From efc85b88bb4d440c36ace8453b59bddfeb01b97c Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Thu, 13 Feb 2025 17:56:59 +0100 Subject: [PATCH 1/3] updatable liquibase-changesets with env-vars --- .../resources/db/changelog/1-rbac/1055-rbac-views.sql | 8 ++++---- .../db/changelog/1-rbac/1058-rbac-generators.sql | 4 ++-- .../resources/db/changelog/1-rbac/1080-rbac-global.sql | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index fa4e138a..e9fa0db2 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -22,7 +22,7 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, * --// -- ============================================================================ ---changeset michael.hoennig:rbac-views-ROLE-RESTRICTED-VIEW endDelimiter:--// +--changeset michael.hoennig:rbac-views-ROLE-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the role table with row-level limitation @@ -106,7 +106,7 @@ create or replace view rbac.grant_ev as -- ============================================================================ ---changeset michael.hoennig:rbac-views-GRANT-RESTRICTED-VIEW endDelimiter:--// +--changeset michael.hoennig:rbac-views-GRANT-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the grants table with row-level limitation @@ -222,7 +222,7 @@ select distinct * -- ============================================================================ ---changeset michael.hoennig:rbac-views-USER-RESTRICTED-VIEW endDelimiter:--// +--changeset michael.hoennig:rbac-views-USER-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the users table with row-level limitation @@ -316,7 +316,7 @@ execute function rbac.delete_subject_tf(); --/ -- ============================================================================ ---changeset michael.hoennig:rbac-views-OWN-GRANTED-PERMISSIONS-VIEW endDelimiter:--// +--changeset michael.hoennig:rbac-views-OWN-GRANTED-PERMISSIONS-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to all permissions granted to the current user or diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 3bb57de8..3bbfb180 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -111,7 +111,7 @@ end; $$; -- ============================================================================ ---changeset michael.hoennig:rbac-generators-IDENTITY-VIEW endDelimiter:--// +--changeset michael.hoennig:rbac-generators-IDENTITY-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text) @@ -171,7 +171,7 @@ end; $$; -- ============================================================================ ---changeset michael.hoennig:rbac-generators-RESTRICTED-VIEW endDelimiter:--// +--changeset michael.hoennig:rbac-generators-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*') diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index 22ff2310..09b5fd9f 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset michael.hoennig:rbac-global-OBJECT endDelimiter:--// +--changeset michael.hoennig:rbac-global-OBJECT runOnChange:true validCheckSum:ANY endDelimiter:--// -- ---------------------------------------------------------------------------- /* The purpose of this table is provide root business objects @@ -75,7 +75,7 @@ $$; -- ============================================================================ ---changeset michael.hoennig:rbac-global-IDENTITY-VIEW endDelimiter:--// +--changeset michael.hoennig:rbac-global-IDENTITY-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--// -- ---------------------------------------------------------------------------- /* -- 2.39.5 From 3621d1a0ab605bada8bc60b0d20f6e45a4fd752c Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 14 Feb 2025 09:31:12 +0100 Subject: [PATCH 2/3] remove drop view if exists in changesets with runOnChange:true validCheckSum:ANY --- src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql | 3 --- src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql | 1 - 2 files changed, 4 deletions(-) diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index e9fa0db2..625fafbb 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -28,7 +28,6 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, * Creates a view to the role table with row-level limitation based on the grants of the current user or assumed roles. */ -drop view if exists rbac.role_rv; create or replace view rbac.role_rv as select * -- @formatter:off @@ -228,7 +227,6 @@ select distinct * Creates a view to the users table with row-level limitation based on the grants of the current user or assumed roles. */ -drop view if exists rbac.subject_rv; create or replace view rbac.subject_rv as select distinct * -- @formatter:off @@ -323,7 +321,6 @@ execute function rbac.delete_subject_tf(); based on the grants of the current user or assumed roles. */ -- @formatter:off -drop view if exists rbac.own_granted_permissions_rv; create or replace view rbac.own_granted_permissions_rv as select r.uuid as roleuuid, p.uuid as permissionUuid, (r.objecttable || ':' || r.objectidname || ':' || r.roletype) as roleName, p.op, diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index 09b5fd9f..66e16a1a 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -81,7 +81,6 @@ $$; /* Creates a view to the rbac.global object table which maps the identifying name to the objectUuid. */ -drop view if exists rbac.global_iv; create or replace view rbac.global_iv as select target.uuid, target.name as idName from rbac.global as target; -- 2.39.5 From e85a80927195ba5b009f10dcb304188b58e199ed Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 15 Feb 2025 15:08:38 +0100 Subject: [PATCH 3/3] create table with if not exists --- src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index 66e16a1a..5c28857b 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -11,7 +11,7 @@ In production databases, there is only a single row in this table, in test stages, there can be one row for each test data realm. */ -create table rbac.global +create table if not exists rbac.global ( uuid uuid primary key references rbac.object (uuid) on delete cascade, name varchar(63) unique -- 2.39.5