From 3e913fa65e9e5c1d687372b89b5467edb3e77973 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 16 Jul 2014 16:20:10 -0700 Subject: Go back to recording the ADMIN ACL in history This turned out to not be necessary for testing since I was already using sqlite3 to load an unversioned schema. Remove the offending line and restore the old code with some cleanup. Change-Id: I282b6f3b4754e4899222be6366b77a47f0cb7189 Reviewed-on: https://gerrit.stanford.edu/1575 Reviewed-by: Russ Allbery Tested-by: Russ Allbery --- NEWS | 5 ----- perl/lib/Wallet/Admin.pm | 18 ++++-------------- perl/t/general/admin.t | 1 - perl/t/general/server.t | 18 ++++++++++++++---- 4 files changed, 18 insertions(+), 24 deletions(-) diff --git a/NEWS b/NEWS index 5764ffc..039494e 100644 --- a/NEWS +++ b/NEWS @@ -67,11 +67,6 @@ wallet 1.1 (2014-07-16) are referencing. Should fix destroy in MySQL and other database engines that enforce referential integrity. - The initial creation and membership of the ADMIN ACL during database - initialization or reinitialization is no longer recorded in the - acl_history table. (This is fallout from making a specific type of - upgrade testable, and may be fixed in the future.) - The wallet server now requires Perl 5.8 or later (instead of 5.006 in previous versions) and is now built with Module::Build instead of ExtUtils::MakeMaker. This should be transparent to anyone not working diff --git a/perl/lib/Wallet/Admin.pm b/perl/lib/Wallet/Admin.pm index 8481979..33e2a7d 100644 --- a/perl/lib/Wallet/Admin.pm +++ b/perl/lib/Wallet/Admin.pm @@ -98,20 +98,10 @@ sub initialize { $self->default_data; # Create a default admin ACL. - eval { - my $guard = $self->{schema}->txn_scope_guard; - $self->{schema}->resultset ('Acl')->populate ([ - [ qw/ac_id ac_name/ ], - [ 1, 'ADMIN' ], - ]); - $self->{schema}->resultset ('AclEntry')->populate ([ - [ qw/ae_id ae_scheme ae_identifier/ ], - [ 1, 'krb5', $user ], - ]); - $guard->commit; - }; - if ($@) { - $self->error ("cannot add ADMIN ACL: $@"); + my $schema = $self->{schema}; + my $acl = Wallet::ACL->create ('ADMIN', $schema, $user, 'localhost'); + unless ($acl->add ('krb5', $user, $user, 'localhost')) { + $self->error ($acl->error); return; } return 1; diff --git a/perl/t/general/admin.t b/perl/t/general/admin.t index 7c62932..47396c6 100755 --- a/perl/t/general/admin.t +++ b/perl/t/general/admin.t @@ -61,7 +61,6 @@ is ($server->acl_add ('ADMIN', 'base', 'foo'), 1, ' and adding a base ACL now works'); # Test re-initialization of the database. -$Wallet::Schema::VERSION = '0.07'; is ($admin->reinitialize ('admin@EXAMPLE.COM'), 1, ' and re-initialization succeeds'); diff --git a/perl/t/general/server.t b/perl/t/general/server.t index b270733..0a527a5 100755 --- a/perl/t/general/server.t +++ b/perl/t/general/server.t @@ -54,8 +54,18 @@ is ($server->acl_show ('ADMIN'), is ($server->acl_show (1), "Members of ACL ADMIN (id: 1) are:\n krb5 $admin\n", ' including by number'); -is ($server->acl_history ('ADMIN'), '', ' and initial history is empty'); -is ($server->acl_history (1), '', ' including by number'); +my $history = <<"EOO"; +DATE create + by $admin from $host +DATE add krb5 $admin + by $admin from $host +EOO +my $result = $server->acl_history ('ADMIN'); +$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm; +is ($result, $history, ' and displaying history works'); +$result = $server->acl_history (1); +$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm; +is ($result, $history, ' including by number'); is ($server->acl_create (3), undef, 'Cannot create ACL with a numeric name'); is ($server->error, 'ACL name may not be all numbers', ' and returns the right error'); @@ -107,7 +117,7 @@ is ($server->acl_add ('both', 'krb5', $user2), 1, is ($server->acl_show ('both'), "Members of ACL both (id: 4) are:\n krb5 $user1\n krb5 $user2\n", ' and show returns the correct result'); -my $history = <<"EOO"; +$history = <<"EOO"; DATE create by $admin from $host DATE add krb5 $user1 @@ -115,7 +125,7 @@ DATE add krb5 $user1 DATE add krb5 $user2 by $admin from $host EOO -my $result = $server->acl_history ('both'); +$result = $server->acl_history ('both'); $result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm; is ($result, $history, ' as does history'); is ($server->acl_add ('empty', 'krb5', $user1), 1, ' and another to empty'); -- cgit v1.2.3