replace unixuser test entities with domain

This commit is contained in:
Michael Hoennig 2022-08-31 14:57:15 +02:00
parent 84ce90b28f
commit a117258085
14 changed files with 163 additions and 163 deletions

View File

@ -103,7 +103,7 @@ package RBAC {
enum RbacOperation { enum RbacOperation {
add-package add-package
add-domain add-domain
add-unixuser add-domain
... ...
view view
edit edit
@ -359,7 +359,7 @@ A full example is shown here:
SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address" SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address"
FROM emailaddress_rv ema FROM emailaddress_rv ema
JOIN domain_rv dom ON dom.uuid = ema.domainuuid JOIN domain_rv dom ON dom.uuid = ema.domainuuid
JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid JOIN domain_rv uu ON uu.uuid = dom.domainuuid
JOIN package_rv p ON p.uuid = uu.packageuuid JOIN package_rv p ON p.uuid = uu.packageuuid
JOIN customer_rv c ON c.uuid = p.customeruuid; JOIN customer_rv c ON c.uuid = p.customeruuid;
END TRANSACTION; END TRANSACTION;
@ -387,11 +387,11 @@ entity EMailAddress
entity Domain entity Domain
Domain o-- "*" EMailAddress Domain o-- "*" EMailAddress
entity UnixUser entity domain
UnixUser o-- "*" Domain domain o-- "*" Domain
entity Package entity Package
Package o.. "*" UnixUser Package o.. "*" domain
entity Customer entity Customer
Customer o-- "*" Package Customer o-- "*" Package
@ -497,7 +497,7 @@ together {
entity "Perm package#xyz00 *" as permPackageXyzAll entity "Perm package#xyz00 *" as permPackageXyzAll
permPackageXyzAll --> boPacXyz00 permPackageXyzAll --> boPacXyz00
entity "Perm package#xyz00 add-unixuser" as permPacXyz00AddUser entity "Perm package#xyz00 add-domain" as permPacXyz00AddUser
permPacXyz00AddUser --> boPacXyz00 permPacXyz00AddUser --> boPacXyz00
entity "Perm package#xyz00 edit" as permPacXyz00Edit entity "Perm package#xyz00 edit" as permPacXyz00Edit

View File

@ -8,7 +8,7 @@ create table if not exists Domain
( (
uuid uuid unique references RbacObject (uuid), uuid uuid unique references RbacObject (uuid),
name character varying(32), name character varying(32),
unixUserUuid uuid references unixuser (uuid) domainUuid uuid references domain (uuid)
); );
drop trigger if exists createRbacObjectForDomain_Trigger on Domain; drop trigger if exists createRbacObjectForDomain_Trigger on Domain;
@ -48,7 +48,7 @@ create or replace function createRbacRulesForDomain()
language plpgsql language plpgsql
strict as $$ strict as $$
declare declare
parentUser UnixUser; parentUser domain;
parentPackage package; parentPackage package;
domainOwnerRoleUuid uuid; domainOwnerRoleUuid uuid;
domainAdminRoleUuid uuid; domainAdminRoleUuid uuid;
@ -57,10 +57,10 @@ begin
raise exception 'invalid usage of TRIGGER AFTER INSERT'; raise exception 'invalid usage of TRIGGER AFTER INSERT';
end if; end if;
select * from UnixUser where uuid = NEW.unixUserUuid into parentUser; select * from domain where uuid = NEW.domainUuid into parentUser;
select * from Package where uuid = parentUser.packageuuid into parentPackage; select * from Package where uuid = parentUser.packageuuid into parentPackage;
-- a domain owner role is created and assigned to the unixuser's admin role -- a domain owner role is created and assigned to the domain's admin role
domainOwnerRoleUuid = createRole( domainOwnerRoleUuid = createRole(
domainOwner(NEW), domainOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
@ -79,7 +79,7 @@ begin
domainTenant(NEW), domainTenant(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(domainAdminRoleUuid), beneathRole(domainAdminRoleUuid),
beingItselfA(createUnixUserTenantRoleIfNotExists(parentUser)) beingItselfA(createdomainTenantRoleIfNotExists(parentUser))
); );
return NEW; return NEW;
@ -118,7 +118,7 @@ do language plpgsql $$
set hsadminng.currentUser to ''; set hsadminng.currentUser to '';
for uu in (select u.uuid, u.name, u.packageuuid, c.reference for uu in (select u.uuid, u.name, u.packageuuid, c.reference
from unixuser u from domain u
join package p on u.packageuuid = p.uuid join package p on u.packageuuid = p.uuid
join customer c on p.customeruuid = c.uuid join customer c on p.customeruuid = c.uuid
-- WHERE c.reference >= 18000 -- WHERE c.reference >= 18000
@ -127,7 +127,7 @@ do language plpgsql $$
if (random() < 0.3) then if (random() < 0.3) then
for t in 0..1 for t in 0..1
loop loop
currentTask = 'creating RBAC test Domain #' || t || ' for UnixUser ' || uu.name || ' #' || uu.uuid; currentTask = 'creating RBAC test Domain #' || t || ' for domain ' || uu.name || ' #' || uu.uuid;
raise notice 'task: %', currentTask; raise notice 'task: %', currentTask;
select * from package where uuid = uu.packageUuid into pac; select * from package where uuid = uu.packageUuid into pac;
@ -137,7 +137,7 @@ do language plpgsql $$
set local hsadminng.assumedRoles = ''; set local hsadminng.assumedRoles = '';
insert insert
into Domain (name, unixUserUuid) into Domain (name, domainUuid)
values ('dom-' || t || '.' || uu.name || '.example.org', uu.uuid); values ('dom-' || t || '.' || uu.name || '.example.org', uu.uuid);
commit; commit;

