Adding additional data migrations. (#346)

This commit is contained in:
kevgliss 2016-06-03 17:56:32 -07:00
parent 42001be9ec
commit 5e987fa8b6
1 changed files with 63 additions and 4 deletions

View File

@ -1,4 +1,9 @@
"""empty message """
Refactor authority columns and associates an authorities root certificate with a certificate stored in the
certificate tables.
Migrates existing authority owners to associated roles.
Migrates existing certificate owners to associated role.
Revision ID: 3307381f3b88 Revision ID: 3307381f3b88
Revises: 412b22cb656a Revises: 412b22cb656a
@ -20,7 +25,7 @@ def upgrade():
### commands auto generated by Alembic - please adjust! ### ### commands auto generated by Alembic - please adjust! ###
op.alter_column('authorities', 'owner', op.alter_column('authorities', 'owner',
existing_type=sa.VARCHAR(length=128), existing_type=sa.VARCHAR(length=128),
nullable=False) nullable=True)
op.drop_column('authorities', 'not_after') op.drop_column('authorities', 'not_after')
op.drop_column('authorities', 'bits') op.drop_column('authorities', 'bits')
op.drop_column('authorities', 'cn') op.drop_column('authorities', 'cn')
@ -31,7 +36,7 @@ def upgrade():
nullable=False) nullable=False)
op.alter_column('certificates', 'owner', op.alter_column('certificates', 'owner',
existing_type=sa.VARCHAR(length=128), existing_type=sa.VARCHAR(length=128),
nullable=False) nullable=True)
op.drop_constraint(u'certificates_authority_id_fkey', 'certificates', type_='foreignkey') op.drop_constraint(u'certificates_authority_id_fkey', 'certificates', type_='foreignkey')
op.create_foreign_key(None, 'certificates', 'authorities', ['authority_id'], ['id'], ondelete='CASCADE') op.create_foreign_key(None, 'certificates', 'authorities', ['authority_id'], ['id'], ondelete='CASCADE')
op.create_foreign_key(None, 'certificates', 'authorities', ['root_authority_id'], ['id'], ondelete='CASCADE') op.create_foreign_key(None, 'certificates', 'authorities', ['root_authority_id'], ['id'], ondelete='CASCADE')
@ -39,7 +44,10 @@ def upgrade():
# link existing certificate to their authority certificates # link existing certificate to their authority certificates
conn = op.get_bind() conn = op.get_bind()
for id, body in conn.execute(text('select id, body from authorities')): for id, body, owner in conn.execute(text('select id, body, owner from authorities')):
if not owner:
owner = "lemur@nobody"
# look up certificate by body, if duplications are found, pick one # look up certificate by body, if duplications are found, pick one
stmt = text('select id from certificates where body=:body') stmt = text('select id from certificates where body=:body')
stmt = stmt.bindparams(body=body) stmt = stmt.bindparams(body=body)
@ -49,6 +57,57 @@ def upgrade():
stmt = stmt.bindparams(root_authority_id=id, id=root_certificate[0]) stmt = stmt.bindparams(root_authority_id=id, id=root_certificate[0])
op.execute(stmt) op.execute(stmt)
# link owner roles to their authorities
stmt = text('select id from roles where name=:name')
stmt = stmt.bindparams(name=owner)
owner_role = conn.execute(stmt).fetchone()
if not owner_role:
stmt = text('insert into roles (name, description) values (:name, :description)')
stmt = stmt.bindparams(name=owner, description='Lemur generated role or existing owner.')
op.execute(stmt)
stmt = text('select id from roles where name=:name')
stmt = stmt.bindparams(name=owner)
owner_role = conn.execute(stmt).fetchone()
stmt = text('select * from roles_authorities where role_id=:role_id and authority_id=:authority_id')
stmt = stmt.bindparams(role_id=owner_role[0], authority_id=id)
exists = conn.execute(stmt).fetchone()
if not exists:
stmt = text('insert into roles_authorities (role_id, authority_id) values (:role_id, :authority_id)')
stmt = stmt.bindparams(role_id=owner_role[0], authority_id=id)
op.execute(stmt)
# link owner roles to their certificates
for id, owner in conn.execute(text('select id, owner from certificates')):
if not owner:
owner = "lemur@nobody"
stmt = text('select id from roles where name=:name')
stmt = stmt.bindparams(name=owner)
owner_role = conn.execute(stmt).fetchone()
if not owner_role:
stmt = text('insert into roles (name, description) values (:name, :description)')
stmt = stmt.bindparams(name=owner, description='Lemur generated role or existing owner.')
op.execute(stmt)
# link owner roles to their authorities
stmt = text('select id from roles where name=:name')
stmt = stmt.bindparams(name=owner)
owner_role = conn.execute(stmt).fetchone()
stmt = text('select * from roles_certificates where role_id=:role_id and certificate_id=:certificate_id')
stmt = stmt.bindparams(role_id=owner_role[0], certificate_id=id)
exists = conn.execute(stmt).fetchone()
if not exists:
stmt = text('insert into roles_certificates (role_id, certificate_id) values (:role_id, :certificate_id)')
stmt = stmt.bindparams(role_id=owner_role[0], certificate_id=id)
op.execute(stmt)
def downgrade(): def downgrade():
### commands auto generated by Alembic - please adjust! ### ### commands auto generated by Alembic - please adjust! ###