independent branch datasets (#564)

Author: agneum

engine/internal/provision/databases/postgres/postgres.go

@@ -186,6 +186,33 @@ func getPgConnStr(host, dbname, username string, port uint) string {
 	return sb.String()
 }
 
+// runExistsSQL executes simple SQL commands which returns one bool value.
+func runExistsSQL(command, connStr string) (bool, error) {
+	db, err := sql.Open("postgres", connStr)
+
+	if err != nil {
+		return false, fmt.Errorf("cannot connect to database: %w", err)
+	}
+
+	var result bool
+
+	row := db.QueryRow(command)
+	err = row.Scan(&result)
+
+	defer func() {
+		err := db.Close()
+		if err != nil {
+			log.Err("Cannot close database connection.")
+		}
+	}()
+
+	if err != nil && err == sql.ErrNoRows {
+		return false, nil
+	}
+
+	return result, err
+}
+
 // runSimpleSQL executes simple SQL commands which returns one string value.
 func runSimpleSQL(command, connStr string) (string, error) {
 	db, err := sql.Open("postgres", connStr)

engine/internal/provision/databases/postgres/postgres_mgmt.go

@@ -82,19 +82,37 @@ func CreateUser(c *resources.AppConfig, user resources.EphemeralUser) error {
 		dbName = user.AvailableDB
 	}
 
+	// check user
+	pgConnStr := getPgConnStr(c.Host, dbName, c.DB.Username, c.Port)
+
+	userExists, err := runExistsSQL(userExistsQuery(user.Name), pgConnStr)
+	if err != nil {
+		return fmt.Errorf("failed to check if user exists: %w", err)
+	}
+
 	if user.Restricted {
-		// create restricted user
-		query = restrictedUserQuery(user.Name, user.Password)
-		out, err := runSimpleSQL(query, getPgConnStr(c.Host, dbName, c.DB.Username, c.Port))
+		// Create or alter restricted user.
+		query = restrictedUserQuery(user.Name, user.Password, userExists)
+		out, err := runSimpleSQL(query, pgConnStr)
 
 		if err != nil {
 			return fmt.Errorf("failed to create restricted user: %w", err)
 		}
 
 		log.Dbg("Restricted user has been created: ", out)
 
-		// set restricted user as owner for database objects
-		databaseList, err := runSQLSelectQuery(selectAllDatabases, getPgConnStr(c.Host, dbName, c.DB.Username, c.Port))
+		// Change user ownership.
+		query = restrictedUserOwnershipQuery(user.Name, user.Password)
+		out, err = runSimpleSQL(query, pgConnStr)
+
+		if err != nil {
+			return fmt.Errorf("failed to create restricted user: %w", err)
+		}
+
+		log.Dbg("Database ownership has been changed: ", out)
+
+		// Set restricted user as owner for database objects.
+		databaseList, err := runSQLSelectQuery(selectAllDatabases, pgConnStr)
 
 		if err != nil {
 			return fmt.Errorf("failed list all databases: %w", err)
@@ -111,26 +129,47 @@ func CreateUser(c *resources.AppConfig, user resources.EphemeralUser) error {
 			log.Dbg("Objects restriction applied", database, out)
 		}
 	} else {
-		query = superuserQuery(user.Name, user.Password)
+		query = superuserQuery(user.Name, user.Password, userExists)
 
-		out, err := runSimpleSQL(query, getPgConnStr(c.Host, dbName, c.DB.Username, c.Port))
+		out, err := runSimpleSQL(query, pgConnStr)
 		if err != nil {
 			return fmt.Errorf("failed to create superuser: %w", err)
 		}
 