View File

@ -48,7 +48,7 @@ begin
select d.* select d.*
from domain d from domain d
left join unixuser u on u.uuid = d.unixuseruuid left join domain u on u.uuid = d.domainuuid
where d.uuid = NEW.domainUuid where d.uuid = NEW.domainUuid
into parentDomain; into parentDomain;
@ -59,7 +59,7 @@ begin
beneathRole(domainAdmin(parentDomain)) beneathRole(domainAdmin(parentDomain))
); );
-- and an admin role is created and assigned to the unixuser owner as well -- and an admin role is created and assigned to the domain owner as well
perform createRole( perform createRole(
emailAddressAdmin(NEW), emailAddressAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']),
@ -102,7 +102,7 @@ do language plpgsql $$
for dom in (select d.uuid, d.name, p.name as packageName for dom in (select d.uuid, d.name, p.name as packageName
from domain d from domain d
join unixuser u on u.uuid = d.unixuseruuid join domain u on u.uuid = d.domainuuid
join package p on u.packageuuid = p.uuid join package p on u.packageuuid = p.uuid
join customer c on p.customeruuid = c.uuid join customer c on p.customeruuid = c.uuid
-- WHERE c.reference >= 18000 -- WHERE c.reference >= 18000

View File

@ -49,7 +49,7 @@ BEGIN
SET LOCAL hsadminng.assumedRoles = ''; SET LOCAL hsadminng.assumedRoles = '';
-- SELECT * -- SELECT *
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
FROM unixuser_rv; FROM domain_rv;
call expectBetween(resultCount, 20, 50); call expectBetween(resultCount, 20, 50);
-- hostsharing admin assuming customer role and listing all accessible packages -- hostsharing admin assuming customer role and listing all accessible packages
@ -61,13 +61,13 @@ BEGIN
FROM test_package_rv p; FROM test_package_rv p;
call expectBetween(resultCount, 2, 10); call expectBetween(resultCount, 2, 10);
-- hostsharing admin assuming two customer admin roles and listing all accessible unixusers -- hostsharing admin assuming two customer admin roles and listing all accessible domains
SET SESSION SESSION AUTHORIZATION restricted; SET SESSION SESSION AUTHORIZATION restricted;
SET LOCAL hsadminng.currentUser = 'mike@example.org'; SET LOCAL hsadminng.currentUser = 'mike@example.org';
SET LOCAL hsadminng.assumedRoles = 'test_customer#aab.admin;test_customer#aac.admin'; SET LOCAL hsadminng.assumedRoles = 'test_customer#aab.admin;test_customer#aac.admin';
-- SELECT c.prefix, c.reference, uu.* -- SELECT c.prefix, c.reference, uu.*
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
FROM unixuser_rv uu FROM domain_rv uu
JOIN test_package_rv p ON p.uuid = uu.packageuuid JOIN test_package_rv p ON p.uuid = uu.packageuuid
JOIN test_customer_rv c ON c.uuid = p.customeruuid; JOIN test_customer_rv c ON c.uuid = p.customeruuid;
call expectBetween(resultCount, 40, 60); call expectBetween(resultCount, 40, 60);
@ -80,7 +80,7 @@ BEGIN
-- SELECT p.name, uu.name, dom.name -- SELECT p.name, uu.name, dom.name
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
FROM domain_rv dom FROM domain_rv dom
JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid JOIN domain_rv uu ON uu.uuid = dom.domainuuid
JOIN test_package_rv p ON p.uuid = uu.packageuuid JOIN test_package_rv p ON p.uuid = uu.packageuuid
JOIN test_customer_rv c ON c.uuid = p.customeruuid; JOIN test_customer_rv c ON c.uuid = p.customeruuid;
call expectBetween(resultCount, 20, 40); call expectBetween(resultCount, 20, 40);
@ -94,7 +94,7 @@ BEGIN
SELECT count(*) INTO resultCount SELECT count(*) INTO resultCount
FROM emailaddress_rv ema FROM emailaddress_rv ema
JOIN domain_rv dom ON dom.uuid = ema.domainuuid JOIN domain_rv dom ON dom.uuid = ema.domainuuid
JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid JOIN domain_rv uu ON uu.uuid = dom.domainuuid
JOIN test_package_rv p ON p.uuid = uu.packageuuid JOIN test_package_rv p ON p.uuid = uu.packageuuid
JOIN test_customer_rv c ON c.uuid = p.customeruuid; JOIN test_customer_rv c ON c.uuid = p.customeruuid;
call expectBetween(resultCount, 100, 300); call expectBetween(resultCount, 100, 300);
@ -112,7 +112,7 @@ END; $$;
no count required factor table no count required factor table
1 7 000 7 000 1.000 customers 1 7 000 7 000 1.000 customers
2 17 436 15 000 1.162 packages 2 17 436 15 000 1.162 packages
3 174 360 150 000 1.162 unixuser 3 174 360 150 000 1.162 domain
4 105 206 100 000 1.052 domain 4 105 206 100 000 1.052 domain
5 526 030 500 000 1.052 emailaddress 5 526 030 500 000 1.052 emailaddress
@ -126,7 +126,7 @@ in average +9,33%
no count required factor table no count required factor table
1 10 000 7 000 1.429 customers 1 10 000 7 000 1.429 customers
2 24 904 15 000 1.660 packages 2 24 904 15 000 1.660 packages
3 249 040 150 000 1.660 unixuser 3 249 040 150 000 1.660 domain
4 149 946 100 000 1.499 domain 4 149 946 100 000 1.499 domain
5 749 730 500 000 1.499 emailaddress 5 749 730 500 000 1.499 emailaddress

