All Downloads are FREE. Search and download functionalities are using the official Maven repository.

liquibase.changelogs.cockpit.schema-add-environment-permissions.yml Maven / Gradle / Ivy

databaseChangeLog:
  - property:
      name: uuid_function
      value: NEWID()
      dbms: mssql
  - property:
      name: uuid_function
      value: uuid()
      dbms: mariadb, mysql
  - property:
      name: uuid_function
      value: md5(random()::text || clock_timestamp()::text)::uuid
      dbms: postgresql
  - property:
      name: now_function
      value: NOW()
      dbms: postgresql, mariadb, mysql
  - property:
      name: now_function
      value: GETDATE()
      dbms: mssql
  - property:
      name: false_value
      value: false
      dbms: postgresql, mariadb, mysql
  - property:
      name: false_value
      value: 0
      dbms: mssql
  - property:
      name: true_value
      value: true
      dbms: postgresql, mariadb, mysql
  - property:
      name: true_value
      value: 1
      dbms: mssql
  - property:
      name: system_field
      value: system
      dbms: postgresql, mssql
  - property:
      name: system_field
      value: "`system`"
      dbms: mariadb, mysql
  - changeSet:
      id: cockpit-schema-add-environment-permissions
      author: GraviteeSource Team
      preConditions:
        - onFail: MARK_RAN
          sqlCheck:
            # As Cockpit feature will be propably back ported on v3.5.x, we assume that if the 'ENVIRONMENT_OWNER' role already exists it means
            # that we come from v3.5.x with Cockpit feature and we don't have to run this script.
            expectedResult: 0
            sql: SELECT COUNT(*) FROM roles WHERE name = 'ENVIRONMENT_OWNER' AND reference_type = 'ORGANIZATION' AND reference_id = 'DEFAULT'
      changes:
        - sql:
            sql: "INSERT INTO roles (id, name, description, reference_type, reference_id, assignable_type, ${system_field}, default_role, permission_acls, created_at, updated_at) SELECT ${uuid_function} as id, 'ENVIRONMENT_OWNER', null, 'ORGANIZATION', 'DEFAULT', 'ENVIRONMENT', ${false_value}, ${true_value}, '{\"DOMAIN\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_UMA\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_FLOW\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_FORM\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_ROLE\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_SCIM\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_USER\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"ENVIRONMENT\": [\"READ\"], \"DOMAIN_AUDIT\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_GROUP\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_SCOPE\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_FACTOR\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_MEMBER\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_OPENID\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_REPORTER\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_SETTINGS\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_FORM\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_ANALYTICS\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_UMA_SCOPE\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_FACTOR\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_MEMBER\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_OPENID\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_CERTIFICATE\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_RESOURCE\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_SETTINGS\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_ANALYTICS\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_EMAIL_TEMPLATE\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_EXTENSION_GRANT\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_EXTENSION_POINT\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_CERTIFICATE\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"DOMAIN_IDENTITY_PROVIDER\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_EMAIL_TEMPLATE\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"], \"APPLICATION_IDENTITY_PROVIDER\": [\"LIST\", \"CREATE\", \"READ\", \"UPDATE\", \"DELETE\"]}', ${now_function}, ${now_function};"
        - sql:
            sql: "INSERT INTO roles (id, name, description, reference_type, reference_id, assignable_type, ${system_field}, default_role, permission_acls, created_at, updated_at) SELECT ${uuid_function} as id, 'ENVIRONMENT_USER', null, 'ORGANIZATION', 'DEFAULT', 'ENVIRONMENT', ${false_value}, ${true_value}, '{\"DOMAIN\": [\"LIST\"], \"ENVIRONMENT\": [\"READ\"]}', ${now_function}, ${now_function};"
        - sql:
            sql: "UPDATE roles SET permission_acls = '{\"DOMAIN\": [\"LIST\"], \"ORGANIZATION\": [\"READ\"], \"ORGANIZATION_TAG\": [\"LIST\"], \"ORGANIZATION_ROLE\": [\"LIST\"], \"ORGANIZATION_GROUP\": [\"LIST\"], \"ENVIRONMENT\": [\"LIST\"]}', updated_at = ${now_function} WHERE name = 'ORGANIZATION_USER' AND reference_type = 'ORGANIZATION' AND reference_id = 'DEFAULT';"
        - sql:
            sql: "INSERT INTO memberships(id, member_id, member_type, reference_id, reference_type, role_id, created_at, updated_at) SELECT ${uuid_function} as id, u.id, 'USER', 'DEFAULT', 'ENVIRONMENT', r.id, ${now_function}, ${now_function} FROM users as u, roles as r WHERE u.reference_type = 'ORGANIZATION' AND r.name = 'ENVIRONMENT_USER';"




© 2015 - 2025 Weber Informatics LLC | Privacy Policy