[Engine-patches] Change in ovirt-engine[master]: Revert "aaa: Introducing attach_user_to_su_role"

yzaslavs Mon, 07 Apr 2014 17:34:29 -0700

Yair Zaslavsky has uploaded a new change for review.

Change subject: Revert "aaa: Introducing  attach_user_to_su_role"
......................................................................


Revert "aaa: Introducing  attach_user_to_su_role"

Topic: AAA
This reverts commit 10bcb8e08cd9f8b6bd944d79cbe34047d9be0c6f.

Change-Id: I3aa24e6781fb0efcd539a44a0adf2aefb897c3d3
Signed-off-by: Yair Zaslavsky <[email protected]>
---
M 
backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java
M ovirt-engine.spec.in
D packaging/bin/ovirt-engine-role.sh
M packaging/dbscripts/common_sp.sql
4 files changed, 28 insertions(+), 128 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/16/26516/1

diff --git 
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java
 
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java
index 595ec4a..5c5039a 100644
--- 
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java
+++ 
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java
@@ -4,6 +4,8 @@
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.sql.Types;
+import java.util.UUID;
 
 import javax.sql.DataSource;
 
@@ -13,9 +15,8 @@
 
 public class ManageDomainsDAOImpl implements ManageDomainsDAO {
 
-    private static final String SUPER_USER = "SuperUser";
     private DataSource ds;
-    private String actionQuery = "select attach_user_to_role(?,?,?,?)";
+    private String actionQuery = "select attach_user_to_su_role(?,?,?,?)";
     private String selectQuery = "select get_user_permissions_for_domain(?,?)";
     private final static Logger log = 
Logger.getLogger(ManageDomainsDAOImpl.class);
 
@@ -32,10 +33,11 @@
             log.info("uuid: " + userId + " username: " + userName + " domain: 
" + domain);
             connection = ds.getConnection();
             prepareStatement = connection.prepareStatement(actionQuery);
-            prepareStatement.setString(1, userId);
-            prepareStatement.setString(2, userName);
-            prepareStatement.setString(3, domain);
-            prepareStatement.setString(4, SUPER_USER);
+            String permissionId = UUID.randomUUID().toString();
+            prepareStatement.setObject(1, permissionId, Types.OTHER);
+            prepareStatement.setString(2, userId);
+            prepareStatement.setString(3, userName);
+            prepareStatement.setString(4, domain);
             result = prepareStatement.execute();
         } finally {
             DbUtils.closeQuietly(prepareStatement, connection);
diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in
index 7d27a38..42f7092 100644
--- a/ovirt-engine.spec.in
+++ b/ovirt-engine.spec.in
@@ -1010,7 +1010,6 @@
 %{engine_data}/bin/engine-config.sh
 %{engine_data}/bin/engine-manage-domains.sh
 %{engine_data}/bin/engine-prolog.sh
-%{engine_data}/bin/ovirt-engine-role.sh
 %{engine_data}/conf/jaas.conf
 %{engine_data}/services/ovirt-engine-notifier
 %{engine_etc}/engine-config/engine-config.*properties
diff --git a/packaging/bin/ovirt-engine-role.sh 
b/packaging/bin/ovirt-engine-role.sh
deleted file mode 100755
index 41e16ab..0000000
--- a/packaging/bin/ovirt-engine-role.sh
+++ /dev/null
@@ -1,109 +0,0 @@
-#!/bin/sh
-
-. "$(dirname "$(readlink -f "$0")")"/engine-prolog.sh
-
-generatePgPass() {
-       local password="${ENGINE_DB_PASSWORD}"
-
-       #
-       # we need client side psql library
-       # version as at least in rhel for 8.4
-       # the password within pgpassfile is
-       # not escaped.
-       # the simplest way is to checkout psql
-       # utility version.
-       #
-       if ! psql -V | grep -q ' 8\.'; then
-               password="$(echo "${password}" | sed -e 's/\\/\\\\/g' -e 
's/:/\\:/g')"
-       fi
-
-       export PGPASSFILE="${MYTEMP}/.pgpass"
-       touch "${PGPASSFILE}" || die "Can't create ${PGPASSFILE}"
-       chmod 0600 "${PGPASSFILE}" || die "Can't chmod ${PGPASSFILE}"
-
-       cat > "${PGPASSFILE}" << __EOF__
-${ENGINE_DB_HOST}:${ENGINE_DB_PORT}:${ENGINE_DB_DATABASE}:${ENGINE_DB_USER}:${password}
-__EOF__
-}
-
-usage() {
-       cat << __EOF__
-Usage: $0 [OPTIONS]
-Manage user roles.
-
-    --command=command        Command.
-        add                      Add role.
-    --user-name              User name.
-    --provider=name          Name of authorization provider instace.
-    --provider-id=id         Unique user id within provider.
-    --role=role              Role name.
-
-Interesting roles:
-
-    SuperUser
-        Role of administrator.
-__EOF__
-}
-
-cleanup() {
-       [ -n "${MYTEMP}" ] && rm -fr "${MYTEMP}" ]
-}
-trap cleanup 0
-
-COMMAND=
-USER_NAME=
-PROVIDER=
-PROVIDER_ID=
-ROLE=
-
-while [ -n "$1" ]; do
-       x="$1"
-       v="${x#*=}"
-       shift
-       case "${x}" in
-               --command=*)
-                       COMMAND="${v}"
-                       case "${COMMAND}" in
-                               add) ;;
-                               *) die "Invalid command '${COMMAND}'" ;;
-                       esac
-               ;;
-               --user-name=*)
-                       USER_NAME="${v}"
-               ;;
-               --provider=*)
-                       PROVIDER="${v}"
-               ;;
-               --provider-id=*)
-                       PROVIDER_ID="${v}"
-               ;;
-               --role=*)
-                       ROLE="${v}"
-               ;;
-               --help)
-                       usage
-                       exit 0
-               ;;
-               *)
-                       usage
-                       exit 1
-               ;;
-       esac
-done
-
-[ -n "${COMMAND}" ] || die "Please specify command"
-[ -n "${USER_NAME}" ] || die "Please specify user name"
-[ -n "${PROVIDER}" ] || die "Please specify provider"
-[ -n "${PROVIDER_ID}" ] || die "Please specify provider id"
-[ -n "${ROLE}" ] || die "Please specify role"
-
-MYTEMP="$(mktemp -d)"
-generatePgPass
-psql -h "${ENGINE_DB_HOST}" -p "${ENGINE_DB_PORT}" -U "${ENGINE_DB_USER}" -c "
-       select attach_user_to_role(
-               '${PROVIDER_ID}',
-               '${USER_NAME}',
-               '${PROVIDER}',
-               '${ROLE}'
-       );
-" > /dev/null
diff --git a/packaging/dbscripts/common_sp.sql 
b/packaging/dbscripts/common_sp.sql
index aa14456..0e5a04c 100644
--- a/packaging/dbscripts/common_sp.sql
+++ b/packaging/dbscripts/common_sp.sql
@@ -257,27 +257,35 @@
 END; $procedure$
 LANGUAGE plpgsql;
 
