From 87671f310ce7e1d402d5ad35efead3ec9c94b21a Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Wed, 18 Sep 2024 14:03:54 +0200 Subject: [PATCH] introduce separate database-schema for hs_hosting --- doc/rbac-performance-analysis.md | 20 ++--- sql/historization.sql | 14 +-- ...e-cte-experiments-for-accessible-uuids.sql | 38 ++++---- .../asset/HsHostingAssetRbacEntity.java | 2 +- .../asset/HsHostingAssetRbacRepository.java | 6 +- .../asset/HsHostingAssetRealEntity.java | 2 +- .../asset/HsHostingAssetRealRepository.java | 6 +- .../HsUnixUserHostingAssetValidator.java | 2 +- .../generator/InsertTriggerGenerator.java | 2 +- .../hsadminng/rbac/generator/RbacView.java | 2 +- .../630-booking-item/6300-hs-booking-item.sql | 6 +- .../6303-hs-booking-item-rbac.sql | 2 +- .../7-hs-hosting/700-hs-hosting-schema.sql | 8 ++ .../7010-hs-hosting-asset.sql | 46 +++++----- .../7013-hs-hosting-asset-rbac.sql | 48 +++++----- .../7016-hs-hosting-asset-migration.sql | 26 +++--- .../7018-hs-hosting-asset-test-data.sql | 4 +- .../changelog/9-hs-global/9000-statistics.sql | 4 +- .../db/changelog/db.changelog-master.yaml | 2 + ...sHostingAssetControllerAcceptanceTest.java | 6 +- ...HostingAssetRepositoryIntegrationTest.java | 90 +++++++++---------- ...UnixUserHostingAssetValidatorUnitTest.java | 2 +- .../hsadminng/hs/migration/CsvDataImport.java | 6 +- .../hs/migration/ImportHostingAssets.java | 16 ++-- 24 files changed, 185 insertions(+), 175 deletions(-) create mode 100644 src/main/resources/db/changelog/7-hs-hosting/700-hs-hosting-schema.sql diff --git a/doc/rbac-performance-analysis.md b/doc/rbac-performance-analysis.md index bc09371e..39037b8d 100644 --- a/doc/rbac-performance-analysis.md +++ b/doc/rbac-performance-analysis.md @@ -199,7 +199,7 @@ Limit (cost=6549.08..6549.35 rows=54 width=16) Group Key: grants.descendantuuid -> CTE Scan on grants (cost=0.00..22.06 rows=1103 width=16) -> Index Only Scan using rbacobject_objecttable_uuid_key on rbacobject obj (cost=0.28..0.31 rows=1 width=16) - Index Cond: ((objecttable = 'hs_hosting_asset'::text) AND (uuid = perm.objectuuid)) + Index Cond: ((objecttable = 'hs_hosting.asset'::text) AND (uuid = perm.objectuuid)) ``` ### Office-Relation-Query @@ -276,8 +276,8 @@ At this point, the import took 21mins with these statistics: | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | | select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | -| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | -| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | +| insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | +| insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | | insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 | | insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 | | call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 | @@ -300,8 +300,8 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | -| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | -| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | +| insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | +| insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 | insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 | | insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 | @@ -318,7 +318,7 @@ But once UnixUser and EmailAlias assets got added to the import, the total time This was not acceptable, especially not, considering that domains, email-addresses and database-assets are almost 10 times that number and thus the import would go up to over 1100min which is 20 hours. -In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting_asset) not to the RBAC-view (hs_hosting_asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway. +In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting.asset) not to the RBAC-view (hs_hosting.asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway. The main problem was, that there is something strange with persisting (`EntityManager.persist`) for EmailAlias assets. Where importing UnixUsers was mostly slow due to RBAC SELECT-permission checks, persisting EmailAliases suddenly created about a million (in numbers 1.000.000) SQL UPDATE statements after the INSERT, all with the same data, just increased version number (used for optimistic locking). We were not able to figure out why this happened. @@ -330,7 +330,7 @@ Now, the longest running queries are these: | No.| calls | total_m | mean_ms | query | |---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) | +| 1 | 13.093 | 4 | 21 | insert into hs_hosting.asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) | | 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 | | 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) | | 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | @@ -341,7 +341,7 @@ Now, the longest running queries are these: | 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) | | 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) | -That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine. +That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine. It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time. @@ -408,12 +408,12 @@ We found some solution approaches: This optimization idea came from Michael Hierweck and was promising. The idea is to reduce the size of the result of the recursive CTE query and maybe even speed up that query itself. -To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting_asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without. +To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting.asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without. If we do this for other types (we currently have 1,271 relations and 927 booking items), it gets more