View File

@ -15,8 +15,8 @@ select no,
select 2 as no, count(*) as "count", 15000 as "required", 'packages' as "table" select 2 as no, count(*) as "count", 15000 as "required", 'packages' as "table"
from package from package
union union
select 3 as no, count(*) as "count", 150000 as "required", 'unixuser' as "table" select 3 as no, count(*) as "count", 150000 as "required", 'domain' as "table"
from unixuser from domain
union union
select 4 as no, count(*) as "count", 100000 as "required", 'domain' as "table" select 4 as no, count(*) as "count", 100000 as "required", 'domain' as "table"
from domain from domain

View File

@ -76,7 +76,7 @@ begin
-- an owner role is created and assigned to the package owner role -- an owner role is created and assigned to the package owner role
packageAdminRoleUuid = createRole( packageAdminRoleUuid = createRole(
testPackageAdmin(NEW), testPackageAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['add-unixuser', 'add-domain']), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['add-domain']),
beneathRole(packageOwnerRoleUuid) beneathRole(packageOwnerRoleUuid)
); );

View File

@ -1,14 +1,14 @@
--liquibase formatted sql --liquibase formatted sql
-- ============================================================================ -- ============================================================================
--changeset hs-unixuser-MAIN-TABLE:1 endDelimiter:--// --changeset test-domain-MAIN-TABLE:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table if not exists test_unixuser create table if not exists test_domain
( (
uuid uuid unique references RbacObject (uuid), uuid uuid unique references RbacObject (uuid),
packageUuid uuid references test_package (uuid), packageUuid uuid references test_package (uuid),
name character varying(32), name character varying(253),
description character varying(96) description character varying(96)
); );
--// --//

