[GitHub] [cloudstack] sureshanaparti commented on pull request #5846: Prevent upgrade failures if there are existing annotations permissions

GitBox Mon, 17 Jan 2022 21:46:22 -0800


sureshanaparti commented on pull request #5846:
URL: https://github.com/apache/cloudstack/pull/5846#issuecomment-1015089992



   Verified upgrade from CS 4.15.2 with existing annotations permissions. LGTM.
   
   - Manually added the following rules to default roles (Resource Admin: 2, 
Domain Admin: 3, User: 4) in DB, as add/update rules to the default roles is 
not allowed from 4.15.
   
   ```
   INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission) 
VALUES (UUID(), 2, 'listAnnotations', 'ALLOW');
   INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission) 
VALUES (UUID(), 3, 'addAnnotation', 'DENY');
   INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission) 
VALUES (UUID(), 3, 'removeAnnotation', 'ALLOW');
   INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission) 
VALUES (UUID(), 4, 'listAnnotations', 'ALLOW');
   INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission) 
VALUES (UUID(), 4, 'addAnnotation', 'DENY');
   INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission) 
VALUES (UUID(), 4, 'removeAnnotation', 'DENY');
   ```
   
   - Upgraded to 4.16, and noticed the missing rules are added. If there are 
any existing rules, this is the safe mechanism - to check and add the rules 
while upgrading.
   
   ```
   2022-01-17 21:53:59,522 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Generating uuid for existing ssh key-pairs
   2022-01-17 21:53:59,523 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Successfully generated uuid for existing ssh key-pairs
   2022-01-17 21:53:59,525 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 2
   2022-01-17 21:53:59,528 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 2 and rule: 
listAnnotations
   2022-01-17 21:53:59,531 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Found existing role permission for role: 2 and rule: listAnnotations, 
not updating it
   2022-01-17 21:53:59,531 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 2 and rule: 
addAnnotation
   2022-01-17 21:53:59,533 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Inserting role permission for role: 2 and rule: addAnnotation
   2022-01-17 21:53:59,534 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 2 and rule: 
removeAnnotation
   2022-01-17 21:53:59,534 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Inserting role permission for role: 2 and rule: removeAnnotation
   2022-01-17 21:53:59,535 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 3
   2022-01-17 21:53:59,535 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 3 and rule: 
listAnnotations
   2022-01-17 21:53:59,535 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Inserting role permission for role: 3 and rule: listAnnotations
   2022-01-17 21:53:59,536 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 3 and rule: 
addAnnotation
   2022-01-17 21:53:59,536 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Found existing role permission for role: 3 and rule: addAnnotation, 
not updating it
   2022-01-17 21:53:59,536 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 3 and rule: 
removeAnnotation
   2022-01-17 21:53:59,537 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Found existing role permission for role: 3 and rule: removeAnnotation, 
not updating it
   2022-01-17 21:53:59,537 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 4
   2022-01-17 21:53:59,537 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 4 and rule: 
listAnnotations
   2022-01-17 21:53:59,538 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Found existing role permission for role: 4 and rule: listAnnotations, 
not updating it
   2022-01-17 21:53:59,538 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 4 and rule: 
addAnnotation
   2022-01-17 21:53:59,538 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Found existing role permission for role: 4 and rule: addAnnotation, 
not updating it
   2022-01-17 21:53:59,538 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Checking the annotation permissions for the role: 4 and rule: 
removeAnnotation
   2022-01-17 21:53:59,539 DEBUG [c.c.u.d.Upgrade41520to41600] (main:null) 
(logid:) Found existing role permission for role: 4 and rule: removeAnnotation, 
not updating it
   2022-01-17 21:53:59,553 INFO  [c.c.u.DatabaseUpgradeChecker] (main:null) 
(logid:) Cleanup upgrade Upgrade41520to41600 to upgrade from 4.15.2.0-4.16.0.0 
to 4.16.0.0
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [cloudstack] sureshanaparti commented on pull request #5846: Prevent upgrade failures if there are existing annotations permissions

Reply via email to