Launchpad itself

Merge lp:~wgrant/launchpad/observer-db into lp:launchpad/db-devel

  1. observer-db
  2. Merge into db-devel
Proposed by William Grant
Status: Merged
Approved by: William Grant
Approved revision: no longer in the source branch.
Merged at revision: 11151
Proposed branch: lp:~wgrant/launchpad/observer-db
Merge into: lp:launchpad/db-devel
Prerequisite: lp:launchpad
Diff against target: 97 lines (+82/-0)
2 files modified
database/schema/comments.sql (+23/-0)
database/schema/patch-2208-93-1.sql (+59/-0)
To merge this branch: bzr merge lp:~wgrant/launchpad/observer-db
Reviewer Review Type Date Requested Status
Robert Collins (community) Approve
Stuart Bishop (community) db Approve
Review via email: mp+81104@code.launchpad.net

This proposal supersedes a proposal from 2011-11-03.

Commit message

[r=lifeless,stub][bug=890931] First part of the AccessPolicy DB model.

Description of the change

This is the initial DB patch for Disclosure's access policies. The migration process will be long and tortuous, but this is a start.

A private artifact (currently a bug or a branch) will be linked to one of its target's access policies, and attempts to access the artifact will be checked against the policy's permissions. This will shortly supplant the existing subscription-and-other-stuff-based checks.

Permissions can be either policy-global or artifact-specific. In the first case APP.artifact is left unset, letting the permission holder see all artifacts under the policy. For the second case both policy and artifact are set, restricting the access to a specific artifact under a specific policy.

The identification of access policies isn't well-defined yet, but this schema will do for now. The intent is that, at least for the initial pass, projects will have preconfigured and immutable "Private" and "Security" policies, with the existing bug privacy/security checkboxes altered to map onto these policies. So we either have to use an enum, or just treat these as well-known names until a later pass.

To post a comment you must log in.
Revision history for this message
Robert Collins (lifeless) wrote :

I think s/Permission/Grant/ will avoid some confusion.

This looks like what we discussed. Cool. Worth nothing I think is some more intent.
E.g. for artifacts mention that more types should be added there rather than in parallel tables.

Stuart: the idea here is that reporting is simple: one table supplies all the grants made to a private project/distro. Rather than a constantly evolving set of unions, this provides a single (indirect) level in the DB : *and* lets us query and report grants without accessing the granted-on objects [at least at this point]).

+1 from me but please get Stuarts ok before landing.

review: Approve
Revision history for this message
William Grant (wgrant) wrote :

The schema has been revised significantly. Key changes:

 - AccessPolicy now has a type enum column (Private, Security, etc.) instead of names. This is hopefully sufficiently inflexible that people won't do stupid things, makes bug and branch retargeting easier, and makes the table smaller.
 - AccessPolicyArtifact.policy now exists, so AccessPolicyGrant.{policy,artifact} are mutually exclusive.
 - AccessPolicyGrant has gained grantor/date_created columns, because unauditable grants are bad.

Bug/Branch retain their FKs directly to AP, rather than just having a policy type and inferring the target from the object's context. Multi-task bugs make determining that context non-trivial, and we have to have the AP FK denormed onto APA anyway.

Public bugs can have any number of targets, so it's not really possible to link them to a particular policy in any meaningful way. This, along with performance concerns around the expense that would be imposed on queries for public bugs, lead me to not have an AccessPolicyType.PUBLIC, and hence no AccessPolicy for public artifacts.

Revision history for this message
Stuart Bishop (stub) wrote :

We need an index on grantor to keep person merging happy:

CREATE INDEX accesspolicygrant__grantor__idx ON AccessPolicyGrant(grantor);

Otherwise all good!

review: Approve (db)
Revision history for this message
Robert Collins (lifeless) wrote :

This is great. I'd love an indicative result on prod size data for bug search & branch search - adapted current queries. Just as a safety belt. Doing that anytime before we go live with this is fine, but the earlier the easier from a fdt deploys perspective.

review: Approve
Revision history for this message
Robert Collins (lifeless) wrote :

Oh, and
+COMMENT ON COLUMN AccessPolicyArtifact.policy IS 'An optional policy that controls access to this artifact. Otherwise the artifact is public.';

