// Copyright 2019 Drone.IO Inc. All rights reserved. // Use of this source code is governed by the Drone Non-Commercial License // that can be found in the LICENSE file. package secret import ( "context" "github.com/drone/drone/store/shared/db" "github.com/drone/drone/store/shared/encrypt" "github.com/drone/drone/core" ) // New returns a new Secret database store. func New(db *db.DB, enc encrypt.Encrypter) core.SecretStore { return &secretStore{ db: db, enc: enc, } } type secretStore struct { db *db.DB enc encrypt.Encrypter } func (s *secretStore) List(ctx context.Context, id int64) ([]*core.Secret, error) { var out []*core.Secret err := s.db.View(func(queryer db.Queryer, binder db.Binder) error { params := map[string]interface{}{"secret_repo_id": id} stmt, args, err := binder.BindNamed(queryRepo, params) if err != nil { return err } rows, err := queryer.Query(stmt, args...) if err != nil { return err } out, err = scanRows(s.enc, rows) return err }) return out, err } func (s *secretStore) Find(ctx context.Context, id int64) (*core.Secret, error) { out := &core.Secret{ID: id} err := s.db.View(func(queryer db.Queryer, binder db.Binder) error { params, err := toParams(s.enc, out) if err != nil { return err } query, args, err := binder.BindNamed(queryKey, params) if err != nil { return err } row := queryer.QueryRow(query, args...) return scanRow(s.enc, row, out) }) return out, err } func (s *secretStore) FindName(ctx context.Context, id int64, name string) (*core.Secret, error) { out := &core.Secret{Name: name, RepoID: id} err := s.db.View(func(queryer db.Queryer, binder db.Binder) error { params, err := toParams(s.enc, out) if err != nil { return err } query, args, err := binder.BindNamed(queryName, params) if err != nil { return err } row := queryer.QueryRow(query, args...) return scanRow(s.enc, row, out) }) return out, err } func (s *secretStore) Create(ctx context.Context, secret *core.Secret) error { if s.db.Driver() == db.Postgres { return s.createPostgres(ctx, secret) } return s.create(ctx, secret) } func (s *secretStore) create(ctx context.Context, secret *core.Secret) error { return s.db.Lock(func(execer db.Execer, binder db.Binder) error { params, err := toParams(s.enc, secret) if err != nil { return err } stmt, args, err := binder.BindNamed(stmtInsert, params) if err != nil { return err } res, err := execer.Exec(stmt, args...) if err != nil { return err } secret.ID, err = res.LastInsertId() return err }) } func (s *secretStore) createPostgres(ctx context.Context, secret *core.Secret) error { return s.db.Lock(func(execer db.Execer, binder db.Binder) error { params, err := toParams(s.enc, secret) if err != nil { return err } stmt, args, err := binder.BindNamed(stmtInsertPg, params) if err != nil { return err } return execer.QueryRow(stmt, args...).Scan(&secret.ID) }) } func (s *secretStore) Update(ctx context.Context, secret *core.Secret) error { return s.db.Lock(func(execer db.Execer, binder db.Binder) error { params, err := toParams(s.enc, secret) if err != nil { return err } stmt, args, err := binder.BindNamed(stmtUpdate, params) if err != nil { return err } _, err = execer.Exec(stmt, args...) return err }) } func (s *secretStore) Delete(ctx context.Context, secret *core.Secret) error { return s.db.Lock(func(execer db.Execer, binder db.Binder) error { params, err := toParams(s.enc, secret) if err != nil { return err } stmt, args, err := binder.BindNamed(stmtDelete, params) if err != nil { return err } _, err = execer.Exec(stmt, args...) return err }) } const queryBase = ` SELECT secret_id ,secret_repo_id ,secret_name ,secret_data ,secret_pull_request ,secret_pull_request_push ` const queryKey = queryBase + ` FROM secrets WHERE secret_id = :secret_id LIMIT 1 ` const queryName = queryBase + ` FROM secrets WHERE secret_name = :secret_name AND secret_repo_id = :secret_repo_id LIMIT 1 ` const queryRepo = queryBase + ` FROM secrets WHERE secret_repo_id = :secret_repo_id ORDER BY secret_name ` const stmtUpdate = ` UPDATE secrets SET secret_data = :secret_data ,secret_pull_request = :secret_pull_request ,secret_pull_request_push = :secret_pull_request_push WHERE secret_id = :secret_id ` const stmtDelete = ` DELETE FROM secrets WHERE secret_id = :secret_id ` const stmtInsert = ` INSERT INTO secrets ( secret_repo_id ,secret_name ,secret_data ,secret_pull_request ,secret_pull_request_push ) VALUES ( :secret_repo_id ,:secret_name ,:secret_data ,:secret_pull_request ,:secret_pull_request_push ) ` const stmtInsertPg = stmtInsert + ` RETURNING secret_id `