← Back to branch summary

~launchpad-pqm/launchpad/devel

« back to all changes in this revision

Viewing changes to database/schema/security.py

  • Committer: Launchpad Patch Queue Manager
  • Date: 2011-07-26 08:43:37 UTC
  • mfrom: (13465.2.21 staging)
  • Revision ID: launchpad@pqm.canonical.com-20110726084337-l7d35ntknx8rnjko
[r=benji][bug=798120,809123] fastdowntime deployment improvements

Show diffs side-by-side

added added

removed removed

Lines of Context:
database/schema/security.py
63
63
 
64
64
 
65
65
class DbSchema(dict):
66
 
    groups = None # List of groups defined in the db
67
 
    users = None # List of users defined in the db
 
66
    groups = None  # List of groups defined in the db
 
67
    users = None  # List of users defined in the db
68
68
 
69
69
    def __init__(self, con):
70
70
        super(DbSchema, self).__init__()
159
159
    config.read([configfile_name])
160
160
 
161
161
    con = connect(options.dbuser)
162
 
    cur = CursorWrapper(con.cursor())
163
162
 
164
163
    if options.cluster:
165
164
        nodes = replication.helpers.get_nodes(con, 1)
172
171
                    node.nickname, node.connection_string))
173
172
                reset_permissions(
174
173
                    psycopg2.connect(node.connection_string), config, options)
175
 
            return
 
174
            return 0
176
175
        log.warning("--cluster requested, but not a Slony-I cluster.")
177
176
    log.info("Resetting permissions on single database")
178
177
    reset_permissions(con, config, options)
 
178
    return 0
179
179
 
180
180
 
181
181
def list_identifiers(identifiers):
387
387
        else:
388
388
            log.debug("%s not in any roles", user)
389
389
 
390
 
    # Change ownership of all objects to OWNER
391
 
    for obj in schema.values():
392
 
        if obj.type in ("function", "sequence"):
393
 
            pass # Can't change ownership of functions or sequences
394
 
        else:
395
 
            if obj.owner != options.owner:
396
 
                log.info("Resetting ownership of %s", obj.fullname)
397
 
                cur.execute("ALTER TABLE %s OWNER TO %s" % (
398
 
                    obj.fullname, quote_identifier(options.owner)))
399
 
 
400
390
    if options.revoke:
 
391
        # Change ownership of all objects to OWNER.
 
392
        # We skip this in --no-revoke mode as ownership changes may
 
393
        # block on a live system.
 
394
        for obj in schema.values():
 
395
            if obj.type in ("function", "sequence"):
 
396
                pass  # Can't change ownership of functions or sequences
 
397
            else:
 
398
                if obj.owner != options.owner:
 
399
                    log.info("Resetting ownership of %s", obj.fullname)
 
400
                    cur.execute("ALTER TABLE %s OWNER TO %s" % (
 
401
                        obj.fullname, quote_identifier(options.owner)))
 
402
 
401
403
        # Revoke all privs from known groups. Don't revoke anything for
402
404
        # users or groups not defined in our security.cfg.
403
405
        table_revocations = PermissionGatherer("TABLE")
429
431
        function_revocations.revoke(cur)
430
432
        sequence_revocations.revoke(cur)
431
433
    else:
 
434
        log.info("Not resetting ownership of database objects")
432
435
        log.info("Not revoking permissions on database objects")
433
436
 
434
437
    # Set of all tables we have granted permissions on. After we have assigned