From 545f221f4e4f734767d8b467d27a6ef67bd99720 Mon Sep 17 00:00:00 2001 From: jhh Date: Thu, 1 Sep 2022 09:17:54 -0500 Subject: Compatibility with mariadb 10.x and mysql 8.x Additional support for extra flags for example is secured mysql/mariadb server is desired when provisioning tables at initialization. Issue-ID: POLICY-4183 Issue-ID: POLICY-4340 Signed-off-by: jhh Change-Id: Id873b3692237cd867815f2928b56492c9261082e --- .../src/main/docker/policy-pdpx-pg.sh | 13 ++++ .../src/main/docker/policy-pdpx.sh | 14 ++++- .../main/resources/mysql/bin/create-guard-table.sh | 16 ++++- .../main/resources/mysql/sql/createguardtable.sql | 71 ++++++++++++++++------ .../postgres/bin/create-guard-table-pg.sh | 12 ++++ 5 files changed, 105 insertions(+), 21 deletions(-) (limited to 'packages') diff --git a/packages/policy-xacmlpdp-docker/src/main/docker/policy-pdpx-pg.sh b/packages/policy-xacmlpdp-docker/src/main/docker/policy-pdpx-pg.sh index 03faedff..838cfa5f 100644 --- a/packages/policy-xacmlpdp-docker/src/main/docker/policy-pdpx-pg.sh +++ b/packages/policy-xacmlpdp-docker/src/main/docker/policy-pdpx-pg.sh @@ -2,6 +2,7 @@ # # ============LICENSE_START======================================================= # Copyright (C) 2022 Nordix Foundation. +# Modifications Copyright (C) 2022 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,6 +20,8 @@ # ============LICENSE_END========================================================= # +set -x + KEYSTORE="${KEYSTORE:-$POLICY_HOME/etc/ssl/policy-keystore}" TRUSTSTORE="${TRUSTSTORE:-$POLICY_HOME/etc/ssl/policy-truststore}" KEYSTORE_PASSWD="${KEYSTORE_PASSWD:-Pol1cy_0nap}" @@ -54,6 +57,16 @@ if [ -f "${POLICY_HOME}/etc/mounted/logback.xml" ]; then cp -f "${POLICY_HOME}"/etc/mounted/logback.xml "${POLICY_HOME}"/etc/ fi +if [ -f "${POLICY_HOME}/etc/mounted/createguardtable-pg.sql" ]; then + echo "overriding createguardtable.sql" + cp -f "${POLICY_HOME}"/etc/mounted/createguardtable-pg.sql "${POLICY_HOME}"/postgress/sql/ +fi + +if [ -f "${POLICY_HOME}/etc/mounted/db-pg.sql" ]; then + echo "adding additional db-pg.sql" + cp -f "${POLICY_HOME}"/etc/mounted/db-pg.sql "${POLICY_HOME}"/postgress/sql/ +fi + # Create operationshistory table "${POLICY_HOME}"/postgres/bin/create-guard-table-pg.sh diff --git a/packages/policy-xacmlpdp-docker/src/main/docker/policy-pdpx.sh b/packages/policy-xacmlpdp-docker/src/main/docker/policy-pdpx.sh index ffe6c44a..0c7b98b4 100644 --- a/packages/policy-xacmlpdp-docker/src/main/docker/policy-pdpx.sh +++ b/packages/policy-xacmlpdp-docker/src/main/docker/policy-pdpx.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh # # ============LICENSE_START======================================================= -# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2022 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2019-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,6 +20,8 @@ # ============LICENSE_END========================================================= # +set -x + KEYSTORE="${KEYSTORE:-$POLICY_HOME/etc/ssl/policy-keystore}" TRUSTSTORE="${TRUSTSTORE:-$POLICY_HOME/etc/ssl/policy-truststore}" KEYSTORE_PASSWD="${KEYSTORE_PASSWD:-Pol1cy_0nap}" @@ -55,6 +57,16 @@ if [ -f "${POLICY_HOME}/etc/mounted/logback.xml" ]; then cp -f "${POLICY_HOME}"/etc/mounted/logback.xml "${POLICY_HOME}"/etc/ fi +if [ -f "${POLICY_HOME}/etc/mounted/createguardtable.sql" ]; then + echo "overriding createguardtable.sql" + cp -f "${POLICY_HOME}"/etc/mounted/createguardtable.sql "${POLICY_HOME}"/mysql/sql/ +fi + +if [ -f "${POLICY_HOME}/etc/mounted/db.sql" ]; then + echo "adding additional db.sql" + cp -f "${POLICY_HOME}"/etc/mounted/db.sql "${POLICY_HOME}"/mysql/sql/ +fi + # Create operationshistory table "${POLICY_HOME}"/mysql/bin/create-guard-table.sh diff --git a/packages/policy-xacmlpdp-tarball/src/main/resources/mysql/bin/create-guard-table.sh b/packages/policy-xacmlpdp-tarball/src/main/resources/mysql/bin/create-guard-table.sh index 09a5d409..85350c46 100644 --- a/packages/policy-xacmlpdp-tarball/src/main/resources/mysql/bin/create-guard-table.sh +++ b/packages/policy-xacmlpdp-tarball/src/main/resources/mysql/bin/create-guard-table.sh @@ -20,7 +20,11 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # + +set -x + SQL_FILE="${POLICY_HOME}/mysql/sql/createguardtable.sql" +SQL_ADDON_FILE="${POLICY_HOME}/mysql/sql/db.sql" # Remove escape backslashes if present and save output in temp file sed 's/\\//g' "${POLICY_HOME}"/apps/guard/xacml.properties > /tmp/temp.xacml.properties @@ -54,5 +58,15 @@ if [ -z "$DB_PASSWORD" ]; then exit 2 fi +if [ -z "$MYSQL_CMD" ]; then + MYSQL_CMD="mysql" +fi + # Execute sql command using sql file to create table -mysql -u${DB_USERNAME} -p${DB_PASSWORD} -h${DB_HOSTNAME} < "${SQL_FILE}" +${MYSQL_CMD} -u${DB_USERNAME} -p${DB_PASSWORD} -h${DB_HOSTNAME} < "${SQL_FILE}" + +# Execute