go.chromium.org/luci@v0.0.0-20250314024836-d9a61d0730e6/tokenserver/appengine/impl/utils/projectidentity/storage.go

// Copyright 2019 The LUCI Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package projectidentity

import (
	"context"
	"errors"

	"go.chromium.org/luci/common/logging"
	"go.chromium.org/luci/common/retry/transient"
	ds "go.chromium.org/luci/gae/service/datastore"
)

var (
	// ErrNotFound indicates that the entity which was queried does not exist in the storage.
	ErrNotFound = errors.New("not found")
)

// projectIdentities is the default storage for all scoped identities.
var projectIdentities = &persistentStorage{}

// ProjectIdentities returns the global scoped identity storage.
func ProjectIdentities(_ context.Context) Storage {
	return projectIdentities
}

// Storage interface declares methods for the scoped identity storage.
type Storage interface {

	// Create an identity or update if it already exists.
	Create(c context.Context, identity *ProjectIdentity) (*ProjectIdentity, error)

	// Update an identity in the storage.
	Update(c context.Context, identity *ProjectIdentity) (*ProjectIdentity, error)

	// Delete an identity from the storage.
	Delete(c context.Context, identity *ProjectIdentity) error

	// LookupByProject performs a lookup by project name.
	LookupByProject(c context.Context, project string) (*ProjectIdentity, error)
}

// ProjectIdentity defines a scoped identity in the storage.
type ProjectIdentity struct {
	_kind   string `gae:"$kind,ScopedIdentity"`
	Project string `gae:"$id"`
	Email   string
}

// persistentStorage implements ScopedIdentityManager.
type persistentStorage struct {
}

// lookup reads an identity from the storage based on what fields are set in the identity struct.
func (s *persistentStorage) lookup(c context.Context, identity *ProjectIdentity) (*ProjectIdentity, error) {
	logging.Debugf(c, "lookup project scoped identity %v", identity)
	tmp := *identity
	if err := ds.Get(c, &tmp); err != nil {
		switch {
		case err == ds.ErrNoSuchEntity:
			return nil, ErrNotFound
		case err != nil:
			return nil, transient.Tag.Apply(err)
		}
	}
	return &tmp, nil
}

// LookupByProject returns the project identity stored for a given project.
func (s *persistentStorage) LookupByProject(c context.Context, project string) (*ProjectIdentity, error) {
	return s.lookup(c, &ProjectIdentity{Project: project})
}

// Delete removes an identity from the storage.
func (s *persistentStorage) Delete(c context.Context, identity *ProjectIdentity) error {
	logging.Debugf(c, "delete project scoped identity %v", identity)
	return ds.Delete(c, identity)
}

// Create stores a new entry for a project identity.
func (s *persistentStorage) Create(c context.Context, identity *ProjectIdentity) (*ProjectIdentity, error) {
	logging.Debugf(c, "create project scoped identity %v", identity)
	return s.Update(c, identity)
}

// Update allows an identity to be updated, e.g. when the service account email changes.
func (s *persistentStorage) Update(c context.Context, identity *ProjectIdentity) (*ProjectIdentity, error) {
	logging.Debugf(c, "update project scoped identity %v", identity)
	tmp, err := s.lookup(c, identity)
	switch {
	case err == nil && *tmp == *identity: // Doesn't need update
		return identity, nil
	case err != nil && err != ErrNotFound: // Lookup error to propagate
		return nil, err
	}

	if err := ds.Put(c, identity); err != nil {
		return nil, err
	}
	return identity, nil
}