-		log.Dbg("Super user has been created: ", out)
+		log.Dbg("Superuser has been created: ", out)
+
+		return nil
 	}
 
 	return nil
 }
 
-func superuserQuery(username, password string) string {
-	return fmt.Sprintf(`create user %s with password %s login superuser;`, pq.QuoteIdentifier(username), pq.QuoteLiteral(password))
+func superuserQuery(username, password string, exists bool) string {
+	if exists {
+		return fmt.Sprintf(`alter role %s with password %s login superuser;`,
+			pq.QuoteIdentifier(username), pq.QuoteLiteral(password))
+	}
+
+	return fmt.Sprintf(`create user %s with password %s login superuser;`,
+		pq.QuoteIdentifier(username), pq.QuoteLiteral(password))
+}
+
+func restrictedUserQuery(username, password string, exists bool) string {
+	if exists {
+		return fmt.Sprintf(`alter role %s with password %s login;`,
+			pq.QuoteIdentifier(username), pq.QuoteLiteral(password))
+	}
+
+	return fmt.Sprintf(`create user %s with password %s login;`,
+		pq.QuoteIdentifier(username), pq.QuoteLiteral(password))
+}
+
+func userExistsQuery(username string) string {
+	return fmt.Sprintf(`select exists (select from pg_roles where rolname = %s)`, pq.QuoteLiteral(username))
 }
 
 const restrictionUserCreationTemplate = `
--- create a new user 
-create user @username with password @password login;
+-- change owner
 do $$
 declare
   new_owner text;
@@ -307,7 +346,7 @@ end
 $$;
 `
 
-func restrictedUserQuery(username, password string) string {
+func restrictedUserOwnershipQuery(username, password string) string {
 	repl := strings.NewReplacer(
 		"@usernameStr", pq.QuoteLiteral(username),
 		"@username", pq.QuoteIdentifier(username),

engine/internal/provision/databases/postgres/postgres_mgmt_test.go

@@ -11,45 +11,89 @@ import (
 )
 
 func TestSuperuserQuery(t *testing.T) {
+	const (
+		user     = "user1"
+		userTest = "user.test\""
+		pwd      = "pwd"
+		pwdQuote = "pwd\\'--"
+	)
+
+	t.Run("username and password must be quoted", func(t *testing.T) {
+		assert.Equal(t, `create user "user1" with password 'pwd' login superuser;`, superuserQuery(user, pwd, false))
+	})
+
+	t.Run("username and password must be quoted", func(t *testing.T) {
+		assert.Equal(t, `alter role "user1" with password 'pwd' login superuser;`, superuserQuery(user, pwd, true))
+	})
+
+	t.Run("special chars must be quoted", func(t *testing.T) {
+
+		assert.Equal(t, `create user "user.test""" with password  E'pwd\\''--' login superuser;`,
+			superuserQuery(userTest, pwdQuote, false))
+	})
+
+	t.Run("special chars must be quoted", func(t *testing.T) {
+		assert.Equal(t, `alter role "user.test""" with password  E'pwd\\''--' login superuser;`,
+			superuserQuery(userTest, pwdQuote, true))
+	})
+}
+
+func TestRestrictedUserQuery(t *testing.T) {
 	t.Run("username and password must be quoted", func(t *testing.T) {
 		user := "user1"
 		pwd := "pwd"
-		assert.Equal(t, `create user "user1" with password 'pwd' login superuser;`, superuserQuery(user, pwd))
+		query := restrictedUserQuery(user, pwd, false)
+
+		assert.Contains(t, query, `create user "user1" with password 'pwd' login;`)
+	})
+
+	t.Run("username and password must be quoted", func(t *testing.T) {
+		user := "user1"
+		pwd := "pwd"
+		query := restrictedUserQuery(user, pwd, true)
+
+		assert.Contains(t, query, `alter role "user1" with password 'pwd' login;`)
+	})
+
+	t.Run("special chars must be quoted", func(t *testing.T) {
+		user := "user.test\""
+		pwd := "pwd\\'--"
+		query := restrictedUserQuery(user, pwd, false)
+
+		assert.Contains(t, query, `create user "user.test""" with password  E'pwd\\''--' login;`)
 	})
 
 	t.Run("special chars must be quoted", func(t *testing.T) {
 		user := "user.test\""
 		pwd := "pwd\\'--"
-		assert.Equal(t, `create user "user.test""" with password  E'pwd\\''--' login superuser;`, superuserQuery(user, pwd))
+		query := restrictedUserQuery(user, pwd, true)
+
+		assert.Contains(t, query, `alter role "user.test""" with password  E'pwd\\''--' login;`)
 	})
 }
 
