-
Notifications
You must be signed in to change notification settings - Fork 105
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
concord-server: allow tokens without users, remove user from default …
…agent token (#1054)
- Loading branch information
Showing
11 changed files
with
200 additions
and
72 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,24 +4,32 @@ | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.3.xsd"> | ||
|
|
||
| <!-- starting from 2.21.x, the default agent token is no longer associated with any user --> | ||
| <!-- | ||
| <property name="concordAgentUserId" value="d4f123c1-f8d4-40b2-8a12-b8947b9ce2d8"/> | ||
| --> | ||
|
|
||
| <!-- moved to v1.86.0.xml (no more hard-coded default token) --> | ||
| <!-- <changeSet id="69000" author="[email protected]"> | ||
| <insert tableName="USERS"> | ||
| <column name="USER_ID">${concordAgentUserId}</column> | ||
| <column name="USERNAME">concordAgent</column> | ||
| <column name="USER_TYPE">LOCAL</column> | ||
| </insert> | ||
| <!-- starting from 2.21.x, the default agent token is no longer associated with any user --> | ||
| <!-- | ||
| <changeSet id="69000" author="[email protected]"> | ||
| <insert tableName="USERS"> | ||
| <column name="USER_ID">${concordAgentUserId}</column> | ||
| <column name="USERNAME">concordAgent</column> | ||
| <column name="USER_TYPE">LOCAL</column> | ||
| </insert> | ||
| <insert tableName="API_KEYS"> | ||
| <!– "O+JMYwBsU797EKtlRQYu+Q" –> | ||
| <column name="API_KEY">1sw9eLZ41EOK4w/iV3jFnn6cqeAMeFtxfazqVY04koY</column> | ||
| <column name="USER_ID">${concordAgentUserId}</column> | ||
| </insert> | ||
| </changeSet> --> | ||
| <insert tableName="API_KEYS"> | ||
| <!– "O+JMYwBsU797EKtlRQYu+Q" –> | ||
| <column name="API_KEY">1sw9eLZ41EOK4w/iV3jFnn6cqeAMeFtxfazqVY04koY</column> | ||
| <column name="USER_ID">${concordAgentUserId}</column> | ||
| </insert> | ||
| </changeSet> | ||
| --> | ||
|
|
||
| <!-- starting from 2.21.x, the default agent token is no longer associated with any user --> | ||
| <!-- Create agent user when not exist --> | ||
| <!-- | ||
| <changeSet id="69001" author="[email protected]"> | ||
| <preConditions onFail="MARK_RAN"> | ||
| <sqlCheck expectedResult="0"> | ||
|
|
@@ -37,5 +45,5 @@ | |
| <column name="USER_TYPE">LOCAL</column> | ||
| </insert> | ||
| </changeSet> | ||
|
|
||
| --> | ||
| </databaseChangeLog> | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,21 +4,23 @@ | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.3.xsd"> | ||
|
|
||
| <!-- <property name="concordRunnerUserId" value="2599c604-1384-4660-a767-8bc03baa7a31"/> | ||
| <!-- | ||
| <property name="concordRunnerUserId" value="2599c604-1384-4660-a767-8bc03baa7a31"/> | ||
| <changeSet id="70000" author="[email protected]"> | ||
| <insert tableName="USERS"> | ||
| <column name="USER_ID">${concordRunnerUserId}</column> | ||
| <column name="USERNAME">concordRunner</column> | ||
| <column name="USER_TYPE">LOCAL</column> | ||
| </insert> | ||
| <changeSet id="70000" author="[email protected]"> | ||
| <insert tableName="USERS"> | ||
| <column name="USER_ID">${concordRunnerUserId}</column> | ||
| <column name="USERNAME">concordRunner</column> | ||
| <column name="USER_TYPE">LOCAL</column> | ||
| </insert> | ||
| <insert tableName="API_KEYS"> | ||
| <!– "Gz0q/DeGlH8Zs7QJMj1v8g" –> | ||
| <column name="API_KEY">DrRt3j6G7b6GHY/Prddu4voyKyZa17iFkEj99ac0q/A</column> | ||
