From 2e7e28ea7dc1fc3c17050ee65a38ad78863623a8 Mon Sep 17 00:00:00 2001 From: Zach Hoffman Date: Mon, 14 Aug 2023 10:29:30 -0600 Subject: [PATCH] Add SECURE-SERVER:READ capability to operations role (#7712) --- ...tions_role_add_secure_server_read.down.sql | 25 +++++++++++++++++++ ...rations_role_add_secure_server_read.up.sql | 23 +++++++++++++++++ traffic_ops/app/db/seeds.sql | 1 + 3 files changed, 49 insertions(+) create mode 100644 traffic_ops/app/db/migrations/2023081112520836_operations_role_add_secure_server_read.down.sql create mode 100644 traffic_ops/app/db/migrations/2023081112520836_operations_role_add_secure_server_read.up.sql diff --git a/traffic_ops/app/db/migrations/2023081112520836_operations_role_add_secure_server_read.down.sql b/traffic_ops/app/db/migrations/2023081112520836_operations_role_add_secure_server_read.down.sql new file mode 100644 index 0000000000..39f124b8f8 --- /dev/null +++ b/traffic_ops/app/db/migrations/2023081112520836_operations_role_add_secure_server_read.down.sql @@ -0,0 +1,25 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +WITH role_id_query AS ( + SELECT id FROM public.role WHERE name = 'operations' +) +DELETE FROM public.role_capability +WHERE role_id IN ( + SELECT id FROM role_id_query +) + AND cap_name = 'SECURE-SERVER:READ'; diff --git a/traffic_ops/app/db/migrations/2023081112520836_operations_role_add_secure_server_read.up.sql b/traffic_ops/app/db/migrations/2023081112520836_operations_role_add_secure_server_read.up.sql new file mode 100644 index 0000000000..1a817c7ded --- /dev/null +++ b/traffic_ops/app/db/migrations/2023081112520836_operations_role_add_secure_server_read.up.sql @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +WITH role_id_query AS ( + SELECT id FROM public.role WHERE name = 'operations' +) +INSERT INTO public.role_capability ("role_id", cap_name) +SELECT id, 'SECURE-SERVER:READ' +FROM role_id_query; diff --git a/traffic_ops/app/db/seeds.sql b/traffic_ops/app/db/seeds.sql index ebc04e1f26..4b29587810 100644 --- a/traffic_ops/app/db/seeds.sql +++ b/traffic_ops/app/db/seeds.sql @@ -229,6 +229,7 @@ CROSS JOIN ( VALUES ('REGION:CREATE'), ('REGION:DELETE'), ('REGION:UPDATE'), + ('SECURE-SERVER:READ'), ('SERVER-CAPABILITY:CREATE'), ('SERVER-CAPABILITY:DELETE'), ('SERVER-CAPABILITY:UPDATE'),