Add a SQL schema and DAO for KmsSecretRevision (#840)

* Add a SQL schema and DAO for KmsSecretRevision The dual-object nature of KmsSecret and KmsSecretRevision will not be necessary once we have moved to SQL. In that world, the only object will be the one now called KmsSecretRevision. KmsSecretRevision already stores its parent so all we need to do is convert that key to the String secretName (or from the secretName to the key, if loading from SQL) and select the max revision ID for a given secret name. In a future PR, we will add a dual-writing DAO to these objects and perform the dual writes, similar to how ReservedList functions. * Regenerate diagram * Rename revisionId and cryptoKeyVersionName * Fix SQL files and diagram
2025-07-08 20:23:24 +02:00 · 2020-10-30 18:45:43 -04:00 · 2020-10-30 18:45:43 -04:00 · d685f7e2df
commit d685f7e2df
parent 40eef2a06c
12 changed files with 1229 additions and 763 deletions
--- a/core/src/test/java/google/registry/model/server/KmsSecretRevisionSqlDaoTest.java
+++ b/core/src/test/java/google/registry/model/server/KmsSecretRevisionSqlDaoTest.java
@ -0,0 +1,86 @@
+// Copyright 2020 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.model.server;
+
+import static com.google.common.truth.Truth.assertThat;
+import static google.registry.model.ImmutableObjectSubject.assertAboutImmutableObjects;
+import static google.registry.persistence.transaction.TransactionManagerFactory.jpaTm;
+
+import google.registry.persistence.transaction.JpaTestRules;
+import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCoverageExtension;
+import google.registry.testing.DatastoreEntityExtension;
+import google.registry.testing.FakeClock;
+import java.util.Optional;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+/** Tests for {@link google.registry.model.server.KmsSecretRevisionSqlDao}. */
+public class KmsSecretRevisionSqlDaoTest {
+
+  private final FakeClock fakeClock = new FakeClock();
+
+  @RegisterExtension
+  @Order(value = 1)
+  DatastoreEntityExtension datastoreEntityExtension = new DatastoreEntityExtension();
+
+  @RegisterExtension
+  JpaIntegrationWithCoverageExtension jpa =
+      new JpaTestRules.Builder().withClock(fakeClock).buildIntegrationWithCoverageExtension();
+
+  @Test
+  void testSaveAndRetrieve() {
+    KmsSecretRevision revision = createRevision();
+    jpaTm().transact(() -> KmsSecretRevisionSqlDao.save(revision));
+    Optional<KmsSecretRevision> fromSql =
+        jpaTm().transact(() -> KmsSecretRevisionSqlDao.getLatestRevision("secretName"));
+    assertThat(fromSql.isPresent()).isTrue();
+    assertAboutImmutableObjects().that(revision).isEqualExceptFields(fromSql.get(), "creationTime");
+  }
+
+  @Test
+  void testMultipleRevisions() {
+    KmsSecretRevision revision = createRevision();
+    jpaTm().transact(() -> KmsSecretRevisionSqlDao.save(revision));
+
+    KmsSecretRevision secondRevision = createRevision();
+    secondRevision.encryptedValue = "someOtherValue";
+    jpaTm().transact(() -> KmsSecretRevisionSqlDao.save(secondRevision));
+
+    Optional<KmsSecretRevision> fromSql =
+        jpaTm().transact(() -> KmsSecretRevisionSqlDao.getLatestRevision("secretName"));
+    assertThat(fromSql.isPresent()).isTrue();
+    assertThat(fromSql.get().getEncryptedValue()).isEqualTo("someOtherValue");
+  }
+
+  @Test
+  void testNonexistent() {
+    KmsSecretRevision revision = createRevision();
+    jpaTm().transact(() -> KmsSecretRevisionSqlDao.save(revision));
+    assertThat(
+            jpaTm()
+                .transact(() -> KmsSecretRevisionSqlDao.getLatestRevision("someOtherSecretName"))
+                .isPresent())
+        .isFalse();
+  }
+
+  private KmsSecretRevision createRevision() {
+    return new KmsSecretRevision.Builder()
+        .setEncryptedValue("encrypted")
+        .setKmsCryptoKeyVersionName("version")
+        .setParent("secretName")
+        .build();
+  }
+}
--- a/core/src/test/java/google/registry/schema/integration/SqlIntegrationTestSuite.java
+++ b/core/src/test/java/google/registry/schema/integration/SqlIntegrationTestSuite.java
@ -29,6 +29,7 @@ import google.registry.model.registry.RegistryLockDaoTest;
 import google.registry.model.registry.RegistryTest;
 import google.registry.model.registry.label.ReservedListSqlDaoTest;
 import google.registry.model.reporting.Spec11ThreatMatchTest;
+import google.registry.model.server.KmsSecretRevisionSqlDaoTest;
 import google.registry.model.smd.SignedMarkRevocationListDaoTest;
 import google.registry.model.tmch.ClaimsListDaoTest;
 import google.registry.persistence.transaction.JpaEntityCoverageExtension;
@ -85,6 +86,7 @@ import org.junit.runner.RunWith;
  DomainBaseSqlTest.class,
  DomainHistoryTest.class,
  HostHistoryTest.class,
+  KmsSecretRevisionSqlDaoTest.class,
  LockDaoTest.class,
  PollMessageTest.class,
  PremiumListDaoTest.class,