View File

@ -6,81 +6,81 @@
/* /*
Creates the related RbacObject through a BEFORE INSERT TRIGGER. Creates the related RbacObject through a BEFORE INSERT TRIGGER.
*/ */
drop trigger if exists createRbacObjectFortest_unixuser_Trigger on test_unixuser; drop trigger if exists createRbacObjectFortest_domain_Trigger on test_domain;
create trigger createRbacObjectFortest_unixuser_Trigger create trigger createRbacObjectFortest_domain_Trigger
before insert before insert
on test_unixuser on test_domain
for each row for each row
execute procedure createRbacObject(); execute procedure createRbacObject();
--// --//
-- ============================================================================ -- ============================================================================
--changeset test-unixuser-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// --changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function testUnixUserOwner(uu test_unixuser) create or replace function testdomainOwner(uu test_domain)
returns RbacRoleDescriptor returns RbacRoleDescriptor
returns null on null input returns null on null input
language plpgsql as $$ language plpgsql as $$
begin begin
return roleDescriptor('test_unixuser', uu.uuid, 'owner'); return roleDescriptor('test_domain', uu.uuid, 'owner');
end; $$; end; $$;
create or replace function testUnixUserAdmin(uu test_unixuser) create or replace function testdomainAdmin(uu test_domain)
returns RbacRoleDescriptor returns RbacRoleDescriptor
returns null on null input returns null on null input
language plpgsql as $$ language plpgsql as $$
begin begin
return roleDescriptor('test_unixuser', uu.uuid, 'admin'); return roleDescriptor('test_domain', uu.uuid, 'admin');
end; $$; end; $$;
create or replace function testUnixUserTenant(uu test_unixuser) create or replace function testdomainTenant(uu test_domain)
returns RbacRoleDescriptor returns RbacRoleDescriptor
returns null on null input returns null on null input
language plpgsql as $$ language plpgsql as $$
begin begin
return roleDescriptor('test_unixuser', uu.uuid, 'tenant'); return roleDescriptor('test_domain', uu.uuid, 'tenant');
end; $$; end; $$;
create or replace function createTestUnixUserTenantRoleIfNotExists(unixUser test_unixuser) create or replace function createTestDomainTenantRoleIfNotExists(domain test_domain)
returns uuid returns uuid
returns null on null input returns null on null input
language plpgsql as $$ language plpgsql as $$
declare declare
unixUserTenantRoleDesc RbacRoleDescriptor; domainTenantRoleDesc RbacRoleDescriptor;
unixUserTenantRoleUuid uuid; domainTenantRoleUuid uuid;
begin begin
unixUserTenantRoleDesc = testUnixUserTenant(unixUser); domainTenantRoleDesc = testdomainTenant(domain);
unixUserTenantRoleUuid = findRoleId(unixUserTenantRoleDesc); domainTenantRoleUuid = findRoleId(domainTenantRoleDesc);
if unixUserTenantRoleUuid is not null then if domainTenantRoleUuid is not null then
return unixUserTenantRoleUuid; return domainTenantRoleUuid;
end if; end if;
return createRole( return createRole(
unixUserTenantRoleDesc, domainTenantRoleDesc,
grantingPermissions(forObjectUuid => unixUser.uuid, permitOps => array ['view']), grantingPermissions(forObjectUuid => domain.uuid, permitOps => array ['view']),
beneathRole(testUnixUserAdmin(unixUser)) beneathRole(testdomainAdmin(domain))
); );
end; $$; end; $$;
--// --//
-- ============================================================================ -- ============================================================================
--changeset test-unixuser-rbac-ROLES-CREATION:1 endDelimiter:--// --changeset test-domain-rbac-ROLES-CREATION:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the roles and their assignments for a new UnixUser for the AFTER INSERT TRIGGER. Creates the roles and their assignments for a new domain for the AFTER INSERT TRIGGER.
*/ */
create or replace function createRbacRulesForTestUnixUser() create or replace function createRbacRulesForTestDomain()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
declare declare
parentPackage test_package; parentPackage test_package;
unixuserOwnerRoleId uuid; domainOwnerRoleId uuid;
unixuserAdminRoleId uuid; domainAdminRoleId uuid;
begin begin
if TG_OP <> 'INSERT' then if TG_OP <> 'INSERT' then
raise exception 'invalid usage of TRIGGER AFTER INSERT'; raise exception 'invalid usage of TRIGGER AFTER INSERT';
@ -89,17 +89,17 @@ begin
select * from test_package where uuid = NEW.packageUuid into parentPackage; select * from test_package where uuid = NEW.packageUuid into parentPackage;
-- an owner role is created and assigned to the package's admin group -- an owner role is created and assigned to the package's admin group
unixuserOwnerRoleId = createRole( domainOwnerRoleId = createRole(
testUnixUserOwner(NEW), testdomainOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(testPackageAdmin(parentPackage)) beneathRole(testPackageAdmin(parentPackage))
); );
-- and a unixuser admin role is created and assigned to the unixuser owner as well -- and a domain admin role is created and assigned to the domain owner as well
unixuserAdminRoleId = createRole( domainAdminRoleId = createRole(
testUnixUserAdmin(NEW), testdomainAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']),
beneathRole(unixuserOwnerRoleId), beneathRole(domainOwnerRoleId),
beingItselfA(testPackageTenant(parentPackage)) beingItselfA(testPackageTenant(parentPackage))
); );
@ -110,86 +110,86 @@ end; $$;
/* /*
An AFTER INSERT TRIGGER which creates the role structure for a new UnixUser. An AFTER INSERT TRIGGER which creates the role structure for a new domain.
*/ */
drop trigger if exists createRbacRulesForTestUnixuser_Trigger on test_unixuser; drop trigger if exists createRbacRulesForTestDomain_Trigger on test_domain;
create trigger createRbacRulesForTestUnixuser_Trigger create trigger createRbacRulesForTestDomain_Trigger
after insert after insert
on test_unixuser on test_domain
for each row for each row
execute procedure createRbacRulesForTestUnixUser(); execute procedure createRbacRulesForTestDomain();
--// --//
-- ============================================================================ -- ============================================================================
--changeset test-unixuser-rbac-ROLES-REMOVAL:1 endDelimiter:--// --changeset test-domain-rbac-ROLES-REMOVAL:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Deletes the roles and their assignments of a deleted UnixUser for the BEFORE DELETE TRIGGER. Deletes the roles and their assignments of a deleted domain for the BEFORE DELETE TRIGGER.
*/ */
create or replace function deleteRbacRulesForTestUnixUser() create or replace function deleteRbacRulesForTestDomain()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
if TG_OP = 'DELETE' then if TG_OP = 'DELETE' then
call deleteRole(findRoleId(testUnixUserOwner(OLD))); call deleteRole(findRoleId(testdomainOwner(OLD)));
call deleteRole(findRoleId(testUnixUserAdmin(OLD))); call deleteRole(findRoleId(testdomainAdmin(OLD)));
call deleteRole(findRoleId(testUnixUserTenant(OLD))); call deleteRole(findRoleId(testdomainTenant(OLD)));
else else
raise exception 'invalid usage of TRIGGER BEFORE DELETE'; raise exception 'invalid usage of TRIGGER BEFORE DELETE';
end if; end if;
end; $$; end; $$;
/* /*
An BEFORE DELETE TRIGGER which deletes the role structure of a UnixUser. An BEFORE DELETE TRIGGER which deletes the role structure of a domain.
*/ */
drop trigger if exists deleteRbacRulesForTestUnixUser_Trigger on test_package; drop trigger if exists deleteRbacRulesForTestDomain_Trigger on test_package;
create trigger deleteRbacRulesForTestUnixUser_Trigger create trigger deleteRbacRulesForTestDomain_Trigger
before delete before delete
on test_unixuser on test_domain
for each row for each row
execute procedure deleteRbacRulesForTestUnixUser(); execute procedure deleteRbacRulesForTestDomain();
--// --//
-- ============================================================================ -- ============================================================================
--changeset test-unixuser-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates a view to the UnixUser main table which maps the identifying name Creates a view to the domain main table which maps the identifying name
(in this case, actually the column `name`) to the objectUuid. (in this case, actually the column `name`) to the objectUuid.
*/ */
drop view if exists test_unixuser_iv; drop view if exists test_domain_iv;
create or replace view test_unixuser_iv as create or replace view test_domain_iv as
select distinct target.uuid, target.name as idName select distinct target.uuid, target.name as idName
from test_unixuser as target; from test_domain as target;
-- TODO: Is it ok that everybody has access to this information? -- TODO: Is it ok that everybody has access to this information?
grant all privileges on test_unixuser_iv to restricted; grant all privileges on test_domain_iv to restricted;
/* /*
Returns the objectUuid for a given identifying name (in this case, actually the column `name`). Returns the objectUuid for a given identifying name (in this case, actually the column `name`).
*/ */
create or replace function test_unixUserUuidByIdName(idName varchar) create or replace function test_domainUuidByIdName(idName varchar)
returns uuid returns uuid
language sql language sql
strict as $$ strict as $$
select uuid from test_unixuser_iv iv where iv.idName = test_unixUserUuidByIdName.idName; select uuid from test_domain_iv iv where iv.idName = test_domainUuidByIdName.idName;
$$; $$;
/* /*
Returns the identifying name for a given objectUuid (in this case the name). Returns the identifying name for a given objectUuid (in this case the name).
*/ */
create or replace function test_unixUserIdNameByUuid(uuid uuid) create or replace function test_domainIdNameByUuid(uuid uuid)
returns varchar returns varchar
stable leakproof stable leakproof
language sql language sql
strict as $$ strict as $$
select idName from test_unixuser_iv iv where iv.uuid = test_unixUserIdNameByUuid.uuid; select idName from test_domain_iv iv where iv.uuid = test_domainIdNameByUuid.uuid;
$$; $$;
--// --//
@ -202,10 +202,10 @@ $$;
Creates a view to the customer main table which maps the identifying name Creates a view to the customer main table which maps the identifying name
(in this case, the prefix) to the objectUuid. (in this case, the prefix) to the objectUuid.
*/ */
drop view if exists test_unixuser_rv; drop view if exists test_domain_rv;
create or replace view test_unixuser_rv as create or replace view test_domain_rv as
select target.* select target.*
from test_unixuser as target from test_domain as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'unixuser', currentSubjectsUuids())); where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'domain', currentSubjectsUuids()));
grant all privileges on test_unixuser_rv to restricted; grant all privileges on test_domain_rv to restricted;
--// --//

