String(64), nullable=True) - application_credential_table = sql.Table( - 'application_credential', meta, autoload=True - ) - application_credential_table.create_column(system) diff --git a/keystone/common/sql/expand_repo/versions/036_expand_rename_application_credential_restriction_column.py b/keystone/common/sql/expand_repo/versions/036_expand_rename_application_credential_restriction_column.py deleted file mode 100644 index 5d5b3ef06..000000000 --- a/keystone/common/sql/expand_repo/versions/036_expand_rename_application_credential_restriction_column.py +++ /dev/null @@ -1,44 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import sqlalchemy as sql - - -def upgrade(migrate_engine): - - meta = sql.MetaData() - meta.bind = migrate_engine - - table = sql.Table( - 'application_credential', meta, autoload=True - ) - # MySQL and PostgreSQL can handle a column rename. - # Only Sqlite is special. Since Sqlite can't support an online upgrade - # anyway, just brute-force the migration by copying the table. - if migrate_engine.name == 'sqlite': - old_table = table - - args = [] - for column in old_table.columns: - if column.name != 'allow_application_credential_creation': - args.append(column.copy()) - unrestricted = sql.Column('unrestricted', sql.Boolean) - args.append(unrestricted) - constraint = sql.UniqueConstraint('user_id', 'name', - name='duplicate_app_cred_constraint') - args.append(constraint) - new_table = sql.Table('application_credential_temp', - old_table.metadata, *args) - new_table.create(migrate_engine, checkfirst=True) - else: - unrestricted = sql.Column('unrestricted', sql.Boolean()) - table.create_column(unrestricted) diff --git a/keystone/common/sql/expand_repo/versions/024_expand_initial_migration.py b/keystone/common/sql/expand_repo/versions/037_expand_initial_migration.py index 602083317..a6e723b22 100644 --- a/keystone/common/sql/expand_repo/versions/024_expand_initial_migration.py +++ b/keystone/common/sql/expand_repo/versions/037_expand_initial_migration.py @@ -334,6 +334,26 @@ def upgrade(migrate_engine): mysql_charset='utf8', ) + # NOTE(lamt) To allow tag name to be case sensitive for MySQL, the 'name' + # column needs to use collation, which is incompatible with Postgresql. + # Using unicode to mirror nova's server tag: + # https://github.com/openstack/nova/blob/master/nova/db/sqlalchemy/models.py + project_tag = sql.Table( + 'project_tag', + meta, + sql.Column( + 'project_id', + sql.String(64), + sql.ForeignKey(project.c.id, ondelete='CASCADE'), + nullable=False, + primary_key=True, + ), + sql.Column('name', sql.Unicode(255), nullable=False, primary_key=True), + sql.UniqueConstraint('project_id', 'name'), + mysql_engine='InnoDB', + mysql_charset='utf8', + ) + project_endpoint = sql.Table( 'project_endpoint', meta, @@ -516,13 +536,15 @@ def upgrade(migrate_engine): sql.Column('expires_at', sql.DateTime), sql.Column('remaining_uses', sql.Integer, nullable=True), sql.Column('extra', ks_sql.JsonBlob.impl), + sql.Column('expires_at_int', ks_sql.DateTimeInt()), sql.UniqueConstraint( 'trustor_user_id', 'trustee_user_id', 'project_id', 'impersonation', 'expires_at', - name='duplicate_trust_constraint', + 'expires_at_int', + name='duplicate_trust_constraint_expanded', ), mysql_engine='InnoDB', mysql_charset='utf8', @@ -695,6 +717,91 @@ def upgrade(migrate_engine): mysql_charset='utf8', ) + system_assignment = sql.Table( + 'system_assignment', + meta, + sql.Column('type', sql.String(64), nullable=False), + sql.Column('actor_id', sql.String(64), nullable=False), + sql.Column('target_id', sql.String(64), nullable=False), + sql.Column('role_id', sql.String(64), nullable=False), + sql.Column('inherited', sql.Boolean, default=False, nullable=False), + sql.PrimaryKeyConstraint( + 'type', 'actor_id', 'target_id', 'role_id', 'inherited' + ), + mysql_engine='InnoDB', + mysql_charset='utf8', + ) + + registered_limit = sql.Table( + 'registered_limit', + meta, + sql.Column('id', sql.String(length=64), primary_key=True), + sql.Column('service_id', sql.String(255)), + sql.Column('region_id', sql.String(64), nullable=True), + sql.Column('resource_name', sql.String(255)), + sql.Column('default_limit', sql.Integer, nullable=False), + sql.UniqueConstraint('service_id', 