-CREATE OR REPLACE FUNCTION attach_user_to_role (
-    v_domain_entry_id text,
-    v_user_name VARCHAR(255),
-    v_domain VARCHAR(255),
-    v_role_name VARCHAR(255)
+
+
+CREATE OR REPLACE FUNCTION attach_user_to_su_role(
+    v_permission_id uuid,
+    v_user_id VARCHAR(255),
+    v_name VARCHAR(255),
+    v_domain VARCHAR(255)
 )
 RETURNS void AS
 $BODY$
-DECLARE
-   gen_user_id uuid;
-   input_role_id uuid;
+   DECLARE
+   v_document  VARCHAR(64);
+   input_uuid uuid;
+   v_external_id BYTEA;
 BEGIN
-   select uuid_generate_v1() into gen_user_id;
-   select roles.id into input_role_id from roles where roles.name = 
v_role_name;
+   input_uuid = CAST( v_user_id AS uuid );
+
    -- The external identifier is the user identifier converted to an array of
    -- bytes:
-   insert into 
users(user_id,external_id,name,domain,username,groups,active,last_admin_check_status)
 select gen_user_id, v_domain_entry_id, v_user_name, v_domain, 
v_user_name,'',true,true where not exists (select 
gen_user_id,name,domain,username,groups,active from users where external_id = 
v_domain_entry_id);
-   insert into permissions(id,role_id,ad_element_id,object_id,object_type_id) 
select uuid_generate_v1(),  input_role_id, gen_user_id, getGlobalIds('system'), 
1 where not exists(select role_id,ad_element_id,object_id,object_type_id from 
permissions where role_id = input_role_id and ad_element_id = gen_user_id and 
object_id= getGlobalIds('system') and object_type_id = 1);
+   v_external_id := decode(replace(v_user_id::text, '-', ''), 'hex');
+
+insert into 
users(user_id,external_id,name,domain,username,groups,active,last_admin_check_status)
 select input_uuid, v_external_id, v_name, v_domain, v_name,'',true,true where 
not exists (select user_id,name,domain,username,groups,active from users where 
user_id = input_uuid);
+
+insert into permissions(id,role_id,ad_element_id,object_id,object_type_id) 
select v_permission_id, '00000000-0000-0000-0000-000000000001', input_uuid, 
getGlobalIds('system'), 1 where not exists(select 
role_id,ad_element_id,object_id,object_type_id from permissions where role_id = 
'00000000-0000-0000-0000-000000000001' and ad_element_id = input_uuid and 
object_id= getGlobalIds('system') and object_type_id = 1);
 END; $BODY$
+
 LANGUAGE plpgsql;
 
+
 -- a method for adding an action group to a role if doesn't exist
 CREATE OR REPLACE FUNCTION fn_db_add_action_group_to_role(v_role_id UUID, 
v_action_group_id INTEGER)
 RETURNS VOID


-- 
To view, visit http://gerrit.ovirt.org/26516
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I3aa24e6781fb0efcd539a44a0adf2aefb897c3d3
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[master]: Revert "aaa: Introducing attach_user_to_su_role"

Reply via email to