Record the ACL name in the acl_history table

Store the current name of the ACL with each history row, and index the name. This will eventually allow retrieval of history by name for ACLs that have been deleted, although the rest of the code is not yet in place. The initial creation and membership of the ADMIN ACL during database initialization or reinitialization is no longer recorded in the acl_history table, since otherwise it produces errors due to the missing ah_name field when building the database with schema 0.07. There should be some better solution to this, but this will be okay for the time being. Change-Id: I015a00c972e0c2730c3d449952fcfe9b79c6e54f Reviewed-on: https://gerrit.stanford.edu/1553 Reviewed-by: Russ Allbery <rra@stanford.edu> Tested-by: Russ Allbery <rra@stanford.edu>
author: Russ Allbery <eagle@eyrie.org> 2014-07-15 20:29:19 -0700
committer: Russ Allbery <rra@stanford.edu> 2014-07-15 21:10:37 -0700
commit: b1bd88daea1dde6de9e6a8688c6190cdc0b5c617 (patch)
tree: b6a9cf2a7dd3ef14b28ec0f83067359db09c8b7a
parent: 0b97ce27ea443be1e4b63fb5ebffa8a274a00f40 (diff)
11 files changed, 58 insertions, 24 deletions
diff --git a/NEWS b/NEWS
index beddf7f..f6e3fdd 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,11 @@ wallet 1.1 (unreleased)
     the DateTime::Format::* module corresponding to the DBD::* module used
     for the server database.
 
+    The initial creation and membership of the ADMIN ACL during database
+    initialization or reinitialization is no longer recorded in the
+    acl_history table.  (This is fallout from making a specific type of
+    upgrade testable, and may be fixed in the future.)
+
     The wallet server now requires Perl 5.8 or later (instead of 5.006 in
     previous versions) and is now built with Module::Build instead of
     ExtUtils::MakeMaker.  This should be transparent to anyone not working
diff --git a/perl/lib/Wallet/ACL.pm b/perl/lib/Wallet/ACL.pm
index 57097c0..6f5172a 100644
--- a/perl/lib/Wallet/ACL.pm
+++ b/perl/lib/Wallet/ACL.pm
@@ -80,6 +80,7 @@ sub create {
         # Add to the history table.
         my $date = DateTime->from_epoch (epoch => $time);
         %record = (ah_acl    => $id,
+                   ah_name   => $name,
                    ah_action => 'create',
                    ah_by     => $user,
                    ah_from   => $host,
@@ -165,6 +166,7 @@ sub log_acl {
     }
     my $date = DateTime->from_epoch (epoch => $time);
     my %record = (ah_acl        => $self->{id},
+                  ah_name       => $self->{name},
                   ah_action     => $action,
                   ah_scheme     => $scheme,
                   ah_identifier => $identifier,
@@ -243,7 +245,8 @@ sub destroy {
 
         # Create new history line for the deletion.
         my $date = DateTime->from_epoch (epoch => $time);
-        my %record = (ah_acl => $self->{id},
+        my %record = (ah_acl    => $self->{id},
+                      ah_name   => $self->{name},
                       ah_action => 'destroy',
                       ah_by     => $user,
                       ah_from   => $host,
diff --git a/perl/lib/Wallet/Admin.pm b/perl/lib/Wallet/Admin.pm
index 29b2f21..b07c7d1 100644
--- a/perl/lib/Wallet/Admin.pm
+++ b/perl/lib/Wallet/Admin.pm
@@ -98,13 +98,22 @@ sub initialize {
     $self->default_data;
 
     # Create a default admin ACL.
-    my $acl = Wallet::ACL->create ('ADMIN', $self->{schema}, $user,
-                                   'localhost');
-    unless ($acl->add ('krb5', $user, $user, 'localhost')) {
-        $self->error ($acl->error);
+    eval {
+        my $guard = $self->{schema}->txn_scope_guard;
+        $self->{schema}->resultset ('Acl')->populate ([
+            [ qw/ac_id ac_name/ ],
+            [ 1, 'ADMIN'        ],
+        ]);
+        $self->{schema}->resultset ('AclEntry')->populate ([
+            [ qw/ae_id ae_scheme ae_identifier/ ],
+            [ 1, 'krb5', $user                  ],
+        ]);
+        $guard->commit;
+    };
+    if ($@) {
+        $self->error ("cannot add ADMIN ACL: $@");
         return;
     }
-
     return 1;
 }
 
diff --git a/perl/lib/Wallet/Schema/Result/AclHistory.pm b/perl/lib/Wallet/Schema/Result/AclHistory.pm
index 11593b7..82e18a9 100644
--- a/perl/lib/Wallet/Schema/Result/AclHistory.pm
+++ b/perl/lib/Wallet/Schema/Result/AclHistory.pm
@@ -41,6 +41,12 @@ __PACKAGE__->table("acl_history");
   data_type: 'integer'
   is_nullable: 0
 
