diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-01-17 01:55:01 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-01-17 01:55:01 +0100 |
commit | 8ea2af444feec46e9086bb6c410762b18c7252fe (patch) | |
tree | 44eea8e4c21956813c19a1b443b1082c51bd3cbe | |
parent | 5b11d19b678283d6fbc72dc9fb3d5f3cfabc1d92 (diff) |
more work towards DB versioning
m--------- | doc/prebuilt | 0 | ||||
-rw-r--r-- | src/auditordb/0000.sql | 293 | ||||
-rw-r--r-- | src/auditordb/0001.sql | 237 | ||||
-rw-r--r-- | src/auditordb/9999.sql | 53 | ||||
-rw-r--r-- | src/auditordb/Makefile.am | 10 | ||||
-rw-r--r-- | src/auditordb/plugin_auditordb_postgres.c | 58 | ||||
-rw-r--r-- | src/exchangedb/0001.sql | 2 | ||||
-rw-r--r-- | src/exchangedb/Makefile.am | 2 | ||||
-rw-r--r-- | src/exchangedb/plugin_exchangedb_postgres.c | 1 | ||||
-rw-r--r-- | src/include/taler_auditordb_plugin.h | 10 |
10 files changed, 628 insertions, 38 deletions
diff --git a/doc/prebuilt b/doc/prebuilt -Subproject ca53235ccfa0458ebf11c204888ca370e20ec3f +Subproject 934a6a18301e81c4fd1b3a8cda2dc13dca4741c diff --git a/src/auditordb/0000.sql b/src/auditordb/0000.sql new file mode 100644 index 000000000..1483e2015 --- /dev/null +++ b/src/auditordb/0000.sql @@ -0,0 +1,293 @@ +-- LICENSE AND COPYRIGHT +-- +-- Copyright (C) 2010 Hubert depesz Lubaczewski +-- +-- This program is distributed under the (Revised) BSD License: +-- L<http://www.opensource.org/licenses/bsd-license.php> +-- +-- Redistribution and use in source and binary forms, with or without +-- modification, are permitted provided that the following conditions +-- are met: +-- +-- * Redistributions of source code must retain the above copyright +-- notice, this list of conditions and the following disclaimer. +-- +-- * Redistributions in binary form must reproduce the above copyright +-- notice, this list of conditions and the following disclaimer in the +-- documentation and/or other materials provided with the distribution. +-- +-- * Neither the name of Hubert depesz Lubaczewski's Organization +-- nor the names of its contributors may be used to endorse or +-- promote products derived from this software without specific +-- prior written permission. +-- +-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +-- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +-- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +-- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE +-- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +-- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +-- SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +-- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +-- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +-- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +-- +-- Code origin: https://gitlab.com/depesz/Versioning/blob/master/install.versioning.sql +-- +-- +-- # NAME +-- +-- **Versioning** - simplistic take on tracking and applying changes to databases. +-- +-- # DESCRIPTION +-- +-- This project strives to provide simple way to manage changes to +-- database. +-- +-- Instead of making changes on development server, then finding +-- differences between production and development, deciding which ones +-- should be installed on production, and finding a way to install them - +-- you start with writing diffs themselves! +-- +-- # INSTALLATION +-- +-- To install versioning simply run install.versioning.sql in your database +-- (all of them: production, stage, test, devel, ...). +-- +-- # USAGE +-- +-- In your files with patches to database, put whole logic in single +-- transaction, and use \_v.