• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

sapcc / limes / 17052541397

18 Aug 2025 09:07PM UTC coverage: 80.184% (+0.002%) from 80.182%
17052541397

Pull #766

github

wagnerd3
remove liquidServiceType (only used for testing)
Pull Request #766: remove liquidServiceType (only used for testing)

5 of 8 new or added lines in 3 files covered. (62.5%)

7405 of 9235 relevant lines covered (80.18%)

57.46 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.37
/internal/api/commitment.go
1
// SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company
2
// SPDX-License-Identifier: Apache-2.0
3

4
package api
5

6
import (
7
        "cmp"
8
        "context"
9
        "database/sql"
10
        "encoding/json"
11
        "errors"
12
        "fmt"
13
        "maps"
14
        "net/http"
15
        "slices"
16
        "strings"
17
        "time"
18

19
        "github.com/gorilla/mux"
20
        . "github.com/majewsky/gg/option"
21
        "github.com/majewsky/gg/options"
22
        "github.com/sapcc/go-api-declarations/cadf"
23
        "github.com/sapcc/go-api-declarations/limes"
24
        limesresources "github.com/sapcc/go-api-declarations/limes/resources"
25
        "github.com/sapcc/go-api-declarations/liquid"
26
        "github.com/sapcc/go-bits/audittools"
27
        "github.com/sapcc/go-bits/errext"
28
        "github.com/sapcc/go-bits/gopherpolicy"
29
        "github.com/sapcc/go-bits/httpapi"
30
        "github.com/sapcc/go-bits/liquidapi"
31
        "github.com/sapcc/go-bits/logg"
32
        "github.com/sapcc/go-bits/must"
33
        "github.com/sapcc/go-bits/respondwith"
34
        "github.com/sapcc/go-bits/sqlext"
35

36
        "github.com/sapcc/limes/internal/core"
37
        "github.com/sapcc/limes/internal/datamodel"
38
        "github.com/sapcc/limes/internal/db"
39
        "github.com/sapcc/limes/internal/reports"
40
)
41

42
var (
43
        getProjectCommitmentsQuery = sqlext.SimplifyWhitespace(db.ExpandEnumPlaceholders(`
44
                SELECT pc.*
45
                  FROM project_commitments pc
46
                  JOIN az_resources cazr ON pc.az_resource_id = cazr.id
47
                  JOIN resources cr ON cazr.resource_id = cr.id {{AND cr.name = $resource_name}}
48
                  JOIN services cs ON cr.service_id = cs.id {{AND cs.type = $service_type}}
49
                 WHERE %s AND pc.status NOT IN ({{liquid.CommitmentStatusSuperseded}}, {{liquid.CommitmentStatusExpired}})
50
                 ORDER BY pc.id
51
        `))
52

53
        getAZResourceLocationsQuery = sqlext.SimplifyWhitespace(`
54
                SELECT cazr.id, cs.type, cr.name, cazr.az
55
                  FROM project_az_resources pazr
56
                  JOIN az_resources cazr on pazr.az_resource_id = cazr.id
57
                  JOIN resources cr ON cazr.resource_id = cr.id {{AND cr.name = $resource_name}}
58
                  JOIN services cs ON cr.service_id = cs.id {{AND cs.type = $service_type}}
59
                 WHERE %s
60
        `)
61

62
        findProjectCommitmentByIDQuery = sqlext.SimplifyWhitespace(`
63
                SELECT pc.*
64
                  FROM project_commitments pc
65
                 WHERE pc.id = $1 AND pc.project_id = $2
66
        `)
67

68
        findAZResourceIDByLocationQuery = sqlext.SimplifyWhitespace(db.ExpandEnumPlaceholders(`
69
                SELECT cazr.id, pr.forbidden IS NOT TRUE as resource_allows_commitments, COALESCE(total_confirmed, 0) as total_confirmed
70
                FROM az_resources cazr
71
                JOIN resources cr ON cazr.resource_id = cr.id
72
                JOIN services cs ON cr.service_id = cs.id
73
                JOIN project_resources pr ON pr.resource_id = cr.id
74
                LEFT JOIN (
75
                        SELECT SUM(pc.amount) as total_confirmed
76
                        FROM az_resources cazr
77
                        JOIN resources cr ON cazr.resource_id = cr.id
78
                        JOIN services cs ON cr.service_id = cs.id
79
                        JOIN project_commitments pc ON cazr.id = pc.az_resource_id
80
                        WHERE pc.project_id = $1 AND cs.type = $2 AND cr.name = $3 AND cazr.az = $4 AND status = {{liquid.CommitmentStatusConfirmed}}
81
                ) pc ON 1=1
82
                WHERE pr.project_id = $1 AND cs.type = $2 AND cr.name = $3 AND cazr.az = $4
83
        `))
84

85
        findAZResourceLocationByIDQuery = sqlext.SimplifyWhitespace(db.ExpandEnumPlaceholders(`
86
                SELECT cs.type, cr.name, cazr.az, COALESCE(pc.total_confirmed,0) AS total_confirmed
87
                FROM az_resources cazr
88
                JOIN resources cr ON cazr.resource_id = cr.id
89
                JOIN services cs ON cr.service_id = cs.id
90
                LEFT JOIN (
91
                                SELECT SUM(amount) as total_confirmed
92
                                FROM project_commitments pc
93
                                WHERE az_resource_id = $1 AND project_id = $2 AND status = {{liquid.CommitmentStatusConfirmed}}
94
                ) pc ON 1=1
95
                WHERE cazr.id = $1;
96
        `))
97
        getCommitmentWithMatchingTransferTokenQuery = sqlext.SimplifyWhitespace(`
98
                SELECT * FROM project_commitments WHERE id = $1 AND transfer_token = $2
99
        `)
100
        findCommitmentByTransferToken = sqlext.SimplifyWhitespace(`
101
                SELECT * FROM project_commitments WHERE transfer_token = $1
102
        `)
103
)
104

105
// GetProjectCommitments handles GET /v1/domains/:domain_id/projects/:project_id/commitments.
106
func (p *v1Provider) GetProjectCommitments(w http.ResponseWriter, r *http.Request) {
15✔
107
        httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/commitments")
15✔
108
        token := p.CheckToken(r)
15✔
109
        if !token.Require(w, "project:show") {
16✔
110
                return
1✔
111
        }
1✔
112
        dbDomain := p.FindDomainFromRequest(w, r)
14✔
113
        if dbDomain == nil {
15✔
114
                return
1✔
115
        }
1✔
116
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
13✔
117
        if dbProject == nil {
14✔
118
                return
1✔
119
        }
1✔
120
        serviceInfos, err := p.Cluster.AllServiceInfos()
12✔
121
        if respondwith.ObfuscatedErrorText(w, err) {
12✔
122
                return
×
123
        }
×
124

125
        // enumerate project AZ resources
126
        filter := reports.ReadFilter(r, p.Cluster, serviceInfos)
12✔
127
        queryStr, joinArgs := filter.PrepareQuery(getAZResourceLocationsQuery)
12✔
128
        whereStr, whereArgs := db.BuildSimpleWhereClause(map[string]any{"pazr.project_id": dbProject.ID}, len(joinArgs))
12✔
129
        azResourceLocationsByID := make(map[db.AZResourceID]core.AZResourceLocation)
12✔
130
        err = sqlext.ForeachRow(p.DB, fmt.Sprintf(queryStr, whereStr), append(joinArgs, whereArgs...), func(rows *sql.Rows) error {
185✔
131
                var (
173✔
132
                        id  db.AZResourceID
173✔
133
                        loc core.AZResourceLocation
173✔
134
                )
173✔
135
                err := rows.Scan(&id, &loc.ServiceType, &loc.ResourceName, &loc.AvailabilityZone)
173✔
136
                if err != nil {
173✔
137
                        return err
×
138
                }
×
139
                // this check is defense in depth (the DB should be consistent with our config)
140
                if core.HasResource(serviceInfos, loc.ServiceType, loc.ResourceName) {
346✔
141
                        azResourceLocationsByID[id] = loc
173✔
142
                }
173✔
143
                return nil
173✔
144
        })
145
        if respondwith.ObfuscatedErrorText(w, err) {
12✔
146
                return
×
147
        }
×
148

149
        // enumerate relevant project commitments
150
        queryStr, joinArgs = filter.PrepareQuery(getProjectCommitmentsQuery)
12✔
151
        whereStr, whereArgs = db.BuildSimpleWhereClause(map[string]any{"pc.project_id": dbProject.ID}, len(joinArgs))
12✔
152
        var dbCommitments []db.ProjectCommitment
12✔
153
        _, err = p.DB.Select(&dbCommitments, fmt.Sprintf(queryStr, whereStr), append(joinArgs, whereArgs...)...)
12✔
154
        if respondwith.ObfuscatedErrorText(w, err) {
12✔
155
                return
×
156
        }
×
157

158
        // render response
159
        result := make([]limesresources.Commitment, 0, len(dbCommitments))
12✔
160
        for _, c := range dbCommitments {
26✔
161
                loc, exists := azResourceLocationsByID[c.AZResourceID]
14✔
162
                if !exists {
14✔
163
                        // defense in depth (the DB should not change that much between those two queries above)
×
164
                        continue
×
165
                }
166
                serviceInfo := core.InfoForService(serviceInfos, loc.ServiceType)
14✔
167
                resInfo := core.InfoForResource(serviceInfo, loc.ResourceName)
14✔
168
                result = append(result, p.convertCommitmentToDisplayForm(c, loc, token, resInfo.Unit))
14✔
169
        }
170

171
        respondwith.JSON(w, http.StatusOK, map[string]any{"commitments": result})
12✔
172
}
173

174
func (p *v1Provider) convertCommitmentToDisplayForm(c db.ProjectCommitment, loc core.AZResourceLocation, token *gopherpolicy.Token, unit limes.Unit) limesresources.Commitment {
59✔
175
        apiIdentity := p.Cluster.BehaviorForResource(loc.ServiceType, loc.ResourceName).IdentityInV1API
59✔
176
        return limesresources.Commitment{
59✔
177
                ID:               int64(c.ID),
59✔
178
                UUID:             string(c.UUID),
59✔
179
                ServiceType:      apiIdentity.ServiceType,
59✔
180
                ResourceName:     apiIdentity.Name,
59✔
181
                AvailabilityZone: loc.AvailabilityZone,
59✔
182
                Amount:           c.Amount,
59✔
183
                Unit:             unit,
59✔
184
                Duration:         c.Duration,
59✔
185
                CreatedAt:        limes.UnixEncodedTime{Time: c.CreatedAt},
59✔
186
                CreatorUUID:      c.CreatorUUID,
59✔
187
                CreatorName:      c.CreatorName,
59✔
188
                CanBeDeleted:     p.canDeleteCommitment(token, c),
59✔
189
                ConfirmBy:        options.Map(c.ConfirmBy, intoUnixEncodedTime).AsPointer(),
59✔
190
                ConfirmedAt:      options.Map(c.ConfirmedAt, intoUnixEncodedTime).AsPointer(),
59✔
191
                ExpiresAt:        limes.UnixEncodedTime{Time: c.ExpiresAt},
59✔
192
                TransferStatus:   c.TransferStatus,
59✔
193
                TransferToken:    c.TransferToken.AsPointer(),
59✔
194
                Status:           c.Status,
59✔
195
                NotifyOnConfirm:  c.NotifyOnConfirm,
59✔
196
                WasRenewed:       c.RenewContextJSON.IsSome(),
59✔
197
        }
59✔
198
}
59✔
199

200
// parseAndValidateCommitmentRequest parses and validates the request body for a commitment creation or confirmation.
201
// This function in its current form should only be used if the serviceInfo is not necessary to be used outside
202
// of this validation to avoid unnecessary database queries.
203
func (p *v1Provider) parseAndValidateCommitmentRequest(w http.ResponseWriter, r *http.Request, dbDomain db.Domain) (*limesresources.CommitmentRequest, *core.AZResourceLocation, *core.ScopedCommitmentBehavior, *liquid.ServiceInfo) {
47✔
204
        // parse request
47✔
205
        var parseTarget struct {
47✔
206
                Request limesresources.CommitmentRequest `json:"commitment"`
47✔
207
        }
47✔
208
        if !RequireJSON(w, r, &parseTarget) {
48✔
209
                return nil, nil, nil, nil
1✔
210
        }
1✔
211
        req := parseTarget.Request
46✔
212

46✔
213
        // validate request
46✔
214
        serviceInfos, err := p.Cluster.AllServiceInfos()
46✔
215
        if respondwith.ObfuscatedErrorText(w, err) {
46✔
216
                return nil, nil, nil, nil
×
217
        }
×
218
        nm := core.BuildResourceNameMapping(p.Cluster, serviceInfos)
46✔
219
        dbServiceType, dbResourceName, ok := nm.MapFromV1API(req.ServiceType, req.ResourceName)
46✔
220
        if !ok {
48✔
221
                msg := fmt.Sprintf("no such service and/or resource: %s/%s", req.ServiceType, req.ResourceName)
2✔
222
                http.Error(w, msg, http.StatusUnprocessableEntity)
2✔
223
                return nil, nil, nil, nil
2✔
224
        }
2✔
225
        behavior := p.Cluster.CommitmentBehaviorForResource(dbServiceType, dbResourceName).ForDomain(dbDomain.Name)
44✔
226
        serviceInfo := core.InfoForService(serviceInfos, dbServiceType)
44✔
227
        resInfo := core.InfoForResource(serviceInfo, dbResourceName)
44✔
228
        if len(behavior.Durations) == 0 {
45✔
229
                http.Error(w, "commitments are not enabled for this resource", http.StatusUnprocessableEntity)
1✔
230
                return nil, nil, nil, nil
1✔
231
        }
1✔
232
        if resInfo.Topology == liquid.FlatTopology {
46✔
233
                if req.AvailabilityZone != limes.AvailabilityZoneAny {
4✔
234
                        http.Error(w, `resource does not accept AZ-aware commitments, so the AZ must be set to "any"`, http.StatusUnprocessableEntity)
1✔
235
                        return nil, nil, nil, nil
1✔
236
                }
1✔
237
        } else {
40✔
238
                if !slices.Contains(p.Cluster.Config.AvailabilityZones, req.AvailabilityZone) {
44✔
239
                        http.Error(w, "no such availability zone", http.StatusUnprocessableEntity)
4✔
240
                        return nil, nil, nil, nil
4✔
241
                }
4✔
242
        }
243
        if !slices.Contains(behavior.Durations, req.Duration) {
39✔
244
                buf := must.Return(json.Marshal(behavior.Durations)) // panic on error is acceptable here, marshals should never fail
1✔
245
                msg := "unacceptable commitment duration for this resource, acceptable values: " + string(buf)
1✔
246
                http.Error(w, msg, http.StatusUnprocessableEntity)
1✔
247
                return nil, nil, nil, nil
1✔
248
        }
1✔
249
        if req.Amount == 0 {
38✔
250
                http.Error(w, "amount of committed resource must be greater than zero", http.StatusUnprocessableEntity)
1✔
251
                return nil, nil, nil, nil
1✔
252
        }
1✔
253

254
        loc := core.AZResourceLocation{
36✔
255
                ServiceType:      dbServiceType,
36✔
256
                ResourceName:     dbResourceName,
36✔
257
                AvailabilityZone: req.AvailabilityZone,
36✔
258
        }
36✔
259
        return &req, &loc, &behavior, &serviceInfo
36✔
260
}
261

262
// CanConfirmNewProjectCommitment handles POST /v1/domains/:domain_id/projects/:project_id/commitments/can-confirm.
263
func (p *v1Provider) CanConfirmNewProjectCommitment(w http.ResponseWriter, r *http.Request) {
8✔
264
        httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/commitments/can-confirm")
8✔
265
        token := p.CheckToken(r)
8✔
266
        if !token.Require(w, "project:edit") {
8✔
267
                return
×
268
        }
×
269
        dbDomain := p.FindDomainFromRequest(w, r)
8✔
270
        if dbDomain == nil {
8✔
271
                return
×
272
        }
×
273
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
8✔
274
        if dbProject == nil {
8✔
275
                return
×
276
        }
×
277
        req, loc, behavior, serviceInfo := p.parseAndValidateCommitmentRequest(w, r, *dbDomain)
8✔
278
        if req == nil {
8✔
279
                return
×
280
        }
×
281

282
        var (
8✔
283
                azResourceID              db.AZResourceID
8✔
284
                resourceAllowsCommitments bool
8✔
285
                totalConfirmed            uint64
8✔
286
        )
8✔
287
        err := p.DB.QueryRow(findAZResourceIDByLocationQuery, dbProject.ID, loc.ServiceType, loc.ResourceName, loc.AvailabilityZone).
8✔
288
                Scan(&azResourceID, &resourceAllowsCommitments, &totalConfirmed)
8✔
289
        if respondwith.ObfuscatedErrorText(w, err) {
8✔
290
                return
×
291
        }
×
292
        if !resourceAllowsCommitments {
8✔
293
                msg := fmt.Sprintf("resource %s/%s is not enabled in this project", req.ServiceType, req.ResourceName)
×
294
                http.Error(w, msg, http.StatusUnprocessableEntity)
×
295
                return
×
296
        }
×
297
        _ = azResourceID // returned by the above query, but not used in this function
8✔
298

8✔
299
        // this api should always check CanConfirm at now()
8✔
300
        now := p.timeNow()
8✔
301
        if req.ConfirmBy != nil {
8✔
302
                http.Error(w, "this API can only check whether a commitment can be confirmed immediately", http.StatusUnprocessableEntity)
×
303
                return
×
304
        }
×
305
        canConfirmErrMsg := behavior.CanConfirmCommitmentsAt(now)
8✔
306
        if canConfirmErrMsg != "" {
9✔
307
                respondwith.JSON(w, http.StatusOK, map[string]bool{"result": false})
1✔
308
                return
1✔
309
        }
1✔
310

311
        // check for committable capacity
312
        newStatus := liquid.CommitmentStatusConfirmed
7✔
313
        totalConfirmedAfter := totalConfirmed + req.Amount
7✔
314

7✔
315
        commitmentChangeResponse, err := p.DelegateChangeCommitments(r.Context(), liquid.CommitmentChangeRequest{
7✔
316
                DryRun:      true,
7✔
317
                AZ:          loc.AvailabilityZone,
7✔
318
                InfoVersion: serviceInfo.Version,
7✔
319
                ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
7✔
320
                        dbProject.UUID: {
7✔
321
                                ProjectMetadata: liquidProjectMetadataFromDBProject(*dbProject, *dbDomain, *serviceInfo),
7✔
322
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
7✔
323
                                        loc.ResourceName: {
7✔
324
                                                TotalConfirmedBefore: totalConfirmed,
7✔
325
                                                TotalConfirmedAfter:  totalConfirmedAfter,
7✔
326
                                                // TODO: change when introducing "guaranteed" commitments
7✔
327
                                                TotalGuaranteedBefore: 0,
7✔
328
                                                TotalGuaranteedAfter:  0,
7✔
329
                                                Commitments: []liquid.Commitment{
7✔
330
                                                        {
7✔
331
                                                                UUID:      p.generateProjectCommitmentUUID(),
7✔
332
                                                                OldStatus: None[liquid.CommitmentStatus](),
7✔
333
                                                                NewStatus: Some(newStatus),
7✔
334
                                                                Amount:    req.Amount,
7✔
335
                                                                ExpiresAt: req.Duration.AddTo(now),
7✔
336
                                                        },
7✔
337
                                                },
7✔
338
                                        },
7✔
339
                                },
7✔
340
                        },
7✔
341
                },
7✔
342
        }, loc.ServiceType, *serviceInfo, p.DB)
7✔
343
        if respondwith.ObfuscatedErrorText(w, err) {
7✔
344
                return
×
345
        }
×
346
        result := true
7✔
347
        if commitmentChangeResponse.RejectionReason != "" {
9✔
348
                evaluateRetryHeader(commitmentChangeResponse, w)
2✔
349
                result = false
2✔
350
        }
2✔
351
        respondwith.JSON(w, http.StatusOK, map[string]bool{"result": result})
7✔
352
}
353

354
// CreateProjectCommitment handles POST /v1/domains/:domain_id/projects/:project_id/commitments/new.
355
func (p *v1Provider) CreateProjectCommitment(w http.ResponseWriter, r *http.Request) {
42✔
356
        httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/commitments/new")
42✔
357
        token := p.CheckToken(r)
42✔
358
        if !token.Require(w, "project:edit") {
43✔
359
                return
1✔
360
        }
1✔
361
        dbDomain := p.FindDomainFromRequest(w, r)
41✔
362
        if dbDomain == nil {
42✔
363
                return
1✔
364
        }
1✔
365
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
40✔
366
        if dbProject == nil {
41✔
367
                return
1✔
368
        }
1✔
369
        req, loc, behavior, serviceInfo := p.parseAndValidateCommitmentRequest(w, r, *dbDomain)
39✔
370
        if req == nil {
50✔
371
                return
11✔
372
        }
11✔
373

374
        var (
28✔
375
                azResourceID              db.AZResourceID
28✔
376
                resourceAllowsCommitments bool
28✔
377
                totalConfirmed            uint64
28✔
378
        )
28✔
379
        err := p.DB.QueryRow(findAZResourceIDByLocationQuery, dbProject.ID, loc.ServiceType, loc.ResourceName, loc.AvailabilityZone).
28✔
380
                Scan(&azResourceID, &resourceAllowsCommitments, &totalConfirmed)
28✔
381
        if respondwith.ObfuscatedErrorText(w, err) {
28✔
382
                return
×
383
        }
×
384
        if !resourceAllowsCommitments {
29✔
385
                msg := fmt.Sprintf("resource %s/%s is not enabled in this project", req.ServiceType, req.ResourceName)
1✔
386
                http.Error(w, msg, http.StatusUnprocessableEntity)
1✔
387
                return
1✔
388
        }
1✔
389

390
        // if given, confirm_by must definitely after time.Now(), and also after the MinConfirmDate if configured
391
        now := p.timeNow()
27✔
392
        if req.ConfirmBy != nil && req.ConfirmBy.Before(now) {
28✔
393
                http.Error(w, "confirm_by must not be set in the past", http.StatusUnprocessableEntity)
1✔
394
                return
1✔
395
        }
1✔
396
        confirmBy := options.Map(options.FromPointer(req.ConfirmBy), fromUnixEncodedTime)
26✔
397
        canConfirmErrMsg := behavior.CanConfirmCommitmentsAt(confirmBy.UnwrapOr(now))
26✔
398
        if canConfirmErrMsg != "" {
27✔
399
                http.Error(w, canConfirmErrMsg, http.StatusUnprocessableEntity)
1✔
400
                return
1✔
401
        }
1✔
402

403
        // we want to validate committable capacity in the same transaction that creates the commitment
404
        tx, err := p.DB.Begin()
25✔
405
        if respondwith.ObfuscatedErrorText(w, err) {
25✔
406
                return
×
407
        }
×
408
        defer sqlext.RollbackUnlessCommitted(tx)
25✔
409

25✔
410
        // prepare commitment
25✔
411
        creationContext := db.CommitmentWorkflowContext{Reason: db.CommitmentReasonCreate}
25✔
412
        buf, err := json.Marshal(creationContext)
25✔
413
        if respondwith.ObfuscatedErrorText(w, err) {
25✔
414
                return
×
415
        }
×
416
        dbCommitment := db.ProjectCommitment{
25✔
417
                UUID:                p.generateProjectCommitmentUUID(),
25✔
418
                AZResourceID:        azResourceID,
25✔
419
                ProjectID:           dbProject.ID,
25✔
420
                Amount:              req.Amount,
25✔
421
                Duration:            req.Duration,
25✔
422
                CreatedAt:           now,
25✔
423
                CreatorUUID:         token.UserUUID(),
25✔
424
                CreatorName:         fmt.Sprintf("%s@%s", token.UserName(), token.UserDomainName()),
25✔
425
                ConfirmBy:           confirmBy,
25✔
426
                ConfirmedAt:         None[time.Time](), // may be set below
25✔
427
                ExpiresAt:           req.Duration.AddTo(confirmBy.UnwrapOr(now)),
25✔
428
                CreationContextJSON: json.RawMessage(buf),
25✔
429
        }
25✔
430
        if req.NotifyOnConfirm && confirmBy.IsNone() {
26✔
431
                http.Error(w, "notification on confirm cannot be set for commitments with immediate confirmation", http.StatusConflict)
1✔
432
                return
1✔
433
        }
1✔
434
        dbCommitment.NotifyOnConfirm = req.NotifyOnConfirm
24✔
435

24✔
436
        // we do an information to liquid in any case, right now we only check the result when confirming immediately
24✔
437
        newStatus := liquid.CommitmentStatusPlanned
24✔
438
        totalConfirmedAfter := totalConfirmed
24✔
439
        if confirmBy.IsNone() {
42✔
440
                newStatus = liquid.CommitmentStatusConfirmed
18✔
441
                totalConfirmedAfter += req.Amount
18✔
442
        }
18✔
443
        commitmentChangeRequest := liquid.CommitmentChangeRequest{
24✔
444
                AZ:          loc.AvailabilityZone,
24✔
445
                InfoVersion: serviceInfo.Version,
24✔
446
                ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
24✔
447
                        dbProject.UUID: {
24✔
448
                                ProjectMetadata: liquidProjectMetadataFromDBProject(*dbProject, *dbDomain, *serviceInfo),
24✔
449
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
24✔
450
                                        loc.ResourceName: {
24✔
451
                                                TotalConfirmedBefore: totalConfirmed,
24✔
452
                                                TotalConfirmedAfter:  totalConfirmedAfter,
24✔
453
                                                // TODO: change when introducing "guaranteed" commitments
24✔
454
                                                TotalGuaranteedBefore: 0,
24✔
455
                                                TotalGuaranteedAfter:  0,
24✔
456
                                                Commitments: []liquid.Commitment{
24✔
457
                                                        {
24✔
458
                                                                UUID:      dbCommitment.UUID,
24✔
459
                                                                OldStatus: None[liquid.CommitmentStatus](),
24✔
460
                                                                NewStatus: Some(newStatus),
24✔
461
                                                                Amount:    req.Amount,
24✔
462
                                                                ConfirmBy: confirmBy,
24✔
463
                                                                ExpiresAt: req.Duration.AddTo(confirmBy.UnwrapOr(now)),
24✔
464
                                                        },
24✔
465
                                                },
24✔
466
                                        },
24✔
467
                                },
24✔
468
                        },
24✔
469
                },
24✔
470
        }
24✔
471
        commitmentChangeResponse, err := p.DelegateChangeCommitments(r.Context(), commitmentChangeRequest, loc.ServiceType, *serviceInfo, p.DB)
24✔
472
        if respondwith.ObfuscatedErrorText(w, err) {
24✔
473
                return
×
474
        }
×
475

476
        if commitmentChangeRequest.RequiresConfirmation() {
42✔
477
                // if not planned for confirmation in the future, confirm immediately (or fail)
18✔
478
                if commitmentChangeResponse.RejectionReason != "" {
18✔
479
                        evaluateRetryHeader(commitmentChangeResponse, w)
×
480
                        http.Error(w, commitmentChangeResponse.RejectionReason, http.StatusConflict)
×
481
                        return
×
482
                }
×
483
                dbCommitment.ConfirmedAt = Some(now)
18✔
484
                dbCommitment.Status = liquid.CommitmentStatusConfirmed
18✔
485
        } else {
6✔
486
                // TODO: when introducing guaranteed, the customer can choose via the API signature whether he wants to create
6✔
487
                // the commitment only as guaranteed (RequestAsGuaranteed). If this request then fails, the customer could
6✔
488
                // resubmit it and get a planned commitment, which might never get confirmed.
6✔
489
                dbCommitment.Status = liquid.CommitmentStatusPlanned
6✔
490
        }
6✔
491