additional SQL configuration if provided +if [ -f "${POLICY_HOME}/mysql/sql/db.sql" ]; then + echo "additional SQL to be loaded found" + ${MYSQL_CMD} -u${DB_USERNAME} -p${DB_PASSWORD} -h${DB_HOSTNAME} < "${SQL_ADDON_FILE}" +fi diff --git a/packages/policy-xacmlpdp-tarball/src/main/resources/mysql/sql/createguardtable.sql b/packages/policy-xacmlpdp-tarball/src/main/resources/mysql/sql/createguardtable.sql index aea02f70..34851a6f 100644 --- a/packages/policy-xacmlpdp-tarball/src/main/resources/mysql/sql/createguardtable.sql +++ b/packages/policy-xacmlpdp-tarball/src/main/resources/mysql/sql/createguardtable.sql @@ -1,5 +1,5 @@ -- ============LICENSE_START======================================================= --- Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +-- Copyright (C) 2019-2022 AT&T Intellectual Property. All rights reserved. -- ================================================================================ -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. @@ -14,25 +14,58 @@ -- limitations under the License. -- ============LICENSE_END========================================================= -use operationshistory; - -create table if not exists operationshistory ( - id int(11) not null auto_increment, - closedLoopName varchar(255) not null, - requestId varchar(50), - actor varchar(50) not null, - operation varchar(50) not null, - target varchar(50) not null, - starttime timestamp not null, - outcome varchar(50) not null, - message varchar(255), - subrequestId varchar(50), - endtime timestamp not null default current_timestamp, +USE operationshistory; + +CREATE TABLE IF NOT EXISTS operationshistory ( + id INT(11) NOT NULL AUTO_INCREMENT, + closedLoopName VARCHAR(255) NOT NULL, + requestId VARCHAR(50), + actor VARCHAR(50) NOT NULL, + operation VARCHAR(50) NOT NULL, + target VARCHAR(50) NOT NULL, + starttime timestamp NOT NULL, + outcome VARCHAR(50) NOT NULL, + message VARCHAR(255), + subrequestId VARCHAR(50), + endtime timestamp NULL DEFAULT current_timestamp, PRIMARY KEY (id) ); -create index if not exists operationshistory_clreqid_index on - operationshistory(requestId, closedLoopName); +DROP PROCEDURE IF EXISTS create_clreqid_index; + +\d $$ +CREATE PROCEDURE create_clreqid_index() +BEGIN + DECLARE index_count INT DEFAULT 1; + + SELECT count(index_name) INTO index_count FROM information_schema.statistics + WHERE table_schema=DATABASE() AND table_name='operationshistory' AND index_name='operationshistory_clreqid_index'; + + IF index_count = 0 THEN + CREATE INDEX operationshistory_clreqid_index ON operationshistory(requestId, closedLoopName); + END IF; +END +$$ + +\d ; + +CALL create_clreqid_index(); + +DROP PROCEDURE IF EXISTS create_target_index; + +\d $$ +CREATE PROCEDURE create_target_index() +BEGIN + DECLARE index_count INT DEFAULT 1; + + SELECT count(index_name) INTO index_count FROM information_schema.statistics + WHERE table_schema=DATABASE() AND table_name='operationshistory' AND index_name='operationshistory_target_index'; + + IF index_count = 0 THEN + CREATE INDEX operationshistory_target_index ON operationshistory(target, operation, actor, endtime); + END IF; +END +$$ -create index if not exists operationshistory_target_index on - operationshistory(target, operation, actor, endtime); +CALL create_target_index(); +\d ; diff --git a/packages/policy-xacmlpdp-tarball/src/main/resources/postgres/bin/create-guard-table-pg.sh b/packages/policy-xacmlpdp-tarball/src/main/resources/postgres/bin/create-guard-table-pg.sh index 1a71f8b4..bb2f2034 100644 --- a/packages/policy-xacmlpdp-tarball/src/main/resources/postgres/bin/create-guard-table-pg.sh +++ b/packages/policy-xacmlpdp-tarball/src/main/resources/postgres/bin/create-guard-table-pg.sh @@ -2,6 +2,7 @@ # # ============LICENSE_START======================================================= # Copyright (C) 2022 Nordix Foundation. All rights reserved. +# Modifications Copyright (C) 2022 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,11 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # + +set -x + SQL_FILE="${POLICY_HOME}/mysql/sql/createguardtable-pg.sql" +SQL_ADDON_FILE="${POLICY_HOME}/mysql/sql/db-pg.sql" # Remove escape backslashes if present and save output in temp file sed 's/\\//g' "${POLICY_HOME}"/apps/guard/xacml-pg.properties > /tmp/temp.xacml-pg.properties @@ -54,3 +59,10 @@ fi # Execute sql command using sql file to create table psql -U postgres -h ${DB_HOSTNAME} -f ${SQL_FILE} + +# Execute additional SQL configuration if provided +if [ -f "${POLICY_HOME}/mysql/sql/db-pg.sql" ]; then + echo "additional SQL to be loaded found" + psql -U postgres -h ${DB_HOSTNAME} -f ${SQL_ADDON_FILE} +fi + -- cgit 1.2.3-korg