\* functions - usually \_v.register_patch() at +-- least to make sure everything is OK. +-- +-- For example. Let's assume you have patch files: +-- +-- ## 0001.sql: +-- +-- ``` +-- create table users (id serial primary key, username text); +-- ``` +-- +-- ## 0002.sql: +-- +-- ``` +-- insert into users (username) values ('depesz'); +-- ``` +-- To change it to use versioning you would change the files, to this +-- state: +-- +-- 0000.sql: +-- +-- ``` +-- BEGIN; +-- select _v.register_patch('000-base', NULL, NULL); +-- create table users (id serial primary key, username text); +-- COMMIT; +-- ``` +-- +-- ## 0002.sql: +-- +-- ``` +-- BEGIN; +-- select _v.register_patch('001-users', ARRAY['000-base'], NULL); +-- insert into users (username) values ('depesz'); +-- COMMIT; +-- ``` +-- +-- This will make sure that patch 001-users can only be applied after +-- 000-base. +-- +-- # AVAILABLE FUNCTIONS +-- +-- ## \_v.register_patch( TEXT ) +-- +-- Registers named patch, or dies if it is already registered. +-- +-- Returns integer which is id of patch in \_v.patches table - only if it +-- succeeded. +-- +-- ## \_v.register_patch( TEXT, TEXT[] ) +-- +-- Same as \_v.register_patch( TEXT ), but checks is all given patches (given as +-- array in second argument) are already registered. +-- +-- ## \_v.register_patch( TEXT, TEXT[], TEXT[] ) +-- +-- Same as \_v.register_patch( TEXT, TEXT[] ), but also checks if there are no conflicts with preexisting patches. +-- +-- Third argument is array of names of patches that conflict with current one. So +-- if any of them is installed - register_patch will error out. +-- +-- ## \_v.unregister_patch( TEXT ) +-- +-- Removes information about given patch from the versioning data. +-- +-- It doesn't remove objects that were created by this patch - just removes +-- metainformation. +-- +-- ## \_v.assert_user_is_superuser() +-- +-- Make sure that current patch is being loaded by superuser. +-- +-- If it's not - it will raise exception, and break transaction. +-- +-- ## \_v.assert_user_is_not_superuser() +-- +-- Make sure that current patch is not being loaded by superuser. +-- +-- If it is - it will raise exception, and break transaction. +-- +-- ## \_v.assert_user_is_one_of(TEXT, TEXT, ... ) +-- +-- Make sure that current patch is being loaded by one of listed users. +-- +-- If ```current_user``` is not listed as one of arguments - function will raise +-- exception and break the transaction. + +BEGIN; + +-- This file adds versioning support to database it will be loaded to. +-- It requires that PL/pgSQL is already loaded - will raise exception otherwise. +-- All versioning "stuff" (tables, functions) is in "_v" schema. + +-- All functions are defined as 'RETURNS SETOF INT4' to be able to make them to RETURN literaly nothing (0 rows). +-- >> RETURNS VOID<< IS similar, but it still outputs "empty line" in psql when calling. +CREATE SCHEMA IF NOT EXISTS _v; +COMMENT ON SCHEMA _v IS 'Schema for versioning data and functionality.'; + +CREATE TABLE IF NOT EXISTS _v.patches ( + patch_name TEXT PRIMARY KEY, + applied_tsz TIMESTAMPTZ NOT NULL DEFAULT now(), + applied_by TEXT NOT NULL, + requires TEXT[], + conflicts TEXT[] +); +COMMENT ON TABLE _v.patches IS 'Contains information about what patches are currently applied on database.'; +COMMENT ON COLUMN _v.patches.patch_name IS 'Name of patch, has to be unique for every patch.'; +COMMENT ON COLUMN _v.patches.applied_tsz IS 'When the patch was applied.'; +COMMENT ON COLUMN _v.patches.applied_by IS 'Who applied this patch (PostgreSQL username)'; +COMMENT ON COLUMN _v.patches.requires IS 'List of patches that are required for given patch.'; +COMMENT ON COLUMN _v.patches.conflicts IS 'List of patches that conflict with given patch.'; + +CREATE OR REPLACE FUNCTION _v.register_patch( IN in_patch_name TEXT, IN in_requirements TEXT[], in_conflicts TEXT[], OUT versioning INT4 ) RETURNS setof INT4 AS $$ +DECLARE + t_text TEXT; + t_text_a TEXT[]; + i INT4; +BEGIN + -- Thanks to this we know only one patch will be applied at a time + LOCK TABLE _v.patches IN EXCLUSIVE MODE; + + SELECT patch_name INTO t_text FROM _v.patches WHERE patch_name = in_patch_name; + IF FOUND THEN + RAISE EXCEPTION 'Patch % is already applied!', in_patch_name; + END IF; + + t_text_a := ARRAY( SELECT patch_name FROM _v.patches WHERE patch_name = any( in_conflicts ) ); + IF array_upper( t_text_a, 1 ) IS NOT NULL THEN + RAISE EXCEPTION 'Versioning patches conflict. Conflicting patche(s) installed: %.', array_to_string( t_text_a, ', ' ); + END IF; + + IF array_upper( in_requirements, 1 ) IS NOT NULL THEN + t_text_a := '{}'; + FOR i IN