-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add database schema for internal Access API
- Loading branch information
Showing
7 changed files
with
232 additions
and
0 deletions.
There are no files selected for viewing
17 changes: 17 additions & 0 deletions
17
src/main/kotlin/org/wfanet/measurement/access/deploy/gcloud/spanner/testing/BUILD.bazel
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| load("@wfa_rules_kotlin_jvm//kotlin:defs.bzl", "kt_jvm_library") | ||
|
|
||
| package( | ||
| default_testonly = True, | ||
| default_visibility = [ | ||
| "//src/test/kotlin/org/wfanet/measurement/access/deploy/gcloud/spanner:__subpackages__", | ||
| ], | ||
| ) | ||
|
|
||
| kt_jvm_library( | ||
| name = "schemata", | ||
| srcs = ["Schemata.kt"], | ||
| resources = ["//src/main/resources/access/spanner"], | ||
| deps = [ | ||
| "@wfa_common_jvm//src/main/kotlin/org/wfanet/measurement/common", | ||
| ], | ||
| ) |
34 changes: 34 additions & 0 deletions
34
src/main/kotlin/org/wfanet/measurement/access/deploy/gcloud/spanner/testing/Schemata.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| /* | ||
| * Copyright 2024 The Cross-Media Measurement Authors | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wfanet.measurement.access.deploy.gcloud.spanner.testing | ||
|
|
||
| import java.nio.file.Path | ||
| import org.wfanet.measurement.common.getJarResourcePath | ||
|
|
||
| object Schemata { | ||
| private const val RESOURCE_PREFIX = "access/spanner" | ||
|
|
||
| private fun getResourcePath(fileName: String): Path { | ||
| val resourceName = "$RESOURCE_PREFIX/$fileName" | ||
| val classLoader = Schemata.javaClass.classLoader | ||
| return requireNotNull(classLoader.getJarResourcePath(resourceName)) { | ||
| "Resource $resourceName not found" | ||
| } | ||
| } | ||
|
|
||
| val ACCESS_CHANGELOG_PATH: Path = getResourcePath("changelog.yaml") | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| package( | ||
| default_visibility = [ | ||
| "//src/main/kotlin/org/wfanet/measurement/access/deploy/gcloud/spanner:__subpackages__", | ||
| "//src/test/kotlin/org/wfanet/measurement/access/deploy/gcloud/spanner:__subpackages__", | ||
| ], | ||
| ) | ||
|
|
||
| filegroup( | ||
| name = "spanner", | ||
| srcs = glob([ | ||
| "*.yaml", | ||
| "*.sql", | ||
| ]), | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # Copyright 2024 The Cross-Media Measurement Authors | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| # Liquibase changelog. | ||
|
|
||
| databaseChangeLog: | ||
| - include: | ||
| file: create-access-schema.sql | ||
| relativeToChangeLogFile: true |
101 changes: 101 additions & 0 deletions
101
src/main/resources/access/spanner/create-access-schema.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,101 @@ | ||
| -- liquibase formatted sql | ||
|
|
||
| -- Copyright 2024 The Cross-Media Measurement Authors | ||
| -- | ||
| -- Licensed under the Apache License, Version 2.0 (the "License"); | ||
| -- you may not use this file except in compliance with the License. | ||
| -- You may obtain a copy of the License at | ||
| -- | ||
| -- http://www.apache.org/licenses/LICENSE-2.0 | ||
| -- | ||
| -- Unless required by applicable law or agreed to in writing, software | ||
| -- distributed under the License is distributed on an "AS IS" BASIS, | ||
| -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| -- See the License for the specific language governing permissions and | ||
| -- limitations under the License. | ||
|
|
||
| -- changeset sanjayvas:1 dbms:cloudspanner | ||
| -- comment: Create initial schema for the Access system | ||
|
|
||
| START BATCH DDL; | ||
|
|
||
| CREATE TABLE Principals ( | ||
| PrincipalId INT64 NOT NULL, | ||
|
|
||
| PrincipalResourceId STRING(63) NOT NULL, | ||
| CreateTime TIMESTAMP NOT NULL OPTIONS(allow_commit_timestamp = true), | ||
| UpdateTime TIMESTAMP NOT NULL OPTIONS(allow_commit_timestamp = true), | ||
| ) | ||
| PRIMARY KEY (PrincipalId); | ||
|
|
||
| CREATE UNIQUE INDEX PrincipalsByResourceId ON Principals(PrincipalResourceId); | ||
|
|
||