complicated because they are different enum types. As varchar(16), we could lose performance again due to the higher storage space requirements. But the performance gained is not particularly high anyway. -See the average seconds per recursive CTE select as role 'hs_hosting_asset:defaultproject:ADMIN', +See the average seconds per recursive CTE select as role 'hs_hosting.asset:defaultproject:ADMIN', joined with business query for all `'EMAIL_ADDRESSES'`: | | D-1000000-hsh | D-1000300-mih | diff --git a/sql/historization.sql b/sql/historization.sql index 622948c6..e96ce3de 100644 --- a/sql/historization.sql +++ b/sql/historization.sql @@ -10,17 +10,17 @@ call defineContext('historization testing', null, 'superuser-alex@hostsharing.ne 'hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN'); -- prod+test -- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN'); -- prod -- 'hs_booking.project#D-1000300-mimdefaultproject:ADMIN'); -- test --- update hs_hosting_asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod --- update hs_hosting_asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test --- update hs_hosting_asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test +-- update hs_hosting.asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod +-- update hs_hosting.asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test +-- update hs_hosting.asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test --- insert into hs_hosting_asset +-- insert into hs_hosting.asset -- (uuid, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, identifier, caption, config, alarmcontactuuid) -- values -- (uuid_generate_v4(), null, 'EMAIL_ADDRESS', 'bbda5895-0569-4e20-bb4c-34f3a38f3f63'::uuid, null, -- 'new@thi.example.org', 'some new E-Mail-Address', '{}'::jsonb, null); -delete from hs_hosting_asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid; +delete from hs_hosting.asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid; commit; -- single version at point in time @@ -29,11 +29,11 @@ set hsadminng.tx_history_txid to ''; set hsadminng.tx_history_timestamp to '2024-08-29 12:42'; -- all versions select base.tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.* - from hs_hosting_asset_ex haex + from hs_hosting.asset_ex haex join base.tx_context txc on haex.txid=txc.txid where haex.identifier = 'test@thi.example.org'; -select uuid, version, type, identifier, caption from hs_hosting_asset_hv p where identifier = 'test@thi.example.org'; +select uuid, version, type, identifier, caption from hs_hosting.asset_hv p where identifier = 'test@thi.example.org'; select pg_current_xact_id(); diff --git a/sql/recursive-cte-experiments-for-accessible-uuids.sql b/sql/recursive-cte-experiments-for-accessible-uuids.sql index a484a6a0..bb86d6ec 100644 --- a/sql/recursive-cte-experiments-for-accessible-uuids.sql +++ b/sql/recursive-cte-experiments-for-accessible-uuids.sql @@ -6,10 +6,10 @@ select * from hs_statistics_v; -- This is the extracted recursive CTE query to determine the visible object UUIDs of a single table -- (and optionally the hosting-asset-type) as a separate VIEW. --- In the generated code this is part of the hs_hosting_asset_rv VIEW. +-- In the generated code this is part of the hs_hosting.asset_rv VIEW. -drop view if exists hs_hosting_asset_example_gv; -create view hs_hosting_asset_example_gv as +drop view if exists hs_hosting.asset_example_gv; +create view hs_hosting.asset_example_gv as with recursive recursive_grants as ( select distinct rbacgrants.descendantuuid, @@ -40,7 +40,7 @@ select distinct perm.objectuuid join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid join rbacobject obj on obj.uuid = perm.objectuuid join count_check cc on cc.valid - where obj.objecttable::text = 'hs_hosting_asset'::text + where obj.objecttable::text = 'hs_hosting.asset'::text -- with/without this type condition -- and obj.type = 'EMAIL_ADDRESS'::hshostingassettype and obj.type = 'EMAIL_ADDRESS'::hshostingassettype @@ -56,7 +56,7 @@ CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net' 'hs_booking.project#D-1000000-hshdefaultproject:ADMIN'); -- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN'); SET TRANSACTION READ ONLY; -EXPLAIN ANALYZE select * from hs_hosting_asset_example_gv; +EXPLAIN ANALYZE select * from hs_hosting.asset_example_gv; end transaction ; -- ======================================================== @@ -64,15 +64,15 @@ end transaction ; -- An example for a restricted view (_rv) similar to the one generated by our RBAC system, -- but using the above separate VIEW to determine the visible objects. -drop view if exists hs_hosting_asset_example_rv; -create view hs_hosting_asset_example_rv as - with accessible_hs_hosting_asset_uuids as ( - select * from hs_hosting_asset_example_gv +drop view if exists hs_hosting.asset_example_rv; +create view hs_hosting.asset_example_rv as + with accessible_hs_hosting.asset_uuids as ( + select * from hs_hosting.asset_example_gv ) select target.