array_lower( in_requirements, 1 ) .. array_upper( in_requirements, 1 ) LOOP + SELECT patch_name INTO t_text FROM _v.patches WHERE patch_name = in_requirements[i]; + IF NOT FOUND THEN + t_text_a := t_text_a || in_requirements[i]; + END IF; + END LOOP; + IF array_upper( t_text_a, 1 ) IS NOT NULL THEN + RAISE EXCEPTION 'Missing prerequisite(s): %.', array_to_string( t_text_a, ', ' ); + END IF; + END IF; + + INSERT INTO _v.patches (patch_name, applied_tsz, applied_by, requires, conflicts ) VALUES ( in_patch_name, now(), current_user, coalesce( in_requirements, '{}' ), coalesce( in_conflicts, '{}' ) ); + RETURN; +END; +$$ language plpgsql; +COMMENT ON FUNCTION _v.register_patch( TEXT, TEXT[], TEXT[] ) IS 'Function to register patches in database. Raises exception if there are conflicts, prerequisites are not installed or the migration has already been installed.'; + +CREATE OR REPLACE FUNCTION _v.register_patch( TEXT, TEXT[] ) RETURNS setof INT4 AS $$ + SELECT _v.register_patch( $1, $2, NULL ); +$$ language sql; +COMMENT ON FUNCTION _v.register_patch( TEXT, TEXT[] ) IS 'Wrapper to allow registration of patches without conflicts.'; +CREATE OR REPLACE FUNCTION _v.register_patch( TEXT ) RETURNS setof INT4 AS $$ + SELECT _v.register_patch( $1, NULL, NULL ); +$$ language sql; +COMMENT ON FUNCTION _v.register_patch( TEXT ) IS 'Wrapper to allow registration of patches without requirements and conflicts.'; + +CREATE OR REPLACE FUNCTION _v.unregister_patch( IN in_patch_name TEXT, OUT versioning INT4 ) RETURNS setof INT4 AS $$ +DECLARE + i INT4; + t_text_a TEXT[]; +BEGIN + -- Thanks to this we know only one patch will be applied at a time + LOCK TABLE _v.patches IN EXCLUSIVE MODE; + + t_text_a := ARRAY( SELECT patch_name FROM _v.patches WHERE in_patch_name = ANY( requires ) ); + IF array_upper( t_text_a, 1 ) IS NOT NULL THEN + RAISE EXCEPTION 'Cannot uninstall %, as it is required by: %.', in_patch_name, array_to_string( t_text_a, ', ' ); + END IF; + + DELETE FROM _v.patches WHERE patch_name = in_patch_name; + GET DIAGNOSTICS i = ROW_COUNT; + IF i < 1 THEN + RAISE EXCEPTION 'Patch % is not installed, so it can''t be uninstalled!', in_patch_name; + END IF; + + RETURN; +END; +$$ language plpgsql; +COMMENT ON FUNCTION _v.unregister_patch( TEXT ) IS 'Function to unregister patches in database. Dies if the patch is not registered, or if unregistering it would break dependencies.'; + +CREATE OR REPLACE FUNCTION _v.assert_patch_is_applied( IN in_patch_name TEXT ) RETURNS TEXT as $$ +DECLARE + t_text TEXT; +BEGIN + SELECT patch_name INTO t_text FROM _v.patches WHERE patch_name = in_patch_name; + IF NOT FOUND THEN + RAISE EXCEPTION 'Patch % is not applied!', in_patch_name; + END IF; + RETURN format('Patch %s is applied.', in_patch_name); +END; +$$ language plpgsql; +COMMENT ON FUNCTION _v.assert_patch_is_applied( TEXT ) IS 'Function that can be used to make sure that patch has been applied.'; + +CREATE OR REPLACE FUNCTION _v.assert_user_is_superuser() RETURNS TEXT as $$ +DECLARE + v_super bool; +BEGIN + SELECT usesuper INTO v_super FROM pg_user WHERE usename = current_user; + IF v_super THEN + RETURN 'assert_user_is_superuser: OK'; + END IF; + RAISE EXCEPTION 'Current user is not superuser - cannot continue.'; +END; +$$ language plpgsql; +COMMENT ON FUNCTION _v.assert_user_is_superuser() IS 'Function that can be used to make sure that patch is being applied using superuser account.'; + +CREATE OR REPLACE FUNCTION _v.assert_user_is_not_superuser() RETURNS TEXT as $$ +DECLARE + v_super bool; +BEGIN + SELECT usesuper INTO v_super FROM pg_user WHERE usename = current_user; + IF v_super THEN + RAISE EXCEPTION 'Current user is superuser - cannot continue.'; + END IF; + RETURN 'assert_user_is_not_superuser: OK'; +END; +$$ language plpgsql; +COMMENT ON FUNCTION _v.assert_user_is_not_superuser() IS 'Function that can be used to make sure that patch is being applied using normal (not superuser) account.'; + +CREATE OR REPLACE FUNCTION _v.assert_user_is_one_of(VARIADIC p_acceptable_users TEXT[] ) RETURNS TEXT as $$ +DECLARE +BEGIN + IF current_user = any( p_acceptable_users ) THEN + RETURN 'assert_user_is_one_of: OK'; + END IF; + RAISE EXCEPTION 'User is not one of: % - cannot continue.', p_acceptable_users; +END; +$$ language plpgsql; +COMMENT ON FUNCTION _v.assert_user_is_one_of(TEXT[]) IS 'Function that can be used to make sure that patch is being applied by one of defined users.'; + +COMMIT; diff --git a/src/auditordb/0001.sql b/src/auditordb/0001.sql new file mode 100644 index 000000000..425436e28 --- /dev/null +++ b/src/auditordb/0001.sql @@ -0,0 +1,237 @@ +-- +-- This file is part of TALER +-- Copyright (C) 2014--2020 Taler Systems SA +-- +-- TALER is free software; you can redistribute it and/or modify it under the +-- terms of the GNU General Public License as published by the Free Software +-- Foundation; either version 3, or (at your option) any later version. +-- +-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY +-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +-- A PARTICULAR PURPOSE. See the GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License along with +-- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +-- + +-- Everything in one big transaction +BEGIN; + +-- Check patch versioning is in place. +SELECT _v.register_patch('auditor-0001', NULL, NULL); + + +CREATE TABLE IF NOT EXISTS auditor_exchanges + (master_pub BYTEA PRIMARY KEY CHECK (LENGTH(master_pub)=32) + ,exchange_url VARCHAR NOT NULL + ); +-- Table with list of signing keys of exchanges we are auditing +CREATE TABLE IF NOT EXISTS auditor_exchange_signkeys + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,ep_start INT8 NOT NULL + ,ep_expire INT8 NOT NULL + ,ep_end INT8 NOT NULL + ,exchange_pub BYTEA NOT NULL CHECK (LENGTH(exchange_pub)=32) + ,master_sig BYTEA NOT NULL CHECK (LENGTH(master_sig)=64) + ); +-- Table with all of the denomination keys that the auditor +-- is aware of. +CREATE TABLE IF NOT EXISTS auditor_denominations + (denom_pub_hash BYTEA PRIMARY KEY CHECK (LENGTH(denom_pub_hash)=64) + ,master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,valid_from INT8 NOT NULL + ,expire_withdraw INT8 NOT NULL + ,expire_deposit INT8 NOT NULL + ,expire_legal INT8 NOT NULL + ,coin_val INT8 NOT NULL + ,coin_frac INT4 NOT NULL + ,fee_withdraw_val INT8 NOT NULL + ,fee_withdraw_frac INT4 NOT NULL + ,fee_deposit_val INT8 NOT NULL + ,fee_deposit_frac INT4 NOT NULL + ,fee_refresh_val INT8 NOT NULL + ,fee_refresh_frac INT4 NOT NULL + ,fee_refund_val INT8 NOT NULL + ,fee_refund_frac INT4 NOT NULL + ); +-- Table indicating up to which transactions the auditor has +-- processed the exchange database. Used for SELECTing the +-- statements to process. The indices below include the last +-- serial ID from the respective tables that we have +-- processed. Thus, we need to select those table entries that are +-- strictly larger (and process in monotonically increasing +-- order). +CREATE TABLE IF NOT EXISTS auditor_progress_reserve + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,last_reserve_in_serial_id INT8 NOT NULL DEFAULT 0 + ,last_reserve_out_serial_id INT8 NOT NULL DEFAULT 0 + ,last_reserve_payback_serial_id INT8 NOT NULL DEFAULT 0 + ,last_reserve_close_serial_id INT8 NOT NULL DEFAULT 0 + ); +CREATE TABLE IF NOT EXISTS auditor_progress_aggregation + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,last_wire_out_serial_id INT8 NOT NULL DEFAULT 0 + ); +CREATE TABLE IF NOT EXISTS auditor_progress_deposit_confirmation + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,last_deposit_confirmation_serial_id INT8 NOT NULL DEFAULT 0 + ); +CREATE TABLE IF NOT EXISTS auditor_progress_coin + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,last_withdraw_serial_id INT8 NOT NULL DEFAULT 0 + ,last_deposit_serial_id INT8 NOT NULL DEFAULT 0 + ,last_melt_serial_id INT8 NOT NULL DEFAULT 0 + ,last_refund_serial_id INT8 NOT NULL DEFAULT 0 + ,last_payback_serial_id INT8 NOT NULL DEFAULT 0 + ,last_payback_refresh_serial_id INT8 NOT NULL DEFAULT 0 + ); +CREATE TABLE IF NOT EXISTS wire_auditor_account_progress + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,account_name TEXT NOT NULL + ,last_wire_reserve_in_serial_id INT8 NOT NULL DEFAULT 0 + ,last_wire_wire_out_serial_id INT8 NOT NULL DEFAULT 0 + ,wire_in_off INT8 + ,wire_out_off INT8 + ); +CREATE TABLE IF NOT EXISTS wire_auditor_progress + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,last_timestamp INT8 NOT NULL + ,last_reserve_close_uuid INT8 NOT NULL + ); +-- Table with all of the customer reserves and their respective +-- balances that the auditor is aware of. +-- last_reserve_out_serial_id marks the last withdrawal from +-- reserves_out about this reserve that the auditor is aware of, +-- and last_reserve_in_serial_id is the last reserve_in +-- operation about this reserve that the auditor is aware of. +CREATE TABLE IF NOT EXISTS auditor_reserves + (reserve_pub BYTEA NOT NULL CHECK(LENGTH(reserve_pub)=32) + ,master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,reserve_balance_val INT8 NOT NULL + ,reserve_balance_frac INT4 NOT NULL + ,withdraw_fee_balance_val INT8 NOT NULL + ,withdraw_fee_balance_frac INT4 NOT NULL + ,expiration_date INT8 NOT NULL + ,auditor_reserves_rowid BIGSERIAL UNIQUE + ,origin_account TEXT + ); +CREATE INDEX auditor_reserves_by_reserve_pub + ON auditor_reserves + (reserve_pub); +-- Table with the sum of the balances of all customer reserves +-- (by exchange's master public key) +CREATE TABLE IF NOT EXISTS auditor_reserve_balance + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,reserve_balance_val INT8 NOT NULL + ,reserve_balance_frac INT4 NOT NULL + ,withdraw_fee_balance_val INT8 NOT NULL + ,withdraw_fee_balance_frac INT4 NOT NULL + ); +-- Table with the sum of the balances of all wire fees +-- (by exchange's master public key) +CREATE TABLE IF NOT EXISTS auditor_wire_fee_balance + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,wire_fee_balance_val INT8 NOT NULL + ,wire_fee_balance_frac INT4 NOT NULL + ); +-- Table with all of the outstanding denomination coins that the +-- exchange is aware of and what the respective balances are +-- (outstanding as well as issued overall which implies the +-- maximum value at risk). We also count the number of coins +-- issued (withdraw, refresh-reveal) and the number of coins seen +-- at the exchange (refresh-commit, deposit), not just the amounts. */GNUNET_PQ_make_execute ( +CREATE TABLE IF NOT EXISTS auditor_denomination_pending + (denom_pub_hash BYTEA PRIMARY KEY REFERENCES auditor_denominations (denom_pub_hash) ON DELETE CASCADE + ,denom_balance_val INT8 NOT NULL + ,denom_balance_frac INT4 NOT NULL + ,denom_loss_val INT8 NOT NULL + ,denom_loss_frac INT4 NOT NULL + ,num_issued INT8 NOT NULL + ,denom_risk_val INT8 NOT NULL + ,denom_risk_frac INT4 NOT NULL + ,payback_loss_val INT8 NOT NULL + ,payback_loss_frac INT4 NOT NULL + ); +-- Table with the sum of the outstanding coins from +-- auditor_denomination_pending (denom_pubs must belong to the +-- respective's exchange's master public key); it represents the +-- auditor_balance_summary of the exchange at this point (modulo +-- unexpected historic_loss-style events where denomination keys are +-- compromised) +CREATE TABLE IF NOT EXISTS auditor_balance_summary + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,denom_balance_val INT8 NOT NULL + ,denom_balance_frac INT4 NOT NULL + ,deposit_fee_balance_val INT8 NOT NULL + ,deposit_fee_balance_frac INT4 NOT NULL + ,melt_fee_balance_val INT8 NOT NULL + ,melt_fee_balance_frac INT4 NOT NULL + ,refund_fee_balance_val INT8 NOT NULL + ,refund_fee_balance_frac INT4 NOT NULL + ,risk_val INT8 NOT NULL + ,risk_frac INT4 NOT NULL + ,loss_val INT8 NOT NULL + ,loss_frac INT4 NOT NULL + ); +-- Table with historic profits; basically, when a denom_pub has +-- expired and everything associated with it is garbage collected, +-- the final profits end up in here; note that the denom_pub here +-- is not a foreign key, we just keep it as a reference point. +-- revenue_balance is the sum of all of the profits we made on the +-- coin except for withdraw fees (which are in +-- historic_reserve_revenue); the deposit, melt and refund fees are given +-- individually; the delta to the revenue_balance is from coins that +-- were withdrawn but never deposited prior to expiration. +CREATE TABLE IF