introduce-separate-database-schemas-hs-booking-and-hosting #106

Merged
hsh-michaelhoennig merged 14 commits from introduce-separate-database-schemas-hs-booking-and-hosting into master 2024-09-23 10:52:39 +02:00
24 changed files with 185 additions and 175 deletions
Showing only changes of commit 87671f310c - Show all commits

View File

@ -199,7 +199,7 @@ Limit (cost=6549.08..6549.35 rows=54 width=16)
Group Key: grants.descendantuuid
-> CTE Scan on grants (cost=0.00..22.06 rows=1103 width=16)
-> Index Only Scan using rbacobject_objecttable_uuid_key on rbacobject obj (cost=0.28..0.31 rows=1 width=16)
Index Cond: ((objecttable = 'hs_hosting_asset'::text) AND (uuid = perm.objectuuid))
Index Cond: ((objecttable = 'hs_hosting.asset'::text) AND (uuid = perm.objectuuid))
```
### Office-Relation-Query
@ -276,8 +276,8 @@ At this point, the import took 21mins with these statistics:
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 |
@ -300,8 +300,8 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 |
insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
@ -318,7 +318,7 @@ But once UnixUser and EmailAlias assets got added to the import, the total time
This was not acceptable, especially not, considering that domains, email-addresses and database-assets are almost 10 times that number and thus the import would go up to over 1100min which is 20 hours.
In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting_asset) not to the RBAC-view (hs_hosting_asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway.
In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting.asset) not to the RBAC-view (hs_hosting.asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway.
The main problem was, that there is something strange with persisting (`EntityManager.persist`) for EmailAlias assets. Where importing UnixUsers was mostly slow due to RBAC SELECT-permission checks, persisting EmailAliases suddenly created about a million (in numbers 1.000.000) SQL UPDATE statements after the INSERT, all with the same data, just increased version number (used for optimistic locking). We were not able to figure out why this happened.
@ -330,7 +330,7 @@ Now, the longest running queries are these:
| No.| calls | total_m | mean_ms | query |
|---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
| 1 | 13.093 | 4 | 21 | insert into hs_hosting.asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 |
| 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) |
| 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) |
@ -341,7 +341,7 @@ Now, the longest running queries are these:
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time.
@ -408,12 +408,12 @@ We found some solution approaches:
This optimization idea came from Michael Hierweck and was promising.
The idea is to reduce the size of the result of the recursive CTE query and maybe even speed up that query itself.
To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting_asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without.
To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting.asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without.
If we do this for other types (we currently have 1,271 relations and 927 booking items), it gets more complicated because they are different enum types. As varchar(16), we could lose performance again due to the higher storage space requirements.
But the performance gained is not particularly high anyway.
See the average seconds per recursive CTE select as role 'hs_hosting_asset:<DEBITOR>defaultproject:ADMIN',
See the average seconds per recursive CTE select as role 'hs_hosting.asset:<DEBITOR>defaultproject:ADMIN',
joined with business query for all `'EMAIL_ADDRESSES'`:
| | D-1000000-hsh | D-1000300-mih |

View File

@ -10,17 +10,17 @@ call defineContext('historization testing', null, 'superuser-alex@hostsharing.ne
'hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN'); -- prod+test
-- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN'); -- prod
-- 'hs_booking.project#D-1000300-mimdefaultproject:ADMIN'); -- test
-- update hs_hosting_asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod
-- update hs_hosting_asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
-- update hs_hosting_asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
-- update hs_hosting.asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod
-- update hs_hosting.asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
-- update hs_hosting.asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
-- insert into hs_hosting_asset
-- insert into hs_hosting.asset
-- (uuid, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, identifier, caption, config, alarmcontactuuid)
-- values
-- (uuid_generate_v4(), null, 'EMAIL_ADDRESS', 'bbda5895-0569-4e20-bb4c-34f3a38f3f63'::uuid, null,
-- 'new@thi.example.org', 'some new E-Mail-Address', '{}'::jsonb, null);
delete from hs_hosting_asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid;
delete from hs_hosting.asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid;
commit;
-- single version at point in time
@ -29,11 +29,11 @@ set hsadminng.tx_history_txid to '';
set hsadminng.tx_history_timestamp to '2024-08-29 12:42';
-- all versions
select base.tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.*
from hs_hosting_asset_ex haex
from hs_hosting.asset_ex haex
join base.tx_context txc on haex.txid=txc.txid
where haex.identifier = 'test@thi.example.org';
select uuid, version, type, identifier, caption from hs_hosting_asset_hv p where identifier = 'test@thi.example.org';
select uuid, version, type, identifier, caption from hs_hosting.asset_hv p where identifier = 'test@thi.example.org';
select pg_current_xact_id();

View File

@ -6,10 +6,10 @@ select * from hs_statistics_v;
-- This is the extracted recursive CTE query to determine the visible object UUIDs of a single table
-- (and optionally the hosting-asset-type) as a separate VIEW.
