summaryrefslogtreecommitdiffstats
path: root/tests/test_sql_upgrade.py
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Drop extra credential indexes"Jenkins2013-08-131-0/+18
|\
| * Drop extra credential indexesElena Ezhova2013-08-121-0/+18
| | | | | | | | | | | | | | | | | | For mysql ForeignKey constraints were removed but the fields stayed as indexes. This migration drops them. bp db-sync-models-with-migrations Change-Id: I3baeac4047cd65ac5d7733ba909c45d0874f17d8
* | Merge "extension migrations"Jenkins2013-08-071-57/+65
|\ \
| * | extension migrationsAdam Young2013-08-061-57/+65
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow each of the extensions to have their own sql migration repository instead of mixing them into the common repo. db_sync must be called explicitly on the extension. In the past, it was assumed that only migrations for backends backed in sql would be run. In practice, however, all of the migrations were run every time. The code has been modified to reflect this. Adds parameter --extension to the cli for db_sync and db_version to test out the migrations bin/keystone-manage db_sync --extension example will migrate to version 1 and bin/keystone-manage db_sync --extension example 0 will migrate it back to 0 to check the version bin/keystone-manage db_version --extension example blueprint multiple-sql-migrate-repos DocImpact Change-Id: I6852d75bde6506c535fa3d74537e3c1bbd6578d8
* / Handle json data when migrating role metadata.Mark J. Washenberger2013-07-311-0/+24
|/ | | | | | Fixes bug 1206257 Change-Id: Ia522e023a2d66ec25bc909db12d358f7c0ee6952
* Fixing broken credential schema in sqlite.Nachiappan VR N2013-07-231-0/+40
| | | | | | | | | | | | | | | | | Credential table has foreign key constraint referring to tenant table which is dropped. Since sqlite does not support alter table drop constraint, the foreign key constraint was not dropped. When we try to load credential table using sqlite backend it fails because tenant table does not exist. Fix is provided such that the credential table is recreated without foreign key constraint and the data is moved from old credential table to the new credential table. Fixes Bug #1190383 Change-Id: I3afb04254f33e12fccb7da84c8674feba36622c8
* Implement role assignment inheritance (OS-INHERIT extension)Henry Nash2013-07-171-0/+298
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This extension allows for project roles to be optionally inherited from the owning domain. The v3 grant APIs are extended to take an inherited_to_projects flag. The GET role_assignments API will also include these roles in its response, either showing them as inherited roles assigned to the domain or, if the 'effective' query parameter is set, will interpret the inheritance and reflect those role assignments on the projects. The inherited_to_projects flag is encoded in the role list in the metadata of the relevant entries in the grant tables. The 'roles' key in the metadata is now a list of dicts, as opposed to a simple list, where each dict is either {'id': role_id} for a regular role, or {'id': role_id, 'inherited_to': 'projects'} for an inherited role Remember that a previous patch had rationalized the way metadata is handled so that its structure is entirely hidden within the driver layer. The extension can be enabled/disabled via a config setting. Limitations: - The extension is not yet discoverable via url, this will be added as a separate patch when the v3/extensions work is complete. A separate issue has been discovered with the fact that the v2 calls of 'get_projects_for_user()' and 'list_user_projects()' should be rationalized and also honor both group (and inherited) role assignments. This is being raised as a separate bug. DocImpact Implements bp inherited-domain-roles Change-Id: I35b57ce0df668f12462e96b3467cef0239594e97
* Use InnoDB for MySQLBrant Knudson2013-07-101-0/+27
| | | | | | | | | | | | | | | | | | This change adds a migration to convert any non-InnoDB tables to InnoDB. On some systems, the default engine is MyISAM, which doesn't support features used by Keystone (foreign keys). The approach is the same as what's used in Nova. A test is added to ensure that all tables use InnoDB after migration. The test passes when all the tables are mysql_engine='InnoDB'. This is accomplished by adding a new migration that migrates all the tables that aren't InnoDB to InnoDB. Fixes bug 1191110. Change-Id: I220f7642f5468c5cf4194f248210f90ff983b6e5
