forked from taskcluster/taskcluster
-
Notifications
You must be signed in to change notification settings - Fork 0
/
0025.yml
205 lines (196 loc) · 6.86 KB
/
0025.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
description: auth roles phase 2
version: 25
migrationScript: 0025-migration.sql
downgradeScript: 0025-downgrade.sql
methods:
roles_entities_load:
deprecated: true
description: See taskcluster-lib-entities
mode: read
serviceName: auth
args: partition_key text, row_key text
returns: table (partition_key_out text, row_key_out text, value jsonb, version integer, etag uuid)
body: |-
begin
-- if no roles, return canned "empty" value, as the below expression will return NULL
perform 1 from roles limit 1;
if not found then
return query
select
'role',
'role',
entity_buf_encode(
jsonb_build_object(
'PartitionKey', 'role',
'RowKey', 'role'),
'blob', '[]'),
1,
gen_random_uuid();
end if;
return query
select
'role',
'role',
entity_buf_encode(
jsonb_build_object(
'PartitionKey', 'role',
'RowKey', 'role'),
'blob', jsonb_agg(
jsonb_build_object(
'roleId', role_id,
'scopes', scopes,
'created', to_js_iso8601(created::text),
'description', description,
'lastModified', to_js_iso8601(last_modified::text))
)::text),
1,
-- use an aggregate function to select the etag (all rows have the same etag)
min(roles.etag::text)::uuid
from roles;
end
roles_entities_create:
deprecated: true
serviceName: auth
description: See taskcluster-lib-entities
mode: write
args: pk text, rk text, properties jsonb, overwrite boolean, version integer
returns: uuid
body: |-
declare
new_etag uuid = gen_random_uuid();
begin
-- lock the table, avoiding risk of conflicts when inserting after
-- finding no rows
lock table roles;
perform 1 from roles limit 1;
if found then
raise exception 'roles already exist' using errcode = '23505'; -- unique violation
end if;
insert into roles
select
(role ->> 'roleId') as role_id,
(role ->> 'scopes')::jsonb as scopes,
(role ->> 'created')::timestamptz as created,
(role ->> 'description') as description,
(role ->> 'lastModified')::timestamptz as last_modified,
new_etag as etag
from jsonb_array_elements(entity_buf_decode(properties, 'blob')::jsonb) as role;
return new_etag;
end
roles_entities_remove:
deprecated: true
serviceName: auth
description: See taskcluster-lib-entities
mode: write
args: partition_key text, row_key text
returns: table (etag uuid)
body: |-
begin
raise exception 'not implemented';
end
roles_entities_modify:
deprecated: true
serviceName: auth
description: See taskcluster-lib-entities
mode: write
args: partition_key text, row_key text, properties jsonb, version integer, old_etag uuid
returns: table (etag uuid)
body: |-
declare
new_etag uuid := public.gen_random_uuid();
begin
-- lock the table, avoiding risk of conflicts when inserting after
-- finding no rows
lock table roles;
delete from roles where roles.etag = old_etag;
if not found then
-- delete may have done nothing because the table is empty (which is
-- ok) or because the etag did not match (which is an unsuccessful
-- update)
perform role_id from roles limit 1;
if found then
raise exception 'unsuccessful update' using errcode = 'P0004';
end if;
-- ..otherwise continue to make the modification
end if;
insert into roles
select
(role ->> 'roleId') as role_id,
(role ->> 'scopes')::jsonb as scopes,
(role ->> 'created')::timestamptz as created,
(role ->> 'description') as description,
(role ->> 'lastModified')::timestamptz as last_modified,
new_etag as etag
from jsonb_array_elements(entity_buf_decode(properties, 'blob')::jsonb) as role;
return query select new_etag;
end
roles_entities_scan:
deprecated: true
description: See taskcluster-lib-entities
mode: read
serviceName: auth
args: pk text, rk text, condition text, size integer, page integer
returns: table (partition_key text, row_key text, value jsonb, version integer, etag uuid)
body: |-
begin
raise exception 'not implemented';
end;
get_roles:
description: |-
Get the full set of roles. Each result row has an etag, but all such
etags will be the same, representing the etag for the most recent
modification of the table. Results are sorted by role_id.
mode: read
serviceName: auth
args: ''
returns: table (role_id text, scopes jsonb, created timestamptz, description text, last_modified timestamptz, etag uuid)
body: |-
begin
return query
select
roles.role_id,
roles.scopes,
roles.created,
roles.description,
roles.last_modified,
roles.etag
from roles
order by role_id;
end
modify_roles:
description: |-
Replace the current set of roles entirely with the given set of roles, if the current etag matches the existing etag.
The role objects are specified with underscore spelling (`role_id`).
If the etag has changed, this returns P0004 signalling that the caller should fetch a fresh set of roles and try again.
If there are no existing roles, then the old etag is not used.
mode: write
serviceName: auth
args: roles_in jsonb, old_etag_in uuid
returns: void
body: |-
declare
new_etag uuid := public.gen_random_uuid();
begin
-- lock the table, avoiding risk of conflicts when inserting after
-- finding no rows
lock table roles;
delete from roles where etag = old_etag_in;
if not found then
-- delete may have done nothing because the table is empty (which is
-- ok) or because the etag did not match (which is an unsuccessful
-- update)
perform role_id from roles limit 1;
if found then
raise exception 'unsuccessful update' using errcode = 'P0004';
end if;
end if;
insert into roles
select
(role ->> 'role_id') as role_id,
(role ->> 'scopes')::jsonb as scopes,
(role ->> 'created')::timestamptz as created,
(role ->> 'description') as description,
(role ->> 'last_modified')::timestamptz as last_modified,
new_etag as etag
from jsonb_array_elements(roles_in) as role;
end