From a1172580856d96625c452340fd4b42e75bf2dc91 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Wed, 31 Aug 2022 14:57:15 +0200 Subject: [PATCH] replace unixuser test entities with domain --- doc/rbac.md | 12 +- sql/24-hs-domain.sql | 16 +-- sql/25-hs-emailaddress.sql | 6 +- sql/28-hs-tests.sql | 14 +- sql/29-hs-statistics.sql | 4 +- .../db/changelog/123-test-package-rbac.sql | 2 +- ...-test-unixuser.sql => 130-test-domain.sql} | 6 +- ...user-rbac.sql => 133-test-domain-rbac.sql} | 124 +++++++++--------- ...data.sql => 138-test-domain-test-data.sql} | 34 ++--- .../db/changelog/db.changelog-master.yaml | 6 +- .../RbacRoleControllerAcceptanceTest.java | 18 +-- .../RbacRoleRepositoryIntegrationTest.java | 16 +-- .../RbacUserControllerAcceptanceTest.java | 18 +-- .../RbacUserRepositoryIntegrationTest.java | 50 +++---- 14 files changed, 163 insertions(+), 163 deletions(-) rename src/main/resources/db/changelog/{130-test-unixuser.sql => 130-test-domain.sql} (71%) rename src/main/resources/db/changelog/{133-test-unixuser-rbac.sql => 133-test-domain-rbac.sql} (51%) rename src/main/resources/db/changelog/{138-test-unixuser-test-data.sql => 138-test-domain-test-data.sql} (61%) diff --git a/doc/rbac.md b/doc/rbac.md index 7eca244b..c69229bc 100644 --- a/doc/rbac.md +++ b/doc/rbac.md @@ -103,7 +103,7 @@ package RBAC { enum RbacOperation { add-package add-domain - add-unixuser + add-domain ... view edit @@ -359,7 +359,7 @@ A full example is shown here: SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address" FROM emailaddress_rv ema JOIN domain_rv dom ON dom.uuid = ema.domainuuid - JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid + JOIN domain_rv uu ON uu.uuid = dom.domainuuid JOIN package_rv p ON p.uuid = uu.packageuuid JOIN customer_rv c ON c.uuid = p.customeruuid; END TRANSACTION; @@ -387,11 +387,11 @@ entity EMailAddress entity Domain Domain o-- "*" EMailAddress -entity UnixUser -UnixUser o-- "*" Domain +entity domain +domain o-- "*" Domain entity Package -Package o.. "*" UnixUser +Package o.. "*" domain entity Customer Customer o-- "*" Package @@ -497,7 +497,7 @@ together { entity "Perm package#xyz00 *" as permPackageXyzAll permPackageXyzAll --> boPacXyz00 - entity "Perm package#xyz00 add-unixuser" as permPacXyz00AddUser + entity "Perm package#xyz00 add-domain" as permPacXyz00AddUser permPacXyz00AddUser --> boPacXyz00 entity "Perm package#xyz00 edit" as permPacXyz00Edit diff --git a/sql/24-hs-domain.sql b/sql/24-hs-domain.sql index 857eef50..07f41be2 100644 --- a/sql/24-hs-domain.sql +++ b/sql/24-hs-domain.sql @@ -8,7 +8,7 @@ create table if not exists Domain ( uuid uuid unique references RbacObject (uuid), name character varying(32), - unixUserUuid uuid references unixuser (uuid) + domainUuid uuid references domain (uuid) ); drop trigger if exists createRbacObjectForDomain_Trigger on Domain; @@ -48,7 +48,7 @@ create or replace function createRbacRulesForDomain() language plpgsql strict as $$ declare - parentUser UnixUser; + parentUser domain; parentPackage package; domainOwnerRoleUuid uuid; domainAdminRoleUuid uuid; @@ -57,10 +57,10 @@ begin raise exception 'invalid usage of TRIGGER AFTER INSERT'; end if; - select * from UnixUser where uuid = NEW.unixUserUuid into parentUser; + select * from domain where uuid = NEW.domainUuid into parentUser; select * from Package where uuid = parentUser.packageuuid into parentPackage; - -- a domain owner role is created and assigned to the unixuser's admin role + -- a domain owner role is created and assigned to the domain's admin role domainOwnerRoleUuid = createRole( domainOwner(NEW), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']), @@ -79,7 +79,7 @@ begin domainTenant(NEW), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']), beneathRole(domainAdminRoleUuid), - beingItselfA(createUnixUserTenantRoleIfNotExists(parentUser)) + beingItselfA(createdomainTenantRoleIfNotExists(parentUser)) ); return NEW; @@ -118,7 +118,7 @@ do language plpgsql $$ set hsadminng.currentUser to ''; for uu in (select u.uuid, u.name, u.packageuuid, c.reference - from unixuser u + from domain u join package p on u.packageuuid = p.uuid join customer c on p.customeruuid = c.uuid -- WHERE c.reference >= 18000 @@ -127,7 +127,7 @@ do language plpgsql $$ if (random() < 0.3) then for t in 0..1 loop - currentTask = 'creating RBAC test Domain #' || t || ' for UnixUser ' || uu.name || ' #' || uu.uuid; + currentTask = 'creating RBAC test Domain #' || t || ' for domain ' || uu.name || ' #' || uu.uuid; raise notice 'task: %', currentTask; select * from package where uuid = uu.packageUuid into pac; @@ -137,7 +137,7 @@ do language plpgsql $$ set local hsadminng.assumedRoles = ''; insert - into Domain (name, unixUserUuid) + into Domain (name, domainUuid) values ('dom-' || t || '.' || uu.name || '.example.org', uu.uuid); commit; diff --git a/sql/25-hs-emailaddress.sql b/sql/25-hs-emailaddress.sql index 81174922..258d9f0a 100644 --- a/sql/25-hs-emailaddress.sql +++ b/sql/25-hs-emailaddress.sql @@ -48,7 +48,7 @@ begin select d.