NOT EXISTS auditor_historic_denomination_revenue + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,denom_pub_hash BYTEA PRIMARY KEY CHECK (LENGTH(denom_pub_hash)=64) + ,revenue_timestamp INT8 NOT NULL + ,revenue_balance_val INT8 NOT NULL + ,revenue_balance_frac INT4 NOT NULL + ,loss_balance_val INT8 NOT NULL + ,loss_balance_frac INT4 NOT NULL + ); +-- Table with historic profits from reserves; we eventually +-- GC auditor_historic_reserve_revenue, and then store the totals +-- in here (by time intervals). +CREATE TABLE IF NOT EXISTS auditor_historic_reserve_summary + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,start_date INT8 NOT NULL + ,end_date INT8 NOT NULL + ,reserve_profits_val INT8 NOT NULL + ,reserve_profits_frac INT4 NOT NULL + ); +CREATE INDEX auditor_historic_reserve_summary_by_master_pub_start_date + ON auditor_historic_reserve_summary + (master_pub + ,start_date); +-- Table with deposit confirmation sent to us by merchants; +-- we must check that the exchange reported these properly. +CREATE TABLE IF NOT EXISTS deposit_confirmations + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,serial_id BIGSERIAL UNIQUE + ,h_contract_terms BYTEA CHECK (LENGTH(h_contract_terms)=64) + ,h_wire BYTEA CHECK (LENGTH(h_wire)=64) + ,timestamp INT8 NOT NULL + ,refund_deadline INT8 NOT NULL + ,amount_without_fee_val INT8 NOT NULL + ,amount_without_fee_frac INT4 NOT NULL + ,coin_pub BYTEA CHECK (LENGTH(coin_pub)=32) + ,merchant_pub BYTEA CHECK (LENGTH(merchant_pub)=32) + ,exchange_sig BYTEA CHECK (LENGTH(exchange_sig)=64) + ,exchange_pub BYTEA CHECK (LENGTH(exchange_pub)=32) + ,master_sig BYTEA CHECK (LENGTH(master_sig)=64) + ,PRIMARY KEY (h_contract_terms,h_wire,coin_pub,merchant_pub,exchange_sig,exchange_pub,master_sig) + ); +-- Table with the sum of the ledger, auditor_historic_revenue and +-- the auditor_reserve_balance. This is the +-- final amount that the exchange should have in its bank account +-- right now. +CREATE TABLE IF NOT EXISTS auditor_predicted_result + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,balance_val INT8 NOT NULL + ,balance_frac INT4 NOT NULL + ); + +-- Finally, commit everything +COMMIT; diff --git a/src/auditordb/9999.sql b/src/auditordb/9999.sql new file mode 100644 index 000000000..d6add4b20 --- /dev/null +++ b/src/auditordb/9999.sql @@ -0,0 +1,53 @@ +-- +-- This file is part of TALER +-- Copyright (C) 2014--2020 Taler Systems SA +-- +-- TALER is free software; you can redistribute it and/or modify it under the +-- terms of the GNU General Public License as published by the Free Software +-- Foundation; either version 3, or (at your option) any later version. +-- +-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY +-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +-- A PARTICULAR PURPOSE. See the GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License along with +-- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +-- + +-- Everything in one big transaction +BEGIN; + +NOTE: This code is not yet ready / in use. It was archived here +as we might want this kind of table in the future. It is NOT +to be installed in a production system (hence in EXTRA_DIST and +not in the SQL target!) + +-- Check patch versioning is in place. +SELECT _v.register_patch('auditor-9999', NULL, NULL); + + +-- Table with historic business ledger; basically, when the exchange +-- operator decides to use operating costs for anything but wire +-- transfers to merchants, it goes in here. This happens when the +-- operator users transaction fees for business expenses. purpose +-- is free-form but should be a human-readable wire transfer +-- identifier. This is NOT yet used and outside of the scope of +-- the core auditing logic. However, once we do take fees to use +-- operating costs, and if we still want auditor_predicted_result to match +-- the tables overall, we'll need a command-line tool to insert rows +-- into this table and update auditor_predicted_result accordingly. +-- (So this table for now just exists as a reminder of what we'll +-- need in the long term.) +CREATE TABLE IF NOT EXISTS auditor_historic_ledger + (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE + ,purpose VARCHAR NOT NULL + ,timestamp INT8 NOT NULL + ,balance_val INT8 NOT NULL + ,balance_frac INT4 NOT NULL + ); +CREATE INDEX history_ledger_by_master_pub_and_time + ON auditor_historic_ledger + (master_pub + ,timestamp); + +COMMIT; diff --git a/src/auditordb/Makefile.am b/src/auditordb/Makefile.am index 640f95f25..58aec5a84 100644 --- a/src/auditordb/Makefile.am +++ b/src/auditordb/Makefile.am @@ -11,9 +11,17 @@ pkgcfgdir = $(prefix)/share/taler/config.d/ pkgcfg_DATA = \ auditordb-postgres.conf +sqldir = $(prefix)/share/taler/sql/auditor/ + +sql_DATA = \ + 0000.sql \ + 0001.sql + EXTRA_DIST = \ auditordb-postgres.conf \ - test-auditor-db-postgres.conf + test-auditor-db-postgres.conf \ + $(sql_DATA) \ + 9999.sql plugindir = $(libdir)/taler diff --git a/src/auditordb/plugin_auditordb_postgres.c b/src/auditordb/plugin_auditordb_postgres.c index fb2d77312..25734facc 100644 --- a/src/auditordb/plugin_auditordb_postgres.c +++ b/src/auditordb/plugin_auditordb_postgres.c @@ -13,7 +13,6 @@ You should have received a copy of the GNU General Public License along with TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> */ - /** * @file plugin_auditordb_postgres.c * @brief Low-level (statement-level) Postgres database access for the auditor @@ -94,10 +93,14 @@ struct PostgresClosure /** - * Drop all Taler tables. This should only be used by testcases. + * Drop all auditor tables OR deletes recoverable auditor state. + * This should only be used by testcases or when restarting the + * auditor from scratch. * * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param drop_exchangelist should we also drop the exchange and deposit_confirmations table? + * @param drop_exchangelist drop all tables, including schema versioning + * and the exchange and deposit_confirmations table; NOT to be + * used when restarting the auditor * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure */ static int @@ -106,8 +109,26 @@ postgres_drop_tables (void *cls, { struct PostgresClosure *pc = cls; struct GNUNET_PQ_ExecuteStatement es[] = { + GNUNET_PQ_make_execute ("DELETE FROM auditor_predicted_result;"), + GNUNET_PQ_make_execute ( + "DELETE FROM auditor_historic_denomination_revenue;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_balance_summary;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_denomination_pending;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_reserve_balance;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_wire_fee_balance;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_reserves;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_progress_reserve;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_progress_aggregation;"), + GNUNET_PQ_make_execute ( + "DELETE FROM auditor_progress_deposit_confirmation;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_progress_coin;"), + GNUNET_PQ_make_execute ("DELETE FROM wire_auditor_progress;"), + GNUNET_PQ_make_execute ("DELETE FROM wire_auditor_account_progress;"), + GNUNET_PQ_make_execute ("DELETE FROM auditor_historic_reserve_summary;"), + GNUNET_PQ_EXECUTE_STATEMENT_END + }; + struct GNUNET_PQ_ExecuteStatement esx[] = { GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS auditor_predicted_result;"), - GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS auditor_historic_ledger;"), GNUNET_PQ_make_execute ( "DROP TABLE IF EXISTS auditor_historic_denomination_revenue;"), GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS auditor_balance_summary;"), @@ -127,14 +148,12 @@ postgres_drop_tables (void *cls, "DROP TABLE IF EXISTS wire_auditor_account_progress;"), GNUNET_PQ_make_execute ( "DROP TABLE IF EXISTS auditor_historic_reserve_summary CASCADE;"), - GNUNET_PQ_EXECUTE_STATEMENT_END - }; - struct GNUNET_PQ_ExecuteStatement esx[] = { GNUNET_PQ_make_execute ( "DROP TABLE IF EXISTS auditor_denominations CASCADE;"), GNUNET_PQ_make_execute ( "DROP TABLE IF EXISTS deposit_confirmations CASCADE;"), GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS auditor_exchanges CASCADE;"), + GNUNET_PQ_make_execute ("DROP SCHEMA