-- In the generated code this is part of the hs_hosting_asset_rv VIEW.
-- In the generated code this is part of the hs_hosting.asset_rv VIEW.
drop view if exists hs_hosting_asset_example_gv;
create view hs_hosting_asset_example_gv as
drop view if exists hs_hosting.asset_example_gv;
create view hs_hosting.asset_example_gv as
with recursive
recursive_grants as (
select distinct rbacgrants.descendantuuid,
@ -40,7 +40,7 @@ select distinct perm.objectuuid
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
join rbacobject obj on obj.uuid = perm.objectuuid
join count_check cc on cc.valid
where obj.objecttable::text = 'hs_hosting_asset'::text
where obj.objecttable::text = 'hs_hosting.asset'::text
-- with/without this type condition
-- and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
@ -56,7 +56,7 @@ CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net'
'hs_booking.project#D-1000000-hshdefaultproject:ADMIN');
-- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN');
SET TRANSACTION READ ONLY;
EXPLAIN ANALYZE select * from hs_hosting_asset_example_gv;
EXPLAIN ANALYZE select * from hs_hosting.asset_example_gv;
end transaction ;
-- ========================================================
@ -64,15 +64,15 @@ end transaction ;
-- An example for a restricted view (_rv) similar to the one generated by our RBAC system,
-- but using the above separate VIEW to determine the visible objects.
drop view if exists hs_hosting_asset_example_rv;
create view hs_hosting_asset_example_rv as
with accessible_hs_hosting_asset_uuids as (
select * from hs_hosting_asset_example_gv
drop view if exists hs_hosting.asset_example_rv;
create view hs_hosting.asset_example_rv as
with accessible_hs_hosting.asset_uuids as (
select * from hs_hosting.asset_example_gv
)
select target.*
from hs_hosting_asset target
where (target.uuid in (select accessible_hs_hosting_asset_uuids.objectuuid
from accessible_hs_hosting_asset_uuids));
from hs_hosting.asset target
where (target.uuid in (select accessible_hs_hosting.asset_uuids.objectuuid
from accessible_hs_hosting.asset_uuids));
-- -------------------------------------------------------------------------------
@ -99,7 +99,7 @@ BEGIN
-- An example for a business query based on the view:
select type, uuid, identifier, caption
from hs_hosting_asset_example_rv
from hs_hosting.asset_example_rv
where type = 'EMAIL_ADDRESS'
and identifier like letter || '%'
-- end of the business query example.
@ -115,7 +115,7 @@ BEGIN
END;
$$;
-- average seconds per recursive CTE select as role 'hs_hosting_asset:<DEBITOR>defaultproject:ADMIN'
-- average seconds per recursive CTE select as role 'hs_hosting.asset:<DEBITOR>defaultproject:ADMIN'
-- joined with business query for all 'EMAIL_ADDRESSES':
-- D-1000000-hsh D-1000300-mih
-- - without type comparison in rbacobject: ~3.30 - ~3.49 ~0.23
@ -136,7 +136,7 @@ EXPLAIN SELECT * from (
-- An example for a business query based on the view:
select type, uuid, identifier, caption
from hs_hosting_asset_example_rv
from hs_hosting.asset_example_rv
where type = 'EMAIL_ADDRESS'
-- and identifier like 'b%'
-- end of the business query example.