| <column name="USER_ID">${concordRunnerUserId}</column> | ||
| </insert> | ||
| </changeSet> --> | ||
| <insert tableName="API_KEYS"> | ||
| <!– "Gz0q/DeGlH8Zs7QJMj1v8g" –> | ||
| <column name="API_KEY">DrRt3j6G7b6GHY/Prddu4voyKyZa17iFkEj99ac0q/A</column> | ||
| <column name="USER_ID">${concordRunnerUserId}</column> | ||
| </insert> | ||
| </changeSet> | ||
| --> | ||
|
|
||
| <changeSet id="70100" author="[email protected]"> | ||
| <addColumn tableName="PROCESS_QUEUE"> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,12 +4,15 @@ | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.3.xsd"> | ||
|
|
||
| <!-- starting from 2.21.x, the default agent token is no longer associated with any user --> | ||
| <!-- | ||
| <changeSet id="79000" author="[email protected]"> | ||
| <insert tableName="USER_ROLES"> | ||
| <column name="ROLE_ID">${concordSystemReaderRoleId}</column> | ||
| <column name="USER_ID">${concordAgentUserId}</column> | ||
| </insert> | ||
| </changeSet> | ||
| --> | ||
|
|
||
| <changeSet id="79100" author="[email protected]"> | ||
| <addColumn tableName="API_KEYS"> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,16 +7,20 @@ | |
| <property name="concordSystemWriterRoleId" value="c162d868-89ea-11e8-80be-97fd8a9f7419"/> | ||
|
|
||
| <changeSet id="80000" author="[email protected]"> | ||
| <validCheckSum>ANY</validCheckSum> | ||
| <insert tableName="ROLES"> | ||
| <column name="ROLE_ID">${concordSystemWriterRoleId}</column> | ||
| <column name="ROLE_NAME">concordSystemWriter</column> | ||
| <column name="GLOBAL_WRITER">true</column> | ||
| </insert> | ||
|
|
||
| <!-- starting from 2.21.x, the default agent token is no longer associated with any user --> | ||
| <!-- | ||
| <insert tableName="USER_ROLES"> | ||
| <column name="ROLE_ID">${concordSystemWriterRoleId}</column> | ||
| <column name="USER_ID">${concordAgentUserId}</column> | ||
| </insert> | ||
| --> | ||
| </changeSet> | ||
|
|
||
| <!-- removed in 1.9.0+ | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,8 +4,9 @@ | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.3.xsd"> | ||
|
|
||
| <!-- moved to v1.86.0.xml --> | ||
| <!-- <changeSet id="1450000" author="[email protected]" runInTransaction="false" context="!codegen"> | ||
| <!-- moved to v1.86.0.xml --> | ||
| <!-- | ||
| <changeSet id="1450000" author="[email protected]" runInTransaction="false" context="!codegen"> | ||
| <sql> | ||
| delete from API_KEYS where KEY_ID = 'd5165ca8-e8de-11e6-9bf5-136b5db23c32' | ||
| </sql> | ||
|
|
@@ -17,5 +18,6 @@ | |
| <!– value from concord-server.conf –> | ||
| <param name="token" value="${defaultAdminToken}"/> | ||
| </customChange> | ||
| </changeSet> --> | ||
| </changeSet> | ||
| --> | ||
| </databaseChangeLog> | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,7 +5,10 @@ | |
| xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.3.xsd"> | ||
|
|
||
| <property name="concordAdminUserId" value="230c5c9c-d9a7-11e6-bcfd-bb681c07b26c"/> | ||
| <!-- starting from 2.21.x, the default agent token is no longer associated with any user --> | ||
| <!-- | ||
| <property name="concordAgentUserId" value="d4f123c1-f8d4-40b2-8a12-b8947b9ce2d8"/> | ||
| --> | ||
| <property name="concordRunnerUserId" value="2599c604-1384-4660-a767-8bc03baa7a31"/> | ||
|
|
||
| <!-- delete old hard-coded default admin API token --> | ||
|
|
@@ -38,15 +41,20 @@ | |
| </changeSet> | ||
|
|
||
| <!-- delete old hard-coded default agent API token --> | ||