View File

@ -1,12 +1,12 @@
--liquibase formatted sql --liquibase formatted sql
-- ============================================================================ -- ============================================================================
--changeset hs-unixuser-TEST-DATA-GENERATOR:1 endDelimiter:--// --changeset hs-domain-TEST-DATA-GENERATOR:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the given count of test unix users for a single package. Creates the given count of test unix users for a single package.
*/ */
create or replace procedure createUnixUserTestData( packageName varchar, unixUserCount int ) create or replace procedure createdomainTestData( packageName varchar, domainCount int )
language plpgsql as $$ language plpgsql as $$
declare declare
pac record; pac record;
@ -19,15 +19,15 @@ begin
where p.name = packageName where p.name = packageName
into pac; into pac;
for t in 0..(unixUserCount-1) for t in 0..(domainCount-1)
loop loop
currentTask = 'creating RBAC test unixuser #' || t || ' for package ' || pac.name || ' #' || pac.uuid; currentTask = 'creating RBAC test domain #' || t || ' for package ' || pac.name || ' #' || pac.uuid;
raise notice 'task: %', currentTask; raise notice 'task: %', currentTask;
pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com'; pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com';
call defineContext(currentTask, null, pacAdmin, null); call defineContext(currentTask, null, pacAdmin, null);
insert insert
into test_unixuser (name, packageUuid) into test_domain (name, packageUuid)
values (pac.name || '-' || intToVarChar(t, 4), pac.uuid); values (pac.name || '-' || intToVarChar(t, 4), pac.uuid);
end loop; end loop;
end; $$; end; $$;
@ -35,7 +35,7 @@ end; $$;
/* /*
Creates a range of unix users for mass data generation. Creates a range of unix users for mass data generation.
*/ */
create or replace procedure createUnixUserTestData( unixUserPerPackage integer ) create or replace procedure createdomainTestData( domainPerPackage integer )
language plpgsql as $$ language plpgsql as $$
declare declare
pac record; pac record;
@ -48,7 +48,7 @@ begin
join test_customer c on p.customeruuid = c.uuid join test_customer c on p.customeruuid = c.uuid
where c.reference < 90000) -- reserved for functional testing where c.reference < 90000) -- reserved for functional testing
loop loop
call createUnixUserTestData(pac.name, 2); call createdomainTestData(pac.name, 2);
commit; commit;
end loop; end loop;
@ -57,22 +57,22 @@ end; $$;
-- ============================================================================ -- ============================================================================
--changeset hs-unixuser-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--// --changeset hs-domain-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
do language plpgsql $$ do language plpgsql $$
begin begin
call createUnixUserTestData('xxx00', 2); call createdomainTestData('xxx00', 2);
call createUnixUserTestData('xxx01', 2); call createdomainTestData('xxx01', 2);
call createUnixUserTestData('xxx02', 2); call createdomainTestData('xxx02', 2);
call createUnixUserTestData('yyy00', 2); call createdomainTestData('yyy00', 2);
call createUnixUserTestData('yyy01', 2); call createdomainTestData('yyy01', 2);
call createUnixUserTestData('yyy02', 2); call createdomainTestData('yyy02', 2);
call createUnixUserTestData('zzz00', 2); call createdomainTestData('zzz00', 2);
call createUnixUserTestData('zzz01', 2); call createdomainTestData('zzz01', 2);
call createUnixUserTestData('zzz02', 2); call createdomainTestData('zzz02', 2);
end; end;
$$; $$;
--// --//