@ -151,17 +151,17 @@ end transaction;
alter table rbacobject
-- just for performance testing, we would need a joined enum or a varchar(16) which would make it slow
add column type hshostingassettype;
add column type hs_hosting.hshostingassettype;
-- and fill the type column with hs_hosting_asset types:
-- and fill the type column with hs_hosting.asset types:
rollback transaction;
begin transaction;
call defineContext('setting rbacobject.type from hs_hosting_asset.type', null, 'superuser-alex@hostsharing.net');
call defineContext('setting rbacobject.type from hs_hosting.asset.type', null, 'superuser-alex@hostsharing.net');
UPDATE rbacobject
SET type = hs.type
FROM hs_hosting_asset hs
FROM hs_hosting.asset hs
WHERE rbacobject.uuid = hs.uuid;
end transaction;

View File

@ -33,7 +33,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
@Entity
@Table(name = "hs_hosting_asset_rv")
@Table(schema = "hs_hosting", name = "asset_rv")
@SuperBuilder(toBuilder = true)
@Getter
@Setter

View File

@ -25,15 +25,15 @@ public interface HsHostingAssetRbacRepository extends HsHostingAssetRepository<H
ha.parentassetuuid,
ha.type,
ha.version
from hs_hosting_asset_rv ha
from hs_hosting.asset_rv ha
left join hs_booking.item bi on bi.uuid = ha.bookingitemuuid
left join hs_hosting_asset pha on pha.uuid = ha.parentassetuuid
left join hs_hosting.asset pha on pha.uuid = ha.parentassetuuid
where (:projectUuid is null or bi.projectuuid=:projectUuid)
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
and (:type is null or :type=cast(ha.type as text))
""", nativeQuery = true)
// The JPQL query did not generate "left join" but just "join".
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting_asset, only for hs_hosting_asset_rv.
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting.asset, only for hs_hosting.asset_rv.
List<HsHostingAssetRbacEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
default List<HsHostingAssetRbacEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));

View File

@ -9,7 +9,7 @@ import jakarta.persistence.Entity;
import jakarta.persistence.Table;
@Entity
@Table(name = "hs_hosting_asset")
@Table(schema = "hs_hosting", name = "asset")
@SuperBuilder(builderMethodName = "genericBuilder", toBuilder = true)
@Getter
@Setter

View File

@ -24,15 +24,15 @@ public interface HsHostingAssetRealRepository extends HsHostingAssetRepository<H
ha.parentassetuuid,
ha.type,
ha.version
from hs_hosting_asset_rv ha
from hs_hosting.asset_rv ha
left join hs_booking.item bi on bi.uuid = ha.bookingitemuuid
left join hs_hosting_asset pha on pha.uuid = ha.parentassetuuid
left join hs_hosting.asset pha on pha.uuid = ha.parentassetuuid
where (:projectUuid is null or bi.projectuuid=:projectUuid)
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
and (:type is null or :type=cast(ha.type as text))
""", nativeQuery = true)
// The JPQL query did not generate "left join" but just "join".
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting_asset, only for hs_hosting_asset_rv.
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting.asset, only for hs_hosting.asset_rv.
List<HsHostingAssetRealEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
default List<HsHostingAssetRealEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));

View File

@ -53,7 +53,7 @@ class HsUnixUserHostingAssetValidator extends HostingAssetEntityValidator {
}
private static Integer computeUserId(final EntityManager em, final PropertiesProvider propertiesProvider) {
final Object result = em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class)
final Object result = em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class)
.getSingleResult();
return (Integer) result;
}

View File

@ -89,7 +89,7 @@ public class InsertTriggerGenerator {
with("superRoleRef", toRoleDescriptor(g.getSuperRoleDef(), "row")));
} else {
plPgSql.writeLn("""
-- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped,
-- Granting INSERT INTO hs_hosting.asset permissions to specified role of pre-existing hs_hosting.asset rows slipped,
-- because there cannot yet be any pre-existing rows in the same table yet.
""",
with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()),

View File

@ -987,7 +987,7 @@ public class RbacView {
return getRawTableName()
.replace("hs_office.", "hsof.")
.replace("hs_booking.", "hsbk_")
.replace("hs_hosting_", "hsho_")
.replace("hs_hosting.", "hsho_")
.replace("coopsharestransaction", "coopsharetx")
.replace("coopassetstransaction", "coopassettx");
}

View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:booking-item-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create type HsBookingItemType as enum (
create type hs_booking.HsBookingItemType as enum (
'PRIVATE_CLOUD',
'CLOUD_SERVER',
'MANAGED_SERVER',
@ -12,14 +12,14 @@ create type HsBookingItemType as enum (
'DOMAIN_SETUP'
);
CREATE CAST (character varying as HsBookingItemType) WITH INOUT AS IMPLICIT;
CREATE CAST (character varying as hs_booking.HsBookingItemType) WITH INOUT AS IMPLICIT;
create table if not exists hs_booking.item
(
uuid uuid unique references rbac.object (uuid),
version int not null default 0,
projectUuid uuid null references hs_booking.project(uuid),
type HsBookingItemType not null,
type hs_booking.HsBookingItemType not null,
parentItemUuid uuid null references hs_booking.item(uuid) initially deferred,
validity daterange not null,
caption varchar(80) not null,

View File

@ -186,7 +186,7 @@ execute procedure hs_booking.new_item_grants_insert_to_project_tf();
-- granting INSERT permission to hs_booking.item ----------------------------
-- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped,
-- Granting INSERT INTO hs_hosting.asset permissions to specified role of pre-existing hs_hosting.asset rows slipped,
-- because there cannot yet be any pre-existing rows in the same table yet.