* - from hs_hosting_asset target - where (target.uuid in (select accessible_hs_hosting_asset_uuids.objectuuid - from accessible_hs_hosting_asset_uuids)); + from hs_hosting.asset target + where (target.uuid in (select accessible_hs_hosting.asset_uuids.objectuuid + from accessible_hs_hosting.asset_uuids)); -- ------------------------------------------------------------------------------- @@ -99,7 +99,7 @@ BEGIN -- An example for a business query based on the view: select type, uuid, identifier, caption - from hs_hosting_asset_example_rv + from hs_hosting.asset_example_rv where type = 'EMAIL_ADDRESS' and identifier like letter || '%' -- end of the business query example. @@ -115,7 +115,7 @@ BEGIN END; $$; --- average seconds per recursive CTE select as role 'hs_hosting_asset:defaultproject:ADMIN' +-- average seconds per recursive CTE select as role 'hs_hosting.asset:defaultproject:ADMIN' -- joined with business query for all 'EMAIL_ADDRESSES': -- D-1000000-hsh D-1000300-mih -- - without type comparison in rbacobject: ~3.30 - ~3.49 ~0.23 @@ -136,7 +136,7 @@ EXPLAIN SELECT * from ( -- An example for a business query based on the view: select type, uuid, identifier, caption - from hs_hosting_asset_example_rv + from hs_hosting.asset_example_rv where type = 'EMAIL_ADDRESS' -- and identifier like 'b%' -- end of the business query example. @@ -151,17 +151,17 @@ end transaction; alter table rbacobject -- just for performance testing, we would need a joined enum or a varchar(16) which would make it slow - add column type hshostingassettype; + add column type hs_hosting.hshostingassettype; --- and fill the type column with hs_hosting_asset types: +-- and fill the type column with hs_hosting.asset types: rollback transaction; begin transaction; -call defineContext('setting rbacobject.type from hs_hosting_asset.type', null, 'superuser-alex@hostsharing.net'); +call defineContext('setting rbacobject.type from hs_hosting.asset.type', null, 'superuser-alex@hostsharing.net'); UPDATE rbacobject SET type = hs.type - FROM hs_hosting_asset hs + FROM hs_hosting.asset hs WHERE rbacobject.uuid = hs.uuid; end transaction; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java index 4858f0e9..a7f48eb3 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java @@ -33,7 +33,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity -@Table(name = "hs_hosting_asset_rv") +@Table(schema = "hs_hosting", name = "asset_rv") @SuperBuilder(toBuilder = true) @Getter @Setter diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacRepository.java index d7a012a7..73050383 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacRepository.java @@ -25,15 +25,15 @@ public interface HsHostingAssetRbacRepository extends HsHostingAssetRepository findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type); default List findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) { return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type)); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealEntity.java index a586f245..00a77980 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealEntity.java @@ -9,7 +9,7 @@ import jakarta.persistence.Entity; import jakarta.persistence.Table; @Entity -@Table(name = "hs_hosting_asset") +@Table(schema = "hs_hosting", name = "asset") @SuperBuilder(builderMethodName = "genericBuilder", toBuilder = true) @Getter @Setter diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealRepository.java index a9b0cc5a..1e177524 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealRepository.java @@ -24,15 +24,15 @@ public interface HsHostingAssetRealRepository extends HsHostingAssetRepository findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type); default List findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) { return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type)); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidator.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidator.java index a53b536f..024866c2 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidator.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidator.java @@ -53,7 +53,7 @@ class HsUnixUserHostingAssetValidator extends HostingAssetEntityValidator { } private static Integer computeUserId(final EntityManager em, final PropertiesProvider propertiesProvider) { - final Object result = em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class) + final Object result = em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class) .getSingleResult(); return (Integer) result; } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java index 5c398da2..1654bbc7 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java @@ -89,7 +89,7 @@ public class InsertTriggerGenerator { with("superRoleRef", toRoleDescriptor(g.getSuperRoleDef(), "row"))); } else { plPgSql.writeLn(""" - -- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped, + -- Granting INSERT INTO hs_hosting.asset permissions to specified role of pre-existing hs_hosting.asset rows slipped, -- because there cannot yet be any pre-existing rows in the same table yet. """, with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()), diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java index 2219972b..2c2d339a 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java @@ -987,7 +987,7 @@ public class RbacView { return getRawTableName() .replace("hs_office.", "hsof.") .replace("hs_booking.", "hsbk_") - .replace("hs_hosting_", "hsho_") + .replace("hs_hosting.", "hsho_") .replace("coopsharestransaction", "coopsharetx") .replace("coopassetstransaction", "coopassettx"); } diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql index 8a744614..ad56e436 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql @@ -4,7 +4,7 @@ --changeset michael.hoennig:booking-item-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- -create type HsBookingItemType as enum ( +create type hs_booking.HsBookingItemType as enum ( 'PRIVATE_CLOUD', 'CLOUD_SERVER', 'MANAGED_SERVER', @@ -12,14 +12,14 @@ create type HsBookingItemType as enum ( 'DOMAIN_SETUP' ); -CREATE CAST (character varying as HsBookingItemType) WITH INOUT AS IMPLICIT; +CREATE CAST (character varying as hs_booking.HsBookingItemType) WITH INOUT AS IMPLICIT; create table if not exists hs_booking.item ( uuid uuid unique references rbac.object (uuid), version int not null default 0, projectUuid uuid null references hs_booking.project(uuid), - type HsBookingItemType not null, + type hs_booking.HsBookingItemType not