* DB2 migration supportBrant Knudson2013-07-011-15/+20
| | | | | | | | | | | | | | | | | | DB2 will not allow you to rename a table if it's got a constraint on it (a unique or foreign key constraint). This fix changes the migrations so that the unique or FK constraints are dropped from tables before renaming and then restoring the unique FK constraints. This works for DB2 and other DBMSs that support FK constraints such as MySQL with InnoDB and PostgreSQL. Also, for DB2, give a name to the unique constraints so that they can be manipulated. Fixes bug 1188785 Change-Id: I7cf6ab42084e43d827ed827c64025e61e72a4672
* Isolate eventlet code into environment.Jamie Lennox2013-06-181-1/+2
| | | | | | | | | | | | | | | | | | The environment module will be configured once, during code initialization. Subsequently all other possibly-evented modules will retrieve from environment and transparently obtain either the eventlet or standard library modules. If eventlet, httplib, subprocess or other environment dependant module is referenced outside of the environment module it should be considered a bug. The changes to tests are required to ensure that test is imported first to setup the environment. Hopefully these can all be replaced with an __init__.py in a post-nose keystone. Implements: blueprint extract-eventlet Change-Id: Icacd6f2ee0906ac5d303777c1f87a184f38283bf
* Live SQL migration testsAdam Young2013-05-311-3/+10
| | | | | | | | | Make it possible to run the migration tests for the supported databases without editing the config files. Blueprint live-sql-gate Change-Id: Iaf14ad42333b0a0cd1f7d0fb37f135a8bf7af14a
* Use TODO(NAME) (flake8 H101)Dolph Mathews2013-05-231-9/+8
| | | | Change-Id: Ic47bdd61d9818f203a88ae16f97c2b61b1c1bd8c
* Make migration tests postgres & mysql friendly.Jamie Lennox2013-04-241-27/+27
| | | | | | | | Add some session commits to prevent database deadlocks. Force close all open sessions before performing tear down. Use escaped parameter handling for raw sql statements. Change-Id: I0ef670ddc416a02e78570ab6ebed2b4bf2a8635b
* Use is_enabled() in folsom->grizzly upgrade (bug 1167421)Dolph Mathews2013-04-111-0/+80
| | | | Change-Id: Iddc10167c94deacec07cab7ec9316849263fb462
* Utilize legacy_endpoint_id column (bug 1154918)Dolph Mathews2013-03-181-0/+37
| | | | | | | | This column was created in migration 11 but isn't used because it wasn't added to the model definition. Attempting to store data here ended up putting it into 'extra'. Change-Id: I02680b5213f09fe3cddcf5365104554d3e6d6b8a
* extracting user and trust ids into normalized fieldsAdam Young2013-03-151-1/+7
| | | | | | | | | | | | | These fields are used for queries, and may need to be indexed Also moves the delete token for... functions into the base class for controllers. Removed the token API revoke token call as that needed access to other APIs. Logic was moved into the controller. Bug 1152801 Change-Id: I59c360fe5aef905dfa30cb55ee54ff1fbe64dc58
* Migrate roles from metadata to user_project_metadataJason Cannavale2013-03-131-4/+132
| | | | | | | | | | | migration 017 did not migrate existing roles from the metadata table that was created in 001. Adding a migration (20) that compares the roles in the metadata table (if any) and joins them to the new user_project_metadata role that matches the user and tenant from the old table. Also adding subsequent tests to check both of the issues above. bug 1131087 Change-Id: I00ea6043d949c9c358827e25f05c63515fe5dea8
* Revert "from tests import"Adam Young2013-03-111-1/+1
| | | | | | This reverts commit d8599dcda06514a9687af3f714e55ff7580af9db. Change-Id: Iddb881070a91b9761a567a7d3b6d906e228af9f6
* Merge "Fix folsom -> grizzly role table migration issues (bug 1119789)"Jenkins2013-03-111-0/+17
|\
| * Fix folsom -> grizzly role table migration issues (bug 1119789)William Kelly2013-03-081-0/+17
| | | | | | | | Change-Id: Id7e5b3354d9139afa0a69b283924f363847cef56
* | from tests importAdam Young2013-03-081-1/+1
|/ | | | | | | | | Makes the resolution of local imports work when running individual tests. Bug 1152326 Change-Id: I72f54bdbb60a6d7acf32bdbdc02d7bce69add84e
