summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--cmd/tfstated/lock.go49
-rw-r--r--cmd/tfstated/post.go11
-rw-r--r--cmd/tfstated/routes.go2
-rw-r--r--cmd/tfstated/unlock.go38
-rw-r--r--pkg/database/locks.go50
-rw-r--r--pkg/database/sql/000_init.sql3
-rw-r--r--pkg/database/states.go34
7 files changed, 174 insertions, 13 deletions
diff --git a/cmd/tfstated/lock.go b/cmd/tfstated/lock.go
new file mode 100644
index 0000000..e34c5b5
--- /dev/null
+++ b/cmd/tfstated/lock.go
@@ -0,0 +1,49 @@
+package main
+
+import (
+ "database/sql"
+ "errors"
+ "fmt"
+ "net/http"
+ "time"
+
+ "git.adyxax.org/adyxax/tfstated/pkg/database"
+)
+
+type lockRequest struct {
+ Created time.Time `json:"Created"`
+ ID string `json:"ID"`
+ Info string `json:"Info"`
+ Operation string `json:"Operation"`
+ Path string `json:"Path"`
+ Version string `json:"Version"`
+ Who string `json:"Who"`
+}
+
+func handleLock(db *database.DB) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/" {
+ _ = encode(w, http.StatusBadRequest,
+ fmt.Errorf("no state path provided, cannot LOCK /"))
+ return
+ }
+
+ var lock lockRequest
+ if err := decode(r, &lock); err != nil {
+ _ = encode(w, http.StatusBadRequest, err)
+ return
+ }
+ if success, err := db.SetLockOrGetExistingLock(r.URL.Path, &lock); err != nil {
+ if errors.Is(err, sql.ErrNoRows) {
+ _ = encode(w, http.StatusNotFound,
+ fmt.Errorf("state path not found: %s", r.URL.Path))
+ } else {
+ _ = errorResponse(w, http.StatusInternalServerError, err)
+ }
+ } else if success {
+ w.WriteHeader(http.StatusOK)
+ } else {
+ _ = encode(w, http.StatusConflict, lock)
+ }
+ })
+}
diff --git a/cmd/tfstated/post.go b/cmd/tfstated/post.go
index b88109e..1d570b3 100644
--- a/cmd/tfstated/post.go
+++ b/cmd/tfstated/post.go
@@ -16,13 +16,20 @@ func handlePost(db *database.DB) http.Handler {
)
return
}
+
+ id := r.URL.Query().Get("ID")
+
data, err := io.ReadAll(r.Body)
if err != nil {
_ = errorResponse(w, http.StatusBadRequest, err)
return
}
- if err := db.SetState(r.URL.Path, data); err != nil {
- _ = errorResponse(w, http.StatusInternalServerError, err)
+ if idMismatch, err := db.SetState(r.URL.Path, data, id); err != nil {
+ if idMismatch {
+ _ = errorResponse(w, http.StatusConflict, err)
+ } else {
+ _ = errorResponse(w, http.StatusInternalServerError, err)
+ }
} else {
w.WriteHeader(http.StatusOK)
}
diff --git a/cmd/tfstated/routes.go b/cmd/tfstated/routes.go
index da46078..e2700d2 100644
--- a/cmd/tfstated/routes.go
+++ b/cmd/tfstated/routes.go
@@ -14,5 +14,7 @@ func addRoutes(
mux.Handle("DELETE /", handleDelete(db))
mux.Handle("GET /", handleGet(db))
+ mux.Handle("LOCK /", handleLock(db))
mux.Handle("POST /", handlePost(db))
+ mux.Handle("UNLOCK /", handleUnlock(db))
}
diff --git a/cmd/tfstated/unlock.go b/cmd/tfstated/unlock.go
new file mode 100644
index 0000000..af5ad57
--- /dev/null
+++ b/cmd/tfstated/unlock.go
@@ -0,0 +1,38 @@
+package main
+
+import (
+ "database/sql"
+ "errors"
+ "fmt"
+ "net/http"
+
+ "git.adyxax.org/adyxax/tfstated/pkg/database"
+)
+
+func handleUnlock(db *database.DB) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ if r.URL.Path == "/" {
+ _ = encode(w, http.StatusBadRequest,
+ fmt.Errorf("no state path provided, cannot LOCK /"))
+ return
+ }
+
+ var lock lockRequest
+ if err := decode(r, &lock); err != nil {
+ _ = encode(w, http.StatusBadRequest, err)
+ return
+ }
+ if success, err := db.Unlock(r.URL.Path, &lock); err != nil {
+ if errors.Is(err, sql.ErrNoRows) {
+ _ = encode(w, http.StatusNotFound,
+ fmt.Errorf("state path not found: %s", r.URL.Path))
+ } else {
