introduce-separate-database-schemas-hs-booking-and-hosting #106
@ -199,7 +199,7 @@ Limit (cost=6549.08..6549.35 rows=54 width=16)
|
||||
Group Key: grants.descendantuuid
|
||||
-> CTE Scan on grants (cost=0.00..22.06 rows=1103 width=16)
|
||||
-> Index Only Scan using rbacobject_objecttable_uuid_key on rbacobject obj (cost=0.28..0.31 rows=1 width=16)
|
||||
Index Cond: ((objecttable = 'hs_hosting_asset'::text) AND (uuid = perm.objectuuid))
|
||||
Index Cond: ((objecttable = 'hs_hosting.asset'::text) AND (uuid = perm.objectuuid))
|
||||
```
|
||||
|
||||
### Office-Relation-Query
|
||||
@ -276,8 +276,8 @@ At this point, the import took 21mins with these statistics:
|
||||
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
|
||||
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
|
||||
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
|
||||
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
|
||||
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
|
||||
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 |
|
||||
@ -300,8 +300,8 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch
|
||||
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
|
||||
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
|
||||
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
|
||||
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 |
|
||||
insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
|
||||
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
|
||||
@ -318,7 +318,7 @@ But once UnixUser and EmailAlias assets got added to the import, the total time
|
||||
|
||||
This was not acceptable, especially not, considering that domains, email-addresses and database-assets are almost 10 times that number and thus the import would go up to over 1100min which is 20 hours.
|
||||
|
||||
In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting_asset) not to the RBAC-view (hs_hosting_asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway.
|
||||
In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting.asset) not to the RBAC-view (hs_hosting.asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway.
|
||||
|
||||
The main problem was, that there is something strange with persisting (`EntityManager.persist`) for EmailAlias assets. Where importing UnixUsers was mostly slow due to RBAC SELECT-permission checks, persisting EmailAliases suddenly created about a million (in numbers 1.000.000) SQL UPDATE statements after the INSERT, all with the same data, just increased version number (used for optimistic locking). We were not able to figure out why this happened.
|
||||
|
||||
@ -330,7 +330,7 @@ Now, the longest running queries are these:
|
||||
|
||||
| No.| calls | total_m | mean_ms | query |
|
||||
|---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
|
||||
| 1 | 13.093 | 4 | 21 | insert into hs_hosting.asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
|
||||
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 |
|
||||
| 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) |
|
||||
| 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) |
|
||||
@ -341,7 +341,7 @@ Now, the longest running queries are these:
|
||||
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
|
||||
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
|
||||
|
||||
That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
|
||||
That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
|
||||
|
||||
It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time.
|
||||
|
||||
@ -408,12 +408,12 @@ We found some solution approaches:
|
||||
This optimization idea came from Michael Hierweck and was promising.
|
||||
The idea is to reduce the size of the result of the recursive CTE query and maybe even speed up that query itself.
|
||||
|
||||
To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting_asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without.
|
||||
To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting.asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without.
|
||||
|
||||
If we do this for other types (we currently have 1,271 relations and 927 booking items), it gets more complicated because they are different enum types. As varchar(16), we could lose performance again due to the higher storage space requirements.
|
||||
|
||||
But the performance gained is not particularly high anyway.
|
||||
See the average seconds per recursive CTE select as role 'hs_hosting_asset:<DEBITOR>defaultproject:ADMIN',
|
||||
See the average seconds per recursive CTE select as role 'hs_hosting.asset:<DEBITOR>defaultproject:ADMIN',
|
||||
joined with business query for all `'EMAIL_ADDRESSES'`:
|
||||
|
||||
| | D-1000000-hsh | D-1000300-mih |
|
||||
|
@ -10,17 +10,17 @@ call defineContext('historization testing', null, 'superuser-alex@hostsharing.ne
|
||||
'hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN'); -- prod+test
|
||||
-- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN'); -- prod
|
||||
-- 'hs_booking.project#D-1000300-mimdefaultproject:ADMIN'); -- test
|
||||
-- update hs_hosting_asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod
|
||||
-- update hs_hosting_asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
|
||||
-- update hs_hosting_asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
|
||||
-- update hs_hosting.asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod
|
||||
-- update hs_hosting.asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
|
||||
-- update hs_hosting.asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
|
||||
|
||||
-- insert into hs_hosting_asset
|
||||
-- insert into hs_hosting.asset
|
||||
-- (uuid, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, identifier, caption, config, alarmcontactuuid)
|
||||
-- values
|
||||
-- (uuid_generate_v4(), null, 'EMAIL_ADDRESS', 'bbda5895-0569-4e20-bb4c-34f3a38f3f63'::uuid, null,
|
||||
-- 'new@thi.example.org', 'some new E-Mail-Address', '{}'::jsonb, null);
|
||||
|
||||
delete from hs_hosting_asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid;
|
||||
delete from hs_hosting.asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid;
|
||||
commit;
|
||||
|
||||
-- single version at point in time
|
||||
@ -29,11 +29,11 @@ set hsadminng.tx_history_txid to '';
|
||||
set hsadminng.tx_history_timestamp to '2024-08-29 12:42';
|
||||
-- all versions
|
||||
select base.tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.*
|
||||
from hs_hosting_asset_ex haex
|
||||
from hs_hosting.asset_ex haex
|
||||
join base.tx_context txc on haex.txid=txc.txid
|
||||
where haex.identifier = 'test@thi.example.org';
|
||||
|
||||
select uuid, version, type, identifier, caption from hs_hosting_asset_hv p where identifier = 'test@thi.example.org';
|
||||
select uuid, version, type, identifier, caption from hs_hosting.asset_hv p where identifier = 'test@thi.example.org';
|
||||
|
||||
select pg_current_xact_id();
|
||||
|
||||
|
@ -6,10 +6,10 @@ select * from hs_statistics_v;
|
||||
|
||||
-- This is the extracted recursive CTE query to determine the visible object UUIDs of a single table
|
||||
-- (and optionally the hosting-asset-type) as a separate VIEW.