null, parentItemUuid uuid null references hs_booking.item(uuid) initially deferred, validity daterange not null, caption varchar(80) not null, diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index f0e692b9..f357da1f 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -186,7 +186,7 @@ execute procedure hs_booking.new_item_grants_insert_to_project_tf(); -- granting INSERT permission to hs_booking.item ---------------------------- --- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped, +-- Granting INSERT INTO hs_hosting.asset permissions to specified role of pre-existing hs_hosting.asset rows slipped, -- because there cannot yet be any pre-existing rows in the same table yet. /** diff --git a/src/main/resources/db/changelog/7-hs-hosting/700-hs-hosting-schema.sql b/src/main/resources/db/changelog/7-hs-hosting/700-hs-hosting-schema.sql new file mode 100644 index 00000000..ff20294d --- /dev/null +++ b/src/main/resources/db/changelog/7-hs-hosting/700-hs-hosting-schema.sql @@ -0,0 +1,8 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset michael.hoennig:hs-hosting-SCHEMA endDelimiter:--// +-- ---------------------------------------------------------------------------- +CREATE SCHEMA hs_hosting; +--// diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index c21a6602..30b4b79a 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -4,7 +4,7 @@ --changeset michael.hoennig:hosting-asset-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- -create type HsHostingAssetType as enum ( +create type hs_hosting.HsHostingAssetType as enum ( 'CLOUD_SERVER', 'MANAGED_SERVER', 'MANAGED_WEBSPACE', @@ -26,22 +26,22 @@ create type HsHostingAssetType as enum ( 'IPV6_NUMBER' ); -CREATE CAST (character varying as HsHostingAssetType) WITH INOUT AS IMPLICIT; +CREATE CAST (character varying as hs_hosting.HsHostingAssetType) WITH INOUT AS IMPLICIT; -create table if not exists hs_hosting_asset +create table if not exists hs_hosting.asset ( uuid uuid unique references rbac.object (uuid), version int not null default 0, bookingItemUuid uuid null references hs_booking.item(uuid), - type HsHostingAssetType not null, - parentAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred, - assignedToAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred, + type hs_hosting.HsHostingAssetType not null, + parentAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred, + assignedToAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred, identifier varchar(80) not null, caption varchar(80), config jsonb not null, alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred, - constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset + constraint hosting_asset_has_booking_item_or_parent_asset check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER')) ); --// @@ -54,16 +54,16 @@ create table if not exists hs_hosting_asset -- TODO.impl: this could be generated from HsHostingAssetType -- also including a check for assignedToAssetUuud -create or replace function hs_hosting_asset_type_hierarchy_check_tf() +create or replace function hs_hosting.asset_type_hierarchy_check_tf() returns trigger language plpgsql as $$ declare - actualParentType HsHostingAssetType; - expectedParentType HsHostingAssetType; + actualParentType hs_hosting.HsHostingAssetType; + expectedParentType hs_hosting.HsHostingAssetType; begin if NEW.parentAssetUuid is not null then actualParentType := (select type - from hs_hosting_asset + from hs_hosting.asset where NEW.parentAssetUuid = uuid); end if; @@ -104,10 +104,10 @@ begin return NEW; end; $$; -create trigger hs_hosting_asset_type_hierarchy_check_tg - before insert on hs_hosting_asset +create trigger hosting_asset_type_hierarchy_check_tg + before insert on hs_hosting.asset for each row - execute procedure hs_hosting_asset_type_hierarchy_check_tf(); + execute procedure hs_hosting.asset_type_hierarchy_check_tf(); --// @@ -116,7 +116,7 @@ create trigger hs_hosting_asset_type_hierarchy_check_tg --changeset michael.hoennig:hosting-asset-system-sequences endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq +CREATE SEQUENCE IF NOT EXISTS hs_hosting.asset_unixuser_system_id_seq AS integer MINVALUE 1000000 MAXVALUE 9999999 @@ -130,12 +130,12 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq --changeset michael.hoennig:hosting-asset-BOOKING-ITEM-HIERARCHY-CHECK endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function hs_hosting_asset_booking_item_hierarchy_check_tf() +create or replace function hs_hosting.asset_booking_item_hierarchy_check_tf() returns trigger language plpgsql as $$ declare - actualBookingItemType HsBookingItemType; - expectedBookingItemType HsBookingItemType; + actualBookingItemType hs_booking.HsBookingItemType; + expectedBookingItemType hs_booking.HsBookingItemType; begin actualBookingItemType := (select type from hs_booking.item @@ -156,24 +156,24 @@ begin return NEW; end; $$; -create trigger hs_hosting_asset_booking_item_hierarchy_check_tg - before insert on hs_hosting_asset +create trigger hosting_asset_booking_item_hierarchy_check_tg + before insert on hs_hosting.asset for each row -execute procedure hs_hosting_asset_booking_item_hierarchy_check_tf(); +execute procedure hs_hosting.asset_booking_item_hierarchy_check_tf(); --// -- ============================================================================ --changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_hosting_asset'); +call base.create_journal('hs_hosting.asset'); --// -- ============================================================================ --changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-HISTORIZATION endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.tx_create_historicization('hs_hosting_asset'); +call