'region_id', 'resource_name'), + mysql_engine='InnoDB', + mysql_charset='utf8', + ) + + limit = sql.Table( + 'limit', + meta, + sql.Column('id', sql.String(length=64), primary_key=True), + sql.Column('project_id', sql.String(64), sql.ForeignKey(project.c.id)), + sql.Column('service_id', sql.String(255)), + sql.Column('region_id', sql.String(64), nullable=True), + sql.Column('resource_name', sql.String(255)), + sql.Column('resource_limit', sql.Integer, nullable=False), + sql.UniqueConstraint( + 'project_id', 'service_id', 'region_id', 'resource_name' + ), + mysql_engine='InnoDB', + mysql_charset='utf8', + ) + + application_credential = sql.Table( + 'application_credential', + meta, + sql.Column( + 'internal_id', sql.Integer, primary_key=True, nullable=False + ), + sql.Column('id', sql.String(length=64), nullable=False), + sql.Column('name', sql.String(length=255), nullable=False), + sql.Column('secret_hash', sql.String(length=255), nullable=False), + sql.Column('description', sql.Text), + sql.Column('user_id', sql.String(length=64), nullable=False), + sql.Column('project_id', sql.String(64), nullable=True), + sql.Column('expires_at', ks_sql.DateTimeInt()), + sql.Column('system', sql.String(64), nullable=True), + sql.Column('unrestricted', sql.Boolean), + sql.UniqueConstraint( + 'user_id', 'name', name='duplicate_app_cred_constraint' + ), + mysql_engine='InnoDB', + mysql_charset='utf8', + ) + + application_credential_role = sql.Table( + 'application_credential_role', + meta, + sql.Column( + 'application_credential_id', + sql.Integer, + sql.ForeignKey( + application_credential.c.internal_id, ondelete='CASCADE' + ), + primary_key=True, + nullable=False, + ), + sql.Column( + 'role_id', sql.String(length=64), primary_key=True, nullable=False + ), + mysql_engine='InnoDB', + mysql_charset='utf8', + ) + # create all tables tables = [ credential, @@ -702,6 +809,7 @@ def upgrade(migrate_engine): group, policy, project, + project_tag, role, service, token, @@ -734,6 +842,11 @@ def upgrade(migrate_engine): password, federated_user, nonlocal_user, + system_assignment, + limit, + registered_limit, + application_credential, + application_credential_role, ] for table in tables: @@ -810,6 +923,18 @@ def upgrade(migrate_engine): 'onupdate': 'CASCADE', 'ondelete': 'CASCADE', }, + { + 'columns': [ + limit.c.service_id, + limit.c.region_id, + limit.c.resource_name, + ], + 'references': [ + registered_limit.c.service_id, + registered_limit.c.region_id, + registered_limit.c.resource_name, + ], + }, ] if migrate_engine.name == 'sqlite': @@ -898,3 +1023,9 @@ def upgrade(migrate_engine): $BODY$ LANGUAGE plpgsql; """) migrate_engine.execute(local_user_insert_trigger) + + # FIXME(stephenfin): Remove these indexes. They're left over from attempts + # to remove foreign key constraints in past migrations. Apparently + # sqlalchemy-migrate didn't do the job fully and left behind indexes + if migrate_engine.name == 'mysql': + sql.Index('region_id', registered_limit.c.region_id).create() diff --git a/keystone/common/sql/expand_repo/versions/037_expand_remove_service_and_region_fk_for_registered_limit.py b/keystone/common/sql/expand_repo/versions/037_expand_remove_service_and_region_fk_for_registered_limit.py deleted file mode 100644 index 9cb40b454..000000000 --- a/keystone/common/sql/expand_repo/versions/037_expand_remove_service_and_region_fk_for_registered_limit.py +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -def upgrade(migrate_engine): - pass diff --git a/keystone/common/sql/upgrades.py b/keystone/common/sql/upgrades.py index 30290daff..c1dd7dc3f 100644 --- a/keystone/common/sql/upgrades.py +++ b/keystone/common/sql/upgrades.py @@ -29,7 +29,7 @@ from keystone.i18n import _ USE_TRIGGERS = True -INITIAL_VERSION = 23 +INITIAL_VERSION = 36 EXPAND_REPO = 'expand_repo' DATA_MIGRATION_REPO = 'data_migration_repo' CONTRACT_REPO = 'contract_repo' diff --git a/keystone/tests/unit/test_sql_upgrade.py b/keystone/tests/unit/test_sql_upgrade.py index 