| -- Principals with identity type USER. | ||
| -- There is at most one UserPrincipal per Principal. | ||
| CREATE TABLE UserPrincipals ( | ||
| PrincipalId INT64 NOT NULL, | ||
|
|
||
| Issuer STRING(MAX) NOT NULL, | ||
| Subject STRING(MAX) NOT NULL, | ||
| ) | ||
| PRIMARY KEY (PrincipalId), | ||
| INTERLEAVE IN PARENT Principals ON DELETE CASCADE; | ||
|
|
||
| CREATE UNIQUE INDEX UserPrincipalsByClaims ON UserPrincipals(Issuer, Subject); | ||
|
|
||
| CREATE TABLE Roles ( | ||
| RoleId INT64 NOT NULL, | ||
|
|
||
| RoleResourceId STRING(63) NOT NULL, | ||
| CreateTime TIMESTAMP NOT NULL OPTIONS(allow_commit_timestamp = true), | ||
| UpdateTime TIMESTAMP NOT NULL OPTIONS(allow_commit_timestamp = true), | ||
| ) | ||
| PRIMARY KEY (RoleId); | ||
|
|
||
| CREATE UNIQUE INDEX RolesByResourceId ON Roles(RoleResourceId); | ||
|
|
||
| CREATE TABLE RoleResourceTypes ( | ||
| RoleId INT64 NOT NULL, | ||
|
|
||
| ResourceType STRING(MAX) NOT NULL, | ||
| ) | ||
| PRIMARY KEY (RoleId, ResourceType), | ||
| INTERLEAVE IN PARENT Roles ON DELETE CASCADE; | ||
|
|
||
| CREATE TABLE RolePermissions ( | ||
| RoleId INT64 NOT NULL, | ||
| PermissionId INT64 NOT NULL, | ||
|
|
||
| FOREIGN KEY (RoleId) REFERENCES Roles(RoleId), | ||
| ) | ||
| PRIMARY KEY (RoleId, PermissionId), | ||
| INTERLEAVE IN PARENT Roles ON DELETE CASCADE; | ||
|
|
||
| CREATE TABLE Policies ( | ||
| PolicyId INT64 NOT NULL, | ||
| PolicyResourceId STRING(63) NOT NULL, | ||
|
|
||
| -- Name of the protected resource. This may be empty string to mean API root. | ||
| ProtectedResourceName STRING(MAX) NOT NULL, | ||
|
|
||
| CreateTime TIMESTAMP NOT NULL OPTIONS(allow_commit_timestamp = true), | ||
| UpdateTime TIMESTAMP NOT NULL OPTIONS(allow_commit_timestamp = true), | ||
| ) | ||
| PRIMARY KEY (PolicyId); | ||
|
|
||
| CREATE UNIQUE INDEX PoliciesByResourceId ON Policies(PolicyResourceId); | ||
| CREATE UNIQUE INDEX PoliciesByProtectedResourceName ON Policies(ProtectedResourceName); | ||
|
|
||
| CREATE TABLE PolicyBindings ( | ||
| PolicyId INT64 NOT NULL, | ||
| RoleId INT64 NOT NULL, | ||
| PrincipalId INT64 NOT NULL, | ||
|
|
||
| FOREIGN KEY (RoleId) REFERENCES Roles(RoleId), | ||
| FOREIGN KEY (PrincipalId) REFERENCES Principals(PrincipalId), | ||
| ) | ||
| PRIMARY KEY (PolicyId, RoleId, PrincipalId), | ||
| INTERLEAVE IN PARENT Policies ON DELETE CASCADE; | ||
|
|
||
| RUN BATCH; | ||
|
|
31 changes: 31 additions & 0 deletions
31
src/test/kotlin/org/wfanet/measurement/access/deploy/gcloud/spanner/AccessSchemaTest.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| /* | ||
| * Copyright 2024 The Cross-Media Measurement Authors | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wfanet.measurement.access.deploy.gcloud.spanner | ||
|
|
||
| import org.junit.Test | ||
| import org.junit.runner.RunWith | ||
| import org.junit.runners.JUnit4 | ||
| import org.wfanet.measurement.access.deploy.gcloud.spanner.testing.Schemata | ||
| import org.wfanet.measurement.gcloud.spanner.testing.UsingSpannerEmulator | ||
|
|
||
| @RunWith(JUnit4::class) | ||
| class AccessSchemaTest : UsingSpannerEmulator(Schemata.ACCESS_CHANGELOG_PATH) { | ||
|
|
||
| @Test fun `database is created`() { | ||
| // No-op. Just ensure that DB is created by test infra. | ||
| } | ||
| } |
15 changes: 15 additions & 0 deletions
15
src/test/kotlin/org/wfanet/measurement/access/deploy/gcloud/spanner/BUILD.bazel
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| load( | ||
| "@wfa_common_jvm//src/main/kotlin/org/wfanet/measurement/gcloud/spanner/testing:macros.bzl", | ||
| "spanner_emulator_test", | ||
| ) | ||
|
|
||
| spanner_emulator_test( | ||
| name = "AccessSchemaTest", | ||
| srcs = ["AccessSchemaTest.kt"], | ||
| test_class = "org.wfanet.measurement.access.deploy.gcloud.spanner.AccessSchemaTest", | ||
| deps = [ | ||
| "//src/main/kotlin/org/wfanet/measurement/access/deploy/gcloud/spanner/testing:schemata", | ||
| "@wfa_common_jvm//imports/java/com/google/cloud/spanner", | ||
| "@wfa_common_jvm//src/main/kotlin/org/wfanet/measurement/gcloud/spanner/testing", | ||
| ], | ||
| ) |