Do we want APA rows for public artifacts at all? Or are we treating bug/branch.policy as a denormalisation [put another way - which side is authoritative if we are doing data repair in the future]. I would have expected 'public bugs have no APA rows'.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'database/schema/comments.sql'
2--- database/schema/comments.sql 2011-11-09 19:55:49 +0000
3+++ database/schema/comments.sql 2011-11-16 03:17:30 +0000
4@@ -6,6 +6,29 @@
5 GNU Affero General Public License version 3 (see the file LICENSE).
6 */
7
8+-- AccessPolicy
9+
10+COMMENT ON TABLE AccessPolicy IS 'An access policy used to manage a project or distribution\'s artifacts.';
11+COMMENT ON COLUMN AccessPolicy.product IS 'The product that this policy is used on.';
12+COMMENT ON COLUMN AccessPolicy.distribution IS 'The distribution that this policy is used on.';
13+COMMENT ON COLUMN AccessPolicy.type IS 'The type of policy (an enum value). Private, Security, etc.';
14+
15+-- AccessPolicyArtifact
16+
17+COMMENT ON TABLE AccessPolicyArtifact IS 'An artifact that an access grant can apply to. Additional private artifacts should be handled by adding new columns here, rather than new tables or columns on AccessPolicyGrant.';
18+COMMENT ON COLUMN AccessPolicyArtifact.bug IS 'The bug that this abstract artifact represents.';
19+COMMENT ON COLUMN AccessPolicyArtifact.branch IS 'The branch that this abstract artifact represents.';
20+COMMENT ON COLUMN AccessPolicyArtifact.policy IS 'An optional policy that controls access to this artifact. Otherwise the artifact is public.';
21+
22+-- AccessPolicyGrant
23+
24+COMMENT ON TABLE AccessPolicyGrant IS 'A grant for a person to access a specific artifact or all artifacts controlled by a particular policy.';
25+COMMENT ON COLUMN AccessPolicyGrant.grantee IS 'The person to whom access is granted.';
26+COMMENT ON COLUMN AccessPolicyGrant.grantor IS 'The person who granted the access.';
27+COMMENT ON COLUMN AccessPolicyGrant.date_created IS 'The date the access was granted.';
28+COMMENT ON COLUMN AccessPolicyGrant.policy IS 'The policy on which access is granted.';
29+COMMENT ON COLUMN AccessPolicyGrant.artifact IS 'The artifact on which access is granted.';
30+
31 -- Announcement
32
33 COMMENT ON TABLE Announcement IS 'A project announcement. This is a single item of news or information that the project is communicating. Announcements can be attached to a Project, a Product or a Distribution.';
34
35=== added file 'database/schema/patch-2208-93-1.sql'
36--- database/schema/patch-2208-93-1.sql 1970-01-01 00:00:00 +0000
37+++ database/schema/patch-2208-93-1.sql 2011-11-16 03:17:30 +0000
38@@ -0,0 +1,59 @@
39+-- Copyright 2011 Canonical Ltd. This software is licensed under the
40+-- GNU Affero General Public License version 3 (see the file LICENSE).
41+SET client_min_messages=ERROR;
42+
43+CREATE TABLE AccessPolicy (
44+ id serial PRIMARY KEY,
45+ product integer REFERENCES Product,
46+ distribution integer REFERENCES Distribution,
47+ type integer NOT NULL,
48+ CONSTRAINT has_target CHECK (product IS NULL != distribution IS NULL)
49+);
50+
51+CREATE UNIQUE INDEX accesspolicy__product__type__key
52+ ON AccessPolicy(product, type) WHERE product IS NOT NULL;
53+CREATE UNIQUE INDEX accesspolicy__distribution__type__key
54+ ON AccessPolicy(distribution, type) WHERE distribution IS NOT NULL;
55+
56+CREATE TABLE AccessPolicyArtifact (
57+ id serial PRIMARY KEY,
58+ bug integer REFERENCES Bug,
59+ branch integer, -- FK to be added later.
60+ policy integer REFERENCES AccessPolicy,
61+ CONSTRAINT has_artifact CHECK (bug IS NULL != branch IS NULL)
62+);
63+
64+CREATE UNIQUE INDEX accesspolicyartifact__bug__key
65+ ON AccessPolicyArtifact(bug) WHERE bug IS NOT NULL;
66+CREATE UNIQUE INDEX accesspolicyartifact__branch__key
67+ ON AccessPolicyArtifact(branch) WHERE branch IS NOT NULL;
68+CREATE INDEX accesspolicyartifact__policy__key
69+ ON AccessPolicyArtifact(policy);
70+
71+CREATE TABLE AccessPolicyGrant (
72+ id serial PRIMARY KEY,
73+ grantee integer NOT NULL, -- FK to be added later.
74+ grantor integer NOT NULL, -- FK to be added later.
75+ date_created timestamp without time zone
76+ DEFAULT (CURRENT_TIMESTAMP AT TIME ZONE 'UTC') NOT NULL,
77+ policy integer REFERENCES AccessPolicy,
78+ artifact integer REFERENCES AccessPolicyArtifact,
79+ CONSTRAINT has_target CHECK (policy IS NULL != artifact IS NULL)
80+);
81+
82+CREATE UNIQUE INDEX accesspolicygrant__policy__grantee__key
83+ ON AccessPolicyGrant(policy, grantee) WHERE policy IS NOT NULL;
84+CREATE UNIQUE INDEX accessartifactgrant__artifact__grantee__key
85+ ON AccessPolicyGrant(artifact, grantee) WHERE artifact IS NOT NULL;
86+CREATE INDEX accesspolicygrant__grantee__idx ON AccessPolicyGrant(grantee);
87+CREATE INDEX accesspolicygrant__grantor__idx ON AccessPolicyGrant(grantor);
88+
89+ALTER TABLE bug
90+ ADD COLUMN access_policy integer REFERENCES AccessPolicy;
91+CREATE INDEX bug__access_policy__idx ON bug(access_policy);
92+
93+ALTER TABLE branch
94+ ADD COLUMN access_policy integer REFERENCES AccessPolicy;
95+CREATE INDEX branch__access_policy__idx ON branch(access_policy);
96+
97+INSERT INTO LaunchpadDatabaseRevision VALUES (2208, 93, 1);

Subscribers

People subscribed via source and target branches

to status/vote changes: