legion-data 1.1.5 → 1.3.7

data/lib/legion/data/migrations/020_add_webhooks.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  up do
+    create_table(:webhooks) do
+      primary_key :id
+      String :url, null: false, size: 2048
+      String :secret, null: false, size: 255
+      String :event_types, text: true
+      String :status, default: 'active', size: 20
+      Integer :max_retries, default: 5
+      DateTime :created_at, default: Sequel::CURRENT_TIMESTAMP
+      DateTime :updated_at, default: Sequel::CURRENT_TIMESTAMP
+    end
+
+    create_table(:webhook_deliveries) do
+      primary_key :id
+      foreign_key :webhook_id, :webhooks, null: false, index: true
+      String :event_name, null: false, size: 255
+      Integer :response_status
+      TrueClass :success
+      Integer :attempt, default: 1
+      String :error, text: true
+      DateTime :delivered_at, default: Sequel::CURRENT_TIMESTAMP
+    end
+
+    create_table(:webhook_dead_letters) do
+      primary_key :id
+      foreign_key :webhook_id, :webhooks, null: false, index: true
+      String :event_name, null: false, size: 255
+      String :payload, text: true
+      Integer :attempts
+      String :last_error, text: true
+      DateTime :created_at, default: Sequel::CURRENT_TIMESTAMP
+    end
+  end
+end

data/lib/legion/data/model.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Legion
   module Data
     module Models
@@ -5,7 +7,8 @@ module Legion
         attr_reader :loaded_models
 
         def models
-          %w[user group extension chain relationship function task runner task_log datacenter environment node setting]
+          %w[extension function relationship task runner node setting digital_worker
+             apollo_entry apollo_relation apollo_expertise apollo_access_log audit_log]
         end
 
         def load
@@ -16,7 +19,7 @@ module Legion
         end
 
         def require_sequel_models(files = models)
-          Dir["#{File.dirname(__FILE__)}models/*.rb"].each { |file| puts file }
+          # Dir["#{File.dirname(__FILE__)}models/*.rb"].each { |file| puts file }
           files.each { |file| load_sequel_model(file) }
         end
 

data/lib/legion/data/models/apollo_access_log.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+return unless Legion::Data::Connection.adapter == :postgres
+
+module Legion
+  module Data
+    module Model
+      class ApolloAccessLog < Sequel::Model(:apollo_access_log)
+        many_to_one :entry, class: 'Legion::Data::Model::ApolloEntry', key: :entry_id
+      end
+    end
+  end
+end

data/lib/legion/data/models/apollo_entry.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+return unless Legion::Data::Connection.adapter == :postgres
+
+module Legion
+  module Data
+    module Model
+      class ApolloEntry < Sequel::Model(:apollo_entries)
+        one_to_many :outgoing_relations, class: 'Legion::Data::Model::ApolloRelation',
+                                         key:   :from_entry_id
+        one_to_many :incoming_relations, class: 'Legion::Data::Model::ApolloRelation',
+                                         key:   :to_entry_id
+        one_to_many :access_logs, class: 'Legion::Data::Model::ApolloAccessLog',
+                                  key:   :entry_id
+      end
+    end
+  end
+end

data/lib/legion/data/models/apollo_expertise.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+return unless Legion::Data::Connection.adapter == :postgres
+
+module Legion
+  module Data
+    module Model
+      class ApolloExpertise < Sequel::Model(:apollo_expertise)
+      end
+    end
+  end
+end

data/lib/legion/data/models/apollo_relation.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+return unless Legion::Data::Connection.adapter == :postgres
+
+module Legion
+  module Data
+    module Model
+      class ApolloRelation < Sequel::Model(:apollo_relations)
+        many_to_one :from_entry, class: 'Legion::Data::Model::ApolloEntry', key: :from_entry_id
+        many_to_one :to_entry, class: 'Legion::Data::Model::ApolloEntry', key: :to_entry_id
+      end
+    end
+  end
+end

data/lib/legion/data/models/audit_log.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Legion
+  module Data
+    module Model
+      class AuditLog < Sequel::Model(:audit_log)
+        VALID_EVENT_TYPES = %w[runner_execution lifecycle_transition].freeze
+        VALID_STATUSES    = %w[success failure denied].freeze
+
+        def validate
+          super
+          errors.add(:event_type, 'invalid') unless VALID_EVENT_TYPES.include?(event_type)
+          errors.add(:status, 'invalid')     unless VALID_STATUSES.include?(status)
+        end
+
+        def parsed_detail
+          return nil unless detail
+
+          Legion::JSON.load(detail)
+        rescue StandardError
+          nil
+        end
+
+        def before_update
+          raise 'audit_log records are immutable and cannot be updated'
+        end
+
+        def before_destroy
+          raise 'audit_log records are immutable and cannot be deleted'
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/digital_worker.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Legion
+  module Data
+    module Model
+      class DigitalWorker < Sequel::Model
+        one_to_many :tasks, key: :worker_id, primary_key: :worker_id
+
+        LIFECYCLE_STATES = %w[bootstrap active paused retired terminated].freeze
+        CONSENT_TIERS    = %w[supervised consult notify autonomous].freeze
+        RISK_TIERS       = %w[low medium high critical].freeze
+        HEALTH_STATUSES  = %w[online offline unknown].freeze
+
+        def validate
+          super
+          errors.add(:lifecycle_state, 'invalid') unless LIFECYCLE_STATES.include?(lifecycle_state)
+          errors.add(:consent_tier, 'invalid')    unless CONSENT_TIERS.include?(consent_tier)
+          errors.add(:risk_tier, 'invalid')        if risk_tier && !RISK_TIERS.include?(risk_tier)
+          errors.add(:health_status, 'invalid')    if health_status && !HEALTH_STATUSES.include?(health_status)
+        end
+
+        def active?
+          lifecycle_state == 'active'
+        end
+
+        def terminated?
+          lifecycle_state == 'terminated'
+        end
+
+        def paused?
+          lifecycle_state == 'paused'
+        end
+
+        def online?
+          health_status == 'online'
+        end
+
+        def offline?
+          health_status == 'offline'
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/function.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require_relative 'relationship'
-
 module Legion
   module Data
     module Model

data/lib/legion/data/models/node.rb

@@ -4,9 +4,23 @@ module Legion
   module Data
     module Model
       class Node < Sequel::Model
-        many_to_one :environment
-        many_to_one :datacenter
-        one_to_many :task_log
+        # one_to_many :task_log
+
+        def parsed_metrics
+          return nil unless metrics
+
+          Legion::JSON.load(metrics)
+        rescue StandardError
+          nil
+        end
+
+        def parsed_hosted_worker_ids
+          return [] unless hosted_worker_ids
+
+          Legion::JSON.load(hosted_worker_ids)
+        rescue StandardError
+          []
+        end
       end
     end
   end

data/lib/legion/data/models/rbac_cross_team_grant.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Legion
+  module Data
+    module Model
+      class RbacCrossTeamGrant < Sequel::Model
+        def validate
+          super
+          errors.add(:source_team, 'cannot be empty') if source_team.nil? || source_team.empty?
+          errors.add(:target_team, 'cannot be empty') if target_team.nil? || target_team.empty?
+          errors.add(:source_team, 'cannot equal target_team') if source_team == target_team
+          errors.add(:runner_pattern, 'cannot be empty') if runner_pattern.nil? || runner_pattern.empty?
+          errors.add(:actions, 'cannot be empty') if actions.nil? || actions.empty?
+          errors.add(:granted_by, 'cannot be empty') if granted_by.nil? || granted_by.empty?
+        end
+
+        def expired?
+          return false if expires_at.nil?
+
+          expires_at < Time.now
+        end
+
+        def active?
+          !expired?
+        end
+
+        def actions_list
+          (actions || '').split(',').map(&:strip)
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/rbac_role_assignment.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Legion
+  module Data
+    module Model
+      class RbacRoleAssignment < Sequel::Model
+        VALID_PRINCIPAL_TYPES = %w[worker human].freeze
+
+        def validate
+          super
+          errors.add(:principal_type, 'must be worker or human') unless VALID_PRINCIPAL_TYPES.include?(principal_type)
+          errors.add(:principal_id, 'cannot be empty') if principal_id.nil? || principal_id.empty?
+          errors.add(:role, 'cannot be empty') if role.nil? || role.empty?
+          errors.add(:granted_by, 'cannot be empty') if granted_by.nil? || granted_by.empty?
+        end
+
+        def expired?
+          return false if expires_at.nil?
+
+          expires_at < Time.now
+        end
+
+        def active?
+          !expired?
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/rbac_runner_grant.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Legion
+  module Data
+    module Model
+      class RbacRunnerGrant < Sequel::Model
+        def validate
+          super
+          errors.add(:team, 'cannot be empty') if team.nil? || team.empty?
+          errors.add(:runner_pattern, 'cannot be empty') if runner_pattern.nil? || runner_pattern.empty?
+          errors.add(:actions, 'cannot be empty') if actions.nil? || actions.empty?
+          errors.add(:granted_by, 'cannot be empty') if granted_by.nil? || granted_by.empty?
+        end
+
+        def actions_list
+          (actions || '').split(',').map(&:strip)
+        end
+      end
+    end
+  end
+end

data/lib/legion/data/models/relationship.rb

@@ -1,15 +1,12 @@
 # frozen_string_literal: true
 
-require_relative 'function'
-
 module Legion
   module Data
     module Model
       class Relationship < Sequel::Model
-        many_to_one :chain
-        one_to_many :task
-        many_to_one :trigger, class: Legion::Data::Model::Function
-        many_to_one :action, class: Legion::Data::Model::Function
+        many_to_one :trigger, class: 'Legion::Data::Model::Function'
+        many_to_one :action, class: 'Legion::Data::Model::Function'
+        one_to_many :tasks
       end
     end
   end

data/lib/legion/data/settings.rb

@@ -1,18 +1,52 @@
+# frozen_string_literal: true
+
 module Legion
   module Data
     module Settings
+      CREDS = {
+        sqlite:   {
+          database: 'legionio.db'
+        },
+        mysql2:   {
+          username: 'legion',
+          password: 'legion',
+          database: 'legionio',
+          host:     '127.0.0.1',
+          port:     3306
+        },
+        postgres: {
+          user:     'legion',
+          password: 'legion',
+          database: 'legionio',
+          host:     '127.0.0.1',
+          port:     5432
+        }
+      }.freeze
+
       def self.default
         {
+          adapter:          'sqlite',
           connected:        false,
           cache:            cache,
           connection:       connection,
           creds:            creds,
           migrations:       migrations,
           models:           models,
+          local:            local,
+          dev_mode:         false,
+          dev_fallback:     true,
           connect_on_start: true
         }
       end
 