/**

View File

@ -0,0 +1,8 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:hs-hosting-SCHEMA endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SCHEMA hs_hosting;
--//

View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hosting-asset-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create type HsHostingAssetType as enum (
create type hs_hosting.HsHostingAssetType as enum (
'CLOUD_SERVER',
'MANAGED_SERVER',
'MANAGED_WEBSPACE',
@ -26,22 +26,22 @@ create type HsHostingAssetType as enum (
'IPV6_NUMBER'
);
CREATE CAST (character varying as HsHostingAssetType) WITH INOUT AS IMPLICIT;
CREATE CAST (character varying as hs_hosting.HsHostingAssetType) WITH INOUT AS IMPLICIT;
create table if not exists hs_hosting_asset
create table if not exists hs_hosting.asset
(
uuid uuid unique references rbac.object (uuid),
version int not null default 0,
bookingItemUuid uuid null references hs_booking.item(uuid),
type HsHostingAssetType not null,
parentAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred,
assignedToAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred,
type hs_hosting.HsHostingAssetType not null,
parentAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred,
assignedToAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred,
identifier varchar(80) not null,
caption varchar(80),
config jsonb not null,
alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred,
constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset
constraint hosting_asset_has_booking_item_or_parent_asset
check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER'))
);
--//
@ -54,16 +54,16 @@ create table if not exists hs_hosting_asset
-- TODO.impl: this could be generated from HsHostingAssetType
-- also including a check for assignedToAssetUuud
create or replace function hs_hosting_asset_type_hierarchy_check_tf()
create or replace function hs_hosting.asset_type_hierarchy_check_tf()
returns trigger
language plpgsql as $$
declare
actualParentType HsHostingAssetType;
expectedParentType HsHostingAssetType;
actualParentType hs_hosting.HsHostingAssetType;
expectedParentType hs_hosting.HsHostingAssetType;
begin
if NEW.parentAssetUuid is not null then
actualParentType := (select type
from hs_hosting_asset
from hs_hosting.asset
where NEW.parentAssetUuid = uuid);
end if;
@ -104,10 +104,10 @@ begin
return NEW;
end; $$;
create trigger hs_hosting_asset_type_hierarchy_check_tg
before insert on hs_hosting_asset
create trigger hosting_asset_type_hierarchy_check_tg
before insert on hs_hosting.asset
for each row
execute procedure hs_hosting_asset_type_hierarchy_check_tf();
execute procedure hs_hosting.asset_type_hierarchy_check_tf();
--//
@ -116,7 +116,7 @@ create trigger hs_hosting_asset_type_hierarchy_check_tg
--changeset michael.hoennig:hosting-asset-system-sequences endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq
CREATE SEQUENCE IF NOT EXISTS hs_hosting.asset_unixuser_system_id_seq
AS integer
MINVALUE 1000000
MAXVALUE 9999999
@ -130,12 +130,12 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq
--changeset michael.hoennig:hosting-asset-BOOKING-ITEM-HIERARCHY-CHECK endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function hs_hosting_asset_booking_item_hierarchy_check_tf()
create or replace function hs_hosting.asset_booking_item_hierarchy_check_tf()
returns trigger
language plpgsql as $$
declare
actualBookingItemType HsBookingItemType;
expectedBookingItemType HsBookingItemType;
actualBookingItemType hs_booking.HsBookingItemType;
expectedBookingItemType hs_booking.HsBookingItemType;
begin
actualBookingItemType := (select type
from hs_booking.item
@ -156,24 +156,24 @@ begin
return NEW;
end; $$;
create trigger hs_hosting_asset_booking_item_hierarchy_check_tg
before insert on hs_hosting_asset
create trigger hosting_asset_booking_item_hierarchy_check_tg
before insert on hs_hosting.asset
for each row
execute procedure hs_hosting_asset_booking_item_hierarchy_check_tf();
execute procedure hs_hosting.asset_booking_item_hierarchy_check_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_hosting_asset');
call base.create_journal('hs_hosting.asset');
--//
-- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-HISTORIZATION endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.tx_create_historicization('hs_hosting_asset');
call base.tx_create_historicization('hs_hosting.asset');
--//

View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_hosting_asset');
call rbac.generateRelatedRbacObject('hs_hosting.asset');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting.asset');
--//
@ -24,27 +24,27 @@ call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure hs_hosting_asset_build_rbac_system(
NEW hs_hosting_asset
create or replace procedure hs_hosting.asset_build_rbac_system(
NEW hs_hosting.asset
)
language plpgsql as $$
declare
newBookingItem hs_booking.item;
newAssignedToAsset hs_hosting_asset;
newAssignedToAsset hs_hosting.asset;
newAlarmContact hs_office.contact;
newParentAsset hs_hosting_asset;
newParentAsset hs_hosting.asset;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_booking.item WHERE uuid = NEW.bookingItemUuid INTO newBookingItem;
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
SELECT * FROM hs_hosting.asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact;
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
perform rbac.defineRoleWithGrants(
hsHostingAssetOWNER(NEW),
@ -93,22 +93,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting.asset row.