IF EXISTS _v CASCADE;"), GNUNET_PQ_EXECUTE_STATEMENT_END }; struct GNUNET_PQ_Context *conn; @@ -149,10 +168,6 @@ postgres_drop_tables (void *cls, if (drop_exchangelist) ret = GNUNET_PQ_exec_statements (conn, esx); - /* TODO: we probably need a bit more fine-grained control - over drops for the '-r' option of taler-auditor; also, - for the testcase, we currently fail to drop the - auditor_denominations table... */ GNUNET_PQ_disconnect (conn); return ret; } @@ -377,27 +392,6 @@ postgres_create_tables (void *cls) ",PRIMARY KEY (h_contract_terms, h_wire, coin_pub, " " merchant_pub, exchange_sig, exchange_pub, master_sig)" ")"), - /* Table with historic business ledger; basically, when the exchange - operator decides to use operating costs for anything but wire - transfers to merchants, it goes in here. This happens when the - operator users transaction fees for business expenses. "purpose" - is free-form but should be a human-readable wire transfer - identifier. This is NOT yet used and outside of the scope of - the core auditing logic. However, once we do take fees to use - operating costs, and if we still want "auditor_predicted_result" to match - the tables overall, we'll need a command-line tool to insert rows - into this table and update "auditor_predicted_result" accordingly. - (So this table for now just exists as a reminder of what we'll - need in the long term.) */GNUNET_PQ_make_execute ("CREATE TABLE IF NOT EXISTS auditor_historic_ledger" - "(master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE" - ",purpose VARCHAR NOT NULL" - ",timestamp INT8 NOT NULL" - ",balance_val INT8 NOT NULL" - ",balance_frac INT4 NOT NULL" - ")"), - GNUNET_PQ_make_try_execute ( - "CREATE INDEX history_ledger_by_master_pub_and_time " - "ON auditor_historic_ledger(master_pub,timestamp)"), /* Table with the sum of the ledger, auditor_historic_revenue and the auditor_reserve_balance. This is the final amount that the exchange should have in its bank account diff --git a/src/exchangedb/0001.sql b/src/exchangedb/0001.sql index 92e0d599c..45694fe0f 100644 --- a/src/exchangedb/0001.sql +++ b/src/exchangedb/0001.sql @@ -18,7 +18,7 @@ BEGIN; -- Check patch versioning is in place. -SELECT _v.register_patch('0001', NULL, NULL); +SELECT _v.register_patch('exchange-0001', NULL, NULL); -- Main denominations table. All the coins the exchange knows about. diff --git a/src/exchangedb/Makefile.am b/src/exchangedb/Makefile.am index d16cc8b31..52e1bdad8 100644 --- a/src/exchangedb/Makefile.am +++ b/src/exchangedb/Makefile.am @@ -23,7 +23,7 @@ EXTRA_DIST = \ exchangedb-postgres.conf \ plugin_exchangedb_common.c \ test-exchange-db-postgres.conf - + $(sql_DATA) plugindir = $(libdir)/taler diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index b9c9d6742..73db049eb 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -166,6 +166,7 @@ postgres_drop_tables (void *cls) GNUNET_PQ_make_execute ( "DROP TABLE IF EXISTS denomination_revocations CASCADE;"), GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS denominations CASCADE;"), + GNUNET_PQ_make_execute ("DROP SCHEMA IF EXISTS _v CASCADE;"), GNUNET_PQ_EXECUTE_STATEMENT_END }; struct GNUNET_PQ_Context *conn; diff --git a/src/include/taler_auditordb_plugin.h b/src/include/taler_auditordb_plugin.h index 14d477d30..18558c692 100644 --- a/src/include/taler_auditordb_plugin.h +++ b/src/include/taler_auditordb_plugin.h @@ -425,10 +425,14 @@ struct TALER_AUDITORDB_Plugin /** - * Drop the Taler tables. This should only be used in testcases. + * Drop all auditor tables OR deletes recoverable auditor state. + * This should only be used by testcases or when restarting the + * auditor from scratch. * - * @param cls the @e cls of this struct with the plugin-specific state - * @param drop_exchangelist should we also drop the exchange and deposit_confirmations table? + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param drop_exchangelist drop all tables, including schema versioning + * and the exchange and deposit_confirmations table; NOT to be + * used when restarting the auditor * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure */ int |