fix(api): tenant-проверка account/template в CreateDomain (HIGH), атомарный import через транзакцию (MEDIUM)
This commit is contained in:
@@ -7,6 +7,7 @@ import (
|
||||
"github.com/google/uuid"
|
||||
"github.com/jackc/pgx/v5/pgxpool"
|
||||
|
||||
"github.com/vasyakrg/dns-autoresolver/internal/provider"
|
||||
"github.com/vasyakrg/dns-autoresolver/internal/store/db"
|
||||
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
|
||||
)
|
||||
@@ -88,3 +89,57 @@ func TestTemplateJSONBRoundTrip(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestImportDomains_CommitsAllOnSuccess(t *testing.T) {
|
||||
s, ctx := newStore(t)
|
||||
acc, err := s.Queries().CreateAccount(ctx, db.CreateAccountParams{
|
||||
ID: uuid.New(), ProjectID: defaultProject, Provider: "selectel", SecretEnc: "enc-blob",
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
zones := []provider.Zone{
|
||||
{ID: "z1", Name: "a.example.com"},
|
||||
{ID: "z2", Name: "b.example.com"},
|
||||
}
|
||||
doms, err := s.ImportDomains(ctx, defaultProject, acc.ID, zones)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if len(doms) != 2 {
|
||||
t.Fatalf("expected 2 domains returned, got %d", len(doms))
|
||||
}
|
||||
|
||||
list, err := s.ListDomains(ctx, defaultProject)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if len(list) != 2 {
|
||||
t.Fatalf("expected 2 persisted domains, got %d", len(list))
|
||||
}
|
||||
}
|
||||
|
||||
// TestImportDomains_RollsBackAllOnError verifies the transactional contract:
|
||||
// if any zone in the batch fails to insert (here, an FK violation because
|
||||
// the account doesn't exist), none of the batch is left committed.
|
||||
func TestImportDomains_RollsBackAllOnError(t *testing.T) {
|
||||
s, ctx := newStore(t)
|
||||
bogusAccountID := uuid.New() // no matching provider_accounts row
|
||||
|
||||
zones := []provider.Zone{
|
||||
{ID: "z1", Name: "a.example.com"},
|
||||
{ID: "z2", Name: "b.example.com"},
|
||||
}
|
||||
if _, err := s.ImportDomains(ctx, defaultProject, bogusAccountID, zones); err == nil {
|
||||
t.Fatal("expected FK violation error, got nil")
|
||||
}
|
||||
|
||||
list, err := s.ListDomains(ctx, defaultProject)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if len(list) != 0 {
|
||||
t.Fatalf("expected 0 domains after rollback, got %d", len(list))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
|
||||
"github.com/google/uuid"
|
||||
|
||||
"github.com/vasyakrg/dns-autoresolver/internal/provider"
|
||||
"github.com/vasyakrg/dns-autoresolver/internal/store/db"
|
||||
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
|
||||
)
|
||||
@@ -109,6 +110,16 @@ func (s *Store) DeleteTemplate(ctx context.Context, id, projectID uuid.UUID) err
|
||||
return s.q.DeleteTemplate(ctx, db.DeleteTemplateParams{ID: id, ProjectID: projectID})
|
||||
}
|
||||
|
||||
// GetTemplate is a scoped lookup used to verify a template belongs to
|
||||
// projectID before it is referenced elsewhere (e.g. CreateDomain).
|
||||
func (s *Store) GetTemplate(ctx context.Context, id, projectID uuid.UUID) (Template, error) {
|
||||
t, err := s.q.GetTemplate(ctx, db.GetTemplateParams{ID: id, ProjectID: projectID})
|
||||
if err != nil {
|
||||
return Template{}, err
|
||||
}
|
||||
return templateFromDB(t), nil
|
||||
}
|
||||
|
||||
type Domain struct {
|
||||
ID uuid.UUID
|
||||
ProjectID uuid.UUID
|
||||
@@ -151,3 +162,31 @@ func (s *Store) ListDomains(ctx context.Context, projectID uuid.UUID) ([]Domain,
|
||||
func (s *Store) DeleteDomain(ctx context.Context, id, projectID uuid.UUID) error {
|
||||
return s.q.DeleteDomain(ctx, db.DeleteDomainParams{ID: id, ProjectID: projectID})
|
||||
}
|
||||
|
||||
// ImportDomains creates one domain per zone inside a single transaction: if
|
||||
// any zone fails to be created, the whole batch is rolled back so callers
|
||||
// never observe a partially-imported set of domains.
|
||||
func (s *Store) ImportDomains(ctx context.Context, projectID, accountID uuid.UUID, zones []provider.Zone) ([]Domain, error) {
|
||||
tx, err := s.pool.Begin(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer tx.Rollback(ctx) // no-op once Commit has succeeded
|
||||
|
||||
q := s.q.WithTx(tx)
|
||||
out := make([]Domain, 0, len(zones))
|
||||
for _, z := range zones {
|
||||
d, err := q.CreateDomain(ctx, db.CreateDomainParams{
|
||||
ID: uuid.New(), ProjectID: projectID, ProviderAccountID: accountID,
|
||||
ZoneName: z.Name, ZoneID: z.ID, TemplateID: nil,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out = append(out, domainFromDB(d))
|
||||
}
|
||||
if err := tx.Commit(ctx); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user