+=head2 ah_name
+
+  data_type: 'varchar'
+  is_nullable: 1
+  size: 255
+
 =head2 ah_action
 
   data_type: 'varchar'
@@ -84,6 +90,8 @@ __PACKAGE__->add_columns(
   { data_type => "integer", is_auto_increment => 1, is_nullable => 0 },
   "ah_acl",
   { data_type => "integer", is_nullable => 0 },
+  "ah_name",
+  { data_type => "varchar", is_nullable => 1, size => 255 },
   "ah_action",
   { data_type => "varchar", is_nullable => 0, size => 16 },
   "ah_scheme",
@@ -108,6 +116,8 @@ sub sqlt_deploy_hook {
     my ($self, $sqlt_table) = @_;
     my $name = 'acl_history_idx_ah_acl';
     $sqlt_table->add_index (name => $name, fields => [qw(ah_acl)]);
+    $name = 'acl_history_idx_ah_name';
+    $sqlt_table->add_index (name => $name, fields => [qw(ah_name)]);
 }
 
 1;
diff --git a/perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql b/perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql
index 8127613..f6b1abe 100644
--- a/perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql
+++ b/perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql
@@ -12,7 +12,9 @@ CREATE TABLE duo (
 
 SET foreign_key_checks=1;
 
-ALTER TABLE acl_history ADD INDEX acl_history_idx_ah_acl (ah_acl);
+ALTER TABLE acl_history ADD COLUMN ah_name varchar(255) NULL,
+                        ADD INDEX acl_history_idx_ah_acl (ah_acl),
+                        ADD INDEX acl_history_idx_ah_name (ah_name);
 
 ALTER TABLE object_history DROP FOREIGN KEY object_history_fk_oh_type_oh_name,
                            ALTER TABLE object_history;
diff --git a/perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql
index 66603f7..a1d3fa3 100644
--- a/perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql
+++ b/perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql
@@ -8,8 +8,12 @@ CREATE TABLE "duo" (
   PRIMARY KEY ("du_name")
 );
 
+ALTER TABLE acl_history ADD COLUMN ah_name character varying(255);
+
 CREATE INDEX acl_history_idx_ah_acl on acl_history (ah_acl);
 
+CREATE INDEX acl_history_idx_ah_name on acl_history (ah_name);
+
 
 COMMIT;
 
diff --git a/perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql b/perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql
index 42f4ea5..df0fa09 100644
--- a/perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql
+++ b/perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql
@@ -8,6 +8,10 @@ CREATE TABLE duo (
   PRIMARY KEY (du_name)
 );
 
+ALTER TABLE acl_history ADD ah_name varchar(255) default null;
+
 CREATE INDEX acl_history_idx_ah_acl ON acl_history (ah_acl);
 
+CREATE INDEX acl_history_idx_ah_name ON acl_history (ah_name);
+
 COMMIT;
diff --git a/perl/sql/Wallet-Schema-0.09-MySQL.sql b/perl/sql/Wallet-Schema-0.09-MySQL.sql
index 86eeec4..200b941 100644
--- a/perl/sql/Wallet-Schema-0.09-MySQL.sql
+++ b/perl/sql/Wallet-Schema-0.09-MySQL.sql
@@ -1,6 +1,6 @@
 -- 
 -- Created by SQL::Translator::Producer::MySQL
--- Created on Fri Jul 11 19:17:16 2014
+-- Created on Tue Jul 15 17:41:01 2014
 -- 
 SET foreign_key_checks=0;
 
@@ -12,6 +12,7 @@ DROP TABLE IF EXISTS `acl_history`;
 CREATE TABLE `acl_history` (
   `ah_id` integer NOT NULL auto_increment,
   `ah_acl` integer NOT NULL,
+  `ah_name` varchar(255) NULL,
   `ah_action` varchar(16) NOT NULL,
   `ah_scheme` varchar(32) NULL,
   `ah_identifier` varchar(255) NULL,
@@ -19,6 +20,7 @@ CREATE TABLE `acl_history` (
   `ah_from` varchar(255) NOT NULL,
   `ah_on` datetime NOT NULL,
   INDEX `acl_history_idx_ah_acl` (`ah_acl`),
+  INDEX `acl_history_idx_ah_name` (`ah_name`),
   PRIMARY KEY (`ah_id`)
 );
 