492
        // create commitment
493
        err = tx.Insert(&dbCommitment)
24✔
494
        if respondwith.ObfuscatedErrorText(w, err) {
24✔
495
                return
×
496
        }
×
497

498
        err = tx.Commit()
24✔
499
        if respondwith.ObfuscatedErrorText(w, err) {
24✔
500
                return
×
501
        }
×
502

503
        resourceInfo := core.InfoForResource(*serviceInfo, loc.ResourceName)
24✔
504
        commitment := p.convertCommitmentToDisplayForm(dbCommitment, *loc, token, resourceInfo.Unit)
24✔
505
        p.auditor.Record(audittools.Event{
24✔
506
                Time:       now,
24✔
507
                Request:    r,
24✔
508
                User:       token,
24✔
509
                ReasonCode: http.StatusCreated,
24✔
510
                Action:     cadf.CreateAction,
24✔
511
                Target: commitmentEventTarget{
24✔
512
                        DomainID:        dbDomain.UUID,
24✔
513
                        DomainName:      dbDomain.Name,
24✔
514
                        ProjectID:       dbProject.UUID,
24✔
515
                        ProjectName:     dbProject.Name,
24✔
516
                        Commitments:     []limesresources.Commitment{commitment},
24✔
517
                        WorkflowContext: Some(creationContext),
24✔
518
                },
24✔
519
        })
24✔
520

24✔
521
        // if the commitment is immediately confirmed, trigger a capacity scrape in
24✔
522
        // order to ApplyComputedProjectQuotas based on the new commitment
24✔
523
        if dbCommitment.ConfirmedAt.IsSome() {
42✔
524
                _, err := p.DB.Exec(`UPDATE services SET next_scrape_at = $1 WHERE type = $2`, now, loc.ServiceType)
18✔
525
                if err != nil {
18✔
526
                        logg.Error("could not trigger a new capacity scrape after creating commitment %s: %s", dbCommitment.UUID, err.Error())
×
527
                }
×
528
        }
529

530
        respondwith.JSON(w, http.StatusCreated, map[string]any{"commitment": commitment})
24✔
531
}
532

533
// MergeProjectCommitments handles POST /v1/domains/:domain_id/projects/:project_id/commitments/merge.
534
func (p *v1Provider) MergeProjectCommitments(w http.ResponseWriter, r *http.Request) {
12✔
535
        httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/commitments/merge")
12✔
536
        token := p.CheckToken(r)
12✔
537
        if !token.Require(w, "project:edit") {
13✔
538
                return
1✔
539
        }
1✔
540
        dbDomain := p.FindDomainFromRequest(w, r)
11✔
541
        if dbDomain == nil {
12✔
542
                return
1✔
543
        }
1✔
544
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
10✔
545
        if dbProject == nil {
11✔
546
                return
1✔
547
        }
1✔
548
        var parseTarget struct {
9✔
549
                CommitmentIDs []db.ProjectCommitmentID `json:"commitment_ids"`
9✔
550
        }
9✔
551
        if !RequireJSON(w, r, &parseTarget) {
9✔
552
                return
×
553
        }
×
554
        commitmentIDs := parseTarget.CommitmentIDs
9✔
555
        if len(commitmentIDs) < 2 {
10✔
556
                http.Error(w, fmt.Sprintf("merging requires at least two commitments, but %d were given", len(commitmentIDs)), http.StatusBadRequest)
1✔
557
                return
1✔
558
        }
1✔
559

560
        // Load commitments
561
        dbCommitments := make([]db.ProjectCommitment, len(commitmentIDs))
8✔
562
        commitmentUUIDs := make([]liquid.CommitmentUUID, len(commitmentIDs))
8✔
563
        for i, commitmentID := range commitmentIDs {
24✔
564
                err := p.DB.SelectOne(&dbCommitments[i], findProjectCommitmentByIDQuery, commitmentID, dbProject.ID)
16✔
565
                if errors.Is(err, sql.ErrNoRows) {
17✔
566
                        http.Error(w, "no such commitment", http.StatusNotFound)
1✔
567
                        return
1✔
568
                } else if respondwith.ObfuscatedErrorText(w, err) {
16✔
569
                        return
×
570
                }
×
571
                commitmentUUIDs[i] = dbCommitments[i].UUID
15✔
572
        }
573

574
        // Verify that all commitments agree on resource and AZ and are confirmed
575
        azResourceID := dbCommitments[0].AZResourceID
7✔
576
        for _, dbCommitment := range dbCommitments {
21✔
577
                if dbCommitment.AZResourceID != azResourceID {
16✔
578
                        http.Error(w, "all commitments must be on the same resource and AZ", http.StatusConflict)
2✔
579
                        return
2✔
580
                }
2✔
581
                if dbCommitment.Status != liquid.CommitmentStatusConfirmed {
16✔
582
                        http.Error(w, "only confirmed commitments may be merged", http.StatusConflict)
4✔
583
                        return
4✔
584
                }
4✔
585
        }
586

587
        var (
1✔
588
                loc            core.AZResourceLocation
1✔
589
                totalConfirmed uint64
1✔
590
        )
1✔
591
        err := p.DB.QueryRow(findAZResourceLocationByIDQuery, azResourceID, dbProject.ID).
1✔
592
                Scan(&loc.ServiceType, &loc.ResourceName, &loc.AvailabilityZone, &totalConfirmed)
1✔
593
        if errors.Is(err, sql.ErrNoRows) {
1✔
594
                http.Error(w, "no route to this commitment", http.StatusNotFound)
×
595
                return
×
596
        } else if respondwith.ObfuscatedErrorText(w, err) {
1✔
597
                return
×
598
        }
×
599

600
        // Start transaction for creating new commitment and marking merged commitments as superseded
601
        tx, err := p.DB.Begin()
1✔
602
        if respondwith.ObfuscatedErrorText(w, err) {
1✔
603
                return
×
604
        }
×
605
        defer sqlext.RollbackUnlessCommitted(tx)
1✔
606

1✔
607
        // Create merged template
1✔
608
        now := p.timeNow()
1✔
609
        dbMergedCommitment := db.ProjectCommitment{
1✔
610
                UUID:         p.generateProjectCommitmentUUID(),
1✔
611
                ProjectID:    dbProject.ID,
1✔
612
                AZResourceID: azResourceID,
1✔
613
                Amount:       0,                                   // overwritten below
1✔
614
                Duration:     limesresources.CommitmentDuration{}, // overwritten below
1✔
615
                CreatedAt:    now,
1✔
616
                CreatorUUID:  token.UserUUID(),
1✔
617
                CreatorName:  fmt.Sprintf("%s@%s", token.UserName(), token.UserDomainName()),
1✔
618
                ConfirmedAt:  Some(now),
1✔
619
                ExpiresAt:    time.Time{}, // overwritten below
1✔
620
                Status:       liquid.CommitmentStatusConfirmed,
1✔
621
        }
1✔
622

1✔
623
        // Fill amount and latest expiration date
1✔
624
        for _, dbCommitment := range dbCommitments {
3✔
625
                dbMergedCommitment.Amount += dbCommitment.Amount
2✔
626
                if dbCommitment.ExpiresAt.After(dbMergedCommitment.ExpiresAt) {
4✔
627
                        dbMergedCommitment.ExpiresAt = dbCommitment.ExpiresAt
2✔
628
                        dbMergedCommitment.Duration = dbCommitment.Duration
2✔
629
                }
2✔
630
        }
631

632
        // Fill workflow context
633
        creationContext := db.CommitmentWorkflowContext{
1✔
634
                Reason:                 db.CommitmentReasonMerge,
1✔
635
                RelatedCommitmentIDs:   commitmentIDs,
1✔
636
                RelatedCommitmentUUIDs: commitmentUUIDs,
1✔
637
        }
1✔
638
        buf, err := json.Marshal(creationContext)
1✔
639
        if respondwith.ObfuscatedErrorText(w, err) {
1✔
640
                return
×
641
        }
×
642
        dbMergedCommitment.CreationContextJSON = json.RawMessage(buf)
1✔
643

1✔
644
        // Insert into database
1✔
645
        err = tx.Insert(&dbMergedCommitment)
1✔
646
        if respondwith.ObfuscatedErrorText(w, err) {
1✔
647
                return
×
648
        }
×
649

650
        // Mark merged commits as superseded
651
        supersedeContext := db.CommitmentWorkflowContext{
1✔
652
                Reason:                 db.CommitmentReasonMerge,
1✔
653
                RelatedCommitmentIDs:   []db.ProjectCommitmentID{dbMergedCommitment.ID},
1✔
654
                RelatedCommitmentUUIDs: []liquid.CommitmentUUID{dbMergedCommitment.UUID},
1✔
655
        }
1✔
656
        buf, err = json.Marshal(supersedeContext)
1✔
657
        if respondwith.ObfuscatedErrorText(w, err) {
1✔
658
                return
×
659
        }
×
660
        for _, dbCommitment := range dbCommitments {
3✔
661
                dbCommitment.SupersededAt = Some(now)
2✔
662
                dbCommitment.SupersedeContextJSON = Some(json.RawMessage(buf))
2✔
663
                dbCommitment.Status = liquid.CommitmentStatusSuperseded
2✔
664
                _, err = tx.Update(&dbCommitment)
2✔
665
                if respondwith.ObfuscatedErrorText(w, err) {
2✔
666
                        return
×
667
                }
×
668
        }
669

670
        maybeServiceInfo, err := p.Cluster.InfoForService(loc.ServiceType)
1✔
671
        if respondwith.ObfuscatedErrorText(w, err) {
1✔
672
                return
×
673
        }
×
674
        serviceInfo, ok := maybeServiceInfo.Unpack()
1✔
675
        if !ok {
1✔
676
                http.Error(w, "service not found", http.StatusNotFound)
×
677
                return
×
678
        }
×
679

680
        liquidCommitments := make([]liquid.Commitment, 1, len(dbCommitments)+1)
1✔
681
        // new
1✔
682
        liquidCommitments[0] = liquid.Commitment{
1✔
683
                UUID:      dbMergedCommitment.UUID,
1✔
684
                OldStatus: None[liquid.CommitmentStatus](),
1✔
685
                NewStatus: Some(liquid.CommitmentStatusConfirmed),
1✔
686
                Amount:    dbMergedCommitment.Amount,
1✔
687
                ConfirmBy: dbMergedCommitment.ConfirmBy,
1✔
688
                ExpiresAt: dbMergedCommitment.ExpiresAt,
1✔
689
        }
1✔
690
        // old
1✔
691
        for _, dbCommitment := range dbCommitments {
3✔
692
                liquidCommitments = append(liquidCommitments, liquid.Commitment{
2✔
693
                        UUID:      dbCommitment.UUID,
2✔
694
                        OldStatus: Some(liquid.CommitmentStatusConfirmed),
2✔
695
                        NewStatus: Some(liquid.CommitmentStatusSuperseded),
2✔
696
                        Amount:    dbCommitment.Amount,
2✔
697
                        ConfirmBy: dbCommitment.ConfirmBy,
2✔
698
                        ExpiresAt: dbCommitment.ExpiresAt,
2✔
699
                })
2✔
700
        }
2✔
701
        _, err = p.DelegateChangeCommitments(r.Context(), liquid.CommitmentChangeRequest{
1✔
702
                AZ:          loc.AvailabilityZone,
1✔
703
                InfoVersion: serviceInfo.Version,
1✔
704
                ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
1✔
705
                        dbProject.UUID: {
1✔
706
                                ProjectMetadata: liquidProjectMetadataFromDBProject(*dbProject, *dbDomain, serviceInfo),
1✔
707
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
1✔
708
                                        loc.ResourceName: {
1✔
709
                                                TotalConfirmedBefore: totalConfirmed,
1✔
710
                                                TotalConfirmedAfter:  totalConfirmed,
1✔
711
                                                // TODO: change when introducing "guaranteed" commitments
1✔
712
                                                TotalGuaranteedBefore: 0,
1✔
713
                                                TotalGuaranteedAfter:  0,
1✔
714
                                                Commitments:           liquidCommitments,
1✔
715
                                        },
1✔
716
                                },
1✔
717
                        },
1✔
718
                },
1✔
719
        }, loc.ServiceType, serviceInfo, tx)
1✔
720
        if respondwith.ObfuscatedErrorText(w, err) {
1✔
721
                return
×
722
        }
×
723

724
        err = tx.Commit()
1✔
725
        if respondwith.ObfuscatedErrorText(w, err) {
1✔
726
                return
×
727
        }
×
728

729
        resourceInfo := core.InfoForResource(serviceInfo, loc.ResourceName)
1✔
730
        c := p.convertCommitmentToDisplayForm(dbMergedCommitment, loc, token, resourceInfo.Unit)
1✔
731
        auditEvent := commitmentEventTarget{
1✔
732
                DomainID:        dbDomain.UUID,
1✔
733
                DomainName:      dbDomain.Name,
1✔
734
                ProjectID:       dbProject.UUID,
1✔
735
                ProjectName:     dbProject.Name,
1✔
736
                Commitments:     []limesresources.Commitment{c},
1✔
737
                WorkflowContext: Some(creationContext),
1✔
738
        }
1✔
739
        p.auditor.Record(audittools.Event{
1✔
740
                Time:       p.timeNow(),
1✔
741
                Request:    r,
1✔
742
                User:       token,
1✔
743
                ReasonCode: http.StatusAccepted,
1✔
744
                Action:     cadf.UpdateAction,
1✔
745
                Target:     auditEvent,
1✔
746
        })
1✔
747

1✔
748
        respondwith.JSON(w, http.StatusAccepted, map[string]any{"commitment": c})
1✔
749
}
750

751
// As per the API spec, commitments can be renewed 90 days in advance at the earliest.
752
const commitmentRenewalPeriod = 90 * 24 * time.Hour
753