|
||||
-- In the generated code this is part of the hs_hosting_asset_rv VIEW.
|
||||
-- In the generated code this is part of the hs_hosting.asset_rv VIEW.
|
||||
|
||||
drop view if exists hs_hosting_asset_example_gv;
|
||||
create view hs_hosting_asset_example_gv as
|
||||
drop view if exists hs_hosting.asset_example_gv;
|
||||
create view hs_hosting.asset_example_gv as
|
||||
with recursive
|
||||
recursive_grants as (
|
||||
select distinct rbacgrants.descendantuuid,
|
||||
@ -40,7 +40,7 @@ select distinct perm.objectuuid
|
||||
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
|
||||
join rbacobject obj on obj.uuid = perm.objectuuid
|
||||
join count_check cc on cc.valid
|
||||
where obj.objecttable::text = 'hs_hosting_asset'::text
|
||||
where obj.objecttable::text = 'hs_hosting.asset'::text
|
||||
-- with/without this type condition
|
||||
-- and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
|
||||
and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
|
||||
@ -56,7 +56,7 @@ CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net'
|
||||
'hs_booking.project#D-1000000-hshdefaultproject:ADMIN');
|
||||
-- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN');
|
||||
SET TRANSACTION READ ONLY;
|
||||
EXPLAIN ANALYZE select * from hs_hosting_asset_example_gv;
|
||||
EXPLAIN ANALYZE select * from hs_hosting.asset_example_gv;
|
||||
end transaction ;
|
||||
|
||||
-- ========================================================
|
||||
@ -64,15 +64,15 @@ end transaction ;
|
||||
-- An example for a restricted view (_rv) similar to the one generated by our RBAC system,
|
||||
-- but using the above separate VIEW to determine the visible objects.
|
||||
|
||||
drop view if exists hs_hosting_asset_example_rv;
|
||||
create view hs_hosting_asset_example_rv as
|
||||
with accessible_hs_hosting_asset_uuids as (
|
||||
select * from hs_hosting_asset_example_gv
|
||||
drop view if exists hs_hosting.asset_example_rv;
|
||||
create view hs_hosting.asset_example_rv as
|
||||
with accessible_hs_hosting.asset_uuids as (
|
||||
select * from hs_hosting.asset_example_gv
|
||||
)
|
||||
select target.*
|
||||
from hs_hosting_asset target
|
||||
where (target.uuid in (select accessible_hs_hosting_asset_uuids.objectuuid
|
||||
from accessible_hs_hosting_asset_uuids));
|
||||
from hs_hosting.asset target
|
||||
where (target.uuid in (select accessible_hs_hosting.asset_uuids.objectuuid
|
||||
from accessible_hs_hosting.asset_uuids));
|
||||
|
||||
-- -------------------------------------------------------------------------------
|
||||
|
||||
@ -99,7 +99,7 @@ BEGIN
|
||||
|
||||
-- An example for a business query based on the view:
|
||||
select type, uuid, identifier, caption
|
||||
from hs_hosting_asset_example_rv
|
||||
from hs_hosting.asset_example_rv
|
||||
where type = 'EMAIL_ADDRESS'
|
||||
and identifier like letter || '%'
|
||||
-- end of the business query example.
|
||||
@ -115,7 +115,7 @@ BEGIN
|
||||
END;
|
||||
$$;
|
||||
|
||||
-- average seconds per recursive CTE select as role 'hs_hosting_asset:<DEBITOR>defaultproject:ADMIN'
|
||||
-- average seconds per recursive CTE select as role 'hs_hosting.asset:<DEBITOR>defaultproject:ADMIN'
|
||||
-- joined with business query for all 'EMAIL_ADDRESSES':
|
||||
-- D-1000000-hsh D-1000300-mih
|
||||
-- - without type comparison in rbacobject: ~3.30 - ~3.49 ~0.23
|
||||
@ -136,7 +136,7 @@ EXPLAIN SELECT * from (
|
||||
|
||||
-- An example for a business query based on the view:
|
||||
select type, uuid, identifier, caption
|
||||
from hs_hosting_asset_example_rv
|
||||
from hs_hosting.asset_example_rv
|
||||
where type = 'EMAIL_ADDRESS'
|
||||
-- and identifier like 'b%'
|
||||
-- end of the business query example.