View File

@ -42,10 +42,10 @@ databaseChangeLog:
- include: - include:
file: db/changelog/128-test-package-test-data.sql file: db/changelog/128-test-package-test-data.sql
- include: - include:
file: db/changelog/130-test-unixuser.sql file: db/changelog/130-test-domain.sql
- include: - include:
file: db/changelog/133-test-unixuser-rbac.sql file: db/changelog/133-test-domain-rbac.sql
- include: - include:
file: db/changelog/138-test-unixuser-test-data.sql file: db/changelog/138-test-domain-test-data.sql

View File

@ -57,7 +57,7 @@ class RbacRoleControllerAcceptanceTest {
.body("", hasItem(hasEntry("roleName", "global#test-global.admin"))) .body("", hasItem(hasEntry("roleName", "global#test-global.admin")))
.body("", hasItem(hasEntry("roleName", "test_customer#yyy.admin"))) .body("", hasItem(hasEntry("roleName", "test_customer#yyy.admin")))
.body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin"))) .body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin")))
.body("", hasItem(hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"))) .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.owner")))
.body( "size()", greaterThanOrEqualTo(73)); // increases with new test data .body( "size()", greaterThanOrEqualTo(73)); // increases with new test data
// @formatter:on // @formatter:on
} }
@ -79,10 +79,10 @@ class RbacRoleControllerAcceptanceTest {
.assertThat() .assertThat()
.statusCode(200) .statusCode(200)
.contentType("application/json") .contentType("application/json")
.body("[0].roleName", is("test_customer#yyy.tenant")) .body("", hasItem(hasEntry("roleName", "test_customer#yyy.tenant")))
.body("[1].roleName", is("test_package#yyy00.admin")) .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa.admin")))
.body("[2].roleName", is("test_package#yyy00.tenant")) .body("", hasItem(hasEntry("roleName", "test_package#yyy00.admin")))
.body("[3].roleName", is("test_unixuser#yyy00-aaaa.admin")) .body("", hasItem(hasEntry("roleName", "test_package#yyy00.tenant")))
.body("size()", is(7)); // increases with new test data .body("size()", is(7)); // increases with new test data
// @formatter:on // @formatter:on
} }
@ -101,10 +101,10 @@ class RbacRoleControllerAcceptanceTest {
.then().assertThat() .then().assertThat()
.statusCode(200) .statusCode(200)
.contentType("application/json") .contentType("application/json")
.body("[0].roleName", is("test_customer#zzz.tenant")) .body("", hasItem(hasEntry("roleName", "test_customer#zzz.tenant")))
.body("[1].roleName", is("test_package#zzz00.admin")) .body("", hasItem(hasEntry("roleName", "test_domain#zzz00-aaaa.admin")))
.body("[2].roleName", is("test_package#zzz00.tenant")) .body("", hasItem(hasEntry("roleName", "test_package#zzz00.admin")))
.body("[3].roleName", is("test_unixuser#zzz00-aaaa.admin")) .body("", hasItem(hasEntry("roleName", "test_package#zzz00.tenant")))
.body("size()", is(7)); // increases with new test data .body("size()", is(7)); // increases with new test data
// @formatter:on // @formatter:on
} }

View File

@ -101,11 +101,11 @@ class RbacRoleRepositoryIntegrationTest {
"test_package#xxx01.owner", "test_package#xxx01.owner",
"test_package#xxx01.tenant", "test_package#xxx01.tenant",
// ... // ...
"test_unixuser#xxx00-aaaa.admin", "test_domain#xxx00-aaaa.admin",
"test_unixuser#xxx00-aaaa.owner", "test_domain#xxx00-aaaa.owner",
// .. // ..
"test_unixuser#xxx01-aaab.admin", "test_domain#xxx01-aaab.admin",
"test_unixuser#xxx01-aaab.owner" "test_domain#xxx01-aaab.owner"
// @formatter:on // @formatter:on
); );
noneOfTheseRbacRolesIsReturned( noneOfTheseRbacRolesIsReturned(
@ -131,10 +131,10 @@ class RbacRoleRepositoryIntegrationTest {
"test_customer#xxx.tenant", "test_customer#xxx.tenant",
"test_package#xxx00.admin", "test_package#xxx00.admin",
"test_package#xxx00.tenant", "test_package#xxx00.tenant",
"test_unixuser#xxx00-aaaa.admin", "test_domain#xxx00-aaaa.admin",
"test_unixuser#xxx00-aaaa.owner", "test_domain#xxx00-aaaa.owner",
"test_unixuser#xxx00-aaab.admin", "test_domain#xxx00-aaab.admin",
"test_unixuser#xxx00-aaab.owner"); "test_domain#xxx00-aaab.owner");
} }
@Test @Test