754
// RenewProjectCommitments handles POST /v1/domains/:domain_id/projects/:project_id/commitments/:id/renew.
755
func (p *v1Provider) RenewProjectCommitments(w http.ResponseWriter, r *http.Request) {
6✔
756
        httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/commitments/:id/renew")
6✔
757
        token := p.CheckToken(r)
6✔
758
        if !token.Require(w, "project:edit") {
6✔
759
                return
×
760
        }
×
761
        dbDomain := p.FindDomainFromRequest(w, r)
6✔
762
        if dbDomain == nil {
6✔
763
                return
×
764
        }
×
765
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
6✔
766
        if dbProject == nil {
6✔
767
                return
×
768
        }
×
769

770
        // Load commitment
771
        var dbCommitment db.ProjectCommitment
6✔
772
        err := p.DB.SelectOne(&dbCommitment, findProjectCommitmentByIDQuery, mux.Vars(r)["id"], dbProject.ID)
6✔
773
        if errors.Is(err, sql.ErrNoRows) {
6✔
774
                http.Error(w, "no such commitment", http.StatusNotFound)
×
775
                return
×
776
        } else if respondwith.ObfuscatedErrorText(w, err) {
6✔
777
                return
×
778
        }
×
779
        now := p.timeNow()
6✔
780

6✔
781
        // Check if commitment can be renewed
6✔
782
        var errs errext.ErrorSet
6✔
783
        if dbCommitment.Status != liquid.CommitmentStatusConfirmed {
7✔
784
                errs.Addf("invalid status %q", dbCommitment.Status)
1✔
785
        } else if now.After(dbCommitment.ExpiresAt) {
7✔
786
                errs.Addf("invalid status %q", liquid.CommitmentStatusExpired)
1✔
787
        }
1✔
788
        if now.Before(dbCommitment.ExpiresAt.Add(-commitmentRenewalPeriod)) {
7✔
789
                errs.Addf("renewal attempt too early")
1✔
790
        }
1✔
791
        if dbCommitment.RenewContextJSON.IsSome() {
7✔
792
                errs.Addf("already renewed")
1✔
793
        }
1✔
794

795
        if !errs.IsEmpty() {
10✔
796
                msg := "cannot renew this commitment: " + errs.Join(", ")
4✔
797
                http.Error(w, msg, http.StatusConflict)
4✔
798
                return
4✔
799
        }
4✔
800

801
        // Create renewed commitment
802
        tx, err := p.DB.Begin()
2✔
803
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
804
                return
×
805
        }
×
806
        defer sqlext.RollbackUnlessCommitted(tx)
2✔
807

2✔
808
        var (
2✔
809
                loc            core.AZResourceLocation
2✔
810
                totalConfirmed uint64
2✔
811
        )
2✔
812
        err = tx.QueryRow(findAZResourceLocationByIDQuery, dbCommitment.AZResourceID, dbProject.ID).
2✔
813
                Scan(&loc.ServiceType, &loc.ResourceName, &loc.AvailabilityZone, &totalConfirmed)
2✔
814
        if errors.Is(err, sql.ErrNoRows) {
2✔
815
                http.Error(w, "no route to this commitment", http.StatusNotFound)
×
816
                return
×
817
        } else if respondwith.ObfuscatedErrorText(w, err) {
2✔
818
                return
×
819
        }
×
820

821
        creationContext := db.CommitmentWorkflowContext{
2✔
822
                Reason:                 db.CommitmentReasonRenew,
2✔
823
                RelatedCommitmentIDs:   []db.ProjectCommitmentID{dbCommitment.ID},
2✔
824
                RelatedCommitmentUUIDs: []liquid.CommitmentUUID{dbCommitment.UUID},
2✔
825
        }
2✔
826
        buf, err := json.Marshal(creationContext)
2✔
827
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
828
                return
×
829
        }
×
830
        dbRenewedCommitment := db.ProjectCommitment{
2✔
831
                UUID:                p.generateProjectCommitmentUUID(),
2✔
832
                ProjectID:           dbProject.ID,
2✔
833
                AZResourceID:        dbCommitment.AZResourceID,
2✔
834
                Amount:              dbCommitment.Amount,
2✔
835
                Duration:            dbCommitment.Duration,
2✔
836
                CreatedAt:           now,
2✔
837
                CreatorUUID:         token.UserUUID(),
2✔
838
                CreatorName:         fmt.Sprintf("%s@%s", token.UserName(), token.UserDomainName()),
2✔
839
                ConfirmBy:           Some(dbCommitment.ExpiresAt),
2✔
840
                ExpiresAt:           dbCommitment.Duration.AddTo(dbCommitment.ExpiresAt),
2✔
841
                Status:              liquid.CommitmentStatusPlanned,
2✔
842
                CreationContextJSON: json.RawMessage(buf),
2✔
843
        }
2✔
844

2✔
845
        err = tx.Insert(&dbRenewedCommitment)
2✔
846
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
847
                return
×
848
        }
×
849

850
        renewContext := db.CommitmentWorkflowContext{
2✔
851
                Reason:                 db.CommitmentReasonRenew,
2✔
852
                RelatedCommitmentIDs:   []db.ProjectCommitmentID{dbRenewedCommitment.ID},
2✔
853
                RelatedCommitmentUUIDs: []liquid.CommitmentUUID{dbRenewedCommitment.UUID},
2✔
854
        }
2✔
855
        buf, err = json.Marshal(renewContext)
2✔
856
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
857
                return
×
858
        }
×
859
        dbCommitment.RenewContextJSON = Some(json.RawMessage(buf))
2✔
860
        _, err = tx.Update(&dbCommitment)
2✔
861
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
862
                return
×
863
        }
×
864

865
        maybeServiceInfo, err := p.Cluster.InfoForService(loc.ServiceType)
2✔
866
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
867
                return
×
868
        }
×
869
        serviceInfo, ok := maybeServiceInfo.Unpack()
2✔
870
        if !ok {
2✔
871
                http.Error(w, "service not found", http.StatusNotFound)
×
872
                return
×
873
        }
×
874

875
        // TODO: for now, this is CommitmentChangeRequest.RequiresConfirmation() = false, because totalConfirmed stays and guaranteed is not used yet.
876
        // when we change this, we need to evaluate the response of the liquid
877
        _, err = p.DelegateChangeCommitments(r.Context(), liquid.CommitmentChangeRequest{
2✔
878
                AZ:          loc.AvailabilityZone,
2✔
879
                InfoVersion: serviceInfo.Version,
2✔
880
                ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
2✔
881
                        dbProject.UUID: {
2✔
882
                                ProjectMetadata: liquidProjectMetadataFromDBProject(*dbProject, *dbDomain, serviceInfo),
2✔
883
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
2✔
884
                                        loc.ResourceName: {
2✔
885
                                                TotalConfirmedBefore: totalConfirmed,
2✔
886
                                                TotalConfirmedAfter:  totalConfirmed,
2✔
887
                                                // TODO: change when introducing "guaranteed" commitments
2✔
888
                                                TotalGuaranteedBefore: 0,
2✔
889
                                                TotalGuaranteedAfter:  0,
2✔
890
                                                Commitments: []liquid.Commitment{
2✔
891
                                                        {
2✔
892
                                                                UUID:      dbRenewedCommitment.UUID,
2✔
893
                                                                OldStatus: None[liquid.CommitmentStatus](),
2✔
894
                                                                NewStatus: Some(liquid.CommitmentStatusPlanned),
2✔
895
                                                                Amount:    dbRenewedCommitment.Amount,
2✔
896
                                                                ConfirmBy: dbRenewedCommitment.ConfirmBy,
2✔
897
                                                                ExpiresAt: dbRenewedCommitment.ExpiresAt,
2✔
898
                                                        },
2✔
899
                                                },
2✔
900
                                        },
2✔
901
                                },
2✔
902
                        },
2✔
903
                },
2✔
904
        }, loc.ServiceType, serviceInfo, tx)
2✔
905
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
906
                return
×
907
        }
×
908

909
        err = tx.Commit()
2✔
910
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
911
                return
×
912
        }
×
913

914
        // Create resultset and auditlogs
915
        resourceInfo := core.InfoForResource(serviceInfo, loc.ResourceName)
2✔
916
        c := p.convertCommitmentToDisplayForm(dbRenewedCommitment, loc, token, resourceInfo.Unit)
2✔
917
        auditEvent := commitmentEventTarget{
2✔
918
                DomainID:        dbDomain.UUID,
2✔
919
                DomainName:      dbDomain.Name,
2✔
920
                ProjectID:       dbProject.UUID,
2✔
921
                ProjectName:     dbProject.Name,
2✔
922
                Commitments:     []limesresources.Commitment{c},
2✔
923
                WorkflowContext: Some(creationContext),
2✔
924
        }
2✔
925

2✔
926
        p.auditor.Record(audittools.Event{
2✔
927
                Time:       p.timeNow(),
2✔
928
                Request:    r,
2✔
929
                User:       token,
2✔
930
                ReasonCode: http.StatusAccepted,
2✔
931
                Action:     cadf.UpdateAction,
2✔
932
                Target:     auditEvent,
2✔
933
        })
2✔
934

2✔
935
        respondwith.JSON(w, http.StatusAccepted, map[string]any{"commitment": c})
2✔
936
}
937

938
// DeleteProjectCommitment handles DELETE /v1/domains/:domain_id/projects/:project_id/commitments/:id.
939
func (p *v1Provider) DeleteProjectCommitment(w http.ResponseWriter, r *http.Request) {
8✔
940
        httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/commitments/:id")
8✔
941
        token := p.CheckToken(r)
8✔
942
        if !token.Require(w, "project:edit") { // NOTE: There is a more specific AuthZ check further down below.
8✔
943
                return
×
944
        }
×
945
        dbDomain := p.FindDomainFromRequest(w, r)
8✔
946
        if dbDomain == nil {
9✔
947
                return
1✔
948
        }
1✔
949
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
7✔
950
        if dbProject == nil {
8✔
951
                return
1✔
952
        }
1✔
953

954
        // load commitment
955
        var dbCommitment db.ProjectCommitment
6✔
956
        err := p.DB.SelectOne(&dbCommitment, findProjectCommitmentByIDQuery, mux.Vars(r)["id"], dbProject.ID)
6✔
957
        if errors.Is(err, sql.ErrNoRows) {
7✔
958
                http.Error(w, "no such commitment", http.StatusNotFound)
1✔
959
                return
1✔
960
        } else if respondwith.ObfuscatedErrorText(w, err) {
6✔
961
                return
×
962
        }
×
963
        var (
5✔
964
                loc            core.AZResourceLocation
5✔
965
                totalConfirmed uint64
5✔
966
        )
5✔
967
        err = p.DB.QueryRow(findAZResourceLocationByIDQuery, dbCommitment.AZResourceID, dbProject.ID).
5✔
968
                Scan(&loc.ServiceType, &loc.ResourceName, &loc.AvailabilityZone, &totalConfirmed)
5✔
969
        if errors.Is(err, sql.ErrNoRows) {
5✔
970
                // defense in depth: this should not happen because all the relevant tables are connected by FK constraints
×
971
                http.Error(w, "no route to this commitment", http.StatusNotFound)
×
972
                return
×
973
        } else if respondwith.ObfuscatedErrorText(w, err) {
5✔
974
                return
×
975
        }
×
976

977
        // check authorization for this specific commitment
978
        if !p.canDeleteCommitment(token, dbCommitment) {
6✔
979
                http.Error(w, "Forbidden", http.StatusForbidden)
1✔
980
                return
1✔
981
        }
1✔
982

983
        maybeServiceInfo, err := p.Cluster.InfoForService(loc.ServiceType)
4✔
984
        if respondwith.ObfuscatedErrorText(w, err) {
4✔
985
                return
×
986
        }
×
987
        serviceInfo, ok := maybeServiceInfo.Unpack()
4✔
988
        if !ok {
4✔
989
                http.Error(w, "service not found", http.StatusNotFound)
×
990
                return
×
991
        }
×
992

993
        totalConfirmedAfter := totalConfirmed
4✔
994
        if dbCommitment.Status == liquid.CommitmentStatusConfirmed {
6✔
995
                totalConfirmedAfter -= dbCommitment.Amount
2✔
996
        }
2✔
997

998
        _, err = p.DelegateChangeCommitments(r.Context(), liquid.CommitmentChangeRequest{
4✔
999
                AZ:          loc.AvailabilityZone,
4✔
1000
                InfoVersion: serviceInfo.Version,
4✔
1001
                ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
4✔
1002
                        dbProject.UUID: {
4✔
1003
                                ProjectMetadata: liquidProjectMetadataFromDBProject(*dbProject, *dbDomain, serviceInfo),
4✔
1004
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
4✔
1005
                                        loc.ResourceName: {
4✔
1006
                                                TotalConfirmedBefore: totalConfirmed,
4✔
1007
                                                TotalConfirmedAfter:  totalConfirmedAfter,
4✔
1008
                                                // TODO: change when introducing "guaranteed" commitments
4✔
1009
                                                TotalGuaranteedBefore: 0,
4✔
1010
                                                TotalGuaranteedAfter:  0,
4✔
1011
                                                Commitments: []liquid.Commitment{
4✔
1012
                                                        {
4✔
1013
                                                                UUID:      dbCommitment.UUID,
4✔
1014
                                                                OldStatus: Some(dbCommitment.Status),
4✔
1015
                                                                NewStatus: None[liquid.CommitmentStatus](),
4✔
1016
                                                                Amount:    dbCommitment.Amount,
4✔
1017
                                                                ConfirmBy: dbCommitment.ConfirmBy,
4✔
1018
                                                                ExpiresAt: dbCommitment.ExpiresAt,
4✔
1019
                                                        },
4✔
1020
                                                },
4✔
1021
                                        },
4✔
1022
                                },
4✔
1023
                        },
4✔
1024
                },
4✔
1025
        }, loc.ServiceType, serviceInfo, p.DB)
4✔
1026
        if respondwith.ObfuscatedErrorText(w, err) {
4✔
1027
                return
×
1028
        }
×
1029