|
||||
@ -151,17 +151,17 @@ end transaction;
|
||||
|
||||
alter table rbacobject
|
||||
-- just for performance testing, we would need a joined enum or a varchar(16) which would make it slow
|
||||
add column type hshostingassettype;
|
||||
add column type hs_hosting.hshostingassettype;
|
||||
|
||||
-- and fill the type column with hs_hosting_asset types:
|
||||
-- and fill the type column with hs_hosting.asset types:
|
||||
|
||||
rollback transaction;
|
||||
begin transaction;
|
||||
call defineContext('setting rbacobject.type from hs_hosting_asset.type', null, 'superuser-alex@hostsharing.net');
|
||||
call defineContext('setting rbacobject.type from hs_hosting.asset.type', null, 'superuser-alex@hostsharing.net');
|
||||
|
||||
UPDATE rbacobject
|
||||
SET type = hs.type
|
||||
FROM hs_hosting_asset hs
|
||||
FROM hs_hosting.asset hs
|
||||
WHERE rbacobject.uuid = hs.uuid;
|
||||
|
||||
end transaction;
|
||||
|
@ -33,7 +33,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_hosting_asset_rv")
|
||||
@Table(schema = "hs_hosting", name = "asset_rv")
|
||||
@SuperBuilder(toBuilder = true)
|
||||
@Getter
|
||||
@Setter
|
||||
|
@ -25,15 +25,15 @@ public interface HsHostingAssetRbacRepository extends HsHostingAssetRepository<H
|
||||
ha.parentassetuuid,
|
||||
ha.type,
|
||||
ha.version
|
||||
from hs_hosting_asset_rv ha
|
||||
from hs_hosting.asset_rv ha
|
||||
left join hs_booking.item bi on bi.uuid = ha.bookingitemuuid
|
||||
left join hs_hosting_asset pha on pha.uuid = ha.parentassetuuid
|
||||
left join hs_hosting.asset pha on pha.uuid = ha.parentassetuuid
|
||||
where (:projectUuid is null or bi.projectuuid=:projectUuid)
|
||||
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
|
||||
and (:type is null or :type=cast(ha.type as text))
|
||||
""", nativeQuery = true)
|
||||
// The JPQL query did not generate "left join" but just "join".
|
||||
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting_asset, only for hs_hosting_asset_rv.
|
||||
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting.asset, only for hs_hosting.asset_rv.
|
||||
List<HsHostingAssetRbacEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
|
||||
default List<HsHostingAssetRbacEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
|
||||
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));
|
||||
|
@ -9,7 +9,7 @@ import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_hosting_asset")
|
||||
@Table(schema = "hs_hosting", name = "asset")
|
||||
@SuperBuilder(builderMethodName = "genericBuilder", toBuilder = true)
|
||||
@Getter
|
||||
@Setter
|
||||
|
@ -24,15 +24,15 @@ public interface HsHostingAssetRealRepository extends HsHostingAssetRepository<H
|
||||
ha.parentassetuuid,
|
||||
ha.type,
|
||||
ha.version
|
||||
from hs_hosting_asset_rv ha
|
||||
from hs_hosting.asset_rv ha
|
||||
left join hs_booking.item bi on bi.uuid = ha.bookingitemuuid
|
||||
left join hs_hosting_asset pha on pha.uuid = ha.parentassetuuid
|
||||
left join hs_hosting.asset pha on pha.uuid = ha.parentassetuuid
|
||||
where (:projectUuid is null or bi.projectuuid=:projectUuid)
|
||||
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
|
||||
and (:type is null or :type=cast(ha.type as text))
|
||||
""", nativeQuery = true)
|
||||
// The JPQL query did not generate "left join" but just "join".
|
||||
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting_asset, only for hs_hosting_asset_rv.
|
||||
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting.asset, only for hs_hosting.asset_rv.
|
||||
List<HsHostingAssetRealEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
|
||||
default List<HsHostingAssetRealEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
|
||||
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));
|
||||
|
@ -53,7 +53,7 @@ class HsUnixUserHostingAssetValidator extends HostingAssetEntityValidator {
|
||||
}
|
||||
|
||||
private static Integer computeUserId(final EntityManager em, final PropertiesProvider propertiesProvider) {
|
||||
final Object result = em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class)
|
||||
final Object result = em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class)
|
||||
.getSingleResult();
|
||||
return (Integer) result;
|
||||
}
|
||||
|
@ -89,7 +89,7 @@ public class InsertTriggerGenerator {
|
||||
with("superRoleRef", toRoleDescriptor(g.getSuperRoleDef(), "row")));
|
||||
} else {
|
||||
plPgSql.writeLn("""
|
||||
-- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped,
|
||||
-- Granting INSERT INTO hs_hosting.asset permissions to specified role of pre-existing hs_hosting.asset rows slipped,
|
||||
-- because there cannot yet be any pre-existing rows in the same table yet.
|
||||
""",
|
||||
with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()),
|
||||
|
@ -987,7 +987,7 @@ public class RbacView {
|
||||
return getRawTableName()
|
||||
.replace("hs_office.", "hsof.")