*/
create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf()
create or replace function hs_hosting.asset_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call hs_hosting_asset_build_rbac_system(NEW);
call hs_hosting.asset_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger build_rbac_system_after_insert_tg
after insert on hs_hosting_asset
after insert on hs_hosting.asset
for each row
execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
--//
@ -120,9 +120,9 @@ execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure hs_hosting_asset_update_rbac_system(
OLD hs_hosting_asset,
NEW hs_hosting_asset
create or replace procedure hs_hosting.asset_update_rbac_system(
OLD hs_hosting.asset,
NEW hs_hosting.asset
)
language plpgsql as $$
begin
@ -130,27 +130,27 @@ begin
if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid
or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call hs_hosting_asset_build_rbac_system(NEW);
call hs_hosting.asset_build_rbac_system(NEW);
end if;
end; $$;
/*
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting.asset row.
*/
create or replace function hs_hosting_asset_update_rbac_system_after_update_tf()
create or replace function hs_hosting.asset_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call hs_hosting_asset_update_rbac_system(OLD, NEW);
call hs_hosting.asset_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger update_rbac_system_after_update_tg
after update on hs_hosting_asset
after update on hs_hosting.asset
for each row
execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
execute procedure hs_hosting.asset_update_rbac_system_after_update_tf();
--//
@ -158,7 +158,7 @@ execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
--changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
call rbac.generateRbacIdentityViewFromProjection('hs_hosting.asset',
$idName$
identifier
$idName$);
@ -168,7 +168,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_hosting_asset',
call rbac.generateRbacRestrictedView('hs_hosting.asset',
$orderBy$
identifier
$orderBy$,

View File

@ -7,9 +7,9 @@
--changeset hs-hosting-asset-MIGRATION-mapping:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE TABLE hs_hosting_asset_legacy_id
CREATE TABLE hs_hosting.asset_legacy_id
(
uuid uuid NOT NULL REFERENCES hs_hosting_asset(uuid),
uuid uuid NOT NULL REFERENCES hs_hosting.asset(uuid),
legacy_id integer NOT NULL
);
--//
@ -19,10 +19,10 @@ CREATE TABLE hs_hosting_asset_legacy_id
--changeset hs-hosting-asset-MIGRATION-sequence:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_legacy_id_seq
CREATE SEQUENCE IF NOT EXISTS hs_hosting.asset_legacy_id_seq
AS integer
START 1000000000
OWNED BY hs_hosting_asset_legacy_id.legacy_id;
OWNED BY hs_hosting.asset_legacy_id.legacy_id;
--//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_legacy_id_seq
--changeset hs-hosting-asset-MIGRATION-default:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
ALTER TABLE hs_hosting_asset_legacy_id
ALTER TABLE hs_hosting.asset_legacy_id
ALTER COLUMN legacy_id
SET DEFAULT nextVal('hs_hosting_asset_legacy_id_seq');
SET DEFAULT nextVal('hs_hosting.asset_legacy_id_seq');
--/
@ -41,8 +41,8 @@ ALTER TABLE hs_hosting_asset_legacy_id
-- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration');
INSERT INTO hs_hosting_asset_legacy_id(uuid, legacy_id)
SELECT uuid, nextVal('hs_hosting_asset_legacy_id_seq') FROM hs_hosting_asset;
INSERT INTO hs_hosting.asset_legacy_id(uuid, legacy_id)
SELECT uuid, nextVal('hs_hosting.asset_legacy_id_seq') FROM hs_hosting.asset;
--/
@ -58,14 +58,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
INSERT INTO hs_hosting_asset_legacy_id VALUES
(NEW.uuid, nextVal('hs_hosting_asset_legacy_id_seq'));
INSERT INTO hs_hosting.asset_legacy_id VALUES
(NEW.uuid, nextVal('hs_hosting.asset_legacy_id_seq'));
return NEW;
end; $$;
create trigger createassetLegacyIdMapping
after insert on hs_hosting_asset
after insert on hs_hosting.asset
for each row
execute procedure insertassetLegacyIdMapping();
--/
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
DELETE FROM hs_hosting_asset_legacy_id
DELETE FROM hs_hosting.asset_legacy_id
WHERE uuid = OLD.uuid;
return OLD;
end; $$;
create trigger deleteassetLegacyIdMapping_tg
before delete on hs_hosting_asset
before delete on hs_hosting.asset
for each row
execute procedure deleteassetLegacyIdMapping_tf();
--/

View File

@ -6,7 +6,7 @@
-- ----------------------------------------------------------------------------
/*
Creates a single hs_hosting_asset test record.