1030
        // perform deletion
1031
        _, err = p.DB.Delete(&dbCommitment)
4✔
1032
        if respondwith.ObfuscatedErrorText(w, err) {
4✔
1033
                return
×
1034
        }
×
1035

1036
        resourceInfo := core.InfoForResource(serviceInfo, loc.ResourceName)
4✔
1037
        c := p.convertCommitmentToDisplayForm(dbCommitment, loc, token, resourceInfo.Unit)
4✔
1038
        p.auditor.Record(audittools.Event{
4✔
1039
                Time:       p.timeNow(),
4✔
1040
                Request:    r,
4✔
1041
                User:       token,
4✔
1042
                ReasonCode: http.StatusNoContent,
4✔
1043
                Action:     cadf.DeleteAction,
4✔
1044
                Target: commitmentEventTarget{
4✔
1045
                        DomainID:    dbDomain.UUID,
4✔
1046
                        DomainName:  dbDomain.Name,
4✔
1047
                        ProjectID:   dbProject.UUID,
4✔
1048
                        ProjectName: dbProject.Name,
4✔
1049
                        Commitments: []limesresources.Commitment{c},
4✔
1050
                },
4✔
1051
        })
4✔
1052

4✔
1053
        w.WriteHeader(http.StatusNoContent)
4✔
1054
}
1055

1056
func (p *v1Provider) canDeleteCommitment(token *gopherpolicy.Token, commitment db.ProjectCommitment) bool {
64✔
1057
        // up to 24 hours after creation of fresh commitments, future commitments can still be deleted by their creators
64✔
1058
        if commitment.Status == liquid.CommitmentStatusPlanned || commitment.Status == liquid.CommitmentStatusPending || commitment.Status == liquid.CommitmentStatusConfirmed {
128✔
1059
                var creationContext db.CommitmentWorkflowContext
64✔
1060
                err := json.Unmarshal(commitment.CreationContextJSON, &creationContext)
64✔
1061
                if err == nil && creationContext.Reason == db.CommitmentReasonCreate && p.timeNow().Before(commitment.CreatedAt.Add(24*time.Hour)) {
104✔
1062
                        if token.Check("project:edit") {
80✔
1063
                                return true
40✔
1064
                        }
40✔
1065
                }
1066
        }
1067

1068
        // afterwards, a more specific permission is required to delete it
1069
        //
1070
        // This protects cloud admins making capacity planning decisions based on future commitments
1071
        // from having their forecasts ruined by project admins suffering from buyer's remorse.
1072
        return token.Check("project:uncommit")
24✔
1073
}
1074

1075
// StartCommitmentTransfer handles POST /v1/domains/:id/projects/:id/commitments/:id/start-transfer
1076
func (p *v1Provider) StartCommitmentTransfer(w http.ResponseWriter, r *http.Request) {
8✔
1077
        httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/commitments/:id/start-transfer")
8✔
1078
        token := p.CheckToken(r)
8✔
1079
        if !token.Require(w, "project:edit") {
8✔
1080
                return
×
1081
        }
×
1082
        dbDomain := p.FindDomainFromRequest(w, r)
8✔
1083
        if dbDomain == nil {
8✔
1084
                return
×
1085
        }
×
1086
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
8✔
1087
        if dbProject == nil {
8✔
1088
                return
×
1089
        }
×
1090
        // TODO: eventually migrate this struct into go-api-declarations
1091
        var parseTarget struct {
8✔
1092
                Request struct {
8✔
1093
                        Amount         uint64                                  `json:"amount"`
8✔
1094
                        TransferStatus limesresources.CommitmentTransferStatus `json:"transfer_status,omitempty"`
8✔
1095
                } `json:"commitment"`
8✔
1096
        }
8✔
1097
        if !RequireJSON(w, r, &parseTarget) {
8✔
1098
                return
×
1099
        }
×
1100
        req := parseTarget.Request
8✔
1101

8✔
1102
        if req.TransferStatus != limesresources.CommitmentTransferStatusUnlisted && req.TransferStatus != limesresources.CommitmentTransferStatusPublic {
8✔
1103
                http.Error(w, fmt.Sprintf("Invalid transfer_status code. Must be %s or %s.", limesresources.CommitmentTransferStatusUnlisted, limesresources.CommitmentTransferStatusPublic), http.StatusBadRequest)
×
1104
                return
×
1105
        }
×
1106

1107
        if req.Amount <= 0 {
9✔
1108
                http.Error(w, "delivered amount needs to be a positive value.", http.StatusBadRequest)
1✔
1109
                return
1✔
1110
        }
1✔
1111

1112
        // load commitment
1113
        var dbCommitment db.ProjectCommitment
7✔
1114
        err := p.DB.SelectOne(&dbCommitment, findProjectCommitmentByIDQuery, mux.Vars(r)["id"], dbProject.ID)
7✔
1115
        if errors.Is(err, sql.ErrNoRows) {
7✔
1116
                http.Error(w, "no such commitment", http.StatusNotFound)
×
1117
                return
×
1118
        } else if respondwith.ObfuscatedErrorText(w, err) {
7✔
1119
                return
×
1120
        }
×
1121

1122
        // Deny requests with a greater amount than the commitment.
1123
        if req.Amount > dbCommitment.Amount {
8✔
1124
                http.Error(w, "delivered amount exceeds the commitment amount.", http.StatusBadRequest)
1✔
1125
                return
1✔
1126
        }
1✔
1127

1128
        var (
6✔
1129
                loc            core.AZResourceLocation
6✔
1130
                totalConfirmed uint64
6✔
1131
        )
6✔
1132
        err = p.DB.QueryRow(findAZResourceLocationByIDQuery, dbCommitment.AZResourceID, dbProject.ID).
6✔
1133
                Scan(&loc.ServiceType, &loc.ResourceName, &loc.AvailabilityZone, &totalConfirmed)
6✔
1134
        if errors.Is(err, sql.ErrNoRows) {
6✔
1135
                // defense in depth: this should not happen because all the relevant tables are connected by FK constraints
×
1136
                http.Error(w, "no route to this commitment", http.StatusNotFound)
×
1137
                return
×
1138
        } else if respondwith.ObfuscatedErrorText(w, err) {
6✔
1139
                return
×
1140
        }
×
1141

1142
        maybeServiceInfo, err := p.Cluster.InfoForService(loc.ServiceType)
6✔
1143
        if respondwith.ObfuscatedErrorText(w, err) {
6✔
1144
                return
×
1145
        }
×
1146
        serviceInfo, ok := maybeServiceInfo.Unpack()
6✔
1147
        if !ok {
6✔
1148
                http.Error(w, "service not found", http.StatusNotFound)
×
1149
                return
×
1150
        }
×
1151

1152
        // Mark whole commitment or a newly created, splitted one as transferrable.
1153
        tx, err := p.DB.Begin()
6✔
1154
        if respondwith.ObfuscatedErrorText(w, err) {
6✔
1155
                return
×
1156
        }
×
1157
        defer sqlext.RollbackUnlessCommitted(tx)
6✔
1158
        transferToken := p.generateTransferToken()
6✔
1159

6✔
1160
        if req.Amount == dbCommitment.Amount {
10✔
1161
                dbCommitment.TransferStatus = req.TransferStatus
4✔
1162
                dbCommitment.TransferToken = Some(transferToken)
4✔
1163
                _, err = tx.Update(&dbCommitment)
4✔
1164
                if respondwith.ObfuscatedErrorText(w, err) {
4✔
1165
                        return
×
1166
                }
×
1167
        } else {
2✔
1168
                now := p.timeNow()
2✔
1169
                transferAmount := req.Amount
2✔
1170
                remainingAmount := dbCommitment.Amount - req.Amount
2✔
1171
                transferCommitment, err := p.buildSplitCommitment(dbCommitment, transferAmount)
2✔
1172
                if respondwith.ObfuscatedErrorText(w, err) {
2✔
1173
                        return
×
1174
                }
×
1175
                transferCommitment.TransferStatus = req.TransferStatus
2✔
1176
                transferCommitment.TransferToken = Some(transferToken)
2✔
1177
                remainingCommitment, err := p.buildSplitCommitment(dbCommitment, remainingAmount)
2✔
1178
                if respondwith.ObfuscatedErrorText(w, err) {
2✔
1179
                        return
×
1180
                }
×
1181
                err = tx.Insert(&transferCommitment)
2✔
1182
                if respondwith.ObfuscatedErrorText(w, err) {
2✔
1183
                        return
×
1184
                }
×
1185
                err = tx.Insert(&remainingCommitment)
2✔
1186
                if respondwith.ObfuscatedErrorText(w, err) {
2✔
1187
                        return
×
1188
                }
×
1189

1190
                _, err = p.DelegateChangeCommitments(r.Context(), liquid.CommitmentChangeRequest{
2✔
1191
                        AZ:          loc.AvailabilityZone,
2✔
1192
                        InfoVersion: serviceInfo.Version,
2✔
1193
                        ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
2✔
1194
                                dbProject.UUID: {
2✔
1195
                                        ProjectMetadata: liquidProjectMetadataFromDBProject(*dbProject, *dbDomain, serviceInfo),
2✔
1196
                                        ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
2✔
1197
                                                loc.ResourceName: {
2✔
1198
                                                        TotalConfirmedBefore: totalConfirmed,
2✔
1199
                                                        TotalConfirmedAfter:  totalConfirmed,
2✔
1200
                                                        // TODO: change when introducing "guaranteed" commitments
2✔
1201
                                                        TotalGuaranteedBefore: 0,
2✔
1202
                                                        TotalGuaranteedAfter:  0,
2✔
1203
                                                        Commitments: []liquid.Commitment{
2✔
1204
                                                                // old
2✔
1205
                                                                {
2✔
1206
                                                                        UUID:      dbCommitment.UUID,
2✔
1207
                                                                        OldStatus: Some(dbCommitment.Status),
2✔
1208
                                                                        NewStatus: Some(liquid.CommitmentStatusSuperseded),
2✔
1209
                                                                        Amount:    dbCommitment.Amount,
2✔
1210
                                                                        ConfirmBy: dbCommitment.ConfirmBy,
2✔
1211
                                                                        ExpiresAt: dbCommitment.ExpiresAt,
2✔
1212
                                                                },
2✔
1213
                                                                // new
2✔
1214
                                                                {
2✔
1215
                                                                        UUID:      transferCommitment.UUID,
2✔
1216
                                                                        OldStatus: None[liquid.CommitmentStatus](),
2✔
1217
                                                                        NewStatus: Some(transferCommitment.Status),
2✔
1218
                                                                        Amount:    transferCommitment.Amount,
2✔
1219
                                                                        ConfirmBy: transferCommitment.ConfirmBy,
2✔
1220
                                                                        ExpiresAt: transferCommitment.ExpiresAt,
2✔
1221
                                                                },
2✔
1222
                                                                {
2✔
1223
                                                                        UUID:      remainingCommitment.UUID,
2✔
1224
                                                                        OldStatus: None[liquid.CommitmentStatus](),
2✔
1225
                                                                        NewStatus: Some(remainingCommitment.Status),
2✔
1226
                                                                        Amount:    remainingCommitment.Amount,
2✔
1227
                                                                        ConfirmBy: remainingCommitment.ConfirmBy,
2✔
1228
                                                                        ExpiresAt: remainingCommitment.ExpiresAt,
2✔
1229
                                                                },
2✔
1230
                                                        },
2✔
1231
                                                },
2✔
1232
                                        },
2✔
1233
                                },
2✔
1234
                        },
2✔
1235
                }, loc.ServiceType, serviceInfo, tx)
2✔
1236
                if respondwith.ObfuscatedErrorText(w, err) {
2✔
1237
                        return
×
1238
                }
×
1239

1240
                supersedeContext := db.CommitmentWorkflowContext{
2✔
1241
                        Reason:                 db.CommitmentReasonSplit,
2✔
1242
                        RelatedCommitmentIDs:   []db.ProjectCommitmentID{transferCommitment.ID, remainingCommitment.ID},
2✔
1243
                        RelatedCommitmentUUIDs: []liquid.CommitmentUUID{transferCommitment.UUID, remainingCommitment.UUID},
2✔
1244
                }
2✔
1245
                buf, err := json.Marshal(supersedeContext)
2✔
1246
                if respondwith.ObfuscatedErrorText(w, err) {
2✔
1247
                        return
×
1248
                }
×
1249
                dbCommitment.Status = liquid.CommitmentStatusSuperseded
2✔
1250
                dbCommitment.SupersededAt = Some(now)
2✔
1251
                dbCommitment.SupersedeContextJSON = Some(json.RawMessage(buf))
2✔
1252
                _, err = tx.Update(&dbCommitment)
2✔
1253
                if respondwith.ObfuscatedErrorText(w, err) {
2✔
1254
                        return
×
1255
                }
×
1256

1257
                dbCommitment = transferCommitment
2✔
1258
        }
1259
        err = tx.Commit()
6✔
1260
        if respondwith.ObfuscatedErrorText(w, err) {
6✔
1261
                return
×
1262
        }
×
1263

1264
        resourceInfo := core.InfoForResource(serviceInfo, loc.ResourceName)
6✔
1265
        c := p.convertCommitmentToDisplayForm(dbCommitment, loc, token, resourceInfo.Unit)
6✔
1266
        p.auditor.Record(audittools.Event{
6✔
1267
                Time:       p.timeNow(),
6✔
1268
                Request:    r,
6✔
1269
                User:       token,
6✔
1270
                ReasonCode: http.StatusAccepted,
6✔
1271
                Action:     cadf.UpdateAction,
6✔
1272
                Target: commitmentEventTarget{
6✔
1273
                        DomainID:    dbDomain.UUID,
6✔
1274
                        DomainName:  dbDomain.Name,
6✔
1275
                        ProjectID:   dbProject.UUID,
6✔
1276
                        ProjectName: dbProject.Name,
6✔
1277
                        Commitments: []limesresources.Commitment{c},
6✔
1278
                },
6✔
1279
        })
6✔
1280
        respondwith.JSON(w, http.StatusAccepted, map[string]any{"commitment": c})
6✔
1281
}
1282