2af9b95ec..725c31e00 100644 --- a/keystone/tests/unit/test_sql_upgrade.py +++ b/keystone/tests/unit/test_sql_upgrade.py @@ -53,10 +53,8 @@ from oslo_log import fixture as log_fixture from oslo_log import log from oslo_serialization import jsonutils from oslotest import base as test_base -import pytz import sqlalchemy.exc from sqlalchemy import inspect -from testtools import matchers from keystone.cmd import cli from keystone.common import sql @@ -93,6 +91,9 @@ INITIAL_TABLE_STRUCTURE = { 'id', 'name', 'extra', 'description', 'enabled', 'domain_id', 'parent_id', 'is_domain', ], + 'project_tag': [ + 'project_id', 'name', + ], 'role': [ 'id', 'name', 'extra', 'domain_id', ], @@ -105,6 +106,7 @@ INITIAL_TABLE_STRUCTURE = { 'trust': [ 'id', 'trustor_user_id', 'trustee_user_id', 'project_id', 'impersonation', 'deleted_at', 'expires_at', 'remaining_uses', 'extra', + 'expires_at_int', ], 'trust_role': [ 'trust_id', 'role_id', @@ -195,6 +197,23 @@ INITIAL_TABLE_STRUCTURE = { 'nonlocal_user': [ 'domain_id', 'name', 'user_id', ], + 'system_assignment': [ + 'type', 'actor_id', 'target_id', 'role_id', 'inherited', + ], + 'registered_limit': [ + 'id', 'service_id', 'region_id', 'resource_name', 'default_limit', + ], + 'limit': [ + 'id', 'project_id', 'service_id', 'region_id', 'resource_name', + 'resource_limit', + ], + 'application_credential': [ + 'internal_id', 'id', 'name', 'secret_hash', 'description', 'user_id', + 'project_id', 'expires_at', 'system', 'unrestricted', + ], + 'application_credential_role': [ + 'application_credential_id', 'role_id', + ], } @@ -605,506 +624,6 @@ class FullMigration(MigrateBase, unit.TestCase): upgrades.INITIAL_VERSION + 2, ) - def test_migration_030_expand_add_project_tags_table(self): - self.expand(29) - self.migrate(29) - self.contract(29) - - table_name = 'project_tag' - self.assertTableDoesNotExist(table_name) - - self.expand(30) - self.migrate(30) - self.contract(30) - - self.assertTableExists(table_name) - self.assertTableColumns( - table_name, - ['project_id', 'name']) - - def test_migration_030_project_tags_works_correctly_after_migration(self): - if self.engine.name == 'sqlite': - self.skipTest('sqlite backend does not support foreign keys') - - self.expand(30) - self.migrate(30) - self.contract(30) - - project_table = sqlalchemy.Table( - 'project', self.metadata, autoload=True) - tag_table = sqlalchemy.Table( - 'project_tag', self.metadata, autoload=True) - - session = self.sessionmaker() - project_id = uuid.uuid4().hex - - project = { - 'id': project_id, - 'name': uuid.uuid4().hex, - 'enabled': True, - 'domain_id': resource_base.NULL_DOMAIN_ID, - 'is_domain': False - } - - tag = { - 'project_id': project_id, - 'name': uuid.uuid4().hex - } - - self.insert_dict(session, 'project', project) - self.insert_dict(session, 'project_tag', tag) - - tags_query = session.query(tag_table).filter_by( - project_id=project_id).all() - self.assertThat(tags_query, matchers.HasLength(1)) - - # Adding duplicate tags should cause error. - self.assertRaises(db_exception.DBDuplicateEntry, - self.insert_dict, - session, 'project_tag', tag) - - session.execute( - project_table.delete().where(project_table.c.id == project_id) - ) - - tags_query = session.query(tag_table).filter_by( - project_id=project_id).all() - self.assertThat(tags_query, matchers.HasLength(0)) - - session.close() - - def test_migration_031_adds_system_assignment_table(self): - self.expand(30) - self.migrate(30) - self.contract(30) - - system_assignment_table_name = 'system_assignment' - self.assertTableDoesNotExist(system_assignment_table_name) - - self.expand(31) - self.migrate(31) - self.contract(31) - - self.assertTableExists(system_assignment_table_name) - self.assertTableColumns( - system_assignment_table_name, - ['type', 'actor_id', 'target_id', 'role_id', 'inherited'] - ) - - system_assignment_table = sqlalchemy.Table( - system_assignment_table_name, self.metadata, autoload=True - ) - - system_user = { - 'type': 'UserSystem', - 'target_id': uuid.uuid4().hex, - 'actor_id': uuid.uuid4().hex, - 'role_id': uuid.uuid4().hex, - 'inherited': False - } - system_assignment_table.insert().values(system_user).execute() - - system_group = { - 'type': 'GroupSystem', - 'target_id': uuid.uuid4().hex, - 'actor_id': uuid.uuid4().hex, - 'role_id': uuid.uuid4().hex, - 'inherited': False - } - system_assignment_table.insert().values(system_group).execute() - - def test_migration_032_add_expires_at_int_column_trust(self): - - self.expand(31) - self.migrate(31) - self.contract(31) - - trust_table_name = 'trust' - - self.assertTableColumns( - trust_table_name, - ['id', 'trustor_user_id', 'trustee_user_id', 'project_id', - 'impersonation', 'deleted_at', 'expires_at', 'remaining_uses', - 'extra'], - ) - - self.expand(32) - - self.assertTableColumns( - trust_table_name, - ['id', 'trustor_user_id', 'trustee_user_id', 'project_id', - 'impersonation', 'deleted_at', 'expires_at', 'expires_at_int', - 'remaining_uses', 'extra'], - ) - - # Create Trust - trust_table = sqlalchemy.Table('trust', self.metadata, - autoload=True) - trust_1_data = { - 'id': uuid.uuid4().hex, - 'trustor_user_id': uuid.uuid4().hex, - 'trustee_user_id': uuid.uuid4().hex, - 'project_id': uuid.uuid4().hex, - 'impersonation': False, - 'expires_at': datetime.datetime.utcnow() - } - trust_2_data = { - 'id': uuid.uuid4().hex, - 'trustor_user_id': uuid.uuid4().hex, - 'trustee_user_id': uuid.uuid4().hex, - 'project_id': uuid.uuid4().hex, - 'impersonation': False, - 'expires_at': None - } - trust_table.insert().values(trust_1_data).execute() - trust_table.insert().values(trust_2_data).execute() - - self.migrate(32) - self.contract(32) - trusts = list(trust_table.select().execute()) - - epoch = datetime.datetime.fromtimestamp(0, tz=pytz.UTC) - - for t in trusts: - if t.expires_at: - e = t.expires_at.replace(tzinfo=pytz.UTC) - epoch - e = e.total_seconds() - self.assertEqual(t.expires_at_int, int(e * 1000000)) - - def test_migration_033_adds_limits_table(self): - self.expand(32) - self.migrate(32) - self.contract(32) - - registered_limit_table_name = 'registered_limit' - limit_table_name = 'limit' - self.assertTableDoesNotExist(registered_limit_table_name) - self.assertTableDoesNotExist(limit_table_name) - - self.expand(33) - self.migrate(33) - self.contract(33) - - self.assertTableExists(registered_limit_table_name) - self.assertTableColumns( - registered_limit_table_name, - ['id', 'service_id', 'resource_name', 'region_id', 'default_limit'] - ) - self.assertTableExists(limit_table_name) - self.assertTableColumns( - limit_table_name, - ['id', 'project_id', 'service_id', 'resource_name', 'region_id', - 'resource_limit'] - ) - - session = self.sessionmaker() - service_id = uuid.uuid4().hex - service = { - 'id': service_id, - 'type': 'compute', - 'enabled': True - } - region = { - 'id': 'RegionOne', - 'description': 'test' - } - project_id = uuid.uuid4().hex - project = { - 'id': project_id, - 'name': 'nova', - 'enabled': True, - 'domain_id': resource_base.NULL_DOMAIN_ID, - 'is_domain': False - } - self.insert_dict(session, 'service', service) - self.insert_dict(session, 'region', region) - self.insert_dict(session, 'project', project) - - # Insert one registered limit - registered_limit_table = sqlalchemy.Table( - registered_limit_table_name, self.metadata, autoload=True) - registered_limit = { - 'id': uuid.uuid4().hex, - 'service_id': service_id, - 'region_id': 'RegionOne', - 'resource_name': 'cores', - 'default_limit': 10 - } - registered_limit_table.insert().values(registered_limit).execute() - - # It will raise error if insert another one with same service_id, - # region_id and resource name. - registered_limit['id'] = uuid.uuid4().hex - registered_limit['default_limit'] = 20 - self.assertRaises(db_exception.DBDuplicateEntry, - registered_limit_table.insert().values( - registered_limit).execute) - - # Insert one without region_id - registered_limit_without_region = { - 'id': uuid.uuid4().hex, - 'service_id': service_id, - 'resource_name': 'cores', - 'default_limit': 10 - } - registered_limit_table.insert().values( - registered_limit_without_region).execute() - - # It will not raise error if insert another one with same service_id - # and resource_name but the