github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-07 03:19:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
fe9118e074
drone/internal/store/database/token.go
Johannes Batzill 3ba0f75c8d Introduce UIDs for Space / Repo / Tokens, Add Custom Harness Validation, ... (#57) 
This change adds the following:
- Space UID + Custom harness validation (accountId for top level space, harness identifier for child spaces)
- Repo UID + Custom harness validation (harness identifier)
- Store Unique casing of space / repo path and add Path.ValueUnique (with Unique index) to allow for application layer controlling the case sensitivity (case insensitive standalone vs partially case sensitive harness)
- Token UID (unique index over ownertype + ownerID + tokenUID)
- Add DisplayName for principals (replaces Name to avoid confustion)
- Store Unique casing of principal UID and add Principal.ValueUnique (with unique index) to allow for application layer, per principal type control of case sensitivity (required in embedded mode)
- Generate serviceAccount UID (+Email) Randomly (sa-{space|repo}-{ID}-{random}) - Allows to have a unique UID across all principals while reducing likelyhood of overlaps with users + avoid overlap across spaces / repos.
- Sync casing of space names (accountId orgId projectId) when creating spaces on the fly (to ensure case sensitivity of - harness code) or use the existing space to update casing.
- Update serviceaccount client to match updated NG Manager API
- in embedded mode create spaces for harness resources owning the service account
2022-11-06 23:14:47 -08:00

165 lines
4.2 KiB
Go
Raw Blame History

// Copyright 2022 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package database
import (
"context"
"github.com/harness/gitness/internal/store"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
"github.com/jmoiron/sqlx"
)
var _ store.TokenStore = (*TokenStore)(nil)
// NewTokenStore returns a new TokenStore.
func NewTokenStore(db *sqlx.DB) *TokenStore {
return &TokenStore{db}
}
// TokenStore implements a TokenStore backed by a relational database.
type TokenStore struct {
db *sqlx.DB
}
// Find finds the token by id.
func (s *TokenStore) Find(ctx context.Context, id int64) (*types.Token, error) {
dst := new(types.Token)
if err := s.db.GetContext(ctx, dst, TokenSelectByID, id); err != nil {
return nil, processSQLErrorf(err, "Select query failed")
}
return dst, nil
}
// Find finds the token by principalId and tokenUID.
func (s *TokenStore) FindByUID(ctx context.Context, principalID int64, tokenUID string) (*types.Token, error) {
dst := new(types.Token)
if err := s.db.GetContext(ctx, dst, TokenSelectByPrincipalIDAndUID, principalID, tokenUID); err != nil {
return nil, processSQLErrorf(err, "Select query failed")
}
return dst, nil
}
// Create saves the token details.
func (s *TokenStore) Create(ctx context.Context, token *types.Token) error {
query, arg, err := s.db.BindNamed(tokenInsert, token)
if err != nil {
return processSQLErrorf(err, "Failed to bind token object")
}
if err = s.db.QueryRowContext(ctx, query, arg...).Scan(&token.ID); err != nil {
return processSQLErrorf(err, "Insert query failed")
}
return nil
}
// Delete deletes the token with the given id.
func (s *TokenStore) Delete(ctx context.Context, id int64) error {
if _, err := s.db.ExecContext(ctx, tokenDelete, id); err != nil {
return processSQLErrorf(err, "The delete query failed")
}
return nil
}
// DeleteForPrincipal deletes all tokens for a specific principal.
func (s *TokenStore) DeleteForPrincipal(ctx context.Context, principalID int64) error {
if _, err := s.db.ExecContext(ctx, tokenDeleteForPrincipal, principalID); err != nil {
return processSQLErrorf(err, "The delete query failed")
}
return nil
}
// Count returns a count of tokens of a specifc type for a specific principal.
func (s *TokenStore) Count(ctx context.Context,
principalID int64, tokenType enum.TokenType) (int64, error) {
var count int64
err := s.db.QueryRowContext(ctx, tokenCountForPrincipalIDOfType, principalID, tokenType).Scan(&count)
if err != nil {
return 0, processSQLErrorf(err, "Failed executing count query")
}
return count, nil
}
// List returns a list of tokens of a specific type for a specific principal.
func (s *TokenStore) List(ctx context.Context,
principalID int64, tokenType enum.TokenType) ([]*types.Token, error) {
dst := []*types.Token{}
// TODO: custom filters / sorting for tokens.
err := s.db.SelectContext(ctx, &dst, tokenSelectForPrincipalIDOfType, principalID, tokenType)
if err != nil {
return nil, processSQLErrorf(err, "Failed executing token list query")
}
return dst, nil
}
const tokenSelectBase = `
SELECT
token_id
,token_type
,token_uid
,token_principalId
,token_expiresAt
,token_grants
,token_issuedAt
,token_createdBy
FROM tokens
` //#nosec G101
const tokenSelectForPrincipalIDOfType = tokenSelectBase + `
WHERE token_principalId = $1 AND token_type = $2
ORDER BY token_issuedAt DESC
` //#nosec G101
const tokenCountForPrincipalIDOfType = `
SELECT count(*)
FROM tokens
WHERE token_principalId = $1 AND token_type = $2
` //#nosec G101
const TokenSelectByID = tokenSelectBase + `
WHERE token_id = $1
`
const TokenSelectByPrincipalIDAndUID = tokenSelectBase + `
WHERE token_principalId = $1 AND token_uid = $2
`
const tokenDelete = `
DELETE FROM tokens
WHERE token_id = $1
`
const tokenDeleteForPrincipal = `
DELETE FROM tokens
WHERE token_principalId = $1
`
const tokenInsert = `
INSERT INTO tokens (
token_type
,token_uid
,token_principalId
,token_expiresAt
,token_grants
,token_issuedAt
,token_createdBy
) values (
:token_type
,:token_uid
,:token_principalId
,:token_expiresAt
,:token_grants
,:token_issuedAt
,:token_createdBy
) RETURNING token_id
`
Reference in New Issue View Git Blame Copy Permalink