Creates a single hs_hosting.asset test record.
*/
create or replace procedure createHsHostingAssetTestData(givenProjectCaption varchar)
language plpgsql as $$
@ -79,7 +79,7 @@ begin
debitorNumberSuffix := relatedDebitor.debitorNumberSuffix;
defaultPrefix := relatedDebitor.defaultPrefix;
insert into hs_hosting_asset
insert into hs_hosting.asset
(uuid, bookingitemuuid, type, parentAssetUuid, assignedToAssetUuid, identifier, caption, config)
values
(managedServerUuid, managedServerBI.uuid, 'MANAGED_SERVER', null, null, 'vm10' || debitorNumberSuffix, 'some ManagedServer', '{ "monit_max_cpu_usage": 90, "monit_max_ram_usage": 80, "monit_max_ssd_usage": 70 }'::jsonb),

View File

@ -12,8 +12,8 @@ select *
from rbac.object
group by objecttable
union all
select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting_asset', type::text
from hs_hosting_asset
select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting.asset', type::text
from hs_hosting.asset
group by type
union all
select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_booking.item', type::text

View File

@ -159,6 +159,8 @@ databaseChangeLog:
file: db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
- include:
file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql
- include:
file: db/changelog/7-hs-hosting/700-hs-hosting-schema.sql
- include:
file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
- include:

View File

@ -114,7 +114,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting_asset#fir01:AGENT")
.header("assumed-roles", "hs_hosting.asset#fir01:AGENT")
.port(port)
.when()
. get("http://localhost/api/hs/hosting/assets?type=" + EMAIL_ALIAS)
@ -218,7 +218,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting_asset#vm1011:ADMIN")
.header("assumed-roles", "hs_hosting.asset#vm1011:ADMIN")
.contentType(ContentType.JSON)
.body("""
{
@ -574,7 +574,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
//.header("assumed-roles", "hs_hosting_asset#vm2001:ADMIN")
//.header("assumed-roles", "hs_hosting.asset#vm2001:ADMIN")
.contentType(ContentType.JSON)
.body("""
{

View File

@ -78,7 +78,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption'
from base.tx_journal_v
where targettable = 'hs_hosting_asset';
where targettable = 'hs_hosting.asset';
""");
// when
@ -86,24 +86,24 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, another CloudServer]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-DNS-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-HTTP-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-MBOX-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-SMTP-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some E-Mail-Address]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some E-Mail-Alias]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some ManagedServer]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some UnixUser for E-Mail]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some UnixUser for Website]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Webspace]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB instance]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB user]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB database]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql instance]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql user]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql database]"
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, another CloudServer]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-DNS-Setup]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-HTTP-Setup]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-MBOX-Setup]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-SMTP-Setup]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-Setup]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some E-Mail-Address]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some E-Mail-Alias]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some ManagedServer]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some UnixUser for E-Mail]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some UnixUser for Website]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Webspace]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB instance]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB user]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB database]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql instance]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql user]",
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql database]"
);
}
@ -112,7 +112,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// given
final String nativeQuerySql = """
select count(*)
from hs_hosting_asset_hv ha;
from hs_hosting.asset_hv ha;