|
||||
.replace("hs_booking.", "hsbk_")
|
||||
.replace("hs_hosting_", "hsho_")
|
||||
.replace("hs_hosting.", "hsho_")
|
||||
.replace("coopsharestransaction", "coopsharetx")
|
||||
.replace("coopassetstransaction", "coopassettx");
|
||||
}
|
||||
|
@ -4,7 +4,7 @@
|
||||
--changeset michael.hoennig:booking-item-MAIN-TABLE endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create type HsBookingItemType as enum (
|
||||
create type hs_booking.HsBookingItemType as enum (
|
||||
'PRIVATE_CLOUD',
|
||||
'CLOUD_SERVER',
|
||||
'MANAGED_SERVER',
|
||||
@ -12,14 +12,14 @@ create type HsBookingItemType as enum (
|
||||
'DOMAIN_SETUP'
|
||||
);
|
||||
|
||||
CREATE CAST (character varying as HsBookingItemType) WITH INOUT AS IMPLICIT;
|
||||
CREATE CAST (character varying as hs_booking.HsBookingItemType) WITH INOUT AS IMPLICIT;
|
||||
|
||||
create table if not exists hs_booking.item
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid),
|
||||
version int not null default 0,
|
||||
projectUuid uuid null references hs_booking.project(uuid),
|
||||
type HsBookingItemType not null,
|
||||
type hs_booking.HsBookingItemType not null,
|
||||
parentItemUuid uuid null references hs_booking.item(uuid) initially deferred,
|
||||
validity daterange not null,
|
||||
caption varchar(80) not null,
|
||||
|
@ -186,7 +186,7 @@ execute procedure hs_booking.new_item_grants_insert_to_project_tf();
|
||||
|
||||
-- granting INSERT permission to hs_booking.item ----------------------------
|
||||
|
||||
-- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped,
|
||||
-- Granting INSERT INTO hs_hosting.asset permissions to specified role of pre-existing hs_hosting.asset rows slipped,
|
||||
-- because there cannot yet be any pre-existing rows in the same table yet.
|
||||
|
||||
/**
|
||||
|
@ -0,0 +1,8 @@
|
||||
--liquibase formatted sql
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-SCHEMA endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
CREATE SCHEMA hs_hosting;
|
||||
--//
|
@ -4,7 +4,7 @@
|
||||
--changeset michael.hoennig:hosting-asset-MAIN-TABLE endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create type HsHostingAssetType as enum (
|
||||
create type hs_hosting.HsHostingAssetType as enum (
|
||||
'CLOUD_SERVER',
|
||||
'MANAGED_SERVER',
|
||||
'MANAGED_WEBSPACE',
|
||||
@ -26,22 +26,22 @@ create type HsHostingAssetType as enum (
|
||||
'IPV6_NUMBER'
|
||||
);
|
||||
|
||||
CREATE CAST (character varying as HsHostingAssetType) WITH INOUT AS IMPLICIT;
|
||||
CREATE CAST (character varying as hs_hosting.HsHostingAssetType) WITH INOUT AS IMPLICIT;
|
||||
|
||||
create table if not exists hs_hosting_asset
|
||||
create table if not exists hs_hosting.asset
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid),
|
||||
version int not null default 0,
|
||||
bookingItemUuid uuid null references hs_booking.item(uuid),
|
||||
type HsHostingAssetType not null,
|
||||
parentAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred,
|
||||
assignedToAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred,
|
||||
type hs_hosting.HsHostingAssetType not null,
|
||||
parentAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred,
|
||||
assignedToAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred,
|
||||
identifier varchar(80) not null,
|
||||
caption varchar(80),
|
||||
config jsonb not null,
|
||||
alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred,
|
||||
|
||||
constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset
|
||||
constraint hosting_asset_has_booking_item_or_parent_asset
|
||||
check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER'))
|
||||
);
|
||||
--//
|
||||
@ -54,16 +54,16 @@ create table if not exists hs_hosting_asset
|
||||
-- TODO.impl: this could be generated from HsHostingAssetType
|
||||
-- also including a check for assignedToAssetUuud
|
||||
|
||||
create or replace function hs_hosting_asset_type_hierarchy_check_tf()
|
||||
create or replace function hs_hosting.asset_type_hierarchy_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
actualParentType HsHostingAssetType;
|
||||
expectedParentType HsHostingAssetType;
|
||||
actualParentType hs_hosting.HsHostingAssetType;
|
||||
expectedParentType hs_hosting.HsHostingAssetType;
|
||||
begin
|
||||
if NEW.parentAssetUuid is not null then
|
||||
actualParentType := (select type
|
||||
from hs_hosting_asset
|
||||
from hs_hosting.asset
|
||||
where NEW.parentAssetUuid = uuid);
|
||||
end if;
|
||||
|
||||
@ -104,10 +104,10 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger hs_hosting_asset_type_hierarchy_check_tg
|
||||
before insert on hs_hosting_asset
|
||||
create trigger hosting_asset_type_hierarchy_check_tg
|
||||
before insert on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure hs_hosting_asset_type_hierarchy_check_tf();
|
||||
execute procedure hs_hosting.asset_type_hierarchy_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -116,7 +116,7 @@ create trigger hs_hosting_asset_type_hierarchy_check_tg
|
||||
--changeset michael.hoennig:hosting-asset-system-sequences endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_hosting.asset_unixuser_system_id_seq
|
||||
AS integer
|
||||
MINVALUE 1000000
|
||||
MAXVALUE 9999999
|
||||
@ -130,12 +130,12 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq
|
||||
--changeset michael.hoennig:hosting-asset-BOOKING-ITEM-HIERARCHY-CHECK endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create or replace function hs_hosting_asset_booking_item_hierarchy_check_tf()
|
||||
create or replace function hs_hosting.asset_booking_item_hierarchy_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
actualBookingItemType HsBookingItemType;
|
||||
expectedBookingItemType HsBookingItemType;
|
||||
actualBookingItemType hs_booking.HsBookingItemType;
|
||||
expectedBookingItemType hs_booking.HsBookingItemType;
|
||||
begin
|
||||
actualBookingItemType := (select type
|
||||
from hs_booking.item
|
||||
@ -156,24 +156,24 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger hs_hosting_asset_booking_item_hierarchy_check_tg
|
||||
before insert on hs_hosting_asset
|
||||
create trigger hosting_asset_booking_item_hierarchy_check_tg
|
||||
before insert on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure hs_hosting_asset_booking_item_hierarchy_check_tf();
|
||||
execute procedure hs_hosting.asset_booking_item_hierarchy_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call base.create_journal('hs_hosting_asset');
|
||||
call base.create_journal('hs_hosting.asset');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-HISTORIZATION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call base.tx_create_historicization('hs_hosting_asset');
|