* TrustsAdam Young2013-03-051-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Blueprint trusts creates a trust. Using a trust, one user (the trustee), can then create tokens with a subset of another user's (the trustor) roles and projects. If the impersonate flag in the trust is set, the token user_id is set to the trustor's user ID If the impersonate flag is not set, the token's user_is is set to the trustee's user ID check that both trustor and trustee are enabled prior to creating the trust token. sql and kvs backends sql upgrade scripts unit tests for backends, auth and v3 api modifications to the trust controller for creating tokens Authenticates that only user can be trustor in create Deleting a trust invalidates all tokens created from that trust Adds the trust id and the id of the trustee to the header of the token policy rules for trust This version has a workaround for testing against the KVS version of the Service catalog Change-Id: I5745f4d9a4180b59671a143a55ed87019e98ec76
* Implement name space for domainsHenry Nash2013-02-191-0/+74
| | | | | | | | | | | | | | | | | | | | | | Creates a separate name space for each domain for the name attribute of user, groups and projects - meaning that the names of these entities only have to be unique within that domain. Implementation of this within the SQL backends is handled by simply changing the uniqueness constraints on the relevant attributes. KVS and LDAP backends do not yet support domain separation (blocked by existing restrictions, already raised as bugs). An issue exists for the downward migration with this change in that if the database has been used and populated with the name space in place then the downward migration may fail due to clashing names when you try and revert to a global name space (raised as a separate bug) This patch also improves the group support in the KVS backend and cleans up string quoting in the 016 migration fucntions, and fixes an issue where the SQL update_project was not updating a change in domain_id. Change-Id: I8f0df0e1bf84bfd26b8ef5505fe5fafd930dc78b
* project membership to role conversionAdam Young2013-02-181-9/+25
| | | | | | | | | | | | | Changes the relationship between users and projects. There is no more direct membership in projects. Instead, all membership is now done via roles. A default role has been created called _member_ with a uuid (both configurable) that will be added in place of the group membership for databse upgrades. DocImpact: https://bugs.launchpad.net/openstack-manuals/+bug/1087483 Change-Id: I2482f9ef7b838e5dade5096d6d00e81db71604d1
* Keystone backend preparation for domain-scopingHenry Nash2013-02-121-28/+189
| | | | | | | | | | | | | | | | | | These changes lay the ground work for the implmentation of domain-scoping, but are benign in that they don't change the token. They include making domain_id a first-class attribute in the user and project entity (i.e. move it out of the 'extra' attribute), filling in domain grant and project support for the kvs backend and fixing a series of issues in the mirgation to make it work for both MySQL, Postgresql and sqlite. A further, separate, commit will actually provide the code to update the actual tokens once the v3 token support has been added. blueprint domain-scoping blueprint default-domain Change-Id: I55ab7947a6a1efbab003bd234856bd3805bb4a63
* Fix normalize identity sql ugrade for Mysql and postgresqlAdam Young2013-02-111-15/+22
| | | | Change-Id: Idf374a748f8ed2add5310b504806ffabfa64bed9
* Create a default domain (bp default-domain)Dolph Mathews2013-01-311-22/+22
| | | | | | | | | | | This changes rewrites some of our migration history since the folsom release so that we can create a default domain prior to creating non-nullable foreignkey's in the user and project tables in migration 9 (numbered according to this change). DocImpact Change-Id: I807f7b1dca1d6a895f7417c316bcbce24ada61c0
* Enable/disable domains (bug 1100145)Dolph Mathews2013-01-281-1/+1
| | | | | | | | Disabling an individual domain denies auth to users and projects owned by that domain, and revokes all associated tokens. Re-enabling the domain does not re-enable tokens. Change-Id: Ic64f59be4f39317f4c365bec185408e79d18c45f
* rename tenant to project in sqlAdam Young2013-01-251-3/+27
| | | | | | | | | Change is motivated by the need to do an incremental conversion from using tenant to using project as the name. The database is isolated from the API and can be modified without breaking integrations. ADditional work wil be required to get the API to meet the V3 spec without breaking the V2 spec Change-Id: I7cf7695354071f0ea6252be4730ceec3af0a2f35
* Merge "Test that you can undo & re-apply all migrations"Jenkins2013-01-171-0/+14
|\
| * Test that you can undo & re-apply all migrationsDolph Mathews2013-01-161-0/+14