base.tx_create_historicization('hs_hosting.asset'); --// diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index fa04eddc..2c739bf5 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_hosting_asset'); +call rbac.generateRelatedRbacObject('hs_hosting.asset'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset'); +call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting.asset'); --// @@ -24,27 +24,27 @@ call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset'); Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure hs_hosting_asset_build_rbac_system( - NEW hs_hosting_asset +create or replace procedure hs_hosting.asset_build_rbac_system( + NEW hs_hosting.asset ) language plpgsql as $$ declare newBookingItem hs_booking.item; - newAssignedToAsset hs_hosting_asset; + newAssignedToAsset hs_hosting.asset; newAlarmContact hs_office.contact; - newParentAsset hs_hosting_asset; + newParentAsset hs_hosting.asset; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_booking.item WHERE uuid = NEW.bookingItemUuid INTO newBookingItem; - SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset; + SELECT * FROM hs_hosting.asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset; SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact; - SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset; + SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset; perform rbac.defineRoleWithGrants( hsHostingAssetOWNER(NEW), @@ -93,22 +93,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting.asset row. */ -create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf() +create or replace function hs_hosting.asset_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call hs_hosting_asset_build_rbac_system(NEW); + call hs_hosting.asset_build_rbac_system(NEW); return NEW; end; $$; create trigger build_rbac_system_after_insert_tg - after insert on hs_hosting_asset + after insert on hs_hosting.asset for each row -execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf(); +execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf(); --// @@ -120,9 +120,9 @@ execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf(); Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ -create or replace procedure hs_hosting_asset_update_rbac_system( - OLD hs_hosting_asset, - NEW hs_hosting_asset +create or replace procedure hs_hosting.asset_update_rbac_system( + OLD hs_hosting.asset, + NEW hs_hosting.asset ) language plpgsql as $$ begin @@ -130,27 +130,27 @@ begin if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; - call hs_hosting_asset_build_rbac_system(NEW); + call hs_hosting.asset_build_rbac_system(NEW); end if; end; $$; /* - AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row. + AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting.asset row. */ -create or replace function hs_hosting_asset_update_rbac_system_after_update_tf() +create or replace function hs_hosting.asset_update_rbac_system_after_update_tf() returns trigger language plpgsql strict as $$ begin - call hs_hosting_asset_update_rbac_system(OLD, NEW); + call hs_hosting.asset_update_rbac_system(OLD, NEW); return NEW; end; $$; create trigger update_rbac_system_after_update_tg - after update on hs_hosting_asset + after update on hs_hosting.asset for each row -execute procedure hs_hosting_asset_update_rbac_system_after_update_tf(); +execute procedure hs_hosting.asset_update_rbac_system_after_update_tf(); --// @@ -158,7 +158,7 @@ execute procedure hs_hosting_asset_update_rbac_system_after_update_tf(); --changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', +call rbac.generateRbacIdentityViewFromProjection('hs_hosting.asset', $idName$ identifier $idName$); @@ -168,7 +168,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_hosting_asset', +call rbac.generateRbacRestrictedView('hs_hosting.asset', $orderBy$ identifier $orderBy$, diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql index 9ce96e72..1aff9f5e 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql @@ -7,9 +7,9 @@ --changeset hs-hosting-asset-MIGRATION-mapping:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE TABLE hs_hosting_asset_legacy_id +CREATE TABLE hs_hosting.asset_legacy_id ( - uuid uuid NOT NULL REFERENCES hs_hosting_asset(uuid), + uuid uuid NOT NULL REFERENCES hs_hosting.asset(uuid), legacy_id integer NOT NULL ); --// @@ -19,10 +19,10 @@ CREATE TABLE hs_hosting_asset_legacy_id --changeset hs-hosting-asset-MIGRATION-sequence:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_legacy_id_seq +CREATE SEQUENCE IF NOT EXISTS hs_hosting.asset_legacy_id_seq AS integer START 1000000000 - OWNED BY hs_hosting_asset_legacy_id.legacy_id; + OWNED BY hs_hosting.asset_legacy_id.legacy_id; --// @@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_legacy_id_seq --changeset hs-hosting-asset-MIGRATION-default:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -ALTER TABLE hs_hosting_asset_legacy_id +ALTER TABLE hs_hosting.asset_legacy_id ALTER COLUMN legacy_id - SET DEFAULT nextVal('hs_hosting_asset_legacy_id_seq'); + SET DEFAULT nextVal('hs_hosting.asset_legacy_id_seq'); --/ @@ -41,8 +41,8 @@ ALTER TABLE hs_hosting_asset_legacy_id -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); -INSERT INTO hs_hosting_asset_legacy_id(uuid, legacy_id) - SELECT uuid, nextVal('hs_hosting_asset_legacy_id_seq') FROM hs_hosting_asset; +INSERT INTO hs_hosting.asset_legacy_id(uuid, legacy_id) + SELECT uuid, nextVal('hs_hosting.asset_legacy_id_seq') FROM hs_hosting.asset; --/ @@ -58,14 +58,14 @@ begin raise exception 'invalid usage of trigger'; end if; - INSERT INTO hs_hosting_asset_legacy_id VALUES - (NEW.uuid, nextVal('hs_hosting_asset_legacy_id_seq')); + INSERT INTO hs_hosting.asset_legacy_id VALUES + (NEW.uuid, nextVal('hs_hosting.asset_legacy_id_seq')); return