View File

@ -297,14 +297,14 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("roleName", "test_package#yyy00.admin"), hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser")) hasEntry("op", "add-domain"))
)) ))
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"), hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
hasEntry("op", "*")) hasEntry("op", "*"))
)) ))
.body("size()", is(8)); .body("size()", is(7));
// @formatter:on // @formatter:on
} }
@ -332,14 +332,14 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("roleName", "test_package#yyy00.admin"), hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser")) hasEntry("op", "add-domain"))
)) ))
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"), hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
hasEntry("op", "*")) hasEntry("op", "*"))
)) ))
.body("size()", is(8)); .body("size()", is(7));
// @formatter:on // @formatter:on
} }
@ -366,14 +366,14 @@ class RbacUserControllerAcceptanceTest {
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("roleName", "test_package#yyy00.admin"), hasEntry("roleName", "test_package#yyy00.admin"),
hasEntry("op", "add-unixuser")) hasEntry("op", "add-domain"))
)) ))
.body("", hasItem( .body("", hasItem(
allOf( allOf(
hasEntry("roleName", "test_unixuser#yyy00-aaaa.owner"), hasEntry("roleName", "test_domain#yyy00-aaaa.owner"),
hasEntry("op", "*")) hasEntry("op", "*"))
)) ))
.body("size()", is(8)); .body("size()", is(7));
// @formatter:on // @formatter:on
} }