-func TestRestrictedUserQuery(t *testing.T) {
+func TestRestrictedUserOwnershipQuery(t *testing.T) {
 	t.Run("username and password must be quoted", func(t *testing.T) {
 		user := "user1"
 		pwd := "pwd"
-		query := restrictedUserQuery(user, pwd)
+		query := restrictedUserOwnershipQuery(user, pwd)
 
-		assert.Contains(t, query, `create user "user1" with password 'pwd' login;`)
 		assert.Contains(t, query, `new_owner := 'user1'`)
-
 	})
 
 	t.Run("special chars must be quoted", func(t *testing.T) {
 		user := "user.test\""
 		pwd := "pwd\\'--"
-		query := restrictedUserQuery(user, pwd)
+		query := restrictedUserOwnershipQuery(user, pwd)
 
-		assert.Contains(t, query, `create user "user.test""" with password  E'pwd\\''--' login;`)
 		assert.Contains(t, query, `new_owner := 'user.test"'`)
 	})
 
 	t.Run("change owner of all databases", func(t *testing.T) {
 		user := "user.test"
 		pwd := "pwd"
-		query := restrictedUserQuery(user, pwd)
+		query := restrictedUserOwnershipQuery(user, pwd)
 
 		assert.Contains(t, query, `select datname from pg_catalog.pg_database where not datistemplat`)
 	})
-
 }

engine/internal/provision/docker/docker.go

@@ -221,7 +221,7 @@ func RemoveContainer(r runners.Runner, cloneName string) (string, error) {
 
 // ListContainers lists container names.
 func ListContainers(r runners.Runner, clonePool string) ([]string, error) {
-	dockerListCmd := fmt.Sprintf(`docker container ls --filter "label=%s" --filter "label=%s" --all --format '{{.Names}}'`,
+	dockerListCmd := fmt.Sprintf(`docker container ls --filter "label=%s=%s" --all --format '{{.Names}}'`,
 		LabelClone, clonePool)
 
 	out, err := r.Run(dockerListCmd, false)

engine/internal/provision/mode_local_test.go

@@ -118,6 +118,10 @@ func (m mockFSManager) VerifyBranchMetadata() error {
 	return nil
 }
 
+func (m mockFSManager) CreateDataset(_ string) error {
+	return nil
+}
+
 func (m mockFSManager) CreateBranch(_, _ string) error {
 	return nil
 }
@@ -174,6 +178,10 @@ func (m mockFSManager) SetMountpoint(_, _ string) error {
 	return nil
 }
 
+func (m mockFSManager) Move(_, _, _ string) error {
+	return nil
+}
+
 func (m mockFSManager) Rename(_, _ string) error {
 	return nil
 }

engine/internal/provision/pool/manager.go

@@ -55,13 +55,15 @@ type Snapshotter interface {
 type Branching interface {
 	InitBranching() error
 	VerifyBranchMetadata() error
+	CreateDataset(datasetName string) error
 	CreateBranch(branchName, snapshotID string) error
 	ListBranches() (map[string]string, error)
 	ListAllBranches() ([]models.BranchEntity, error)
 	GetRepo() (*models.Repo, error)
 	GetAllRepo() (*models.Repo, error)
 	SetRelation(parent, snapshotName string) error
 	Snapshot(snapshotName string) error
+	Move(baseSnap, currentSnap, target string) error
 	SetMountpoint(path, branch string) error
 	Rename(oldName, branch string) error
 	AddBranchProp(branch, snapshotName string) error

engine/internal/provision/resources/pool.go

@@ -95,6 +95,11 @@ func (p *Pool) BranchPath(branchName string) string {
 	return path.Join(p.BranchDir(), branchName)
 }
 
