From 8dd57da1460134461c8cdf75e5cf653b7a84027f Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Fri, 31 May 2013 15:46:01 +1000 Subject: [PATCH] Fix incorrect role assignment in migration. In the case where a user has existing roles on a project running the migration would assign those same roles to all the user's projects. Change-Id: Ibd99bb7cf6cb84b577eca57f903abf9d48e908c1 Fixes: bug 1186128 --- .../versions/020_migrate_metadata_table_roles.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/keystone/common/sql/migrate_repo/versions/020_migrate_metadata_table_roles.py b/keystone/common/sql/migrate_repo/versions/020_migrate_metadata_table_roles.py index 4d0f9dfcf2..e756e692fa 100644 --- a/keystone/common/sql/migrate_repo/versions/020_migrate_metadata_table_roles.py +++ b/keystone/common/sql/migrate_repo/versions/020_migrate_metadata_table_roles.py @@ -22,8 +22,6 @@ def upgrade(migrate_engine): meta, autoload=True) - conn = migrate_engine.connect() - old_metadata_table = sql.Table('metadata', meta, autoload=True) session = sql.orm.sessionmaker(bind=migrate_engine)() @@ -44,18 +42,18 @@ def upgrade(migrate_engine): new_roles = json.loads(r.data)['roles'] data['roles'] = list(set(old_roles) | set(new_roles)) q = new_metadata_table.update().where( - new_metadata_table.c.user_id == metadata.user_id and - new_metadata_table.c.project_id == metadata.tenant_id).values( - data=json.dumps(data)) + new_metadata_table.c.user_id == metadata.user_id).where( + new_metadata_table.c.project_id == + metadata.tenant_id).values(data=json.dumps(data)) else: q = new_metadata_table.insert().values( user_id=metadata.user_id, project_id=metadata.tenant_id, data=json.dumps(data)) - conn.execute(q) + session.execute(q) - session.close() + session.commit() old_metadata_table.drop()