[trafficcontrol] branch master updated: Migration that updates Operations Role's permissions to include DNS-S… (#7586)

Thu, 29 Jun 2023 13:05:13 -0700 

This is an automated email from the ASF dual-hosted git repository.

zrhoffman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git


The following commit(s) were added to refs/heads/master by this push:
     new 4cc489cf65 Migration that updates Operations Role's permissions to 
include DNS-S… (#7586)
4cc489cf65 is described below

commit 4cc489cf65868d73bb0df286b432752cab084e24
Author: Kurtis Michie <[email protected]>
AuthorDate: Thu Jun 29 14:05:00 2023 -0600

    Migration that updates Operations Role's permissions to include DNS-S… 
(#7586)
    
    * Migration that updates Operations Role's permissions to include 
DNS-SEC:READ
    
    * Changelog entry
    
    * Changelog entry
    
    * Corrected permission detail
    
    * Corrected sql statements to fail safely and not rely on literal ids
    
    * Update 2023062011541800_operations_role_add_perm.up.sql
    
    Removed `WHERE EXISTS (SELECT FROM role_id_query);`
    
    * Update 2023062011541800_operations_role_add_perm.down.sql
    
    Removed `  AND EXISTS (
            SELECT 1 FROM role_id_query
        )`
    
    * Inserted DNS-SEC:READ permission for Operations role into seed.sql
---
 CHANGELOG.md                                       |  1 +
 ...3062011541800_operations_role_add_perm.down.sql | 25 ++++++++++++++++++++++
 ...023062011541800_operations_role_add_perm.up.sql | 23 ++++++++++++++++++++
 traffic_ops/app/db/seeds.sql                       |  1 +
 4 files changed, 50 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index de7f94c732..877d2b5d0e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -56,6 +56,7 @@ The format is based on [Keep a 
Changelog](http://keepachangelog.com/en/1.0.0/).
 - [#7366](https://github.com/apache/trafficcontrol/pull/7366) *t3c* Removed 
timestamp from metadata file since it's changing every minute and causing 
excessive commits to git repo.
 - [#7386](https://github.com/apache/trafficcontrol/pull/7386) *Traffic Portal* 
Increased the number of events that are logged to the TP access log.
 - [#7469](https://github.com/apache/trafficcontrol/pull/7469) *Traffic Ops* 
Changed logic to not report empty or missing cookies into TO error.log.
+- [#7586](https://github.com/apache/trafficcontrol/pull/7586) *Traffic Ops* 
Add permission to Operations Role to read from dnsseckeys endpoint.
 - [#7600](https://github.com/apache/trafficcontrol/pull/7600) *t3c* changed 
default go-direct command line arg to be old to avoid unexpected config changes 
upon upgrade.
 
 ### Fixed
diff --git 
a/traffic_ops/app/db/migrations/2023062011541800_operations_role_add_perm.down.sql
 
b/traffic_ops/app/db/migrations/2023062011541800_operations_role_add_perm.down.sql
new file mode 100644
index 0000000000..b4ff7f275b
--- /dev/null
+++ 
b/traffic_ops/app/db/migrations/2023062011541800_operations_role_add_perm.down.sql
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations 
under
+ * the License.
+ */
+
+WITH role_id_query AS (
+    SELECT id FROM public.role WHERE name = 'operations'
+)
+DELETE FROM public.role_capability
+WHERE role_id IN (
+    SELECT id FROM role_id_query
+)
+  AND cap_name = 'DNS-SEC:READ';
diff --git 
a/traffic_ops/app/db/migrations/2023062011541800_operations_role_add_perm.up.sql
 
b/traffic_ops/app/db/migrations/2023062011541800_operations_role_add_perm.up.sql
new file mode 100644
index 0000000000..02d8a722e7
--- /dev/null
+++ 
b/traffic_ops/app/db/migrations/2023062011541800_operations_role_add_perm.up.sql
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations 
under
+ * the License.
+ */
+
+WITH role_id_query AS (
+    SELECT id FROM public.role WHERE name = 'operations'
+)
+INSERT INTO public.role_capability ("role_id", cap_name)
+SELECT id, 'DNS-SEC:READ'
+FROM role_id_query;
diff --git a/traffic_ops/app/db/seeds.sql b/traffic_ops/app/db/seeds.sql
index bc56b54f3b..ebc04e1f26 100644
--- a/traffic_ops/app/db/seeds.sql
+++ b/traffic_ops/app/db/seeds.sql
@@ -211,6 +211,7 @@ CROSS JOIN ( VALUES
        ('DIVISION:CREATE'),
        ('DIVISION:DELETE'),
        ('DIVISION:UPDATE'),
+       ('DNS-SEC:READ'),
        ('DNS-SEC:UPDATE'),
        ('ISO:GENERATE'),
        ('ORIGIN:CREATE'),

Reply via email to