||||
call base.tx_create_historicization('hs_hosting.asset');
|
||||
--//
|
||||
|
||||
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_hosting_asset');
|
||||
call rbac.generateRelatedRbacObject('hs_hosting.asset');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
|
||||
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting.asset');
|
||||
--//
|
||||
|
||||
|
||||
@ -24,27 +24,27 @@ call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure hs_hosting_asset_build_rbac_system(
|
||||
NEW hs_hosting_asset
|
||||
create or replace procedure hs_hosting.asset_build_rbac_system(
|
||||
NEW hs_hosting.asset
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newBookingItem hs_booking.item;
|
||||
newAssignedToAsset hs_hosting_asset;
|
||||
newAssignedToAsset hs_hosting.asset;
|
||||
newAlarmContact hs_office.contact;
|
||||
newParentAsset hs_hosting_asset;
|
||||
newParentAsset hs_hosting.asset;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT * FROM hs_booking.item WHERE uuid = NEW.bookingItemUuid INTO newBookingItem;
|
||||
|
||||
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
|
||||
SELECT * FROM hs_hosting.asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
|
||||
|
||||
SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact;
|
||||
|
||||
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
||||
SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsHostingAssetOWNER(NEW),
|
||||
@ -93,22 +93,22 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting.asset row.
|
||||
*/
|
||||
|
||||
create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf()
|
||||
create or replace function hs_hosting.asset_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call hs_hosting_asset_build_rbac_system(NEW);
|
||||
call hs_hosting.asset_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_hosting_asset
|
||||
after insert on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
|
||||
execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -120,9 +120,9 @@ execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure hs_hosting_asset_update_rbac_system(
|
||||
OLD hs_hosting_asset,
|
||||
NEW hs_hosting_asset
|
||||
create or replace procedure hs_hosting.asset_update_rbac_system(
|
||||
OLD hs_hosting.asset,
|
||||
NEW hs_hosting.asset
|
||||
)
|
||||
language plpgsql as $$
|
||||
begin
|
||||
@ -130,27 +130,27 @@ begin
|
||||
if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid
|
||||
or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then
|
||||
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
|
||||
call hs_hosting_asset_build_rbac_system(NEW);
|
||||
call hs_hosting.asset_build_rbac_system(NEW);
|
||||
end if;
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting.asset row.
|
||||
*/
|
||||
|
||||
create or replace function hs_hosting_asset_update_rbac_system_after_update_tf()
|
||||
create or replace function hs_hosting.asset_update_rbac_system_after_update_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call hs_hosting_asset_update_rbac_system(OLD, NEW);
|
||||
call hs_hosting.asset_update_rbac_system(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_hosting_asset
|
||||
after update on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
|
||||
execute procedure hs_hosting.asset_update_rbac_system_after_update_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -158,7 +158,7 @@ execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
|
||||
--changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_hosting.asset',
|
||||
$idName$
|
||||
identifier
|
||||
$idName$);
|
||||
@ -168,7 +168,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_hosting_asset',
|
||||
call rbac.generateRbacRestrictedView('hs_hosting.asset',
|
||||
$orderBy$
|
||||
identifier
|
||||
$orderBy$,
|
||||
|
@ -7,9 +7,9 @@
|
||||
--changeset hs-hosting-asset-MIGRATION-mapping:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE TABLE hs_hosting_asset_legacy_id
|
||||
CREATE TABLE hs_hosting.asset_legacy_id
|
||||
(
|
||||
uuid uuid NOT NULL REFERENCES hs_hosting_asset(uuid),
|
||||
uuid uuid NOT NULL REFERENCES hs_hosting.asset(uuid),
|
||||
legacy_id integer NOT NULL
|
||||
);
|
||||
--//
|
||||
@ -19,10 +19,10 @@ CREATE TABLE hs_hosting_asset_legacy_id
|
||||
--changeset hs-hosting-asset-MIGRATION-sequence:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_legacy_id_seq
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_hosting.asset_legacy_id_seq
|
||||
AS integer
|
||||
START 1000000000
|
||||
OWNED BY hs_hosting_asset_legacy_id.legacy_id;
|
||||
OWNED BY hs_hosting.asset_legacy_id.legacy_id;
|
||||
--//
|
||||
|
||||
|
||||
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_legacy_id_seq
|
||||
--changeset hs-hosting-asset-MIGRATION-default:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
ALTER TABLE hs_hosting_asset_legacy_id
|
||||
ALTER TABLE hs_hosting.asset_legacy_id
|
||||
ALTER COLUMN legacy_id
|
||||
SET DEFAULT nextVal('hs_hosting_asset_legacy_id_seq');
|
||||
SET DEFAULT nextVal('hs_hosting.asset_legacy_id_seq');
|
||||
--/
|
||||
|
||||
|
||||
@ -41,8 +41,8 @@ ALTER TABLE hs_hosting_asset_legacy_id
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CALL base.defineContext('schema-migration');
|
||||
INSERT INTO hs_hosting_asset_legacy_id(uuid, legacy_id)
|
||||
SELECT uuid, nextVal('hs_hosting_asset_legacy_id_seq') FROM hs_hosting_asset;
|
||||
INSERT INTO hs_hosting.asset_legacy_id(uuid, legacy_id)
|
||||
SELECT uuid, nextVal('hs_hosting.asset_legacy_id_seq') FROM hs_hosting.asset;
|
||||
--/
|
||||
|
||||
|
||||
@ -58,14 +58,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
INSERT INTO hs_hosting_asset_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_hosting_asset_legacy_id_seq'));
|
||||
INSERT INTO hs_hosting.asset_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_hosting.asset_legacy_id_seq'));
|
||||
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger createassetLegacyIdMapping
|
||||
after insert on hs_hosting_asset
|
||||
after insert on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure insertassetLegacyIdMapping();
|
||||
--/
|
||||
@ -83,14 +83,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
DELETE FROM hs_hosting_asset_legacy_id
|
||||
DELETE FROM hs_hosting.asset_legacy_id
|
||||
WHERE uuid = OLD.uuid;
|
||||
|
||||
return OLD;
|
||||
end; $$;
|
||||
|
||||
create trigger deleteassetLegacyIdMapping_tg
|
||||
before delete on hs_hosting_asset
|
||||
before delete on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure deleteassetLegacyIdMapping_tf();
|
||||
--/
|
||||
|
@ -6,7 +6,7 @@
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
Creates a single hs_hosting_asset test record.