NEW; end; $$; create trigger createassetLegacyIdMapping - after insert on hs_hosting_asset + after insert on hs_hosting.asset for each row execute procedure insertassetLegacyIdMapping(); --/ @@ -83,14 +83,14 @@ begin raise exception 'invalid usage of trigger'; end if; - DELETE FROM hs_hosting_asset_legacy_id + DELETE FROM hs_hosting.asset_legacy_id WHERE uuid = OLD.uuid; return OLD; end; $$; create trigger deleteassetLegacyIdMapping_tg - before delete on hs_hosting_asset + before delete on hs_hosting.asset for each row execute procedure deleteassetLegacyIdMapping_tf(); --/ diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql index 0506c67c..72f6527d 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql @@ -6,7 +6,7 @@ -- ---------------------------------------------------------------------------- /* - Creates a single hs_hosting_asset test record. + Creates a single hs_hosting.asset test record. */ create or replace procedure createHsHostingAssetTestData(givenProjectCaption varchar) language plpgsql as $$ @@ -79,7 +79,7 @@ begin debitorNumberSuffix := relatedDebitor.debitorNumberSuffix; defaultPrefix := relatedDebitor.defaultPrefix; - insert into hs_hosting_asset + insert into hs_hosting.asset (uuid, bookingitemuuid, type, parentAssetUuid, assignedToAssetUuid, identifier, caption, config) values (managedServerUuid, managedServerBI.uuid, 'MANAGED_SERVER', null, null, 'vm10' || debitorNumberSuffix, 'some ManagedServer', '{ "monit_max_cpu_usage": 90, "monit_max_ram_usage": 80, "monit_max_ssd_usage": 70 }'::jsonb), diff --git a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql index 6d3e3c53..8d64948d 100644 --- a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql +++ b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql @@ -12,8 +12,8 @@ select * from rbac.object group by objecttable union all - select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting_asset', type::text - from hs_hosting_asset + select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting.asset', type::text + from hs_hosting.asset group by type union all select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_booking.item', type::text diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index cad1e16c..78622a51 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -159,6 +159,8 @@ databaseChangeLog: file: db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql - include: file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql + - include: + file: db/changelog/7-hs-hosting/700-hs-hosting-schema.sql - include: file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql - include: diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java index bc85266e..6f2d42d4 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java @@ -114,7 +114,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "hs_hosting_asset#fir01:AGENT") + .header("assumed-roles", "hs_hosting.asset#fir01:AGENT") .port(port) .when() . get("http://localhost/api/hs/hosting/assets?type=" + EMAIL_ALIAS) @@ -218,7 +218,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "hs_hosting_asset#vm1011:ADMIN") + .header("assumed-roles", "hs_hosting.asset#vm1011:ADMIN") .contentType(ContentType.JSON) .body(""" { @@ -574,7 +574,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - //.header("assumed-roles", "hs_hosting_asset#vm2001:ADMIN") + //.header("assumed-roles", "hs_hosting.asset#vm2001:ADMIN") .contentType(ContentType.JSON) .body(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java index b5cfcd33..e04591c7 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java @@ -78,7 +78,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' from base.tx_journal_v - where targettable = 'hs_hosting_asset'; + where targettable = 'hs_hosting.asset'; """); // when @@ -86,24 +86,24 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, another CloudServer]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-DNS-Setup]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-HTTP-Setup]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-MBOX-Setup]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-SMTP-Setup]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-Setup]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some E-Mail-Address]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some E-Mail-Alias]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some ManagedServer]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some UnixUser for E-Mail]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some UnixUser for Website]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Webspace]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB instance]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB user]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB database]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql instance]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql user]", - "[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql database]" + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, another CloudServer]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-DNS-Setup]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-HTTP-Setup]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-MBOX-Setup]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-SMTP-Setup]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-Setup]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some E-Mail-Address]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some E-Mail-Alias]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some ManagedServer]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some UnixUser for E-Mail]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some