+      def self.local
+        {
+          enabled:    true,
+          database:   'legionio_local.db',
+          migrations: { auto_migrate: true }
+        }
+      end
+
       def self.models
         {
           continue_on_load_fail: false,
@@ -40,14 +74,9 @@ module Legion
         }
       end
 
-      def self.creds
-        {
-          username: 'legion',
-          password: 'legion',
-          database: 'legion',
-          host:     '127.0.0.1',
-          port:     3306
-        }
+      def self.creds(adapter = nil)
+        adapter = (adapter || :sqlite).to_sym
+        CREDS.fetch(adapter, CREDS[:sqlite]).dup
       end
 
       def self.cache

data/lib/legion/data/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Legion
   module Data
-    VERSION = '1.1.5'.freeze
+    VERSION = '1.3.7'
   end
 end

data/lib/legion/data.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'legion/data/version'
 require 'legion/data/settings'
 require 'sequel'
@@ -5,6 +7,7 @@ require 'sequel'
 require 'legion/data/connection'
 require 'legion/data/model'
 require 'legion/data/migration'
+require_relative 'data/local'
 
 module Legion
   module Data
@@ -14,6 +17,7 @@ module Legion
         migrate
         load_models
         setup_cache
+        setup_local
       end
 
       def connection_setup
@@ -34,28 +38,42 @@ module Legion
         Legion::Data::Connection.sequel
       end
 
+      def local
+        Legion::Data::Local
+      end
+
       def setup_cache
         return if Legion::Settings[:data][:cache][:enabled]
 
-        return unless defined?(::Legion::Cache)
+        nil unless defined?(::Legion::Cache)
 
-        Legion::Data::Model::Relationship.plugin :caching, Legion::Cache, ttl: 10
-        Legion::Data::Model::Runner.plugin :caching, Legion::Cache, ttl: 60
-        Legion::Data::Model::Chain.plugin :caching, Legion::Cache, ttl: 60
-        Legion::Data::Model::Datacenter.plugin :caching, Legion::Cache, ttl: 120
-        Legion::Data::Model::Function.plugin :caching, Legion::Cache, ttl: 120
-        Legion::Data::Model::Extension.plugin :caching, Legion::Cache, ttl: 120
-        Legion::Data::Model::Node.plugin :caching, Legion::Cache, ttl: 10
-        Legion::Data::Model::TaskLog.plugin :caching, Legion::Cache, ttl: 12
-        Legion::Data::Model::Task.plugin :caching, Legion::Cache, ttl: 10
-        Legion::Data::Model::User.plugin :caching, Legion::Cache, ttl: 120
-        Legion::Data::Model::Group.plugin :caching, Legion::Cache, ttl: 120
-        Legion::Logging.info 'Legion::Data connected to Legion::Cache'
+        # Legion::Data::Model::Relationship.plugin :caching, Legion::Cache, ttl: 10
+        # Legion::Data::Model::Runner.plugin :caching, Legion::Cache, ttl: 60
+        # Legion::Data::Model::Chain.plugin :caching, Legion::Cache, ttl: 60
+        # Legion::Data::Model::Function.plugin :caching, Legion::Cache, ttl: 120
+        # Legion::Data::Model::Extension.plugin :caching, Legion::Cache, ttl: 120
+        # Legion::Data::Model::Node.plugin :caching, Legion::Cache, ttl: 10
+        # Legion::Data::Model::TaskLog.plugin :caching, Legion::Cache, ttl: 12
+        # Legion::Data::Model::Task.plugin :caching, Legion::Cache, ttl: 10
+        # Legion::Data::Model::User.plugin :caching, Legion::Cache, ttl: 120
+        # Legion::Data::Model::Group.plugin :caching, Legion::Cache, ttl: 120
+        # Legion::Logging.info 'Legion::Data connected to Legion::Cache'
       end
 
       def shutdown
+        Legion::Data::Local.shutdown if defined?(Legion::Data::Local) && Legion::Data::Local.connected?
         Legion::Data::Connection.shutdown
       end
+
+      private
+
+      def setup_local
+        return if Legion::Settings[:data].dig(:local, :enabled) == false
+
+        Legion::Data::Local.setup
+      rescue StandardError => e
+        Legion::Logging.warn "Legion::Data::Local failed to setup: #{e.message}" if defined?(Legion::Logging)
+      end
     end
   end
 end