|
||||
Creates a single hs_hosting.asset test record.
|
||||
*/
|
||||
create or replace procedure createHsHostingAssetTestData(givenProjectCaption varchar)
|
||||
language plpgsql as $$
|
||||
@ -79,7 +79,7 @@ begin
|
||||
debitorNumberSuffix := relatedDebitor.debitorNumberSuffix;
|
||||
defaultPrefix := relatedDebitor.defaultPrefix;
|
||||
|
||||
insert into hs_hosting_asset
|
||||
insert into hs_hosting.asset
|
||||
(uuid, bookingitemuuid, type, parentAssetUuid, assignedToAssetUuid, identifier, caption, config)
|
||||
values
|
||||
(managedServerUuid, managedServerBI.uuid, 'MANAGED_SERVER', null, null, 'vm10' || debitorNumberSuffix, 'some ManagedServer', '{ "monit_max_cpu_usage": 90, "monit_max_ram_usage": 80, "monit_max_ssd_usage": 70 }'::jsonb),
|
||||
|
@ -12,8 +12,8 @@ select *
|
||||
from rbac.object
|
||||
group by objecttable
|
||||
union all
|
||||
select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting_asset', type::text
|
||||
from hs_hosting_asset
|
||||
select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting.asset', type::text
|
||||
from hs_hosting.asset
|
||||
group by type
|
||||
union all
|
||||
select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_booking.item', type::text
|
||||
|
@ -159,6 +159,8 @@ databaseChangeLog:
|
||||
file: db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql
|
||||
- include:
|
||||
file: db/changelog/7-hs-hosting/700-hs-hosting-schema.sql
|
||||
- include:
|
||||
file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
|
||||
- include:
|
||||
|
@ -114,7 +114,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-subject", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "hs_hosting_asset#fir01:AGENT")
|
||||
.header("assumed-roles", "hs_hosting.asset#fir01:AGENT")
|
||||
.port(port)
|
||||
.when()
|
||||
. get("http://localhost/api/hs/hosting/assets?type=" + EMAIL_ALIAS)
|
||||
@ -218,7 +218,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
final var location = RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-subject", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "hs_hosting_asset#vm1011:ADMIN")
|
||||
.header("assumed-roles", "hs_hosting.asset#vm1011:ADMIN")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
@ -574,7 +574,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-subject", "superuser-alex@hostsharing.net")
|
||||
//.header("assumed-roles", "hs_hosting_asset#vm2001:ADMIN")
|
||||
//.header("assumed-roles", "hs_hosting.asset#vm2001:ADMIN")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
|
@ -78,7 +78,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_hosting_asset';
|
||||
where targettable = 'hs_hosting.asset';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -86,24 +86,24 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, another CloudServer]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-DNS-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-HTTP-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-MBOX-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-SMTP-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some E-Mail-Address]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some E-Mail-Alias]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some ManagedServer]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some UnixUser for E-Mail]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some UnixUser for Website]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Webspace]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB instance]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB user]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB database]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql instance]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql user]",
|
||||
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql database]"
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, another CloudServer]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-DNS-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-HTTP-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-MBOX-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-SMTP-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-Setup]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some E-Mail-Address]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some E-Mail-Alias]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some ManagedServer]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some UnixUser for E-Mail]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some UnixUser for Website]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Webspace]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB instance]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB user]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB database]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql instance]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql user]",
|
||||
"[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql database]"
|
||||
);
|
||||
}
|
||||
|
||||
@ -112,7 +112,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
// given
|
||||
final String nativeQuerySql = """
|
||||
select count(*)
|
||||
from hs_hosting_asset_hv ha;
|
||||
from hs_hosting.asset_hv ha;
|
||||
""";
|
||||
|
||||
// when
|
||||
@ -121,7 +121,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
@SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult();
|
||||
|
||||
// then
|
||||
assertThat(countBefore).as("hs_hosting_asset_hv should not contain rows for a timestamp in the past").isEqualTo(0);
|
||||
assertThat(countBefore).as("hs_hosting.asset_hv should not contain rows for a timestamp in the past").isEqualTo(0);
|
||||
|
||||
// and when
|
||||
historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant()));
|
||||
@ -129,7 +129,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
@SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult();
|
||||
|
||||
// then
|
||||
assertThat(countAfter).as("hs_hosting_asset_hv should contain rows for a timestamp in the future").isGreaterThan(1);
|
||||
assertThat(countAfter).as("hs_hosting.asset_hv should contain rows for a timestamp in the future").isGreaterThan(1);
|
||||
}
|
||||
|
||||
@Nested
|
||||
@ -192,37 +192,37 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
final var all = rawRoleRepo.findAll();
|
||||
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_hosting_asset#fir00:ADMIN",
|
||||
"hs_hosting_asset#fir00:AGENT",
|
||||
"hs_hosting_asset#fir00:OWNER",
|
||||
"hs_hosting_asset#fir00:TENANT"));
|
||||
"hs_hosting.asset#fir00:ADMIN",
|
||||
"hs_hosting.asset#fir00:AGENT",
|
||||
"hs_hosting.asset#fir00:OWNER",
|
||||
"hs_hosting.asset#fir00:TENANT"));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.containsExactlyInAnyOrder(fromFormatted(
|
||||
initialGrantNames,
|
||||
|
||||
// rbac.global-admin
|
||||
"{ grant role:hs_hosting_asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround
|
||||
"{ grant role:hs_hosting.asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround
|
||||
|
||||
// owner
|
||||
"{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }",
|
||||
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking.item#fir01:ADMIN by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }",
|
||||
"{ grant role:hs_hosting.asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting.asset#fir00:OWNER and assume }",
|
||||
"{ grant role:hs_hosting.asset#fir00:OWNER to role:hs_booking.item#fir01:ADMIN by system and assume }",
|
||||
"{ grant role:hs_hosting.asset#fir00:OWNER to role:hs_hosting.asset#vm1011:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_hosting.asset#fir00:DELETE to role:hs_hosting.asset#fir00:OWNER by system and assume }",
|
||||
|
||||
// admin
|
||||
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#fir00:OWNER by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_booking.item#fir01:AGENT by system and assume }",
|
||||
"{ grant perm:hs_hosting_asset#fir00:UPDATE to role:hs_hosting_asset#fir00:ADMIN by system and assume }",
|
||||
"{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_hosting.asset#fir00:OWNER by system and assume }",
|
||||
"{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_booking.item#fir01:AGENT by system and assume }",
|
||||
"{ grant perm:hs_hosting.asset#fir00:UPDATE to role:hs_hosting.asset#fir00:ADMIN by system and assume }",
|
||||
|
||||
// agent
|
||||
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#vm1011:AGENT by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#fir00:AGENT to role:hs_hosting_asset#fir00:ADMIN by system and assume }",
|
||||
"{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_hosting.asset#vm1011:AGENT by system and assume }",
|
||||
"{ grant role:hs_hosting.asset#fir00:AGENT to role:hs_hosting.asset#fir00:ADMIN by system and assume }",
|
||||
|
||||
// tenant
|
||||
"{ grant role:hs_booking.item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }",
|
||||
"{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:TENANT by system and assume }",
|
||||
"{ grant role:hs_booking.item#fir01:TENANT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
|
||||
"{ grant role:hs_hosting.asset#fir00:TENANT to role:hs_hosting.asset#fir00:AGENT by system and assume }",
|
||||
"{ grant role:hs_hosting.asset#vm1011:TENANT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
|
||||
"{ grant perm:hs_hosting.asset#fir00:SELECT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
|
||||
|
||||
null));
|
||||
}
|
||||
@ -251,7 +251,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
assertThatAssetIsPersisted(result.returnedValue());
|
||||
|
||||
// ... a rbac.global admin can see the new domain setup as well if the domain OWNER role is assumed
|
||||
context("superuser-alex@hostsharing.net", "hs_hosting_asset#example.net:OWNER"); // only works with the assumed role
|
||||
context("superuser-alex@hostsharing.net", "hs_hosting.asset#example.net:OWNER"); // only works with the assumed role
|
||||
assertThatAssetIsPersisted(result.returnedValue());
|
||||
}
|
||||
|
||||
@ -309,7 +309,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
.findAny().orElseThrow().getUuid();
|
||||
|
||||
// when
|
||||
context("superuser-alex@hostsharing.net", "hs_hosting_asset#vm1012:AGENT");
|
||||
context("superuser-alex@hostsharing.net", "hs_hosting.asset#vm1012:AGENT");
|
||||
final var result = rbacAssetRepo.findAllByCriteria(null, parentAssetUuid, null);
|
||||
|
||||
// then
|
||||
@ -326,7 +326,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
context("superuser-alex@hostsharing.net");
|
||||
|
||||
// when
|
||||
context("superuser-alex@hostsharing.net", "hs_hosting_asset#sec01:AGENT");
|
||||
context("superuser-alex@hostsharing.net", "hs_hosting.asset#sec01:AGENT");
