OpenStack Study: 033_migrate_ec2credentials_table_credentials.py

**** CubicPower OpenStack Study ****

def upgrade(migrate_engine):

    meta = sql.MetaData()

    meta.bind = migrate_engine

    credential_table = sql.Table('credential',

                                 meta,

                                 autoload=True)

    ec2_cred_table = sql.Table('ec2_credential',

                               meta,

                               autoload=True)

    session = sql.orm.sessionmaker(bind=migrate_engine)()

    insert = credential_table.insert()

    for ec2credential in session.query(ec2_cred_table):

        cred_exist = check_credential_exists(ec2credential,

                                             credential_table, session)

        if not cred_exist:

            credential = utils.convert_ec2_to_v3_credential(ec2credential)

            insert.execute(credential)

    session.commit()

    session.close()

    ec2_cred_table.drop()

**** CubicPower OpenStack Study ****

def check_credential_exists(ec2credential, credential_table, session):

    credential = session.query(credential_table).filter_by(

        id=utils.hash_access_key(ec2credential.access)).first()

    if credential is None:

        return False

    blob = utils.get_blob_from_credential(credential)

    # check if credential with same access key but different

    # secret key already exists in credential table.

    # If exists raise an exception

    if blob['secret'] != ec2credential.secret:

        msg = _('Credential %(access)s already exists with different secret'

                ' in %(table)s table')

        message = msg % {'access': ec2credential.access,

                         'table': credential_table.name}

        raise exception.Conflict(type='credential', details=message)

    # check if credential with same access and secret key but

    # associated with a different project exists. If exists raise

    # an exception

    elif credential.project_id is not None and (

            credential.project_id != ec2credential.tenant_id):

        msg = _('Credential %(access)s already exists with different project'

                ' in %(table)s table')

        message = msg % {'access': ec2credential.access,

                         'table': credential_table.name}

        raise exception.Conflict(type='credential', details=message)

    # if credential with same access and secret key and not associated

    # with any projects already exists in the credential table, then

    # return true.

    else:

        return True

**** CubicPower OpenStack Study ****

def downgrade(migrate_engine):

    meta = sql.MetaData()

    meta.bind = migrate_engine

    session = sql.orm.sessionmaker(bind=migrate_engine)()

    ec2_credential_table = sql.Table(

        'ec2_credential',

        meta,

        sql.Column('access', sql.String(64), primary_key=True),

        sql.Column('secret', sql.String(64)),

        sql.Column('user_id', sql.String(64)),

        sql.Column('tenant_id', sql.String(64)),

        mysql_engine='InnoDB',

        mysql_charset='utf8')

    ec2_credential_table.create(migrate_engine, checkfirst=True)

    credential_table = sql.Table('credential',

                                 meta,

                                 autoload=True)

    insert = ec2_credential_table.insert()

    for credential in session.query(credential_table).filter(

            sql.and_(credential_table.c.type == 'ec2',

                     credential_table.c.project_id is not None)).all():

        ec2_credential = utils.convert_v3_to_ec2_credential(credential)

        insert.execute(ec2_credential)

    session.commit()

    session.close()