Adding additional data migrations. (#346)

2016-06-03 17:56:32 -07:00 · 2016-06-03 17:56:32 -07:00 · 5e987fa8b6
parent 42001be9ec
commit 5e987fa8b6
1 changed files with 63 additions and 4 deletions
--- a/lemur/migrations/versions/3307381f3b88_.py
+++ b/lemur/migrations/versions/3307381f3b88_.py
@ -1,4 +1,9 @@
-"""empty message
+"""
+Refactor authority columns and associates an authorities root certificate with a certificate stored in the
+certificate tables.
+
+Migrates existing authority owners to associated roles.
+Migrates existing certificate owners to associated role.

 Revision ID: 3307381f3b88
 Revises: 412b22cb656a
@ -20,7 +25,7 @@ def upgrade():
    ### commands auto generated by Alembic - please adjust! ###
    op.alter_column('authorities', 'owner',
               existing_type=sa.VARCHAR(length=128),
-               nullable=False)
+               nullable=True)
    op.drop_column('authorities', 'not_after')
    op.drop_column('authorities', 'bits')
    op.drop_column('authorities', 'cn')
@ -31,7 +36,7 @@ def upgrade():
               nullable=False)
    op.alter_column('certificates', 'owner',
               existing_type=sa.VARCHAR(length=128),
-               nullable=False)
+               nullable=True)
    op.drop_constraint(u'certificates_authority_id_fkey', 'certificates', type_='foreignkey')
    op.create_foreign_key(None, 'certificates', 'authorities', ['authority_id'], ['id'], ondelete='CASCADE')
    op.create_foreign_key(None, 'certificates', 'authorities', ['root_authority_id'], ['id'], ondelete='CASCADE')
@ -39,7 +44,10 @@ def upgrade():

    # link existing certificate to their authority certificates
    conn = op.get_bind()
-    for id, body in conn.execute(text('select id, body from authorities')):
+    for id, body, owner in conn.execute(text('select id, body, owner from authorities')):
+        if not owner:
+            owner = "lemur@nobody"
+
        # look up certificate by body, if duplications are found, pick one
        stmt = text('select id from certificates where body=:body')
        stmt = stmt.bindparams(body=body)
@ -49,6 +57,57 @@ def upgrade():
            stmt = stmt.bindparams(root_authority_id=id, id=root_certificate[0])
            op.execute(stmt)

+        # link owner roles to their authorities
+        stmt = text('select id from roles where name=:name')
+        stmt = stmt.bindparams(name=owner)
+        owner_role = conn.execute(stmt).fetchone()
+
+        if not owner_role:
+            stmt = text('insert into roles (name, description) values (:name, :description)')
+            stmt = stmt.bindparams(name=owner, description='Lemur generated role or existing owner.')
+            op.execute(stmt)
+
+        stmt = text('select id from roles where name=:name')
+        stmt = stmt.bindparams(name=owner)
+        owner_role = conn.execute(stmt).fetchone()
+
+        stmt = text('select * from roles_authorities where role_id=:role_id and authority_id=:authority_id')
+        stmt = stmt.bindparams(role_id=owner_role[0], authority_id=id)
+        exists = conn.execute(stmt).fetchone()
+
+        if not exists:
+            stmt = text('insert into roles_authorities (role_id, authority_id) values (:role_id, :authority_id)')
+            stmt = stmt.bindparams(role_id=owner_role[0], authority_id=id)
+            op.execute(stmt)
+
+    # link owner roles to their certificates
+    for id, owner in conn.execute(text('select id, owner from certificates')):
+        if not owner:
+            owner = "lemur@nobody"
+
+        stmt = text('select id from roles where name=:name')
+        stmt = stmt.bindparams(name=owner)
+        owner_role = conn.execute(stmt).fetchone()
+
+        if not owner_role:
+            stmt = text('insert into roles (name, description) values (:name, :description)')
+            stmt = stmt.bindparams(name=owner, description='Lemur generated role or existing owner.')
+            op.execute(stmt)
+
+        # link owner roles to their authorities
+        stmt = text('select id from roles where name=:name')
+        stmt = stmt.bindparams(name=owner)
+        owner_role = conn.execute(stmt).fetchone()
+
+        stmt = text('select * from roles_certificates where role_id=:role_id and certificate_id=:certificate_id')
+        stmt = stmt.bindparams(role_id=owner_role[0], certificate_id=id)
+        exists = conn.execute(stmt).fetchone()
+
+        if not exists:
+            stmt = text('insert into roles_certificates (role_id, certificate_id) values (:role_id, :certificate_id)')
+            stmt = stmt.bindparams(role_id=owner_role[0], certificate_id=id)
+            op.execute(stmt)
+

 def downgrade():
    ### commands auto generated by Alembic - please adjust! ###