|
||||
final var result = rbacAssetRepo.findAllByCriteria(null, null, EMAIL_ADDRESS);
|
||||
|
||||
// then
|
||||
@ -417,7 +417,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("person-FirbySusan@example.com", "hs_hosting_asset#vm1000:ADMIN");
|
||||
context("person-FirbySusan@example.com", "hs_hosting.asset#vm1000:ADMIN");
|
||||
assertThat(rbacAssetRepo.findByUuid(givenAsset.getUuid())).isPresent();
|
||||
|
||||
rbacAssetRepo.deleteByUuid(givenAsset.getUuid());
|
||||
@ -426,7 +426,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"[403] Subject ", " is not allowed to delete hs_hosting_asset");
|
||||
"[403] Subject ", " is not allowed to delete hs_hosting.asset");
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
return realAssetRepo.findByUuid(givenAsset.getUuid());
|
||||
}).assertSuccessful().returnedValue()).isPresent(); // still there
|
||||
|
@ -68,7 +68,7 @@ class HsUnixUserHostingAssetValidatorUnitTest {
|
||||
void initMocks() {
|
||||
final var nativeQueryMock = mock(Query.class);
|
||||
lenient().when(nativeQueryMock.getSingleResult()).thenReturn(12345678);
|
||||
lenient().when(em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class))
|
||||
lenient().when(em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class))
|
||||
.thenReturn(nativeQueryMock);
|
||||
|
||||
}
|
||||
|
@ -187,7 +187,7 @@ public class CsvDataImport extends ContextBasedTest {
|
||||
}
|
||||
|
||||
final var query = em.createNativeQuery("""
|
||||
insert into hs_hosting_asset(
|
||||
insert into hs_hosting.asset(
|
||||
uuid,
|
||||
type,
|
||||
bookingitemuuid,
|
||||
@ -248,8 +248,8 @@ public class CsvDataImport extends ContextBasedTest {
|
||||
jpaAttempt.transacted(() -> {
|
||||
context(rbacSuperuser);
|
||||
// TODO.perf: could we instead skip creating test-data based on an env var?
|
||||
em.createNativeQuery("delete from hs_hosting_asset where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_hosting_asset_ex where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_hosting.asset where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_hosting.asset_ex where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_booking.item where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_booking.item_ex where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_booking.project where true").executeUpdate();
|
||||
|
@ -921,7 +921,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
|
||||
@Test
|
||||
@Order(19920)
|
||||
void verifyHostingAssetsAreActuallyPersisted() {
|
||||
final var haCount = (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset", Integer.class)
|
||||
final var haCount = (Integer) em.createNativeQuery("select count(*) from hs_hosting.asset", Integer.class)
|
||||
.getSingleResult();
|
||||
assertThat(haCount).isGreaterThan(isImportingControlledTestData() ? 40 : 15000);
|
||||
|
||||
@ -1069,7 +1069,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
|
||||
|
||||
final var haCount = jpaAttempt.transacted(() -> {
|
||||
context(rbacSuperuser, "hs_booking.project#D-1000300-mimdefaultproject:AGENT");
|
||||
return (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset_rv where type='EMAIL_ADDRESS'", Integer.class)
|
||||
return (Integer) em.createNativeQuery("select count(*) from hs_hosting.asset_rv where type='EMAIL_ADDRESS'", Integer.class)
|
||||
.getSingleResult();
|
||||
}).assertSuccessful().returnedValue();
|
||||
assertThat(haCount).isEqualTo(68);
|
||||
@ -1136,7 +1136,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
|
||||
|
||||
jpaAttempt.transacted(() -> {
|
||||
context(rbacSuperuser);
|
||||
updateLegacyIds(assets, "hs_hosting_asset_legacy_id", "legacy_id");
|
||||
updateLegacyIds(assets, "hs_hosting.asset_legacy_id", "legacy_id");
|
||||
}).assertSuccessful();
|
||||
}
|
||||
|
||||
@ -1145,7 +1145,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
|
||||
final int expectedCountInTestDataCount,
|
||||
final int minCountExpectedInProdData) {
|
||||
final var q = em.createNativeQuery(
|
||||
"select count(*) from hs_hosting_asset where type = cast(:type as HsHostingAssetType)",
|
||||
"select count(*) from hs_hosting.asset where type = cast(:type as HsHostingAssetType)",
|
||||
Integer.class);
|
||||
q.setParameter("type", assetType.name());
|
||||
final var count = (Integer) q.getSingleResult();
|
||||
@ -1895,8 +1895,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
|
||||
//noinspection unchecked
|
||||
return ((List<List<?>>) em.createNativeQuery(
|
||||
"""
|
||||
SELECT li.* FROM hs_hosting_asset_legacy_id li
|
||||
JOIN hs_hosting_asset ha ON ha.uuid=li.uuid
|
||||
SELECT li.* FROM hs_hosting.asset_legacy_id li
|
||||
JOIN hs_hosting.asset ha ON ha.uuid=li.uuid
|
||||
WHERE CAST(ha.type AS text)=:type
|
||||
ORDER BY legacy_id
|
||||
""",
|
||||
@ -1910,8 +1910,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
|
||||
//noinspection unchecked
|
||||
return ((List<List<?>>) em.createNativeQuery(
|
||||
"""
|
||||
SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting_asset ha
|
||||
JOIN hs_hosting_asset_legacy_id li ON li.uuid=ha.uuid
|
||||
SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting.asset ha
|
||||
JOIN hs_hosting.asset_legacy_id li ON li.uuid=ha.uuid
|
||||
WHERE li.legacy_id is null AND CAST(ha.type AS text)=:type
|
||||
ORDER BY li.legacy_id
|
||||
""",
|
||||
|
Loading…
Reference in New Issue
Block a user