+ _ = errorResponse(w, http.StatusInternalServerError, err)
+ }
+ } else if success {
+ w.WriteHeader(http.StatusOK)
+ } else {
+ _ = encode(w, http.StatusConflict, lock)
+ }
+ })
+}
diff --git a/pkg/database/locks.go b/pkg/database/locks.go
new file mode 100644
index 0000000..53c6f6e
--- /dev/null
+++ b/pkg/database/locks.go
@@ -0,0 +1,50 @@
+package database
+
+import (
+ "encoding/json"
+)
+
+// Atomically check if there is an existing lock in place on the state. Returns
+// true if it can be set, otherwise returns false and lock is set to the value
+// of the existing lock
+func (db *DB) SetLockOrGetExistingLock(name string, lock any) (bool, error) {
+ tx, err := db.Begin()
+ if err != nil {
+ return false, err
+ }
+ defer func() {
+ if err != nil {
+ _ = tx.Rollback()
+ }
+ }()
+ var data []byte
+ if err = tx.QueryRowContext(db.ctx, `SELECT lock FROM states WHERE name = ?;`, name).Scan(&data); err != nil {
+ return false, err
+ }
+ if data != nil {
+ err = json.Unmarshal(data, lock)
+ return false, err
+ }
+ if data, err = json.Marshal(lock); err != nil {
+ return false, err
+ }
+ _, err = tx.Exec(`UPDATE states SET lock = json(?) WHERE name = ?;`, data, name)
+ if err != nil {
+ return false, err
+ }
+ err = tx.Commit()
+ return true, err
+}
+
+func (db *DB) Unlock(name, lock any) (bool, error) {
+ data, err := json.Marshal(lock)
+ if err != nil {
+ return false, err
+ }
+ result, err := db.Exec(`UPDATE states SET lock = NULL WHERE name = ? and lock = json(?);`, name, data)
+ if err != nil {
+ return false, err
+ }
+ n, err := result.RowsAffected()
+ return n == 1, err
+}
diff --git a/pkg/database/sql/000_init.sql b/pkg/database/sql/000_init.sql
index 0248896..6ec2ef7 100644
--- a/pkg/database/sql/000_init.sql
+++ b/pkg/database/sql/000_init.sql
@@ -5,6 +5,7 @@ CREATE TABLE schema_version (
CREATE TABLE states (
id INTEGER PRIMARY KEY,
name TEXT NOT NULL,
- data BLOB NOT NULL
+ data BLOB NOT NULL,
+ lock TEXT
) STRICT;
CREATE UNIQUE INDEX states_name on states(name);
diff --git a/pkg/database/states.go b/pkg/database/states.go
index 3a0b0b9..e848924 100644
--- a/pkg/database/states.go
+++ b/pkg/database/states.go
@@ -2,6 +2,7 @@ package database
import (
"database/sql"
+ "fmt"
)
func (db *DB) DeleteState(name string) error {
@@ -18,18 +19,31 @@ func (db *DB) GetState(name string) ([]byte, error) {
return db.dataEncryptionKey.DecryptAES256(encryptedData)
}
-func (db *DB) SetState(name string, data []byte) error {
+// returns true in case of id mismatch
+func (db *DB) SetState(name string, data []byte, id string) (bool, error) {
encryptedData, err := db.dataEncryptionKey.EncryptAES256(data)
if err != nil {
- return err
+ return false, err
}
- _, err = db.Exec(
- `INSERT INTO states(name, data) VALUES (:name, :data) ON CONFLICT DO UPDATE SET data = :data WHERE name = :name;`,
- sql.Named("data", encryptedData),
- sql.Named("name", name),
- )
- if err != nil {
- return err
+ if id == "" {
+ _, err = db.Exec(
+ `INSERT INTO states(name, data) VALUES (:name, :data) ON CONFLICT DO UPDATE SET data = :data WHERE name = :name;`,
+ sql.Named("data", encryptedData),
+ sql.Named("name", name),
+ )
+ return false, err
+ } else {
+ result, err := db.Exec(`UPDATE states SET data = ? WHERE name = ? and lock->>'ID' = ?;`, encryptedData, name, id)
+ if err != nil {
+ return false, err
+ }
+ n, err := result.RowsAffected()
+ if err != nil {
+ return false, err
+ }
+ if n != 1 {
+ return true, fmt.Errorf("failed to update state, lock ID does not match")
+ }
+ return false, nil
}
- return nil
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-16 17:17:18 +0000