Launchpad itself

Merge ~pappacena/launchpad:merge-db-stable into launchpad:master

  1. Git
  2. lp:~pappacena/launchpad
  3. merge-db-stable
  4. Merge into master
Proposed by Thiago F. Pappacena
Status: Merged
Approved by: Thiago F. Pappacena
Approved revision: 8143362d385401088014b1d66bf71e55549b6df5
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~pappacena/launchpad:merge-db-stable
Merge into: launchpad:master
Diff against target: 171 lines (+129/-0)
3 files modified
database/schema/patch-2210-26-3.sql (+122/-0)
database/schema/security.cfg (+3/-0)
lib/lp/registry/personmerge.py (+4/-0)
Reviewer Review Type Date Requested Status
Thiago F. Pappacena (community) Approve
Review via email: mp+400266@code.launchpad.net

Commit message

Merge db-stable 8143362d385401088014b1d66bf71e55549b6df5 (Database changes for private OCI recipes)

To post a comment you must log in.
Revision history for this message
Thiago F. Pappacena (pappacena) wrote :

Deployed to the production database today.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/database/schema/patch-2210-26-3.sql b/database/schema/patch-2210-26-3.sql
0new file mode 1006440new file mode 100644
index 0000000..0788f93
--- /dev/null
+++ b/database/schema/patch-2210-26-3.sql
@@ -0,0 +1,122 @@
1-- Copyright 2021 Canonical Ltd. This software is licensed under the
2-- GNU Affero General Public License version 3 (see the file LICENSE).
3
4SET client_min_messages=ERROR;
5
6-- OCIRecipe privacy model is based only on ownership, similarly to Archives.
7ALTER TABLE OCIRecipe
8 ADD COLUMN information_type integer,
9 ADD COLUMN access_policy integer,
10 ADD COLUMN access_grants integer[];
11
12COMMENT ON COLUMN OCIRecipe.information_type IS
13 'Enum describing what type of information is stored, such as type of private or security related data, and used to determine to apply an access policy.';
14
15
16CREATE TABLE OCIRecipeSubscription (
17 id serial PRIMARY KEY,
18 recipe integer NOT NULL REFERENCES OCIRecipe(id),
19 person integer NOT NULL REFERENCES Person(id),
20 date_created timestamp without time zone DEFAULT (CURRENT_TIMESTAMP AT TIME ZONE 'UTC') NOT NULL,
21 subscribed_by integer NOT NULL REFERENCES Person(id)
22);
23
24COMMENT ON TABLE OCIRecipeSubscription IS 'Person subscription for OCI recipe.';
25COMMENT ON COLUMN OCIRecipeSubscription.person IS
26 'The person who subscribed to the OCI recipe.';
27COMMENT ON COLUMN OCIRecipeSubscription.recipe IS
28 'The OCI recipe to which the person subscribed.';
29COMMENT ON COLUMN OCIRecipeSubscription.date_created IS
30 'When the subscription was created.';
31COMMENT ON COLUMN OCIRecipeSubscription.subscribed_by IS
32 'The person performing the action of subscribing someone to the OCI recipe.';
33
34CREATE UNIQUE INDEX ocirecipesubscription__recipe__person__key
35 ON OCIRecipeSubscription(recipe, person);
36
37CREATE INDEX ocirecipesubscription__person__idx
38 ON OCIRecipeSubscription(person);
39
40CREATE INDEX ocirecipesubscription__subscribed_by__idx
41 ON OCIRecipeSubscription(subscribed_by);
42
43ALTER TABLE AccessArtifact
44 ADD COLUMN ocirecipe integer REFERENCES OCIRecipe;
45
46
47ALTER TABLE AccessArtifact DROP CONSTRAINT has_artifact;
48ALTER TABLE AccessArtifact
49 ADD CONSTRAINT has_artifact CHECK (
50 (null_count(ARRAY[bug, branch, gitrepository, snap, specification, ocirecipe]) = 5)) NOT VALID;
51
52
53CREATE OR REPLACE FUNCTION ocirecipe_denorm_access(ocirecipe_id integer)
54 RETURNS void LANGUAGE plpgsql AS
55$$
56DECLARE
57 info_type integer;
58BEGIN
59 SELECT
60 -- information type: 1 = public
61 COALESCE(ocirecipe.information_type, 1)
62 INTO info_type
63 FROM ocirecipe WHERE id = ocirecipe_id;
64
65 UPDATE OCIRecipe
66 SET access_policy = policies[1], access_grants = grants
67 FROM
68 build_access_cache(
69 (SELECT id FROM accessartifact WHERE ocirecipe = ocirecipe_id),
70 info_type)
71 AS (policies integer[], grants integer[])
72 WHERE id = ocirecipe_id;
73END;
74$$;
75
76CREATE OR REPLACE FUNCTION accessartifact_denorm_to_artifacts(artifact_id integer)
77 RETURNS void
78 LANGUAGE plpgsql
79 AS $$
80DECLARE
81 artifact_row accessartifact%ROWTYPE;
82BEGIN
83 SELECT * INTO artifact_row FROM accessartifact WHERE id = artifact_id;
84 IF artifact_row.bug IS NOT NULL THEN
85 PERFORM bug_flatten_access(artifact_row.bug);
86 END IF;
87 IF artifact_row.branch IS NOT NULL THEN
88 PERFORM branch_denorm_access(artifact_row.branch);
89 END IF;
90 IF artifact_row.gitrepository IS NOT NULL THEN