""";
// when
@ -121,7 +121,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
@SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult();
// then
assertThat(countBefore).as("hs_hosting_asset_hv should not contain rows for a timestamp in the past").isEqualTo(0);
assertThat(countBefore).as("hs_hosting.asset_hv should not contain rows for a timestamp in the past").isEqualTo(0);
// and when
historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant()));
@ -129,7 +129,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
@SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult();
// then
assertThat(countAfter).as("hs_hosting_asset_hv should contain rows for a timestamp in the future").isGreaterThan(1);
assertThat(countAfter).as("hs_hosting.asset_hv should contain rows for a timestamp in the future").isGreaterThan(1);
}
@Nested
@ -192,37 +192,37 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_hosting_asset#fir00:ADMIN",
"hs_hosting_asset#fir00:AGENT",
"hs_hosting_asset#fir00:OWNER",
"hs_hosting_asset#fir00:TENANT"));
"hs_hosting.asset#fir00:ADMIN",
"hs_hosting.asset#fir00:AGENT",
"hs_hosting.asset#fir00:OWNER",
"hs_hosting.asset#fir00:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.containsExactlyInAnyOrder(fromFormatted(
initialGrantNames,
// rbac.global-admin
"{ grant role:hs_hosting_asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround
"{ grant role:hs_hosting.asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround
// owner
"{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }",
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking.item#fir01:ADMIN by system and assume }",
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }",
"{ grant role:hs_hosting.asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting.asset#fir00:OWNER and assume }",
"{ grant role:hs_hosting.asset#fir00:OWNER to role:hs_booking.item#fir01:ADMIN by system and assume }",
"{ grant role:hs_hosting.asset#fir00:OWNER to role:hs_hosting.asset#vm1011:ADMIN by system and assume }",
"{ grant perm:hs_hosting.asset#fir00:DELETE to role:hs_hosting.asset#fir00:OWNER by system and assume }",
// admin
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#fir00:OWNER by system and assume }",
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_booking.item#fir01:AGENT by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:UPDATE to role:hs_hosting_asset#fir00:ADMIN by system and assume }",
"{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_hosting.asset#fir00:OWNER by system and assume }",
"{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_booking.item#fir01:AGENT by system and assume }",
"{ grant perm:hs_hosting.asset#fir00:UPDATE to role:hs_hosting.asset#fir00:ADMIN by system and assume }",
// agent
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#vm1011:AGENT by system and assume }",
"{ grant role:hs_hosting_asset#fir00:AGENT to role:hs_hosting_asset#fir00:ADMIN by system and assume }",
"{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_hosting.asset#vm1011:AGENT by system and assume }",
"{ grant role:hs_hosting.asset#fir00:AGENT to role:hs_hosting.asset#fir00:ADMIN by system and assume }",
// tenant
"{ grant role:hs_booking.item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
"{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }",
"{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
"{ grant role:hs_booking.item#fir01:TENANT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
"{ grant role:hs_hosting.asset#fir00:TENANT to role:hs_hosting.asset#fir00:AGENT by system and assume }",
"{ grant role:hs_hosting.asset#vm1011:TENANT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
"{ grant perm:hs_hosting.asset#fir00:SELECT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
null));
}
@ -251,7 +251,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
assertThatAssetIsPersisted(result.returnedValue());
// ... a rbac.global admin can see the new domain setup as well if the domain OWNER role is assumed
context("superuser-alex@hostsharing.net", "hs_hosting_asset#example.net:OWNER"); // only works with the assumed role
context("superuser-alex@hostsharing.net", "hs_hosting.asset#example.net:OWNER"); // only works with the assumed role
assertThatAssetIsPersisted(result.returnedValue());
}
@ -309,7 +309,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
.findAny().orElseThrow().getUuid();
// when
context("superuser-alex@hostsharing.net", "hs_hosting_asset#vm1012:AGENT");
context("superuser-alex@hostsharing.net", "hs_hosting.asset#vm1012:AGENT");
final var result = rbacAssetRepo.findAllByCriteria(null, parentAssetUuid, null);
// then
@ -326,7 +326,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
context("superuser-alex@hostsharing.net");
// when
context("superuser-alex@hostsharing.net", "hs_hosting_asset#sec01:AGENT");
context("superuser-alex@hostsharing.net", "hs_hosting.asset#sec01:AGENT");
final var result = rbacAssetRepo.findAllByCriteria(null, null, EMAIL_ADDRESS);
// then
@ -417,7 +417,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// when
final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com", "hs_hosting_asset#vm1000:ADMIN");
context("person-FirbySusan@example.com", "hs_hosting.asset#vm1000:ADMIN");
assertThat(rbacAssetRepo.findByUuid(givenAsset.getUuid())).isPresent();
rbacAssetRepo.deleteByUuid(givenAsset.getUuid());
@ -426,7 +426,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] Subject ", " is not allowed to delete hs_hosting_asset");
"[403] Subject ", " is not allowed to delete hs_hosting.asset");
assertThat(jpaAttempt.transacted(() -> {
return realAssetRepo.findByUuid(givenAsset.getUuid());
}).assertSuccessful().returnedValue()).isPresent(); // still there

View File

@ -68,7 +68,7 @@ class HsUnixUserHostingAssetValidatorUnitTest {
void initMocks() {
final var nativeQueryMock = mock(Query.class);
lenient().when(nativeQueryMock.getSingleResult()).thenReturn(12345678);
lenient().when(em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class))
lenient().when(em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class))
.thenReturn(nativeQueryMock);
}

View File

@ -187,7 +187,7 @@ public class CsvDataImport extends ContextBasedTest {
}
final var query = em.createNativeQuery("""
insert into hs_hosting_asset(
insert into hs_hosting.asset(
uuid,
type,
bookingitemuuid,
@ -248,8 +248,8 @@ public class CsvDataImport extends ContextBasedTest {
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
// TODO.perf: could we instead skip creating test-data based on an env var?
em.createNativeQuery("delete from hs_hosting_asset where true").executeUpdate();
em.createNativeQuery("delete from hs_hosting_asset_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_hosting.asset where true").executeUpdate();
em.createNativeQuery("delete from hs_hosting.asset_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_booking.item where true").executeUpdate();
em.createNativeQuery("delete from hs_booking.item_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_booking.project where true").executeUpdate();

View File

@ -921,7 +921,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
@Test
@Order(19920)
void verifyHostingAssetsAreActuallyPersisted() {
final var haCount = (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset", Integer.class)
final var haCount = (Integer) em.createNativeQuery("select count(*) from hs_hosting.asset", Integer.class)
.getSingleResult();
assertThat(haCount).isGreaterThan(isImportingControlledTestData() ? 40 : 15000);
@ -1069,7 +1069,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
final var haCount = jpaAttempt.transacted(() -> {
context(rbacSuperuser, "hs_booking.project#D-1000300-mimdefaultproject:AGENT");
return (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset_rv where type='EMAIL_ADDRESS'", Integer.class)
return (Integer) em.createNativeQuery("select count(*) from hs_hosting.asset_rv where type='EMAIL_ADDRESS'", Integer.class)
.getSingleResult();
}).assertSuccessful().returnedValue();
assertThat(haCount).isEqualTo(68);
@ -1136,7 +1136,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
updateLegacyIds(assets, "hs_hosting_asset_legacy_id", "legacy_id");
updateLegacyIds(assets, "hs_hosting.asset_legacy_id", "legacy_id");
}).assertSuccessful();
}
@ -1145,7 +1145,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
final int expectedCountInTestDataCount,
final int minCountExpectedInProdData) {
final var q = em.createNativeQuery(
"select count(*) from hs_hosting_asset where type = cast(:type as HsHostingAssetType)",
"select count(*) from hs_hosting.asset where type = cast(:type as HsHostingAssetType)",
Integer.class);
q.setParameter("type", assetType.name());
final var count = (Integer) q.getSingleResult();
@ -1895,8 +1895,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
//noinspection unchecked
return ((List<List<?>>) em.createNativeQuery(
"""
SELECT li.* FROM hs_hosting_asset_legacy_id li
JOIN hs_hosting_asset ha ON ha.uuid=li.uuid
SELECT li.* FROM hs_hosting.asset_legacy_id li
JOIN hs_hosting.asset ha ON ha.uuid=li.uuid
WHERE CAST(ha.type AS text)=:type
ORDER BY legacy_id
""",
@ -1910,8 +1910,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
//noinspection unchecked
return ((List<List<?>>) em.createNativeQuery(
"""
SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting_asset ha
JOIN hs_hosting_asset_legacy_id li ON li.uuid=ha.uuid
SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting.asset ha
JOIN hs_hosting.asset_legacy_id li ON li.uuid=ha.uuid
WHERE li.legacy_id is null AND CAST(ha.type AS text)=:type
ORDER BY li.legacy_id
""",