region_id is None. Because that - # UniqueConstraint doesn't work if one of the columns is None. This - # should be controlled at the Manager layer to forbid this behavior. - registered_limit_without_region['id'] = uuid.uuid4().hex - registered_limit_table.insert().values( - registered_limit_without_region).execute() - - # Insert one limit - limit_table = sqlalchemy.Table( - limit_table_name, self.metadata, autoload=True) - limit = { - 'id': uuid.uuid4().hex, - 'project_id': project_id, - 'service_id': service_id, - 'region_id': 'RegionOne', - 'resource_name': 'cores', - 'resource_limit': 5 - } - limit_table.insert().values(limit).execute() - - # Insert another one with the same project_id, service_id, region_id - # and resource_name, then raise error. - limit['id'] = uuid.uuid4().hex - limit['resource_limit'] = 10 - self.assertRaises(db_exception.DBDuplicateEntry, - limit_table.insert().values(limit).execute) - - # Insert one without region_id - limit_without_region = { - 'id': uuid.uuid4().hex, - 'project_id': project_id, - 'service_id': service_id, - 'resource_name': 'cores', - 'resource_limit': 5 - } - limit_table.insert().values(limit_without_region).execute() - - def test_migration_034_adds_application_credential_table(self): - self.expand(33) - self.migrate(33) - self.contract(33) - - application_credential_table_name = 'application_credential' - self.assertTableDoesNotExist(application_credential_table_name) - application_credential_role_table_name = 'application_credential_role' - self.assertTableDoesNotExist(application_credential_role_table_name) - - self.expand(34) - self.migrate(34) - self.contract(34) - - self.assertTableExists(application_credential_table_name) - self.assertTableColumns( - application_credential_table_name, - ['internal_id', 'id', 'name', 'secret_hash', - 'description', 'user_id', 'project_id', 'expires_at', - 'allow_application_credential_creation'] - ) - if self.engine.name == 'mysql': - self.assertTrue(self.does_index_exist( - 'application_credential', 'duplicate_app_cred_constraint')) - else: - self.assertTrue(self.does_constraint_exist( - 'application_credential', 'duplicate_app_cred_constraint')) - self.assertTableExists(application_credential_role_table_name) - self.assertTableColumns( - application_credential_role_table_name, - ['application_credential_id', 'role_id'] - ) - - app_cred_table = sqlalchemy.Table( - application_credential_table_name, self.metadata, autoload=True - ) - app_cred_role_table = sqlalchemy.Table( - application_credential_role_table_name, - self.metadata, autoload=True - ) - self.assertTrue(self.does_fk_exist('application_credential_role', - 'application_credential_id')) - - expires_at = datetime.datetime.utcnow().replace(tzinfo=pytz.UTC) - epoch = datetime.datetime.fromtimestamp(0, tz=pytz.UTC) - expires_at_int = (expires_at - epoch).total_seconds() - app_cred = { - 'internal_id': 1, - 'id': uuid.uuid4().hex, - 'name': uuid.uuid4().hex, - 'secret_hash': uuid.uuid4().hex, - 'description': uuid.uuid4().hex, - 'user_id': uuid.uuid4().hex, - 'project_id': uuid.uuid4().hex, - 'expires_at': expires_at_int, - 'allow_application_credential_creation': False - } - app_cred_table.insert().values(app_cred).execute() - - # Exercise unique constraint - dup_app_cred = { - 'internal_id': 2, - 'id': uuid.uuid4().hex, - 'name': app_cred['name'], - 'secret_hash': uuid.uuid4().hex, - 'user_id': app_cred['user_id'], - 'project_id': uuid.uuid4().hex - } - insert = app_cred_table.insert().values(dup_app_cred) - self.assertRaises(db_exception.DBDuplicateEntry, - insert.execute) - - role_rel = { - 'application_credential_id': app_cred['internal_id'], - 'role_id': uuid.uuid4().hex - } - app_cred_role_table.insert().values(role_rel).execute() - - # Exercise role table primary keys - insert = app_cred_role_table.insert().values(role_rel) - self.assertRaises(db_exception.DBDuplicateEntry, insert.execute) - - def test_migration_035_add_system_column_to_credential_table(self): - self.expand(34) - self.migrate(34) - self.contract(34) - - application_credential_table_name = 