| <!-- starting from 2.21.x, the default agent token is no longer associated with any user --> | ||
| <!-- | ||
| <changeSet id="1860200" author="[email protected]" runInTransaction="false" context="!codegen"> | ||
| <sql> | ||
| delete from API_KEYS | ||
| where USER_ID = '${concordAgentUserId}' | ||
| and API_KEY = '1sw9eLZ41EOK4w/iV3jFnn6cqeAMeFtxfazqVY04koY' | ||
| </sql> | ||
| </changeSet> | ||
| --> | ||
|
|
||
| <!-- Set initial agent API token when not exist --> | ||
| <!-- starting from 2.21.x, the default agent token is no longer associated with any user --> | ||
| <!-- | ||
| <changeSet id="1860300" author="[email protected]" runInTransaction="false" context="!codegen"> | ||
| <validCheckSum>ANY</validCheckSum> | ||
|
|
@@ -60,14 +68,13 @@ | |
| </preConditions> | ||
| <customChange class="com.walmartlabs.concord.server.liquibase.ext.ApiTokenCreator"> | ||
| <!-- default agent user id from v0.69.0.xml --> | ||
| <param name="userId" value="${concordAgentUserId}"/> | ||
| <param name="username" value="concordAgent"/> | ||
| <!-- values from concord-server.conf --> | ||
| <param name="token" value="${defaultAgentToken}"/> | ||
| <param name="skip" value="${skipAgentTokenGeneration}"/> | ||
| </customChange> | ||
| </changeSet> | ||
| --> | ||
|
|
||
| <!-- Delete runner API tokens and user when exist --> | ||
| <changeSet id="1860400" author="[email protected]" runInTransaction="false" context="!codegen"> | ||
|
|
||
47 changes: 47 additions & 0 deletions
47
server/db/src/main/resources/com/walmartlabs/concord/server/db/v2.21.0.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <databaseChangeLog | ||
| xmlns="http://www.liquibase.org/xml/ns/dbchangelog" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.3.xsd"> | ||
|
|
||
| <changeSet id="2210000" author="[email protected]"> | ||
| <dropNotNullConstraint tableName="API_KEYS" columnName="USER_ID"/> | ||
| </changeSet> | ||
|
|
||
| <changeSet id="2210010" author="[email protected]"> | ||
| <dropIndex tableName="API_KEYS " indexName="IDX_API_KEYS_NAME_USER"/> | ||
|
|
||
| <sql> | ||
| create unique index IDX_API_KEYS_NAME_USER_NULL on API_KEYS (KEY_NAME) where USER_ID is null | ||
| </sql> | ||
| <sql> | ||
| create unique index IDX_API_KEYS_NAME_USER_NOT_NULL on API_KEYS (KEY_NAME, USER_ID) where USER_ID is not null | ||
| </sql> | ||
| </changeSet> | ||
|
|
||
| <changeSet id="2210020" author="[email protected]" runInTransaction="false" context="!codegen"> | ||
| <validCheckSum>ANY</validCheckSum> | ||
|
|
||
| <preConditions onFail="MARK_RAN"> | ||
| <sqlCheck expectedResult="0"> | ||
| select count(key_id) | ||
| from API_KEYS | ||
| where KEY_NAME = 'concordAgentKey_autogenerated'; | ||
| </sqlCheck> | ||
| <!-- concordAgentUserId='d4f123c1-f8d4-40b2-8a12-b8947b9ce2d8' --> | ||
| <sqlCheck expectedResult="0"> | ||
| select count(key_id) | ||
| from API_KEYS | ||
| where USER_ID = 'd4f123c1-f8d4-40b2-8a12-b8947b9ce2d8'; | ||
| </sqlCheck> | ||
| </preConditions> | ||
|
|
||
| <customChange class="com.walmartlabs.concord.server.liquibase.ext.ApiTokenCreator"> | ||
| <param name="keyName" value="concordAgentKey_autogenerated"/> | ||
| <!-- values from concord-server.conf --> | ||
| <param name="token" value="${defaultAgentToken}"/> | ||
| <param name="skip" value="${skipAgentTokenGeneration}"/> | ||
| </customChange> | ||
| </changeSet> | ||
|
|
||
| </databaseChangeLog> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.