* from domain d - left join unixuser u on u.uuid = d.unixuseruuid + left join domain u on u.uuid = d.domainuuid where d.uuid = NEW.domainUuid into parentDomain; @@ -59,7 +59,7 @@ begin beneathRole(domainAdmin(parentDomain)) ); - -- and an admin role is created and assigned to the unixuser owner as well + -- and an admin role is created and assigned to the domain owner as well perform createRole( emailAddressAdmin(NEW), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']), @@ -102,7 +102,7 @@ do language plpgsql $$ for dom in (select d.uuid, d.name, p.name as packageName from domain d - join unixuser u on u.uuid = d.unixuseruuid + join domain u on u.uuid = d.domainuuid join package p on u.packageuuid = p.uuid join customer c on p.customeruuid = c.uuid -- WHERE c.reference >= 18000 diff --git a/sql/28-hs-tests.sql b/sql/28-hs-tests.sql index 4e1ad176..e11dd526 100644 --- a/sql/28-hs-tests.sql +++ b/sql/28-hs-tests.sql @@ -49,7 +49,7 @@ BEGIN SET LOCAL hsadminng.assumedRoles = ''; -- SELECT * SELECT count(*) INTO resultCount - FROM unixuser_rv; + FROM domain_rv; call expectBetween(resultCount, 20, 50); -- hostsharing admin assuming customer role and listing all accessible packages @@ -61,13 +61,13 @@ BEGIN FROM test_package_rv p; call expectBetween(resultCount, 2, 10); - -- hostsharing admin assuming two customer admin roles and listing all accessible unixusers + -- hostsharing admin assuming two customer admin roles and listing all accessible domains SET SESSION SESSION AUTHORIZATION restricted; SET LOCAL hsadminng.currentUser = 'mike@example.org'; SET LOCAL hsadminng.assumedRoles = 'test_customer#aab.admin;test_customer#aac.admin'; -- SELECT c.prefix, c.reference, uu.* SELECT count(*) INTO resultCount - FROM unixuser_rv uu + FROM domain_rv uu JOIN test_package_rv p ON p.uuid = uu.packageuuid JOIN test_customer_rv c ON c.uuid = p.customeruuid; call expectBetween(resultCount, 40, 60); @@ -80,7 +80,7 @@ BEGIN -- SELECT p.name, uu.name, dom.name SELECT count(*) INTO resultCount FROM domain_rv dom - JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid + JOIN domain_rv uu ON uu.uuid = dom.domainuuid JOIN test_package_rv p ON p.uuid = uu.packageuuid JOIN test_customer_rv c ON c.uuid = p.customeruuid; call expectBetween(resultCount, 20, 40); @@ -94,7 +94,7 @@ BEGIN SELECT count(*) INTO resultCount FROM emailaddress_rv ema JOIN domain_rv dom ON dom.uuid = ema.domainuuid - JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid + JOIN domain_rv uu ON uu.uuid = dom.domainuuid JOIN test_package_rv p ON p.uuid = uu.packageuuid JOIN test_customer_rv c ON c.uuid = p.customeruuid; call expectBetween(resultCount, 100, 300); @@ -112,7 +112,7 @@ END; $$; no count required factor table 1 7 000 7 000 1.000 customers 2 17 436 15 000 1.162 packages -3 174 360 150 000 1.162 unixuser +3 174 360 150 000 1.162 domain 4 105 206 100 000 1.052 domain 5 526 030 500 000 1.052 emailaddress @@ -126,7 +126,7 @@ in average +9,33% no count required factor table 1 10 000 7 000 1.429 customers 2 24 904 15 000 1.660 packages -3 249 040 150 000 1.660 unixuser +3 249 040 150 000 1.660 domain 4 149 946 100 000 1.499 domain 5 749 730 500 000 1.499 emailaddress diff --git a/sql/29-hs-statistics.sql b/sql/29-hs-statistics.sql index 3dd43b5d..386fcda0 100644 --- a/sql/29-hs-statistics.sql +++ b/sql/29-hs-statistics.sql @@ -15,8 +15,8 @@ select no, select 2 as no, count(*) as "count", 15000 as "required", 'packages' as "table" from package union - select 3 as no, count(*) as "count", 150000 as "required", 'unixuser' as "table" - from unixuser + select 3 as no, count(*) as "count", 150000 as "required", 'domain' as "table" + from domain union select 4 as no, count(*) as "count", 100000 as "required", 'domain' as "table" from domain diff --git a/src/main/resources/db/changelog/123-test-package-rbac.sql b/src/main/resources/db/changelog/123-test-package-rbac.sql index bfcf954b..f0426a9b 100644 --- a/src/main/resources/db/changelog/123-test-package-rbac.sql +++ b/src/main/resources/db/changelog/123-test-package-rbac.sql @@ -76,7 +76,7 @@ begin -- an owner role is created and assigned to the package owner role packageAdminRoleUuid = createRole( testPackageAdmin(NEW), - grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['add-unixuser', 'add-domain']), + grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['add-domain']), beneathRole(packageOwnerRoleUuid) ); diff --git a/src/main/resources/db/changelog/130-test-unixuser.sql b/src/main/resources/db/changelog/130-test-domain.sql similarity index 71% rename from src/main/resources/db/changelog/130-test-unixuser.sql rename to src/main/resources/db/changelog/130-test-domain.sql index 0b0c6076..6b50dcae 100644 --- a/src/main/resources/db/changelog/130-test-unixuser.sql +++ b/src/main/resources/db/changelog/130-test-domain.sql @@ -1,14 +1,14 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-unixuser-MAIN-TABLE:1 endDelimiter:--// +--changeset test-domain-MAIN-TABLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create table if not exists test_unixuser +create table if not exists test_domain ( uuid uuid unique references RbacObject (uuid), packageUuid uuid references test_package (uuid), - name character varying(32), + name character varying(253), description character varying(96) ); --// diff --git a/src/main/resources/db/changelog/133-test-unixuser-rbac.sql b/src/main/resources/db/changelog/133-test-domain-rbac.sql similarity index 51% rename from src/main/resources/db/changelog/133-test-unixuser-rbac.sql rename to src/main/resources/db/changelog/133-test-domain-rbac.sql index 2bd1b822..0e562f6e 100644 --- a/src/main/resources/db/changelog/133-test-unixuser-rbac.sql +++ b/src/main/resources/db/changelog/133-test-domain-rbac.sql @@ -6,81 +6,81 @@ /* Creates the related RbacObject through a BEFORE INSERT TRIGGER. */ -drop trigger if exists createRbacObjectFortest_unixuser_Trigger on test_unixuser; -create trigger createRbacObjectFortest_unixuser_Trigger +drop trigger if exists createRbacObjectFortest_domain_Trigger on test_domain; +create trigger createRbacObjectFortest_domain_Trigger before insert - on test_unixuser + on test_domain for each row execute procedure createRbacObject(); --// -- ============================================================================ ---changeset test-unixuser-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function testUnixUserOwner(uu test_unixuser) +create or replace function testdomainOwner(uu test_domain) returns RbacRoleDescriptor returns null on null input language plpgsql as $$ begin - return roleDescriptor('test_unixuser', uu.uuid, 'owner'); + return roleDescriptor('test_domain', uu.uuid, 'owner'); end; $$; -create or replace function testUnixUserAdmin(uu test_unixuser) +create or replace function testdomainAdmin(uu test_domain) returns RbacRoleDescriptor returns null on null input language plpgsql as $$ begin - return roleDescriptor('test_unixuser', uu.uuid, 'admin'); + return roleDescriptor('test_domain', uu.uuid, 'admin'); end; $$; -create or replace function testUnixUserTenant(uu test_unixuser) +create or replace function testdomainTenant(uu test_domain) returns RbacRoleDescriptor returns null on null input language plpgsql as $$ begin - return roleDescriptor('test_unixuser', uu.uuid, 'tenant'); + return roleDescriptor('test_domain', uu.uuid, 'tenant'); end; $$; -create or replace function createTestUnixUserTenantRoleIfNotExists(unixUser test_unixuser) +create or replace function createTestDomainTenantRoleIfNotExists(domain test_domain) returns uuid returns null on null input language plpgsql as $$ declare - unixUserTenantRoleDesc RbacRoleDescriptor; - unixUserTenantRoleUuid uuid; + domainTenantRoleDesc RbacRoleDescriptor; + domainTenantRoleUuid uuid; begin - unixUserTenantRoleDesc = testUnixUserTenant(unixUser); - unixUserTenantRoleUuid = findRoleId(unixUserTenantRoleDesc); - if unixUserTenantRoleUuid is not null then - return unixUserTenantRoleUuid; + domainTenantRoleDesc = testdomainTenant(domain); + domainTenantRoleUuid = findRoleId(domainTenantRoleDesc); + if domainTenantRoleUuid is not null then + return domainTenantRoleUuid; end if; return createRole( - unixUserTenantRoleDesc, - grantingPermissions(forObjectUuid => unixUser.uuid, permitOps => array ['view']), - beneathRole(testUnixUserAdmin(unixUser)) + domainTenantRoleDesc, + grantingPermissions(forObjectUuid => domain.uuid, permitOps => array ['view']), + beneathRole(testdomainAdmin(domain)) ); end; $$; --// -- ============================================================================ ---changeset test-unixuser-rbac-ROLES-CREATION:1 endDelimiter:--// +--changeset test-domain-rbac-ROLES-CREATION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Creates the roles and their assignments for a new UnixUser for the AFTER INSERT TRIGGER. + Creates the roles and their assignments for a new domain for the AFTER INSERT TRIGGER. */ -create or replace function createRbacRulesForTestUnixUser() +create or replace function createRbacRulesForTestDomain() returns trigger language plpgsql strict as $$ declare parentPackage test_package; - unixuserOwnerRoleId uuid; - unixuserAdminRoleId uuid; + domainOwnerRoleId uuid; + domainAdminRoleId uuid; begin if TG_OP <> 'INSERT' then raise exception 'invalid usage of TRIGGER AFTER INSERT'; @@ -89,17 +89,17 @@ begin select * from test_package where uuid = NEW.packageUuid into parentPackage; -- an owner role is created and assigned to the package's admin group - unixuserOwnerRoleId = createRole( - testUnixUserOwner(NEW), + domainOwnerRoleId = createRole( + testdomainOwner(NEW), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']), beneathRole(testPackageAdmin(parentPackage)) ); - -- and a unixuser admin role is created and assigned to the unixuser owner as well - unixuserAdminRoleId = createRole( - testUnixUserAdmin(NEW), + -- and a domain admin role is created and assigned to the domain owner as well + domainAdminRoleId = createRole( + testdomainAdmin(NEW), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']), - beneathRole(unixuserOwnerRoleId), + beneathRole(domainOwnerRoleId), beingItselfA(testPackageTenant(parentPackage)) ); @@ -110,86 +110,86 @@ end; $$; /* - An AFTER INSERT TRIGGER which creates the role structure for a new UnixUser. + An AFTER INSERT TRIGGER which creates the role structure for a new domain. */ -drop trigger if exists createRbacRulesForTestUnixuser_Trigger on test_unixuser; -create trigger createRbacRulesForTestUnixuser_Trigger +drop trigger if exists createRbacRulesForTestDomain_Trigger on test_domain; +create trigger createRbacRulesForTestDomain_Trigger after insert - on test_unixuser + on test_domain for each row -execute procedure createRbacRulesForTestUnixUser(); +execute procedure createRbacRulesForTestDomain(); --// -- ============================================================================ ---changeset test-unixuser-rbac-ROLES-REMOVAL:1 endDelimiter:--// +--changeset test-domain-rbac-ROLES-REMOVAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Deletes the roles and their assignments of a deleted UnixUser for the BEFORE DELETE TRIGGER. + Deletes the roles and their assignments of a deleted domain for the BEFORE DELETE TRIGGER. */ -create or replace function deleteRbacRulesForTestUnixUser() +create or replace function deleteRbacRulesForTestDomain() returns trigger language plpgsql strict as $$ begin if TG_OP = 'DELETE' then - call deleteRole(findRoleId(testUnixUserOwner(OLD))); - call deleteRole(findRoleId(testUnixUserAdmin(OLD))); - call deleteRole(findRoleId(testUnixUserTenant(OLD))); + call deleteRole(findRoleId(testdomainOwner(OLD))); + call deleteRole(findRoleId(testdomainAdmin(OLD))); + call deleteRole(findRoleId(testdomainTenant(OLD))); else raise exception 'invalid usage of TRIGGER BEFORE DELETE'; end if; end; $$; /* - An BEFORE DELETE TRIGGER which deletes the role structure of a UnixUser. + An BEFORE DELETE TRIGGER which deletes the role structure of a domain. */ -drop trigger if exists deleteRbacRulesForTestUnixUser_Trigger on test_package; -create trigger deleteRbacRulesForTestUnixUser_Trigger +drop trigger if exists deleteRbacRulesForTestDomain_Trigger on test_package; +create trigger deleteRbacRulesForTestDomain_Trigger before delete - on test_unixuser + on test_domain for each row -execute procedure deleteRbacRulesForTestUnixUser(); +execute procedure deleteRbacRulesForTestDomain(); --// -- ============================================================================ ---changeset test-unixuser-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Creates a view to the UnixUser main table which maps the identifying name + Creates a view to the domain main table which maps the identifying name (in this case, actually the column `name`) to the objectUuid. */ -drop view if exists test_unixuser_iv; -create or replace view test_unixuser_iv as +drop view if exists test_domain_iv; +create or replace view test_domain_iv as select distinct target.uuid, target.name as idName - from test_unixuser as target; + from test_domain as target; -- TODO: Is it ok that everybody has access to this information? -grant all privileges on test_unixuser_iv to restricted; +grant all privileges on test_domain_iv to restricted; /* Returns the objectUuid for a given identifying name (in this case, actually the column `name`). */ -create or replace function test_unixUserUuidByIdName(idName varchar) +create or replace function test_domainUuidByIdName(idName varchar) returns uuid language sql strict as $$ -select uuid from test_unixuser_iv iv where iv.idName = test_unixUserUuidByIdName.idName; +select uuid from test_domain_iv iv where iv.idName = test_domainUuidByIdName.idName; $$; /* Returns the identifying name for a given objectUuid (in this case the name). */ -create or replace function test_unixUserIdNameByUuid(uuid uuid) +create or replace function test_domainIdNameByUuid(uuid uuid) returns varchar stable leakproof language sql strict as $$ -select idName from test_unixuser_iv iv where iv.uuid = test_unixUserIdNameByUuid.uuid; +select idName from test_domain_iv iv where iv.uuid = test_domainIdNameByUuid.uuid; $$; --// @@ -202,10 +202,10 @@ $$; Creates a view to the customer main table which maps the identifying name (in this case, the prefix) to the objectUuid. */ -drop view if exists test_unixuser_rv; -create or replace view test_unixuser_rv as +drop view if exists test_domain_rv; +create or replace view test_domain_rv as select target.* - from test_unixuser as target - where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'unixuser', currentSubjectsUuids())); -grant all privileges on test_unixuser_rv to restricted; + from test_domain as target + where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'domain', currentSubjectsUuids())); +grant all privileges on test_domain_rv to restricted; --// diff --git a/src/main/resources/db/changelog/138-test-unixuser-test-data.sql b/src/main/resources/db/changelog/138-test-domain-test-data.sql similarity index 61% rename from src/main/resources/db/changelog/138-test-unixuser-test-data.sql rename to src/main/resources/db/changelog/138-test-domain-test-data.sql index 996fbb55..47326f49 100644 --- a/src/main/resources/db/changelog/138-test-unixuser-test-data.sql +++ b/src/main/resources/db/changelog/138-test-domain-test-data.sql @@ -1,12 +1,12 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-unixuser-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset hs-domain-TEST-DATA-GENERATOR:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates the given count of test unix users for a single package. */ -create or replace procedure createUnixUserTestData( packageName varchar, unixUserCount int ) +create or replace procedure createdomainTestData( packageName varchar, domainCount int ) language plpgsql as $$ declare pac record; @@ -19,15 +19,15 @@ begin where p.name = packageName into pac; - for t in 0..(unixUserCount-1) + for t in 0..(domainCount-1) loop - currentTask = 'creating RBAC test unixuser #' || t || ' for package ' || pac.name || ' #' || pac.uuid; + currentTask = 'creating RBAC test domain #' || t || ' for package ' || pac.name || ' #' || pac.uuid; raise notice 'task: %', currentTask; pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com'; call defineContext(currentTask, null, pacAdmin, null); insert - into test_unixuser (name, packageUuid) + into test_domain (name, packageUuid) values (pac.name || '-' || intToVarChar(t, 4), pac.uuid); end loop; end; $$; @@ -35,7 +35,7 @@ end; $$; /* Creates a range of unix users for mass data generation. */ -create or replace procedure createUnixUserTestData( unixUserPerPackage integer ) +create or replace procedure createdomainTestData( domainPerPackage integer ) language plpgsql as $$ declare pac record; @@ -48,7 +48,7 @@ begin join test_customer c on p.customeruuid = c.uuid where c.reference < 90000) -- reserved for functional testing loop - call createUnixUserTestData(pac.name, 2); + call createdomainTestData(pac.name, 2); commit; end loop; @@ -57,22 +57,22 @@ end; $$; -- ============================================================================ ---changeset hs-unixuser-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset hs-domain-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ begin - call createUnixUserTestData('xxx00', 2); - call createUnixUserTestData('xxx01', 2); - call createUnixUserTestData('xxx02', 2); + call createdomainTestData('xxx00', 2); + call createdomainTestData('xxx01', 2); + call createdomainTestData('xxx02', 2); - call createUnixUserTestData('yyy00', 2); - call createUnixUserTestData('yyy01', 2); - call createUnixUserTestData('yyy02', 2); + call createdomainTestData('yyy00', 2); + call createdomainTestData('yyy01', 2); + call createdomainTestData('yyy02', 2); - call createUnixUserTestData('zzz00', 2); - call createUnixUserTestData('zzz01', 2); - call createUnixUserTestData('zzz02', 2); + call createdomainTestData('zzz00', 2); + call createdomainTestData('zzz01', 2); + call createdomainTestData('zzz02', 2); end; $$; --// diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index 72979c0d..6d94156c 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -42,10 +42,10 @@ databaseChangeLog: - include: file: db/changelog/128-test-package-test-data.sql - include: - file: db/changelog/130-test-unixuser.sql + file: db/changelog/130-test-domain.sql - include: - file: db/changelog/133-test-unixuser-rbac.sql + file: db/changelog/133-test-domain-rbac.sql - include: - file: db/changelog/138-test-unixuser-test-data.sql + file: db/changelog/138-test-domain-test-data.sql diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java index 704f3660..296a7bf3 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java @@ -57,7 +57,7 @@ class RbacRoleControllerAcceptanceTest { .body("", hasItem(hasEntry("roleName", "global#test-global.admin"))) .body("", hasItem(hasEntry("roleName", "test_customer#yyy.admin"))) .body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin"))) - .body("", hasItem(hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"))) + .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.owner"))) .body( "size()", greaterThanOrEqualTo(73)); // increases with new test data // @formatter:on } @@ -79,10 +79,10 @@ class RbacRoleControllerAcceptanceTest { .assertThat() .statusCode(200) .contentType("application/json") - .body("[0].roleName", is("test_customer#yyy.tenant")) - .body("[1].roleName", is("test_package#yyy00.admin")) - .body("[2].roleName", is("test_package#yyy00.tenant")) - .body("[3].roleName", is("test_unixuser#yyy00-aaaa.admin")) + .body("", hasItem(hasEntry("roleName", "test_customer#yyy.tenant"))) + .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.admin"))) + .body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin"))) + .body("", hasItem(hasEntry("roleName", "test_package#yyy00.tenant"))) .body("size()", is(7)); // increases with new test data // @formatter:on } @@ -101,10 +101,10 @@ class RbacRoleControllerAcceptanceTest { .then().assertThat() .statusCode(200) .contentType("application/json") - .body("[0].roleName", is("test_customer#zzz.tenant")) - .body("[1].roleName", is("test_package#zzz00.admin")) - .body("[2].roleName", is("test_package#zzz00.tenant")) - .body("[3].roleName", is("test_unixuser#zzz00-aaaa.admin")) + .body("", hasItem(hasEntry("roleName", "test_customer#zzz.tenant"))) + .body("", hasItem(hasEntry("roleName", "test_domain#zzz00-aaaa.admin"))) + .body("", hasItem(hasEntry("roleName", "test_package#zzz00.admin"))) + .body("", hasItem(hasEntry("roleName", "test_package#zzz00.tenant"))) .body("size()", is(7)); // increases with new test data // @formatter:on } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index b500c683..16c66a67 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -101,11 +101,11 @@ class RbacRoleRepositoryIntegrationTest { "test_package#xxx01.owner", "test_package#xxx01.tenant", // ... - "test_unixuser#xxx00-aaaa.admin", - "test_unixuser#xxx00-aaaa.owner", + "test_domain#xxx00-aaaa.admin", + "test_domain#xxx00-aaaa.owner", // .. - "test_unixuser#xxx01-aaab.admin", - "test_unixuser#xxx01-aaab.owner" + "test_domain#xxx01-aaab.admin", + "test_domain#xxx01-aaab.owner" // @formatter:on ); noneOfTheseRbacRolesIsReturned( @@ -131,10 +131,10 @@ class RbacRoleRepositoryIntegrationTest { "test_customer#xxx.tenant", "test_package#xxx00.admin", "test_package#xxx00.tenant", - "test_unixuser#xxx00-aaaa.admin", - "test_unixuser#xxx00-aaaa.owner", - "test_unixuser#xxx00-aaab.admin", - "test_unixuser#xxx00-aaab.owner"); + "test_domain#xxx00-aaaa.admin", + "test_domain#xxx00-aaaa.owner", + "test_domain#xxx00-aaab.admin", + "test_domain#xxx00-aaab.owner"); } @Test diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java index d34cb0bc..5bc074fa 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java @@ -297,14 +297,14 @@ class RbacUserControllerAcceptanceTest { .body("", hasItem( allOf( hasEntry("roleName", "test_package#yyy00.admin"), - hasEntry("op", "add-unixuser")) + hasEntry("op", "add-domain")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"), + hasEntry("roleName", "test_domain#yyy00-aaaa.owner"), hasEntry("op", "*")) )) - .body("size()", is(8)); + .body("size()", is(7)); // @formatter:on } @@ -332,14 +332,14 @@ class RbacUserControllerAcceptanceTest { .body("", hasItem( allOf( hasEntry("roleName", "test_package#yyy00.admin"), - hasEntry("op", "add-unixuser")) + hasEntry("op", "add-domain")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"), + hasEntry("roleName", "test_domain#yyy00-aaaa.owner"), hasEntry("op", "*")) )) - .body("size()", is(8)); + .body("size()", is(7)); // @formatter:on } @@ -366,14 +366,14 @@ class RbacUserControllerAcceptanceTest { .body("", hasItem( allOf( hasEntry("roleName", "test_package#yyy00.admin"), - hasEntry("op", "add-unixuser")) + hasEntry("op", "add-domain")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"), + hasEntry("roleName", "test_domain#yyy00-aaaa.owner"), hasEntry("op", "*")) )) - .body("size()", is(8)); + .body("size()", is(7)); // @formatter:on } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java index fc9bb63a..423ed21a 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java @@ -191,13 +191,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { "test_customer#xxx.owner -> test_customer#xxx: *", "test_customer#xxx.tenant -> test_customer#xxx: view", "test_package#xxx00.admin -> test_package#xxx00: add-domain", - "test_package#xxx00.admin -> test_package#xxx00: add-unixuser", + "test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.tenant -> test_package#xxx00: view", "test_package#xxx01.admin -> test_package#xxx01: add-domain", - "test_package#xxx01.admin -> test_package#xxx01: add-unixuser", + "test_package#xxx01.admin -> test_package#xxx01: add-domain", "test_package#xxx01.tenant -> test_package#xxx01: view", "test_package#xxx02.admin -> test_package#xxx02: add-domain", - "test_package#xxx02.admin -> test_package#xxx02: add-unixuser", + "test_package#xxx02.admin -> test_package#xxx02: add-domain", "test_package#xxx02.tenant -> test_package#xxx02: view", "test_customer#yyy.admin -> test_customer#yyy: add-package", @@ -205,13 +205,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { "test_customer#yyy.owner -> test_customer#yyy: *", "test_customer#yyy.tenant -> test_customer#yyy: view", "test_package#yyy00.admin -> test_package#yyy00: add-domain", - "test_package#yyy00.admin -> test_package#yyy00: add-unixuser", + "test_package#yyy00.admin -> test_package#yyy00: add-domain", "test_package#yyy00.tenant -> test_package#yyy00: view", "test_package#yyy01.admin -> test_package#yyy01: add-domain", - "test_package#yyy01.admin -> test_package#yyy01: add-unixuser", + "test_package#yyy01.admin -> test_package#yyy01: add-domain", "test_package#yyy01.tenant -> test_package#yyy01: view", "test_package#yyy02.admin -> test_package#yyy02: add-domain", - "test_package#yyy02.admin -> test_package#yyy02: add-unixuser", + "test_package#yyy02.admin -> test_package#yyy02: add-domain", "test_package#yyy02.tenant -> test_package#yyy02: view", "test_customer#zzz.admin -> test_customer#zzz: add-package", @@ -219,13 +219,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { "test_customer#zzz.owner -> test_customer#zzz: *", "test_customer#zzz.tenant -> test_customer#zzz: view", "test_package#zzz00.admin -> test_package#zzz00: add-domain", - "test_package#zzz00.admin -> test_package#zzz00: add-unixuser", + "test_package#zzz00.admin -> test_package#zzz00: add-domain", "test_package#zzz00.tenant -> test_package#zzz00: view", "test_package#zzz01.admin -> test_package#zzz01: add-domain", - "test_package#zzz01.admin -> test_package#zzz01: add-unixuser", + "test_package#zzz01.admin -> test_package#zzz01: add-domain", "test_package#zzz01.tenant -> test_package#zzz01: view", "test_package#zzz02.admin -> test_package#zzz02: add-domain", - "test_package#zzz02.admin -> test_package#zzz02: add-unixuser", + "test_package#zzz02.admin -> test_package#zzz02: add-domain", "test_package#zzz02.tenant -> test_package#zzz02: view" // @formatter:on ); @@ -259,19 +259,19 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { "test_customer#xxx.tenant -> test_customer#xxx: view", "test_package#xxx00.admin -> test_package#xxx00: add-domain", - "test_package#xxx00.admin -> test_package#xxx00: add-unixuser", + "test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.tenant -> test_package#xxx00: view", - "test_unixuser#xxx00-aaaa.owner -> test_unixuser#xxx00-aaaa: *", + "test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *", "test_package#xxx01.admin -> test_package#xxx01: add-domain", - "test_package#xxx01.admin -> test_package#xxx01: add-unixuser", + "test_package#xxx01.admin -> test_package#xxx01: add-domain", "test_package#xxx01.tenant -> test_package#xxx01: view", - "test_unixuser#xxx01-aaaa.owner -> test_unixuser#xxx01-aaaa: *", + "test_domain#xxx01-aaaa.owner -> test_domain#xxx01-aaaa: *", "test_package#xxx02.admin -> test_package#xxx02: add-domain", - "test_package#xxx02.admin -> test_package#xxx02: add-unixuser", + "test_package#xxx02.admin -> test_package#xxx02: add-domain", "test_package#xxx02.tenant -> test_package#xxx02: view", - "test_unixuser#xxx02-aaaa.owner -> test_unixuser#xxx02-aaaa: *" + "test_domain#xxx02-aaaa.owner -> test_domain#xxx02-aaaa: *" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( @@ -316,11 +316,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { // @formatter:off "test_customer#xxx.tenant -> test_customer#xxx: view", // "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin! - "test_package#xxx00.admin -> test_package#xxx00: add-unixuser", + "test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.tenant -> test_package#xxx00: view", - "test_unixuser#xxx00-aaaa.owner -> test_unixuser#xxx00-aaaa: *", - "test_unixuser#xxx00-aaab.owner -> test_unixuser#xxx00-aaab: *" + "test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *", + "test_domain#xxx00-aaab.owner -> test_domain#xxx00-aaab: *" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( @@ -329,11 +329,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { "test_customer#yyy.admin -> test_customer#yyy: add-package", "test_customer#yyy.admin -> test_customer#yyy: view", "test_customer#yyy.tenant -> test_customer#yyy: view", - "test_package#yyy00.admin -> test_package#yyy00: add-unixuser", + "test_package#yyy00.admin -> test_package#yyy00: add-domain", "test_package#yyy00.admin -> test_package#yyy00: add-domain", "test_package#yyy00.tenant -> test_package#yyy00: view", - "test_unixuser#yyy00-aaaa.owner -> test_unixuser#yyy00-aaaa: *", - "test_unixuser#yyy00-aaab.owner -> test_unixuser#yyy00-aaab: *" + "test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *", + "test_domain#yyy00-aaab.owner -> test_domain#yyy00-aaab: *" // @formatter:on ); } @@ -364,7 +364,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { // @formatter:off "test_customer#xxx.tenant -> test_customer#xxx: view", // "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin! - "test_package#xxx00.admin -> test_package#xxx00: add-unixuser", + "test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.tenant -> test_package#xxx00: view" // @formatter:on @@ -378,11 +378,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { "test_customer#yyy.admin -> test_customer#yyy: add-package", "test_customer#yyy.admin -> test_customer#yyy: view", "test_customer#yyy.tenant -> test_customer#yyy: view", - "test_package#yyy00.admin -> test_package#yyy00: add-unixuser", + "test_package#yyy00.admin -> test_package#yyy00: add-domain", "test_package#yyy00.admin -> test_package#yyy00: add-domain", "test_package#yyy00.tenant -> test_package#yyy00: view", - "test_unixuser#yyy00-aaaa.owner -> test_unixuser#yyy00-aaaa: *", - "test_unixuser#yyy00-xxxb.owner -> test_unixuser#yyy00-xxxb: *" + "test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *", + "test_domain#yyy00-xxxb.owner -> test_domain#yyy00-xxxb: *" // @formatter:on ); }