1283
func (p *v1Provider) buildSplitCommitment(dbCommitment db.ProjectCommitment, amount uint64) (db.ProjectCommitment, error) {
5✔
1284
        now := p.timeNow()
5✔
1285
        creationContext := db.CommitmentWorkflowContext{
5✔
1286
                Reason:                 db.CommitmentReasonSplit,
5✔
1287
                RelatedCommitmentIDs:   []db.ProjectCommitmentID{dbCommitment.ID},
5✔
1288
                RelatedCommitmentUUIDs: []liquid.CommitmentUUID{dbCommitment.UUID},
5✔
1289
        }
5✔
1290
        buf, err := json.Marshal(creationContext)
5✔
1291
        if err != nil {
5✔
1292
                return db.ProjectCommitment{}, err
×
1293
        }
×
1294
        return db.ProjectCommitment{
5✔
1295
                UUID:                p.generateProjectCommitmentUUID(),
5✔
1296
                ProjectID:           dbCommitment.ProjectID,
5✔
1297
                AZResourceID:        dbCommitment.AZResourceID,
5✔
1298
                Amount:              amount,
5✔
1299
                Duration:            dbCommitment.Duration,
5✔
1300
                CreatedAt:           now,
5✔
1301
                CreatorUUID:         dbCommitment.CreatorUUID,
5✔
1302
                CreatorName:         dbCommitment.CreatorName,
5✔
1303
                ConfirmBy:           dbCommitment.ConfirmBy,
5✔
1304
                ConfirmedAt:         dbCommitment.ConfirmedAt,
5✔
1305
                ExpiresAt:           dbCommitment.ExpiresAt,
5✔
1306
                CreationContextJSON: json.RawMessage(buf),
5✔
1307
                Status:              dbCommitment.Status,
5✔
1308
        }, nil
5✔
1309
}
1310

1311
func (p *v1Provider) buildConvertedCommitment(dbCommitment db.ProjectCommitment, azResourceID db.AZResourceID, amount uint64) (db.ProjectCommitment, error) {
3✔
1312
        now := p.timeNow()
3✔
1313
        creationContext := db.CommitmentWorkflowContext{
3✔
1314
                Reason:                 db.CommitmentReasonConvert,
3✔
1315
                RelatedCommitmentIDs:   []db.ProjectCommitmentID{dbCommitment.ID},
3✔
1316
                RelatedCommitmentUUIDs: []liquid.CommitmentUUID{dbCommitment.UUID},
3✔
1317
        }
3✔
1318
        buf, err := json.Marshal(creationContext)
3✔
1319
        if err != nil {
3✔
1320
                return db.ProjectCommitment{}, err
×
1321
        }
×
1322
        return db.ProjectCommitment{
3✔
1323
                UUID:                p.generateProjectCommitmentUUID(),
3✔
1324
                ProjectID:           dbCommitment.ProjectID,
3✔
1325
                AZResourceID:        azResourceID,
3✔
1326
                Amount:              amount,
3✔
1327
                Duration:            dbCommitment.Duration,
3✔
1328
                CreatedAt:           now,
3✔
1329
                CreatorUUID:         dbCommitment.CreatorUUID,
3✔
1330
                CreatorName:         dbCommitment.CreatorName,
3✔
1331
                ConfirmBy:           dbCommitment.ConfirmBy,
3✔
1332
                ConfirmedAt:         dbCommitment.ConfirmedAt,
3✔
1333
                ExpiresAt:           dbCommitment.ExpiresAt,
3✔
1334
                CreationContextJSON: json.RawMessage(buf),
3✔
1335
                Status:              dbCommitment.Status,
3✔
1336
        }, nil
3✔
1337
}
1338

1339
// GetCommitmentByTransferToken handles GET /v1/commitments/{token}
1340
func (p *v1Provider) GetCommitmentByTransferToken(w http.ResponseWriter, r *http.Request) {
2✔
1341
        httpapi.IdentifyEndpoint(r, "/v1/commitments/:token")
2✔
1342
        token := p.CheckToken(r)
2✔
1343
        if !token.Require(w, "cluster:show_basic") {
2✔
1344
                return
×
1345
        }
×
1346
        transferToken := mux.Vars(r)["token"]
2✔
1347

2✔
1348
        // The token column is a unique key, so we expect only one result.
2✔
1349
        var dbCommitment db.ProjectCommitment
2✔
1350
        err := p.DB.SelectOne(&dbCommitment, findCommitmentByTransferToken, transferToken)
2✔
1351
        if errors.Is(err, sql.ErrNoRows) {
3✔
1352
                http.Error(w, "no matching commitment found.", http.StatusNotFound)
1✔
1353
                return
1✔
1354
        } else if respondwith.ObfuscatedErrorText(w, err) {
2✔
1355
                return
×
1356
        }
×
1357

1358
        var (
1✔
1359
                loc            core.AZResourceLocation
1✔
1360
                totalConfirmed uint64
1✔
1361
        )
1✔
1362
        err = p.DB.QueryRow(findAZResourceLocationByIDQuery, dbCommitment.AZResourceID, dbCommitment.ProjectID).
1✔
1363
                Scan(&loc.ServiceType, &loc.ResourceName, &loc.AvailabilityZone, &totalConfirmed)
1✔
1364
        if errors.Is(err, sql.ErrNoRows) {
1✔
1365
                // defense in depth: this should not happen because all the relevant tables are connected by FK constraints
×
1366
                http.Error(w, "location data not found.", http.StatusNotFound)
×
1367
                return
×
1368
        } else if respondwith.ObfuscatedErrorText(w, err) {
1✔
1369
                return
×
1370
        }
×
1371

1372
        maybeServiceInfo, err := p.Cluster.InfoForService(loc.ServiceType)
1✔
1373
        if respondwith.ObfuscatedErrorText(w, err) {
1✔
1374
                return
×
1375
        }
×
1376
        serviceInfo, ok := maybeServiceInfo.Unpack()
1✔
1377
        if !ok {
1✔
1378
                http.Error(w, "service not found", http.StatusNotFound)
×
1379
                return
×
1380
        }
×
1381
        resourceInfo := core.InfoForResource(serviceInfo, loc.ResourceName)
1✔
1382
        c := p.convertCommitmentToDisplayForm(dbCommitment, loc, token, resourceInfo.Unit)
1✔
1383
        respondwith.JSON(w, http.StatusAccepted, map[string]any{"commitment": c})
1✔
1384
}
1385

1386
// TransferCommitment handles POST /v1/domains/{domain_id}/projects/{project_id}/transfer-commitment/{id}?token={token}
1387
func (p *v1Provider) TransferCommitment(w http.ResponseWriter, r *http.Request) {
5✔
1388
        httpapi.IdentifyEndpoint(r, "/v1/domains/:id/projects/:id/transfer-commitment/:id")
5✔
1389
        token := p.CheckToken(r)
5✔
1390
        if !token.Require(w, "project:edit") {
5✔
1391
                return
×
1392
        }
×
1393
        transferToken := r.Header.Get("Transfer-Token")
5✔
1394
        if transferToken == "" {
6✔
1395
                http.Error(w, "no transfer token provided", http.StatusBadRequest)
1✔
1396
                return
1✔
1397
        }
1✔
1398
        commitmentID := mux.Vars(r)["id"]
4✔
1399
        if commitmentID == "" {
4✔
1400
                http.Error(w, "no transfer token provided", http.StatusBadRequest)
×
1401
                return
×
1402
        }
×
1403
        targetDomain := p.FindDomainFromRequest(w, r)
4✔
1404
        if targetDomain == nil {
4✔
1405
                return
×
1406
        }
×
1407
        targetProject := p.FindProjectFromRequest(w, r, targetDomain)
4✔
1408
        if targetProject == nil {
4✔
1409
                return
×
1410
        }
×
1411

1412
        // find commitment by transfer_token
1413
        var dbCommitment db.ProjectCommitment
4✔
1414
        err := p.DB.SelectOne(&dbCommitment, getCommitmentWithMatchingTransferTokenQuery, commitmentID, transferToken)
4✔
1415
        if errors.Is(err, sql.ErrNoRows) {
5✔
1416
                http.Error(w, "no matching commitment found", http.StatusNotFound)
1✔
1417
                return
1✔
1418
        } else if respondwith.ObfuscatedErrorText(w, err) {
4✔
1419
                return
×
1420
        }
×
1421

1422
        var (
3✔
1423
                loc                  core.AZResourceLocation
3✔
1424
                sourceTotalConfirmed uint64
3✔
1425
        )
3✔
1426
        err = p.DB.QueryRow(findAZResourceLocationByIDQuery, dbCommitment.AZResourceID, dbCommitment.ProjectID).
3✔
1427
                Scan(&loc.ServiceType, &loc.ResourceName, &loc.AvailabilityZone, &sourceTotalConfirmed)
3✔
1428

3✔
1429
        if errors.Is(err, sql.ErrNoRows) {
3✔
1430
                // defense in depth: this should not happen because all the relevant tables are connected by FK constraints
×
1431
                http.Error(w, "no route to this commitment", http.StatusNotFound)
×
1432
                return
×
1433
        } else if respondwith.ObfuscatedErrorText(w, err) {
3✔
1434
                return
×
1435
        }
×
1436

1437
        // get old project additionally
1438
        var sourceProject db.Project
3✔
1439
        err = p.DB.SelectOne(&sourceProject, `SELECT * FROM projects WHERE id = $1`, dbCommitment.ProjectID)
3✔
1440
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1441
                return
×
1442
        }
×
1443
        var sourceDomain db.Domain
3✔
1444
        err = p.DB.SelectOne(&sourceDomain, `SELECT * FROM domains WHERE id = $1`, sourceProject.DomainID)
3✔
1445
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1446
                return
×
1447
        }
×
1448

1449
        // check that the target project allows commitments at all
1450
        var (
3✔
1451
                azResourceID              db.AZResourceID
3✔
1452
                resourceAllowsCommitments bool
3✔
1453
                targetTotalConfirmed      uint64
3✔
1454
        )
3✔
1455
        err = p.DB.QueryRow(findAZResourceIDByLocationQuery, targetProject.ID, loc.ServiceType, loc.ResourceName, loc.AvailabilityZone).
3✔
1456
                Scan(&azResourceID, &resourceAllowsCommitments, &targetTotalConfirmed)
3✔
1457
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1458
                return
×
1459
        }
×
1460
        if !resourceAllowsCommitments {
3✔
1461
                msg := fmt.Sprintf("resource %s/%s is not enabled in the target project", loc.ServiceType, loc.ResourceName)
×
1462
                http.Error(w, msg, http.StatusUnprocessableEntity)
×
1463
                return
×
1464
        }
×
1465
        _ = azResourceID // returned by the above query, but not used in this function
3✔
1466

3✔
1467
        // validate that we have enough committable capacity on the receiving side
3✔
1468
        tx, err := p.DB.Begin()
3✔
1469
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1470
                return
×
1471
        }
×
1472
        defer sqlext.RollbackUnlessCommitted(tx)
3✔
1473

3✔
1474
        maybeServiceInfo, err := p.Cluster.InfoForService(loc.ServiceType)
3✔
1475
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1476
                return
×
1477
        }
×
1478
        serviceInfo, ok := maybeServiceInfo.Unpack()
3✔
1479
        if !ok {
3✔
1480
                http.Error(w, "service not found", http.StatusNotFound)
×
1481
                return
×
1482
        }
×
1483

1484
        sourceTotalConfirmedAfter := sourceTotalConfirmed
3✔
1485
        targetTotalConfirmedAfter := targetTotalConfirmed
3✔
1486
        if dbCommitment.Status == liquid.CommitmentStatusConfirmed {
6✔
1487
                sourceTotalConfirmedAfter -= dbCommitment.Amount
3✔
1488
                targetTotalConfirmedAfter += dbCommitment.Amount
3✔
1489
        }
3✔
1490

1491
        // check move is allowed
1492
        commitmentChangeResponse, err := p.DelegateChangeCommitments(r.Context(), liquid.CommitmentChangeRequest{
3✔
1493
                AZ:          loc.AvailabilityZone,
3✔
1494
                InfoVersion: serviceInfo.Version,
3✔
1495
                ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
3✔
1496
                        sourceProject.UUID: {
3✔
1497
                                ProjectMetadata: liquidProjectMetadataFromDBProject(sourceProject, sourceDomain, serviceInfo),
3✔
1498
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
3✔
1499
                                        loc.ResourceName: {
3✔
1500
                                                TotalConfirmedBefore: sourceTotalConfirmed,
3✔
1501
                                                TotalConfirmedAfter:  sourceTotalConfirmedAfter,
3✔
1502
                                                // TODO: change when introducing "guaranteed" commitments
3✔
1503
                                                TotalGuaranteedBefore: 0,
3✔
1504
                                                TotalGuaranteedAfter:  0,
3✔
1505
                                                Commitments: []liquid.Commitment{
3✔
1506
                                                        {
3✔
1507
                                                                UUID:      dbCommitment.UUID,
3✔
1508
                                                                OldStatus: Some(dbCommitment.Status),
3✔
1509
                                                                NewStatus: None[liquid.CommitmentStatus](),
3✔
1510
                                                                Amount:    dbCommitment.Amount,
3✔
1511
                                                                ConfirmBy: dbCommitment.ConfirmBy,
3✔
1512
                                                                ExpiresAt: dbCommitment.ExpiresAt,
3✔
1513
                                                        },
3✔
1514
                                                },
3✔
1515
                                        },
3✔
1516
                                },
3✔
1517
                        },
3✔
1518
                        targetProject.UUID: {
3✔
1519
                                ProjectMetadata: liquidProjectMetadataFromDBProject(*targetProject, *targetDomain, serviceInfo),
3✔
1520
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
3✔
1521
                                        loc.ResourceName: {
3✔
1522
                                                TotalConfirmedBefore: targetTotalConfirmed,
3✔
1523
                                                TotalConfirmedAfter:  targetTotalConfirmedAfter,
3✔
1524
                                                // TODO: change when introducing "guaranteed" commitments
3✔
1525
                                                TotalGuaranteedBefore: 0,
3✔
1526
                                                TotalGuaranteedAfter:  0,
3✔
1527
                                                Commitments: []liquid.Commitment{
3✔
1528
                                                        {
3✔
1529
                                                                UUID:      dbCommitment.UUID,
3✔
1530
                                                                OldStatus: None[liquid.CommitmentStatus](),
3✔
1531
                                                                NewStatus: Some(dbCommitment.Status),
3✔
1532
                                                                Amount:    dbCommitment.Amount,
3✔
1533
                                                                ConfirmBy: dbCommitment.ConfirmBy,
3✔
1534
                                                                ExpiresAt: dbCommitment.ExpiresAt,
3✔
1535
                                                        },
3✔
1536
                                                },
3✔
1537
                                        },
3✔
1538
                                },
3✔
1539
                        },
3✔
1540
                },
3✔
1541
        }, loc.ServiceType, serviceInfo, tx)
3✔
1542
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1543
                return
×
1544
        }
×
1545
        if commitmentChangeResponse.RejectionReason != "" {
4✔
1546
                evaluateRetryHeader(commitmentChangeResponse, w)
1✔
1547
                http.Error(w, "not enough committable capacity on the receiving side", http.StatusConflict)
1✔
1548
                return
1✔
1549
        }
1✔
1550