| | | | | | | | Change-Id: I72e2b979a8692657c225102f2562e1b1fbb3f67d
* | Merge "Allow running of sql against the live DB."Jenkins2013-01-161-1/+16
|\ \
| * | Allow running of sql against the live DB.Adam Young2013-01-161-1/+16
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reordered the tables in the domain downgrade script to avoid breaking the integrity constraints To run the test: ./run_tests.sh -N test_sql_upgrade This version removed all of the code specific to running against a live DB and merged it into the standard tests. Fixed a couple downgrade functions that were failing. They had not been tested Change-Id: Ie1214e5543bd08fde95652af2464cc9c80db449d
* | Merge "downgrade user and tenant normalized tables downgraded such that ↵Jenkins2013-01-161-0/+3
|\| | | | | | | sqlite is supported, too"
| * downgrade user and tenantAdam Young2013-01-161-0/+3
| | | | | | | | | | | | normalized tables downgraded such that sqlite is supported, too Change-Id: I93ed4589cbe7fd3aee16e42489c322ae903bdac7
* | Auto-detect max SQL migrationDolph Mathews2013-01-161-1/+4
|/ | | | Change-Id: I56b1d6ded61ad430929d0275ab384ff464faa53c
* Fixes import order nitsZhongyue Luo2013-01-111-1/+2
| | | | Change-Id: I5a527e0f5010171a202de5894d124d213d22a073
* Keystone server support for user groupsHenry Nash2013-01-081-1/+17
| | | | | | | | | | | | | | | | | | | | | | | This implements the server side of groups of users. This set of code provides all the crud functionality for groups as well as the corresponding support for role assignments. blueprint user-groups The following deficiencies existing with the current version and will be corrected ahead of the final Grizzly release: 1) There is only placeholder support for LDAP (Bug #1092187) 2) Domain role grants are accepted but not yet honored (Bug #1093248) 3) Token invalidation does not occur with group changes (Bug #1093493) This update also fills in missing v3 grant unit testing and v3 grant support within the kvs backend. In addition, there is a fix for Bug #1092200 (uncaught exception when listing grants) DocImpact Change-Id: Ibd1783b04b2d7804eff90312e5ef591dca4d0695
* Split endpoint records in SQL by interfaceDolph Mathews2012-12-181-28/+163
| | | | | | | | | | | | | | | | This migrates the SQL backend such that v2 endpoints containing up to 3 URL's (public, internal and admin) stored in 'extra' are split into unique endpoints. Because legacy "endpoints" (each having publicUrl, internalUrl and adminUrl) are no longer conceptually identical to v3's "endpoints" (each having an interface and a url), new ID's are assigned to each entity and each API continues to operate using with independent sets of endpoint ID's. Endpoints created on the v3 API are not exposed on the v2 API. Change-Id: I2ba59d55907313ae65e908585fc49be0c4ce899a
* Adding downgrade steps for migration scripts.Justin Shepherd2012-12-051-0/+24
| | | | | | | | Also updated test_sql_upgrade to check the actions from 007_add_domain_tables. Fixes: bug #1081167 Change-Id: I194c7de9ae8a3bb8f2f9f37d3a91f4fac2fe2913
* normalize identityAdam Young2012-11-271-2/+51
| | | | | | | | | | | | | | | modify tables by adding columns, and modify entities by adding attributes for password, description and enabled update tests to deal with change from 'False' and 'True' to the python values False and True Added a Text type from SQL Alchemy Bug 1070351 Bug 1023544 Change-Id: I066c788b5d08a8f42a9b5412ea9e29e4fe9ba205
* v3 PoliciesDolph Mathews2012-11-191-7/+25
| | | | | | | | - v3 policy (bp rbac-keystone-api) - v3 policy tests (bug 1023935) - v3 policy implementation (bug 1023939) Change-Id: I163fbb67726c295fe9ed09b68cd18d2273345d29
* Merge "populate table check."Jenkins2012-11-151-1/+15
|\
| * populate table check.Adam Young2012-11-131-1/+15
| | | | | | | | Change-Id: If82979923ba5c0193beeb1896ea5b4777dec735d
* | Run test_keystoneclient_sql in-memoryDolph Mathews2012-11-131-1/+2
|/ | | | | | ~35% performance improvement vs an SSD on test_keystoneclient_sql Change-Id: Ie8c9cc0c3c56f784140998a625d943be528d5089
* Improve feedback on test failureDolph Mathews2012-11-081-14/+6
| | | | Change-Id: Iace6a88ddfbdefe97e0ea205cda4b10c04bca0dc
* SQL upgrade test.Adam Young2012-11-071-0/+104
Tests upgrade to version 1. Confirms all of the identity tables layout. blueprint: normalize-sql Change-Id: If66250af068b396fc55f38c66f789b9447353bda
generated by cgit (git 2.34.1) at 2024-06-22 03:40:20 +0000