UnixUser for Website]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Webspace]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB instance]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB user]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB database]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql instance]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql user]", + "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql database]" ); } @@ -112,7 +112,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu // given final String nativeQuerySql = """ select count(*) - from hs_hosting_asset_hv ha; + from hs_hosting.asset_hv ha; """; // when @@ -121,7 +121,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu @SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult(); // then - assertThat(countBefore).as("hs_hosting_asset_hv should not contain rows for a timestamp in the past").isEqualTo(0); + assertThat(countBefore).as("hs_hosting.asset_hv should not contain rows for a timestamp in the past").isEqualTo(0); // and when historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant())); @@ -129,7 +129,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu @SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult(); // then - assertThat(countAfter).as("hs_hosting_asset_hv should contain rows for a timestamp in the future").isGreaterThan(1); + assertThat(countAfter).as("hs_hosting.asset_hv should contain rows for a timestamp in the future").isGreaterThan(1); } @Nested @@ -192,37 +192,37 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu final var all = rawRoleRepo.findAll(); assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( initialRoleNames, - "hs_hosting_asset#fir00:ADMIN", - "hs_hosting_asset#fir00:AGENT", - "hs_hosting_asset#fir00:OWNER", - "hs_hosting_asset#fir00:TENANT")); + "hs_hosting.asset#fir00:ADMIN", + "hs_hosting.asset#fir00:AGENT", + "hs_hosting.asset#fir00:OWNER", + "hs_hosting.asset#fir00:TENANT")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) .containsExactlyInAnyOrder(fromFormatted( initialGrantNames, // rbac.global-admin - "{ grant role:hs_hosting_asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround + "{ grant role:hs_hosting.asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround // owner - "{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }", - "{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking.item#fir01:ADMIN by system and assume }", - "{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }", - "{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }", + "{ grant role:hs_hosting.asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting.asset#fir00:OWNER and assume }", + "{ grant role:hs_hosting.asset#fir00:OWNER to role:hs_booking.item#fir01:ADMIN by system and assume }", + "{ grant role:hs_hosting.asset#fir00:OWNER to role:hs_hosting.asset#vm1011:ADMIN by system and assume }", + "{ grant perm:hs_hosting.asset#fir00:DELETE to role:hs_hosting.asset#fir00:OWNER by system and assume }", // admin - "{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#fir00:OWNER by system and assume }", - "{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_booking.item#fir01:AGENT by system and assume }", - "{ grant perm:hs_hosting_asset#fir00:UPDATE to role:hs_hosting_asset#fir00:ADMIN by system and assume }", + "{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_hosting.asset#fir00:OWNER by system and assume }", + "{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_booking.item#fir01:AGENT by system and assume }", + "{ grant perm:hs_hosting.asset#fir00:UPDATE to role:hs_hosting.asset#fir00:ADMIN by system and assume }", // agent - "{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#vm1011:AGENT by system and assume }", - "{ grant role:hs_hosting_asset#fir00:AGENT to role:hs_hosting_asset#fir00:ADMIN by system and assume }", + "{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_hosting.asset#vm1011:AGENT by system and assume }", + "{ grant role:hs_hosting.asset#fir00:AGENT to role:hs_hosting.asset#fir00:ADMIN by system and assume }", // tenant - "{ grant role:hs_booking.item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }", - "{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }", - "{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }", - "{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:TENANT by system and assume }", + "{ grant role:hs_booking.item#fir01:TENANT to role:hs_hosting.asset#fir00:TENANT by system and assume }", + "{ grant role:hs_hosting.asset#fir00:TENANT to role:hs_hosting.asset#fir00:AGENT by system and assume }", + "{ grant role:hs_hosting.asset#vm1011:TENANT to role:hs_hosting.asset#fir00:TENANT by system and assume }", + "{ grant perm:hs_hosting.asset#fir00:SELECT to role:hs_hosting.asset#fir00:TENANT by system and assume }", null)); } @@ -251,7 +251,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu assertThatAssetIsPersisted(result.returnedValue()); // ... a rbac.global admin can see the new domain setup as well if the domain OWNER role is assumed - context("superuser-alex@hostsharing.net", "hs_hosting_asset#example.net:OWNER"); // only works with the assumed role + context("superuser-alex@hostsharing.net", "hs_hosting.asset#example.net:OWNER"); // only works with the assumed role assertThatAssetIsPersisted(result.returnedValue()); } @@ -309,7 +309,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu .findAny().orElseThrow().getUuid(); // when - context("superuser-alex@hostsharing.net", "hs_hosting_asset#vm1012:AGENT"); + context("superuser-alex@hostsharing.net", "hs_hosting.asset#vm1012:AGENT"); final var result = rbacAssetRepo.findAllByCriteria(null, parentAssetUuid, null); // then @@ -326,7 +326,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu context("superuser-alex@hostsharing.net"); // when - context("superuser-alex@hostsharing.net", "hs_hosting_asset#sec01:AGENT"); + context("superuser-alex@hostsharing.net", "hs_hosting.asset#sec01:AGENT"); final var result = rbacAssetRepo.findAllByCriteria(null, null, EMAIL_ADDRESS); // then @@ -417,7 +417,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu // when final var result = jpaAttempt.transacted(() -> { - context("person-FirbySusan@example.com", "hs_hosting_asset#vm1000:ADMIN"); + context("person-FirbySusan@example.com", "hs_hosting.asset#vm1000:ADMIN"); assertThat(rbacAssetRepo.findByUuid(givenAsset.getUuid())).isPresent(); rbacAssetRepo.deleteByUuid(givenAsset.getUuid()); @@ -426,7 +426,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] Subject ", " is not allowed to delete hs_hosting_asset"); + "[403] Subject ", " is not allowed to delete hs_hosting.asset"); assertThat(jpaAttempt.transacted(() -> { return realAssetRepo.findByUuid(givenAsset.getUuid()); }).assertSuccessful().returnedValue()).isPresent(); // still there diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidatorUnitTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidatorUnitTest.java index 95a950db..6ff2ab36 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidatorUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidatorUnitTest.java @@ -68,7 +68,7 @@ class HsUnixUserHostingAssetValidatorUnitTest { void initMocks() { final var nativeQueryMock = mock(Query.class); lenient().when(nativeQueryMock.getSingleResult()).thenReturn(12345678); - lenient().when(em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class)) + lenient().when(em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class)) .thenReturn(nativeQueryMock); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java index 4f3c7f5f..3dd9a11f 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java @@ -187,7 +187,7 @@ public class CsvDataImport extends ContextBasedTest { } final var query = em.createNativeQuery(""" - insert into hs_hosting_asset( + insert into hs_hosting.asset( uuid, type, bookingitemuuid, @@ -248,8 +248,8 @@ public class CsvDataImport extends ContextBasedTest { jpaAttempt.transacted(() -> { context(rbacSuperuser); // TODO.perf: could we instead skip creating test-data based on an env var? - em.createNativeQuery("delete from hs_hosting_asset where true").executeUpdate(); - em.createNativeQuery("delete from hs_hosting_asset_ex where true").executeUpdate(); + em.createNativeQuery("delete from hs_hosting.asset where true").executeUpdate(); + em.createNativeQuery("delete from hs_hosting.asset_ex where true").executeUpdate(); em.createNativeQuery("delete from hs_booking.item where true").executeUpdate(); em.createNativeQuery("delete from hs_booking.item_ex where true").executeUpdate(); em.createNativeQuery("delete from hs_booking.project where true").executeUpdate(); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java index a084d4f0..90d987be 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java @@ -921,7 +921,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport { @Test @Order(19920) void verifyHostingAssetsAreActuallyPersisted() { - final var haCount = (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset", Integer.class) + final var haCount = (Integer) em.createNativeQuery("select count(*) from hs_hosting.asset", Integer.class) .getSingleResult(); assertThat(haCount).isGreaterThan(isImportingControlledTestData() ? 40 : 15000); @@ -1069,7 +1069,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport { final var haCount = jpaAttempt.transacted(() -> { context(rbacSuperuser, "hs_booking.project#D-1000300-mimdefaultproject:AGENT"); - return (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset_rv where type='EMAIL_ADDRESS'", Integer.class) + return (Integer) em.createNativeQuery("select count(*) from hs_hosting.asset_rv where type='EMAIL_ADDRESS'", Integer.class) .getSingleResult(); }).assertSuccessful().returnedValue(); assertThat(haCount).isEqualTo(68); @@ -1136,7 +1136,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport { jpaAttempt.transacted(() -> { context(rbacSuperuser); - updateLegacyIds(assets, "hs_hosting_asset_legacy_id", "legacy_id"); + updateLegacyIds(assets, "hs_hosting.asset_legacy_id", "legacy_id"); }).assertSuccessful(); } @@ -1145,7 +1145,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport { final int expectedCountInTestDataCount, final int minCountExpectedInProdData) { final var q = em.createNativeQuery( - "select count(*) from hs_hosting_asset where type = cast(:type as HsHostingAssetType)", + "select count(*) from hs_hosting.asset where type = cast(:type as HsHostingAssetType)", Integer.class); q.setParameter("type", assetType.name()); final var count = (Integer) q.getSingleResult(); @@ -1895,8 +1895,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport { //noinspection unchecked return ((List>) em.createNativeQuery( """ - SELECT li.* FROM hs_hosting_asset_legacy_id li - JOIN hs_hosting_asset ha ON ha.uuid=li.uuid + SELECT li.* FROM hs_hosting.asset_legacy_id li + JOIN hs_hosting.asset ha ON ha.uuid=li.uuid WHERE CAST(ha.type AS text)=:type ORDER BY legacy_id """, @@ -1910,8 +1910,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport { //noinspection unchecked return ((List>) em.createNativeQuery( """ - SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting_asset ha - JOIN hs_hosting_asset_legacy_id li ON li.uuid=ha.uuid + SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting.asset ha + JOIN hs_hosting.asset_legacy_id li ON li.uuid=ha.uuid WHERE li.legacy_id is null AND CAST(ha.type AS text)=:type ORDER BY li.legacy_id """,