1551
        dbCommitment.TransferStatus = ""
2✔
1552
        dbCommitment.TransferToken = None[string]()
2✔
1553
        dbCommitment.ProjectID = targetProject.ID
2✔
1554
        _, err = tx.Update(&dbCommitment)
2✔
1555
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
1556
                return
×
1557
        }
×
1558
        err = tx.Commit()
2✔
1559
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
1560
                return
×
1561
        }
×
1562

1563
        resourceInfo := core.InfoForResource(serviceInfo, loc.ResourceName)
2✔
1564
        c := p.convertCommitmentToDisplayForm(dbCommitment, loc, token, resourceInfo.Unit)
2✔
1565
        p.auditor.Record(audittools.Event{
2✔
1566
                Time:       p.timeNow(),
2✔
1567
                Request:    r,
2✔
1568
                User:       token,
2✔
1569
                ReasonCode: http.StatusAccepted,
2✔
1570
                Action:     cadf.UpdateAction,
2✔
1571
                Target: commitmentEventTarget{
2✔
1572
                        DomainID:    targetDomain.UUID,
2✔
1573
                        DomainName:  targetDomain.Name,
2✔
1574
                        ProjectID:   targetProject.UUID,
2✔
1575
                        ProjectName: targetProject.Name,
2✔
1576
                        Commitments: []limesresources.Commitment{c},
2✔
1577
                },
2✔
1578
        })
2✔
1579

2✔
1580
        respondwith.JSON(w, http.StatusAccepted, map[string]any{"commitment": c})
2✔
1581
}
1582

1583
// GetCommitmentConversion handles GET /v1/commitment-conversion/{service_type}/{resource_name}
1584
func (p *v1Provider) GetCommitmentConversions(w http.ResponseWriter, r *http.Request) {
3✔
1585
        httpapi.IdentifyEndpoint(r, "/v1/commitment-conversion/:service_type/:resource_name")
3✔
1586
        token := p.CheckToken(r)
3✔
1587
        if !token.Require(w, "cluster:show_basic") {
3✔
1588
                return
×
1589
        }
×
1590

1591
        // TODO v2 API: This endpoint should be project-scoped in order to make it
1592
        // easier to select the correct domain scope for the CommitmentBehavior.
1593
        forTokenScope := func(behavior core.CommitmentBehavior) core.ScopedCommitmentBehavior {
25✔
1594
                name := cmp.Or(token.ProjectScopeDomainName(), token.DomainScopeName(), "")
22✔
1595
                if name != "" {
44✔
1596
                        return behavior.ForDomain(name)
22✔
1597
                }
22✔
1598
                return behavior.ForCluster()
×
1599
        }
1600

1601
        // validate request
1602
        vars := mux.Vars(r)
3✔
1603
        serviceInfos, err := p.Cluster.AllServiceInfos()
3✔
1604
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1605
                return
×
1606
        }
×
1607

1608
        nm := core.BuildResourceNameMapping(p.Cluster, serviceInfos)
3✔
1609
        sourceServiceType, sourceResourceName, exists := nm.MapFromV1API(
3✔
1610
                limes.ServiceType(vars["service_type"]),
3✔
1611
                limesresources.ResourceName(vars["resource_name"]),
3✔
1612
        )
3✔
1613
        if !exists {
3✔
1614
                msg := fmt.Sprintf("no such service and/or resource: %s/%s", vars["service_type"], vars["resource_name"])
×
1615
                http.Error(w, msg, http.StatusUnprocessableEntity)
×
1616
                return
×
1617
        }
×
1618
        sourceBehavior := forTokenScope(p.Cluster.CommitmentBehaviorForResource(sourceServiceType, sourceResourceName))
3✔
1619

3✔
1620
        serviceInfo := core.InfoForService(serviceInfos, sourceServiceType)
3✔
1621
        sourceResInfo := core.InfoForResource(serviceInfo, sourceResourceName)
3✔
1622

3✔
1623
        // enumerate possible conversions
3✔
1624
        conversions := make([]limesresources.CommitmentConversionRule, 0)
3✔
1625
        if sourceBehavior.ConversionRule.IsSome() {
6✔
1626
                for _, targetServiceType := range slices.Sorted(maps.Keys(serviceInfos)) {
15✔
1627
                        for targetResourceName, targetResInfo := range serviceInfos[targetServiceType].Resources {
51✔
1628
                                if sourceServiceType == targetServiceType && sourceResourceName == targetResourceName {
42✔
1629
                                        continue
3✔
1630
                                }
1631
                                if sourceResInfo.Unit != targetResInfo.Unit {
53✔
1632
                                        continue
17✔
1633
                                }
1634

1635
                                targetBehavior := forTokenScope(p.Cluster.CommitmentBehaviorForResource(targetServiceType, targetResourceName))
19✔
1636
                                if rate, ok := sourceBehavior.GetConversionRateTo(targetBehavior).Unpack(); ok {
22✔
1637
                                        apiServiceType, apiResourceName, ok := nm.MapToV1API(targetServiceType, targetResourceName)
3✔
1638
                                        if ok {
6✔
1639
                                                conversions = append(conversions, limesresources.CommitmentConversionRule{
3✔
1640
                                                        FromAmount:     rate.FromAmount,
3✔
1641
                                                        ToAmount:       rate.ToAmount,
3✔
1642
                                                        TargetService:  apiServiceType,
3✔
1643
                                                        TargetResource: apiResourceName,
3✔
1644
                                                })
3✔
1645
                                        }
3✔
1646
                                }
1647
                        }
1648
                }
1649
        }
1650

1651
        // use a defined sorting to ensure deterministic behavior in tests
1652
        slices.SortFunc(conversions, func(lhs, rhs limesresources.CommitmentConversionRule) int {
4✔
1653
                result := strings.Compare(string(lhs.TargetService), string(rhs.TargetService))
1✔
1654
                if result != 0 {
1✔
1655
                        return result
×
1656
                }
×
1657
                return strings.Compare(string(lhs.TargetResource), string(rhs.TargetResource))
1✔
1658
        })
1659

1660
        respondwith.JSON(w, http.StatusOK, map[string]any{"conversions": conversions})
3✔
1661
}
1662

1663
// ConvertCommitment handles POST /v1/domains/{domain_id}/projects/{project_id}/commitments/{commitment_id}/convert
1664
func (p *v1Provider) ConvertCommitment(w http.ResponseWriter, r *http.Request) {
9✔
1665
        httpapi.IdentifyEndpoint(r, "/v1/domains/:domain_id/projects/:project_id/commitments/:commitment_id/convert")
9✔
1666
        token := p.CheckToken(r)
9✔
1667
        if !token.Require(w, "project:edit") {
9✔
1668
                return
×
1669
        }
×
1670
        commitmentID := mux.Vars(r)["commitment_id"]
9✔
1671
        if commitmentID == "" {
9✔
1672
                http.Error(w, "no commitment_id provided", http.StatusBadRequest)
×
1673
                return
×
1674
        }
×
1675
        dbDomain := p.FindDomainFromRequest(w, r)
9✔
1676
        if dbDomain == nil {
9✔
1677
                return
×
1678
        }
×
1679
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
9✔
1680
        if dbProject == nil {
9✔
1681
                return
×
1682
        }
×
1683

1684
        // section: sourceBehavior
1685
        var dbCommitment db.ProjectCommitment
9✔
1686
        err := p.DB.SelectOne(&dbCommitment, findProjectCommitmentByIDQuery, commitmentID, dbProject.ID)
9✔
1687
        if errors.Is(err, sql.ErrNoRows) {
10✔
1688
                http.Error(w, "no such commitment", http.StatusNotFound)
1✔
1689
                return
1✔
1690
        } else if respondwith.ObfuscatedErrorText(w, err) {
9✔
1691
                return
×
1692
        }
×
1693
        var (
8✔
1694
                sourceLoc            core.AZResourceLocation
8✔
1695
                sourceTotalConfirmed uint64
8✔
1696
        )
8✔
1697
        err = p.DB.QueryRow(findAZResourceLocationByIDQuery, dbCommitment.AZResourceID, dbProject.ID).
8✔
1698
                Scan(&sourceLoc.ServiceType, &sourceLoc.ResourceName, &sourceLoc.AvailabilityZone, &sourceTotalConfirmed)
8✔
1699
        if errors.Is(err, sql.ErrNoRows) {
8✔
1700
                // defense in depth: this should not happen because all the relevant tables are connected by FK constraints
×
1701
                http.Error(w, "no route to this commitment", http.StatusNotFound)
×
1702
                return
×
1703
        } else if respondwith.ObfuscatedErrorText(w, err) {
8✔
1704
                return
×
1705
        }
×
1706
        sourceBehavior := p.Cluster.CommitmentBehaviorForResource(sourceLoc.ServiceType, sourceLoc.ResourceName).ForDomain(dbDomain.Name)
8✔
1707

8✔
1708
        // section: targetBehavior
8✔
1709
        var parseTarget struct {
8✔
1710
                Request struct {
8✔
1711
                        TargetService  limes.ServiceType           `json:"target_service"`
8✔
1712
                        TargetResource limesresources.ResourceName `json:"target_resource"`
8✔
1713
                        SourceAmount   uint64                      `json:"source_amount"`
8✔
1714
                        TargetAmount   uint64                      `json:"target_amount"`
8✔
1715
                } `json:"commitment"`
8✔
1716
        }
8✔
1717
        if !RequireJSON(w, r, &parseTarget) {
8✔
1718
                return
×
1719
        }
×
1720
        req := parseTarget.Request
8✔
1721
        serviceInfos, err := p.Cluster.AllServiceInfos()
8✔
1722
        if respondwith.ObfuscatedErrorText(w, err) {
8✔
1723
                return
×
1724
        }
×
1725
        nm := core.BuildResourceNameMapping(p.Cluster, serviceInfos)
8✔
1726
        targetServiceType, targetResourceName, exists := nm.MapFromV1API(req.TargetService, req.TargetResource)
8✔
1727
        if !exists {
8✔
1728
                msg := fmt.Sprintf("no such service and/or resource: %s/%s", req.TargetService, req.TargetResource)
×
1729
                http.Error(w, msg, http.StatusUnprocessableEntity)
×
1730
                return
×
1731
        }
×
1732
        targetBehavior := p.Cluster.CommitmentBehaviorForResource(targetServiceType, targetResourceName).ForDomain(dbDomain.Name)
8✔
1733
        if sourceLoc.ResourceName == targetResourceName && sourceLoc.ServiceType == targetServiceType {
9✔
1734
                http.Error(w, "conversion attempt to the same resource.", http.StatusConflict)
1✔
1735
                return
1✔
1736
        }
1✔
1737
        if len(targetBehavior.Durations) == 0 {
7✔
1738
                msg := fmt.Sprintf("commitments are not enabled for resource %s/%s", req.TargetService, req.TargetResource)
×
1739
                http.Error(w, msg, http.StatusUnprocessableEntity)
×
1740
                return
×
1741
        }
×
1742
        rate, ok := sourceBehavior.GetConversionRateTo(targetBehavior).Unpack()
7✔
1743
        if !ok {
8✔
1744
                msg := fmt.Sprintf("commitment is not convertible into resource %s/%s", req.TargetService, req.TargetResource)
1✔
1745
                http.Error(w, msg, http.StatusUnprocessableEntity)
1✔
1746
                return
1✔
1747
        }
1✔
1748

1749
        // section: conversion
1750
        if req.SourceAmount > dbCommitment.Amount {
6✔
1751
                msg := fmt.Sprintf("unprocessable source amount. provided: %v, commitment: %v", req.SourceAmount, dbCommitment.Amount)
×
1752
                http.Error(w, msg, http.StatusConflict)
×
1753
                return
×
1754
        }
×
1755
        conversionAmount := (req.SourceAmount / rate.FromAmount) * rate.ToAmount
6✔
1756
        remainderAmount := req.SourceAmount % rate.FromAmount
6✔
1757
        if remainderAmount > 0 {
8✔
1758
                msg := fmt.Sprintf("amount: %v does not fit into conversion rate of: %v", req.SourceAmount, rate.FromAmount)
2✔
1759
                http.Error(w, msg, http.StatusConflict)
2✔
1760
                return
2✔
1761
        }
2✔
1762
        if conversionAmount != req.TargetAmount {
5✔
1763
                msg := fmt.Sprintf("conversion mismatch. provided: %v, calculated: %v", req.TargetAmount, conversionAmount)
1✔
1764
                http.Error(w, msg, http.StatusConflict)
1✔
1765
                return
1✔
1766
        }
1✔
1767