View File

@ -191,13 +191,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#xxx.owner -> test_customer#xxx: *", "test_customer#xxx.owner -> test_customer#xxx: *",
"test_customer#xxx.tenant -> test_customer#xxx: view", "test_customer#xxx.tenant -> test_customer#xxx: view",
"test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser", "test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view", "test_package#xxx00.tenant -> test_package#xxx00: view",
"test_package#xxx01.admin -> test_package#xxx01: add-domain", "test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.admin -> test_package#xxx01: add-unixuser", "test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.tenant -> test_package#xxx01: view", "test_package#xxx01.tenant -> test_package#xxx01: view",
"test_package#xxx02.admin -> test_package#xxx02: add-domain", "test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.admin -> test_package#xxx02: add-unixuser", "test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.tenant -> test_package#xxx02: view", "test_package#xxx02.tenant -> test_package#xxx02: view",
"test_customer#yyy.admin -> test_customer#yyy: add-package", "test_customer#yyy.admin -> test_customer#yyy: add-package",
@ -205,13 +205,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#yyy.owner -> test_customer#yyy: *", "test_customer#yyy.owner -> test_customer#yyy: *",
"test_customer#yyy.tenant -> test_customer#yyy: view", "test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-domain", "test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser", "test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.tenant -> test_package#yyy00: view", "test_package#yyy00.tenant -> test_package#yyy00: view",
"test_package#yyy01.admin -> test_package#yyy01: add-domain", "test_package#yyy01.admin -> test_package#yyy01: add-domain",
"test_package#yyy01.admin -> test_package#yyy01: add-unixuser", "test_package#yyy01.admin -> test_package#yyy01: add-domain",
"test_package#yyy01.tenant -> test_package#yyy01: view", "test_package#yyy01.tenant -> test_package#yyy01: view",
"test_package#yyy02.admin -> test_package#yyy02: add-domain", "test_package#yyy02.admin -> test_package#yyy02: add-domain",
"test_package#yyy02.admin -> test_package#yyy02: add-unixuser", "test_package#yyy02.admin -> test_package#yyy02: add-domain",
"test_package#yyy02.tenant -> test_package#yyy02: view", "test_package#yyy02.tenant -> test_package#yyy02: view",
"test_customer#zzz.admin -> test_customer#zzz: add-package", "test_customer#zzz.admin -> test_customer#zzz: add-package",
@ -219,13 +219,13 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#zzz.owner -> test_customer#zzz: *", "test_customer#zzz.owner -> test_customer#zzz: *",
"test_customer#zzz.tenant -> test_customer#zzz: view", "test_customer#zzz.tenant -> test_customer#zzz: view",
"test_package#zzz00.admin -> test_package#zzz00: add-domain", "test_package#zzz00.admin -> test_package#zzz00: add-domain",
"test_package#zzz00.admin -> test_package#zzz00: add-unixuser", "test_package#zzz00.admin -> test_package#zzz00: add-domain",
"test_package#zzz00.tenant -> test_package#zzz00: view", "test_package#zzz00.tenant -> test_package#zzz00: view",
"test_package#zzz01.admin -> test_package#zzz01: add-domain", "test_package#zzz01.admin -> test_package#zzz01: add-domain",
"test_package#zzz01.admin -> test_package#zzz01: add-unixuser", "test_package#zzz01.admin -> test_package#zzz01: add-domain",
"test_package#zzz01.tenant -> test_package#zzz01: view", "test_package#zzz01.tenant -> test_package#zzz01: view",
"test_package#zzz02.admin -> test_package#zzz02: add-domain", "test_package#zzz02.admin -> test_package#zzz02: add-domain",
"test_package#zzz02.admin -> test_package#zzz02: add-unixuser", "test_package#zzz02.admin -> test_package#zzz02: add-domain",
"test_package#zzz02.tenant -> test_package#zzz02: view" "test_package#zzz02.tenant -> test_package#zzz02: view"
// @formatter:on // @formatter:on
); );
@ -259,19 +259,19 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#xxx.tenant -> test_customer#xxx: view", "test_customer#xxx.tenant -> test_customer#xxx: view",
"test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser", "test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view", "test_package#xxx00.tenant -> test_package#xxx00: view",
"test_unixuser#xxx00-aaaa.owner -> test_unixuser#xxx00-aaaa: *", "test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *",
"test_package#xxx01.admin -> test_package#xxx01: add-domain", "test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.admin -> test_package#xxx01: add-unixuser", "test_package#xxx01.admin -> test_package#xxx01: add-domain",
"test_package#xxx01.tenant -> test_package#xxx01: view", "test_package#xxx01.tenant -> test_package#xxx01: view",
"test_unixuser#xxx01-aaaa.owner -> test_unixuser#xxx01-aaaa: *", "test_domain#xxx01-aaaa.owner -> test_domain#xxx01-aaaa: *",
"test_package#xxx02.admin -> test_package#xxx02: add-domain", "test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.admin -> test_package#xxx02: add-unixuser", "test_package#xxx02.admin -> test_package#xxx02: add-domain",
"test_package#xxx02.tenant -> test_package#xxx02: view", "test_package#xxx02.tenant -> test_package#xxx02: view",
"test_unixuser#xxx02-aaaa.owner -> test_unixuser#xxx02-aaaa: *" "test_domain#xxx02-aaaa.owner -> test_domain#xxx02-aaaa: *"
// @formatter:on // @formatter:on
); );
noneOfTheseRbacPermissionsAreReturned( noneOfTheseRbacPermissionsAreReturned(
@ -316,11 +316,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
// @formatter:off // @formatter:off
"test_customer#xxx.tenant -> test_customer#xxx: view", "test_customer#xxx.tenant -> test_customer#xxx: view",
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin! // "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser", "test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view", "test_package#xxx00.tenant -> test_package#xxx00: view",
"test_unixuser#xxx00-aaaa.owner -> test_unixuser#xxx00-aaaa: *", "test_domain#xxx00-aaaa.owner -> test_domain#xxx00-aaaa: *",
"test_unixuser#xxx00-aaab.owner -> test_unixuser#xxx00-aaab: *" "test_domain#xxx00-aaab.owner -> test_domain#xxx00-aaab: *"
// @formatter:on // @formatter:on
); );
noneOfTheseRbacPermissionsAreReturned( noneOfTheseRbacPermissionsAreReturned(
@ -329,11 +329,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#yyy.admin -> test_customer#yyy: add-package", "test_customer#yyy.admin -> test_customer#yyy: add-package",
"test_customer#yyy.admin -> test_customer#yyy: view", "test_customer#yyy.admin -> test_customer#yyy: view",
"test_customer#yyy.tenant -> test_customer#yyy: view", "test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser", "test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.admin -> test_package#yyy00: add-domain", "test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.tenant -> test_package#yyy00: view", "test_package#yyy00.tenant -> test_package#yyy00: view",
"test_unixuser#yyy00-aaaa.owner -> test_unixuser#yyy00-aaaa: *", "test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *",
"test_unixuser#yyy00-aaab.owner -> test_unixuser#yyy00-aaab: *" "test_domain#yyy00-aaab.owner -> test_domain#yyy00-aaab: *"
// @formatter:on // @formatter:on
); );
} }
@ -364,7 +364,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
// @formatter:off // @formatter:off
"test_customer#xxx.tenant -> test_customer#xxx: view", "test_customer#xxx.tenant -> test_customer#xxx: view",
// "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin! // "test_customer#xxx.admin -> test_customer#xxx: view" - Not permissions through the customer admin!
"test_package#xxx00.admin -> test_package#xxx00: add-unixuser", "test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.admin -> test_package#xxx00: add-domain", "test_package#xxx00.admin -> test_package#xxx00: add-domain",
"test_package#xxx00.tenant -> test_package#xxx00: view" "test_package#xxx00.tenant -> test_package#xxx00: view"
// @formatter:on // @formatter:on
@ -378,11 +378,11 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest {
"test_customer#yyy.admin -> test_customer#yyy: add-package", "test_customer#yyy.admin -> test_customer#yyy: add-package",
"test_customer#yyy.admin -> test_customer#yyy: view", "test_customer#yyy.admin -> test_customer#yyy: view",
"test_customer#yyy.tenant -> test_customer#yyy: view", "test_customer#yyy.tenant -> test_customer#yyy: view",
"test_package#yyy00.admin -> test_package#yyy00: add-unixuser", "test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.admin -> test_package#yyy00: add-domain", "test_package#yyy00.admin -> test_package#yyy00: add-domain",
"test_package#yyy00.tenant -> test_package#yyy00: view", "test_package#yyy00.tenant -> test_package#yyy00: view",
"test_unixuser#yyy00-aaaa.owner -> test_unixuser#yyy00-aaaa: *", "test_domain#yyy00-aaaa.owner -> test_domain#yyy00-aaaa: *",
"test_unixuser#yyy00-xxxb.owner -> test_unixuser#yyy00-xxxb: *" "test_domain#yyy00-xxxb.owner -> test_domain#yyy00-xxxb: *"
// @formatter:on // @formatter:on
); );
} }