233 lines
5.2 KiB
Go
233 lines
5.2 KiB
Go
// Copyright 2019 Drone.IO Inc. All rights reserved.
|
|
// Use of this source code is governed by the Drone Non-Commercial License
|
|
// that can be found in the LICENSE file.
|
|
|
|
// +build !oss
|
|
|
|
package global
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/drone/drone/core"
|
|
"github.com/drone/drone/store/shared/db"
|
|
"github.com/drone/drone/store/shared/encrypt"
|
|
)
|
|
|
|
// New returns a new global Secret database store.
|
|
func New(db *db.DB, enc encrypt.Encrypter) core.GlobalSecretStore {
|
|
return &secretStore{
|
|
db: db,
|
|
enc: enc,
|
|
}
|
|
}
|
|
|
|
type secretStore struct {
|
|
db *db.DB
|
|
enc encrypt.Encrypter
|
|
}
|
|
|
|
func (s *secretStore) List(ctx context.Context, namespace string) ([]*core.Secret, error) {
|
|
var out []*core.Secret
|
|
err := s.db.View(func(queryer db.Queryer, binder db.Binder) error {
|
|
params := map[string]interface{}{"secret_namespace": namespace}
|
|
stmt, args, err := binder.BindNamed(queryNamespace, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
rows, err := queryer.Query(stmt, args...)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
out, err = scanRows(s.enc, rows)
|
|
return err
|
|
})
|
|
return out, err
|
|
}
|
|
|
|
func (s *secretStore) ListAll(ctx context.Context) ([]*core.Secret, error) {
|
|
var out []*core.Secret
|
|
err := s.db.View(func(queryer db.Queryer, binder db.Binder) error {
|
|
rows, err := queryer.Query(queryAll)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
out, err = scanRows(s.enc, rows)
|
|
return err
|
|
})
|
|
return out, err
|
|
}
|
|
|
|
func (s *secretStore) Find(ctx context.Context, id int64) (*core.Secret, error) {
|
|
out := &core.Secret{ID: id}
|
|
err := s.db.View(func(queryer db.Queryer, binder db.Binder) error {
|
|
params, err := toParams(s.enc, out)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
query, args, err := binder.BindNamed(queryKey, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
row := queryer.QueryRow(query, args...)
|
|
return scanRow(s.enc, row, out)
|
|
})
|
|
return out, err
|
|
}
|
|
|
|
func (s *secretStore) FindName(ctx context.Context, namespace, name string) (*core.Secret, error) {
|
|
out := &core.Secret{Name: name, Namespace: namespace}
|
|
err := s.db.View(func(queryer db.Queryer, binder db.Binder) error {
|
|
params, err := toParams(s.enc, out)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
query, args, err := binder.BindNamed(queryName, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
row := queryer.QueryRow(query, args...)
|
|
return scanRow(s.enc, row, out)
|
|
})
|
|
return out, err
|
|
}
|
|
|
|
func (s *secretStore) Create(ctx context.Context, secret *core.Secret) error {
|
|
if s.db.Driver() == db.Postgres {
|
|
return s.createPostgres(ctx, secret)
|
|
}
|
|
return s.create(ctx, secret)
|
|
}
|
|
|
|
func (s *secretStore) create(ctx context.Context, secret *core.Secret) error {
|
|
return s.db.Lock(func(execer db.Execer, binder db.Binder) error {
|
|
params, err := toParams(s.enc, secret)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
stmt, args, err := binder.BindNamed(stmtInsert, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
res, err := execer.Exec(stmt, args...)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
secret.ID, err = res.LastInsertId()
|
|
return err
|
|
})
|
|
}
|
|
|
|
func (s *secretStore) createPostgres(ctx context.Context, secret *core.Secret) error {
|
|
return s.db.Lock(func(execer db.Execer, binder db.Binder) error {
|
|
params, err := toParams(s.enc, secret)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
stmt, args, err := binder.BindNamed(stmtInsertPg, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return execer.QueryRow(stmt, args...).Scan(&secret.ID)
|
|
})
|
|
}
|
|
|
|
func (s *secretStore) Update(ctx context.Context, secret *core.Secret) error {
|
|
return s.db.Lock(func(execer db.Execer, binder db.Binder) error {
|
|
params, err := toParams(s.enc, secret)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
stmt, args, err := binder.BindNamed(stmtUpdate, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = execer.Exec(stmt, args...)
|
|
return err
|
|
})
|
|
}
|
|
|
|
func (s *secretStore) Delete(ctx context.Context, secret *core.Secret) error {
|
|
return s.db.Lock(func(execer db.Execer, binder db.Binder) error {
|
|
params, err := toParams(s.enc, secret)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
stmt, args, err := binder.BindNamed(stmtDelete, params)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = execer.Exec(stmt, args...)
|
|
return err
|
|
})
|
|
}
|
|
|
|
const queryBase = `
|
|
SELECT
|
|
secret_id
|
|
,secret_namespace
|
|
,secret_name
|
|
,secret_type
|
|
,secret_data
|
|
,secret_pull_request
|
|
,secret_pull_request_push
|
|
`
|
|
|
|
const queryKey = queryBase + `
|
|
FROM orgsecrets
|
|
WHERE secret_id = :secret_id
|
|
LIMIT 1
|
|
`
|
|
|
|
const queryAll = queryBase + `
|
|
FROM orgsecrets
|
|
ORDER BY secret_name
|
|
`
|
|
|
|
const queryName = queryBase + `
|
|
FROM orgsecrets
|
|
WHERE secret_name = :secret_name
|
|
AND secret_namespace = :secret_namespace
|
|
LIMIT 1
|
|
`
|
|
|
|
const queryNamespace = queryBase + `
|
|
FROM orgsecrets
|
|
WHERE secret_namespace = :secret_namespace
|
|
ORDER BY secret_name
|
|
`
|
|
|
|
const stmtUpdate = `
|
|
UPDATE orgsecrets SET
|
|
secret_data = :secret_data
|
|
,secret_pull_request = :secret_pull_request
|
|
,secret_pull_request_push = :secret_pull_request_push
|
|
WHERE secret_id = :secret_id
|
|
`
|
|
|
|
const stmtDelete = `
|
|
DELETE FROM orgsecrets
|
|
WHERE secret_id = :secret_id
|
|
`
|
|
|
|
const stmtInsert = `
|
|
INSERT INTO orgsecrets (
|
|
secret_namespace
|
|
,secret_name
|
|
,secret_type
|
|
,secret_data
|
|
,secret_pull_request
|
|
,secret_pull_request_push
|
|
) VALUES (
|
|
:secret_namespace
|
|
,:secret_name
|
|
,:secret_type
|
|
,:secret_data
|
|
,:secret_pull_request
|
|
,:secret_pull_request_push
|
|
)
|
|
`
|
|
|
|
const stmtInsertPg = stmtInsert + `
|
|
RETURNING secret_id
|
|
`
|