'application_credential' - self.assertTableExists(application_credential_table_name) - self.assertTableColumns( - application_credential_table_name, - ['internal_id', 'id', 'name', 'secret_hash', - 'description', 'user_id', 'project_id', 'expires_at', - 'allow_application_credential_creation'] - ) - - self.expand(35) - self.migrate(35) - self.contract(35) - - self.assertTableColumns( - application_credential_table_name, - ['internal_id', 'id', 'name', 'secret_hash', - 'description', 'user_id', 'project_id', 'system', 'expires_at', - 'allow_application_credential_creation'] - ) - - application_credential_table = sqlalchemy.Table( - application_credential_table_name, self.metadata, autoload=True - ) - - # Test that we can insert an application credential without project_id - # defined. - expires_at = datetime.datetime.utcnow().replace(tzinfo=pytz.UTC) - epoch = datetime.datetime.fromtimestamp(0, tz=pytz.UTC) - expires_at_int = (expires_at - epoch).total_seconds() - app_cred = { - 'internal_id': 1, - 'id': uuid.uuid4().hex, - 'name': uuid.uuid4().hex, - 'secret_hash': uuid.uuid4().hex, - 'description': uuid.uuid4().hex, - 'user_id': uuid.uuid4().hex, - 'system': uuid.uuid4().hex, - 'expires_at': expires_at_int, - 'allow_application_credential_creation': False - } - application_credential_table.insert().values(app_cred).execute() - - # Test that we can insert an application credential with a project_id - # and without system defined. - app_cred = { - 'internal_id': 2, - 'id': uuid.uuid4().hex, - 'name': uuid.uuid4().hex, - 'secret_hash': uuid.uuid4().hex, - 'description': uuid.uuid4().hex, - 'user_id': uuid.uuid4().hex, - 'project_id': uuid.uuid4().hex, - 'expires_at': expires_at_int, - 'allow_application_credential_creation': False - } - application_credential_table.insert().values(app_cred).execute() - - # Test that we can create an application credential without a project - # or a system defined. Technically, project_id and system should be - # mutually exclusive, which will be handled by the application and not - # the data layer. - app_cred = { - 'internal_id': 3, - 'id': uuid.uuid4().hex, - 'name': uuid.uuid4().hex, - 'secret_hash': uuid.uuid4().hex, - 'description': uuid.uuid4().hex, - 'user_id': uuid.uuid4().hex, - 'expires_at': expires_at_int, - 'allow_application_credential_creation': False - } - application_credential_table.insert().values(app_cred).execute() - - def test_migration_036_rename_application_credentials_column(self): - self.expand(35) - self.migrate(35) - self.contract(35) - - application_credential_table_name = 'application_credential' - application_credential_role_table_name = 'application_credential_role' - - self.expand(36) - self.migrate(36) - self.contract(36) - - self.assertTableColumns( - application_credential_table_name, - ['internal_id', 'id', 'name', 'secret_hash', - 'description', 'user_id', 'project_id', 'system', 'expires_at', - 'unrestricted'] - ) - - application_credential_table = sqlalchemy.Table( - application_credential_table_name, self.metadata, autoload=True - ) - app_cred_role_table = sqlalchemy.Table( - application_credential_role_table_name, - self.metadata, autoload=True - ) - - # Test that the new column works - app_cred = { - 'internal_id': 1, - 'id': uuid.uuid4().hex, - 'name': uuid.uuid4().hex, - 'secret_hash': uuid.uuid4().hex, - 'description': uuid.uuid4().hex, - 'user_id': uuid.uuid4().hex, - 'system': uuid.uuid4().hex, - 'expires_at': None, - 'unrestricted': False - } - application_credential_table.insert().values(app_cred).execute() - role_rel = { - 'application_credential_id': app_cred['internal_id'], - 'role_id': uuid.uuid4().hex - } - app_cred_role_table.insert().values(role_rel).execute() - - def test_migration_037_remove_service_and_region_fk_for_registered_limit( - self): - self.expand(37) - self.migrate(37) - self.contract(37) - - registered_limit_table_name = 'registered_limit' - registered_limit_table = sqlalchemy.Table(registered_limit_table_name, - self.metadata, autoload=True) - self.assertEqual(set([]), registered_limit_table.foreign_keys) - def test_migration_045_add_description_to_limit(self): self.expand(44) |