91 PERFORM gitrepository_denorm_access(artifact_row.gitrepository);
92 END IF;
93 IF artifact_row.snap IS NOT NULL THEN
94 PERFORM snap_denorm_access(artifact_row.snap);
95 END IF;
96 IF artifact_row.specification IS NOT NULL THEN
97 PERFORM specification_denorm_access(artifact_row.specification);
98 END IF;
99 IF artifact_row.ocirecipe IS NOT NULL THEN
100 PERFORM ocirecipe_denorm_access(artifact_row.ocirecipe);
101 END IF;
102 RETURN;
103END;
104$$;
105
106COMMENT ON FUNCTION accessartifact_denorm_to_artifacts(artifact_id integer) IS
107 'Denormalize the policy access and artifact grants to bugs, branches, git repositories, snaps, specifications and ocirecipe.';
108
109-- A trigger to handle ocirecipe.information_type changes.
110CREATE OR REPLACE FUNCTION ocirecipe_maintain_access_cache_trig() RETURNS trigger
111 LANGUAGE plpgsql AS $$
112BEGIN
113 PERFORM ocirecipe_denorm_access(NEW.id);
114 RETURN NULL;
115END;
116$$;
117
118CREATE TRIGGER ocirecipe_maintain_access_cache
119 AFTER INSERT OR UPDATE OF information_type ON OCIRecipe
120 FOR EACH ROW EXECUTE PROCEDURE ocirecipe_maintain_access_cache_trig();
121
122INSERT INTO LaunchpadDatabaseRevision VALUES (2210, 26, 3);
diff --git a/database/schema/security.cfg b/database/schema/security.cfg
index 2911da2..ea39046 100644
--- a/database/schema/security.cfg
+++ b/database/schema/security.cfg
@@ -61,6 +61,7 @@ public.milestone_sort_key(timestamp without time zone, text) = EXECUTE
61public.min(debversion) = EXECUTE61public.min(debversion) = EXECUTE
62public.name_blacklist_match(text, integer) = EXECUTE62public.name_blacklist_match(text, integer) = EXECUTE
63public.null_count(anyarray) = EXECUTE63public.null_count(anyarray) = EXECUTE
64public.ocirecipe_denorm_access(integer) = EXECUTE
64public.person_sort_key(text, text) = EXECUTE65public.person_sort_key(text, text) = EXECUTE
65public.pgstatginindex(regclass) =66public.pgstatginindex(regclass) =
66public.pgstathashindex(regclass) =67public.pgstathashindex(regclass) =
@@ -252,6 +253,7 @@ public.ocirecipearch = SELECT, INSERT, DELETE
252public.ocirecipebuild = SELECT, INSERT, UPDATE, DELETE253public.ocirecipebuild = SELECT, INSERT, UPDATE, DELETE
253public.ocirecipebuildjob = SELECT, INSERT, UPDATE, DELETE254public.ocirecipebuildjob = SELECT, INSERT, UPDATE, DELETE
254public.ocirecipejob = SELECT, INSERT, UPDATE, DELETE255public.ocirecipejob = SELECT, INSERT, UPDATE, DELETE
256public.ocirecipesubscription = SELECT, INSERT, UPDATE, DELETE
255public.ociregistrycredentials = SELECT, INSERT, UPDATE, DELETE257public.ociregistrycredentials = SELECT, INSERT, UPDATE, DELETE
256public.officialbugtag = SELECT, INSERT, UPDATE, DELETE258public.officialbugtag = SELECT, INSERT, UPDATE, DELETE
257public.openidconsumerassociation = SELECT, INSERT, UPDATE, DELETE259public.openidconsumerassociation = SELECT, INSERT, UPDATE, DELETE
@@ -2334,6 +2336,7 @@ public.ociproject = SELECT, UPDATE
2334public.ociprojectseries = SELECT, UPDATE2336public.ociprojectseries = SELECT, UPDATE
2335public.ocirecipe = SELECT, UPDATE2337public.ocirecipe = SELECT, UPDATE
2336public.ocirecipebuild = SELECT, UPDATE2338public.ocirecipebuild = SELECT, UPDATE
2339public.ocirecipesubscription = SELECT, UPDATE, DELETE
2337public.ociregistrycredentials = SELECT, UPDATE2340public.ociregistrycredentials = SELECT, UPDATE
2338public.officialbugtag = SELECT2341public.officialbugtag = SELECT
2339public.openididentifier = SELECT, UPDATE2342public.openididentifier = SELECT, UPDATE
diff --git a/lib/lp/registry/personmerge.py b/lib/lp/registry/personmerge.py
index 3e51005..a4a79e9 100644
--- a/lib/lp/registry/personmerge.py
+++ b/lib/lp/registry/personmerge.py
@@ -941,6 +941,10 @@ def merge_people(from_person, to_person, reviewer, delete=False):
941 _mergeOCIRecipe(cur, from_person, to_person)941 _mergeOCIRecipe(cur, from_person, to_person)
942 skip.append(('ocirecipe', 'owner'))942 skip.append(('ocirecipe', 'owner'))
943943
944 # XXX pappacena 2021-03-05: We need to implement the proper handling for
945 # this once we have OCIRecipeSubscription implemented.
946 skip.append(('ocirecipesubscription', 'person'))
947
944 # Sanity check. If we have a reference that participates in a948 # Sanity check. If we have a reference that participates in a
945 # UNIQUE index, it must have already been handled by this point.949 # UNIQUE index, it must have already been handled by this point.
946 # We can tell this by looking at the skip list.950 # We can tell this by looking at the skip list.