diff --git a/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql
index 38fc6ca..a66f0b1 100644
--- a/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql
+++ b/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql
@@ -1,6 +1,6 @@
 -- 
 -- Created by SQL::Translator::Producer::PostgreSQL
--- Created on Fri Jul 11 19:17:17 2014
+-- Created on Tue Jul 15 17:41:03 2014
 -- 
 --
 -- Table: duo.
@@ -19,6 +19,7 @@ DROP TABLE "acl_history" CASCADE;
 CREATE TABLE "acl_history" (
   "ah_id" serial NOT NULL,
   "ah_acl" integer NOT NULL,
+  "ah_name" character varying(255),
   "ah_action" character varying(16) NOT NULL,
   "ah_scheme" character varying(32),
   "ah_identifier" character varying(255),
@@ -28,6 +29,7 @@ CREATE TABLE "acl_history" (
   PRIMARY KEY ("ah_id")
 );
 CREATE INDEX "acl_history_idx_ah_acl" on "acl_history" ("ah_acl");
+CREATE INDEX "acl_history_idx_ah_name" on "acl_history" ("ah_name");
 
 --
 -- Table: acl_schemes.
diff --git a/perl/sql/Wallet-Schema-0.09-SQLite.sql b/perl/sql/Wallet-Schema-0.09-SQLite.sql
index 97db821..19a77c2 100644
--- a/perl/sql/Wallet-Schema-0.09-SQLite.sql
+++ b/perl/sql/Wallet-Schema-0.09-SQLite.sql
@@ -1,6 +1,6 @@
 -- 
 -- Created by SQL::Translator::Producer::SQLite
--- Created on Fri Jul 11 19:17:16 2014
+-- Created on Tue Jul 15 17:41:02 2014
 -- 
 
 BEGIN TRANSACTION;
@@ -24,6 +24,7 @@ DROP TABLE IF EXISTS acl_history;
 CREATE TABLE acl_history (
   ah_id INTEGER PRIMARY KEY NOT NULL,
   ah_acl integer NOT NULL,
+  ah_name varchar(255),
   ah_action varchar(16) NOT NULL,
   ah_scheme varchar(32),
   ah_identifier varchar(255),
@@ -34,6 +35,8 @@ CREATE TABLE acl_history (
 
 CREATE INDEX acl_history_idx_ah_acl ON acl_history (ah_acl);
 
+CREATE INDEX acl_history_idx_ah_name ON acl_history (ah_name);
+
 --
 -- Table: acl_schemes
 --
diff --git a/perl/t/general/server.t b/perl/t/general/server.t
index 0a527a5..b270733 100755
--- a/perl/t/general/server.t
+++ b/perl/t/general/server.t
@@ -54,18 +54,8 @@ is ($server->acl_show ('ADMIN'),
 is ($server->acl_show (1),
     "Members of ACL ADMIN (id: 1) are:\n  krb5 $admin\n",
     ' including by number');
-my $history = <<"EOO";
-DATE  create
-    by $admin from $host
-DATE  add krb5 $admin
-    by $admin from $host
-EOO
-my $result = $server->acl_history ('ADMIN');
-$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm;
-is ($result, $history, ' and displaying history works');
-$result = $server->acl_history (1);
-$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm;
-is ($result, $history, ' including by number');
+is ($server->acl_history ('ADMIN'), '', ' and initial history is empty');
+is ($server->acl_history (1), '', ' including by number');
 is ($server->acl_create (3), undef, 'Cannot create ACL with a numeric name');
 is ($server->error, 'ACL name may not be all numbers',
     ' and returns the right error');
@@ -117,7 +107,7 @@ is ($server->acl_add ('both', 'krb5', $user2), 1,
 is ($server->acl_show ('both'),
     "Members of ACL both (id: 4) are:\n  krb5 $user1\n  krb5 $user2\n",
     ' and show returns the correct result');
-$history = <<"EOO";
+my $history = <<"EOO";
 DATE  create
     by $admin from $host
 DATE  add krb5 $user1
@@ -125,7 +115,7 @@ DATE  add krb5 $user1
 DATE  add krb5 $user2
     by $admin from $host
 EOO
-$result = $server->acl_history ('both');
+my $result = $server->acl_history ('both');
 $result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm;
 is ($result, $history, ' as does history');
 is ($server->acl_add ('empty', 'krb5', $user1), 1, ' and another to empty');
author	Russ Allbery <eagle@eyrie.org>	2014-07-15 20:29:19 -0700
committer	Russ Allbery <rra@stanford.edu>	2014-07-15 21:10:37 -0700
commit	b1bd88daea1dde6de9e6a8688c6190cdc0b5c617 (patch)
tree	b6a9cf2a7dd3ef14b28ec0f83067359db09c8b7a
parent	0b97ce27ea443be1e4b63fb5ebffa8a274a00f40 (diff)