+// BranchName returns a full branch name in the data pool.
+func (p *Pool) BranchName(poolName, branchName string) string {
+	return path.Join(poolName, branchDir, branchName)
+}
+
 // Status gets the pool status.
 func (p *Pool) Status() PoolStatus {
 	p.mu.RLock()

engine/internal/provision/thinclones/lvm/lvmanager.go

@@ -156,6 +156,13 @@ func (m *LVManager) VerifyBranchMetadata() error {
 	return nil
 }
 
+// CreateDataset creates a new dataset.
+func (m *LVManager) CreateDataset(_ string) error {
+	log.Msg("CreateDataset is not supported for LVM. Skip the operation")
+
+	return nil
+}
+
 // CreateBranch clones data as a new branch.
 func (m *LVManager) CreateBranch(_, _ string) error {
 	log.Msg("CreateBranch is not supported for LVM. Skip the operation")
@@ -275,6 +282,13 @@ func (m *LVManager) Rename(_, _ string) error {
 	return nil
 }
 
+// Move moves snapshot diff.
+func (m *LVManager) Move(_, _, _ string) error {
+	log.Msg("Move is not supported for LVM. Skip the operation")
+
+	return nil
+}
+
 // HasDependentEntity checks if snapshot has dependent entities.
 func (m *LVManager) HasDependentEntity(_ string) error {
 	log.Msg("HasDependentEntity is not supported for LVM. Skip the operation")

engine/internal/provision/thinclones/zfs/branching.go

@@ -96,6 +96,13 @@ func (m *Manager) InitBranching() error {
 		leader = follower
 	}
 
+	// If not exists pool/branch/main, init main branch dataset.
+	brName := m.Pool().BranchName(m.Pool().Name, branching.DefaultBranch)
+
+	if err := m.CreateDataset(brName); err != nil {
+		return fmt.Errorf("failed to init main branch dataset: %w", err)
+	}
+
 	log.Msg("data branching has been successfully initialized")
 
 	return nil
@@ -151,11 +158,9 @@ func (m *Manager) VerifyBranchMetadata() error {
 
 // CreateBranch clones data as a new branch.
 func (m *Manager) CreateBranch(branchName, snapshotID string) error {
-	branchPath := m.config.Pool.BranchPath(branchName)
-
 	// zfs clone -p pool@snapshot_20221019094237 pool/branch/001-branch
 	cmd := []string{
-		"zfs clone -p", snapshotID, branchPath,
+		"zfs clone -p", snapshotID, branchName,
 	}
 
 	out, err := m.runner.Run(strings.Join(cmd, " "))
@@ -169,7 +174,7 @@ func (m *Manager) CreateBranch(branchName, snapshotID string) error {
 // Snapshot takes a snapshot of the current data state.
 func (m *Manager) Snapshot(snapshotName string) error {
 	cmd := []string{
-		"zfs snapshot -r", snapshotName,
+		"zfs snapshot ", snapshotName,
 	}
 
 	out, err := m.runner.Run(strings.Join(cmd, " "))
@@ -180,6 +185,20 @@ func (m *Manager) Snapshot(snapshotName string) error {
 	return nil
 }
 
+// Move sends and receives snapshot diff.
+func (m *Manager) Move(baseSnap, currentSnap, target string) error {
+	cmd := fmt.Sprintf(
+		"zfs send -I %s %s | zfs receive -F %s", baseSnap, currentSnap, target,
+	)
+
+	out, err := m.runner.Run(cmd)
+	if err != nil {
+		return fmt.Errorf("zfs moving snapshot error: %w. Out: %v", err, out)
+	}
+
+	return nil
+}
+
 // Rename renames clone.
 func (m *Manager) Rename(oldName, newName string) error {
 	cmd := []string{