1768
        tx, err := p.DB.Begin()
3✔
1769
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1770
                return
×
1771
        }
×
1772
        defer sqlext.RollbackUnlessCommitted(tx)
3✔
1773

3✔
1774
        var (
3✔
1775
                targetAZResourceID        db.AZResourceID
3✔
1776
                resourceAllowsCommitments bool
3✔
1777
                targetTotalConfirmed      uint64
3✔
1778
        )
3✔
1779
        err = p.DB.QueryRow(findAZResourceIDByLocationQuery, dbProject.ID, targetServiceType, targetResourceName, sourceLoc.AvailabilityZone).
3✔
1780
                Scan(&targetAZResourceID, &resourceAllowsCommitments, &targetTotalConfirmed)
3✔
1781
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1782
                return
×
1783
        }
×
1784
        // defense in depth. ServiceType and ResourceName of source and target are already checked. Here it's possible to explicitly check the ID's.
1785
        if dbCommitment.AZResourceID == targetAZResourceID {
3✔
1786
                http.Error(w, "conversion attempt to the same resource.", http.StatusConflict)
×
1787
                return
×
1788
        }
×
1789
        if !resourceAllowsCommitments {
3✔
1790
                msg := fmt.Sprintf("resource %s/%s is not enabled in this project", targetServiceType, targetResourceName)
×
1791
                http.Error(w, msg, http.StatusUnprocessableEntity)
×
1792
                return
×
1793
        }
×
1794
        targetLoc := core.AZResourceLocation{
3✔
1795
                ServiceType:      sourceLoc.ServiceType,
3✔
1796
                ResourceName:     targetResourceName,
3✔
1797
                AvailabilityZone: sourceLoc.AvailabilityZone,
3✔
1798
        }
3✔
1799
        serviceInfo := core.InfoForService(serviceInfos, sourceLoc.ServiceType)
3✔
1800
        remainingAmount := dbCommitment.Amount - req.SourceAmount
3✔
1801
        var remainingCommitment db.ProjectCommitment
3✔
1802

3✔
1803
        // old commitment is always superseded
3✔
1804
        sourceCommitments := []liquid.Commitment{
3✔
1805
                {
3✔
1806
                        UUID:      dbCommitment.UUID,
3✔
1807
                        OldStatus: Some(dbCommitment.Status),
3✔
1808
                        NewStatus: Some(liquid.CommitmentStatusSuperseded),
3✔
1809
                        Amount:    dbCommitment.Amount,
3✔
1810
                        ConfirmBy: dbCommitment.ConfirmBy,
3✔
1811
                        ExpiresAt: dbCommitment.ExpiresAt,
3✔
1812
                },
3✔
1813
        }
3✔
1814
        // when there is a remaining amount, we must request to add this
3✔
1815
        if remainingAmount > 0 {
4✔
1816
                remainingCommitment, err = p.buildSplitCommitment(dbCommitment, remainingAmount)
1✔
1817
                if respondwith.ObfuscatedErrorText(w, err) {
1✔
1818
                        return
×
1819
                }
×
1820
                sourceCommitments = append(sourceCommitments, liquid.Commitment{
1✔
1821
                        UUID:      remainingCommitment.UUID,
1✔
1822
                        OldStatus: None[liquid.CommitmentStatus](),
1✔
1823
                        NewStatus: Some(remainingCommitment.Status),
1✔
1824
                        Amount:    remainingCommitment.Amount,
1✔
1825
                        ConfirmBy: remainingCommitment.ConfirmBy,
1✔
1826
                        ExpiresAt: remainingCommitment.ExpiresAt,
1✔
1827
                })
1✔
1828
        }
1829
        convertedCommitment, err := p.buildConvertedCommitment(dbCommitment, targetAZResourceID, conversionAmount)
3✔
1830
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1831
                return
×
1832
        }
×
1833

1834
        sourceTotalConfirmedAfter := sourceTotalConfirmed
3✔
1835
        targetTotalConfirmedAfter := targetTotalConfirmed
3✔
1836
        if dbCommitment.ConfirmedAt.IsSome() {
5✔
1837
                sourceTotalConfirmedAfter -= req.SourceAmount
2✔
1838
                targetTotalConfirmedAfter += req.TargetAmount
2✔
1839
        }
2✔
1840

1841
        commitmentChangeRequest := liquid.CommitmentChangeRequest{
3✔
1842
                AZ:          sourceLoc.AvailabilityZone,
3✔
1843
                InfoVersion: serviceInfo.Version,
3✔
1844
                ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
3✔
1845
                        dbProject.UUID: {
3✔
1846
                                ProjectMetadata: liquidProjectMetadataFromDBProject(*dbProject, *dbDomain, serviceInfo),
3✔
1847
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
3✔
1848
                                        sourceLoc.ResourceName: {
3✔
1849
                                                TotalConfirmedBefore: sourceTotalConfirmed,
3✔
1850
                                                TotalConfirmedAfter:  sourceTotalConfirmedAfter,
3✔
1851
                                                // TODO: change when introducing "guaranteed" commitments
3✔
1852
                                                TotalGuaranteedBefore: 0,
3✔
1853
                                                TotalGuaranteedAfter:  0,
3✔
1854
                                                Commitments:           sourceCommitments,
3✔
1855
                                        },
3✔
1856
                                        targetLoc.ResourceName: {
3✔
1857
                                                TotalConfirmedBefore: targetTotalConfirmed,
3✔
1858
                                                TotalConfirmedAfter:  targetTotalConfirmedAfter,
3✔
1859
                                                // TODO: change when introducing "guaranteed" commitments
3✔
1860
                                                TotalGuaranteedBefore: 0,
3✔
1861
                                                TotalGuaranteedAfter:  0,
3✔
1862
                                                Commitments: []liquid.Commitment{
3✔
1863
                                                        {
3✔
1864
                                                                UUID:      convertedCommitment.UUID,
3✔
1865
                                                                OldStatus: None[liquid.CommitmentStatus](),
3✔
1866
                                                                NewStatus: Some(convertedCommitment.Status),
3✔
1867
                                                                Amount:    convertedCommitment.Amount,
3✔
1868
                                                                ConfirmBy: convertedCommitment.ConfirmBy,
3✔
1869
                                                                ExpiresAt: convertedCommitment.ExpiresAt,
3✔
1870
                                                        },
3✔
1871
                                                },
3✔
1872
                                        },
3✔
1873
                                },
3✔
1874
                        },
3✔
1875
                },
3✔
1876
        }
3✔
1877
        commitmentChangeResponse, err := p.DelegateChangeCommitments(r.Context(), commitmentChangeRequest, sourceLoc.ServiceType, serviceInfo, tx)
3✔
1878
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
1879
                return
×
1880
        }
×
1881

1882
        // only check acceptance by liquid when old commitment was confirmed, unconfirmed commitments can be moved without acceptance
1883
        if commitmentChangeRequest.RequiresConfirmation() && commitmentChangeResponse.RejectionReason != "" {
4✔
1884
                evaluateRetryHeader(commitmentChangeResponse, w)
1✔
1885
                http.Error(w, "not enough capacity to confirm the commitment", http.StatusUnprocessableEntity)
1✔
1886
                return
1✔
1887
        }
1✔
1888

1889
        auditEvent := commitmentEventTarget{
2✔
1890
                DomainID:    dbDomain.UUID,
2✔
1891
                DomainName:  dbDomain.Name,
2✔
1892
                ProjectID:   dbProject.UUID,
2✔
1893
                ProjectName: dbProject.Name,
2✔
1894
        }
2✔
1895

2✔
1896
        var (
2✔
1897
                relatedCommitmentIDs   []db.ProjectCommitmentID
2✔
1898
                relatedCommitmentUUIDs []liquid.CommitmentUUID
2✔
1899
        )
2✔
1900
        resourceInfo := core.InfoForResource(serviceInfo, sourceLoc.ResourceName)
2✔
1901
        if remainingAmount > 0 {
3✔
1902
                relatedCommitmentIDs = append(relatedCommitmentIDs, remainingCommitment.ID)
1✔
1903
                relatedCommitmentUUIDs = append(relatedCommitmentUUIDs, remainingCommitment.UUID)
1✔
1904
                err = tx.Insert(&remainingCommitment)
1✔
1905
                if respondwith.ObfuscatedErrorText(w, err) {
1✔
1906
                        return
×
1907
                }
×
1908
                auditEvent.Commitments = append(auditEvent.Commitments,
1✔
1909
                        p.convertCommitmentToDisplayForm(remainingCommitment, sourceLoc, token, resourceInfo.Unit),
1✔
1910
                )
1✔
1911
        }
1912

1913
        relatedCommitmentIDs = append(relatedCommitmentIDs, convertedCommitment.ID)
2✔
1914
        relatedCommitmentUUIDs = append(relatedCommitmentUUIDs, convertedCommitment.UUID)
2✔
1915
        err = tx.Insert(&convertedCommitment)
2✔
1916
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
1917
                return
×
1918
        }
×
1919

1920
        // supersede the original commitment
1921
        now := p.timeNow()
2✔
1922
        supersedeContext := db.CommitmentWorkflowContext{
2✔
1923
                Reason:                 db.CommitmentReasonConvert,
2✔
1924
                RelatedCommitmentIDs:   relatedCommitmentIDs,
2✔
1925
                RelatedCommitmentUUIDs: relatedCommitmentUUIDs,
2✔
1926
        }
2✔
1927
        buf, err := json.Marshal(supersedeContext)
2✔
1928
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
1929
                return
×
1930
        }
×
1931
        dbCommitment.Status = liquid.CommitmentStatusSuperseded
2✔
1932
        dbCommitment.SupersededAt = Some(now)
2✔
1933
        dbCommitment.SupersedeContextJSON = Some(json.RawMessage(buf))
2✔
1934
        _, err = tx.Update(&dbCommitment)
2✔
1935
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
1936
                return
×
1937
        }
×
1938

1939
        err = tx.Commit()
2✔
1940
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
1941
                return
×
1942
        }
×
1943

1944
        c := p.convertCommitmentToDisplayForm(convertedCommitment, targetLoc, token, resourceInfo.Unit)
2✔
1945
        auditEvent.Commitments = append([]limesresources.Commitment{c}, auditEvent.Commitments...)
2✔
1946
        auditEvent.WorkflowContext = Some(db.CommitmentWorkflowContext{
2✔
1947
                Reason:                 db.CommitmentReasonSplit,
2✔
1948
                RelatedCommitmentIDs:   []db.ProjectCommitmentID{dbCommitment.ID},
2✔
1949
                RelatedCommitmentUUIDs: []liquid.CommitmentUUID{dbCommitment.UUID},
2✔
1950
        })
2✔
1951
        p.auditor.Record(audittools.Event{
2✔
1952
                Time:       p.timeNow(),
2✔
1953
                Request:    r,
2✔
1954
                User:       token,
2✔
1955
                ReasonCode: http.StatusAccepted,
2✔
1956
                Action:     cadf.UpdateAction,
2✔
1957
                Target:     auditEvent,
2✔
1958
        })
2✔
1959

2✔
1960
        respondwith.JSON(w, http.StatusAccepted, map[string]any{"commitment": c})
2✔
1961
}
1962

1963
// ExtendCommitmentDuration handles POST /v1/domains/{domain_id}/projects/{project_id}/commitments/{commitment_id}/update-duration
1964
func (p *v1Provider) UpdateCommitmentDuration(w http.ResponseWriter, r *http.Request) {
7✔
1965
        httpapi.IdentifyEndpoint(r, "/v1/domains/:domain_id/projects/:project_id/commitments/:commitment_id/update-duration")
7✔
1966
        token := p.CheckToken(r)
7✔
1967
        if !token.Require(w, "project:edit") {
7✔
1968
                return
×
1969
        }
×
1970
        commitmentID := mux.Vars(r)["commitment_id"]
7✔
1971
        if commitmentID == "" {
7✔
1972
                http.Error(w, "no transfer token provided", http.StatusBadRequest)
×
1973
                return
×
1974
        }
×
1975
        dbDomain := p.FindDomainFromRequest(w, r)
7✔
1976
        if dbDomain == nil {
7✔
1977
                return
×
1978
        }
×
1979
        dbProject := p.FindProjectFromRequest(w, r, dbDomain)
7✔
1980
        if dbProject == nil {
7✔
1981
                return
×
1982
        }
×
1983
        var Request struct {
7✔
1984
                Duration limesresources.CommitmentDuration `json:"duration"`
7✔
1985
        }
7✔
1986
        req := Request
7✔
1987
        if !RequireJSON(w, r, &req) {
7✔
1988
                return
×
1989
        }
×
1990

1991
        var dbCommitment db.ProjectCommitment
7✔
1992
        err := p.DB.SelectOne(&dbCommitment, findProjectCommitmentByIDQuery, commitmentID, dbProject.ID)
7✔
1993
        if errors.Is(err, sql.ErrNoRows) {
7✔
1994
                http.Error(w, "no such commitment", http.StatusNotFound)
×
1995
                return
×
1996
        } else if respondwith.ObfuscatedErrorText(w, err) {
7✔
1997
                return
×
1998
        }
×
1999

2000
        now := p.timeNow()
7✔
2001
        if dbCommitment.ExpiresAt.Before(now) || dbCommitment.ExpiresAt.Equal(now) {
8✔
2002
                http.Error(w, "unable to process expired commitment", http.StatusForbidden)
1✔
2003
                return
1✔
2004
        }
1✔
2005

2006
        if dbCommitment.Status == liquid.CommitmentStatusSuperseded {
7✔
2007
                msg := fmt.Sprintf("unable to operate on commitment with a status of %s", dbCommitment.Status)
1✔
2008
                http.Error(w, msg, http.StatusForbidden)
1✔
2009
                return
1✔
2010
        }
1✔
2011

2012
        var (
5✔
2013
                loc            core.AZResourceLocation
5✔
2014
                totalConfirmed uint64
5✔
2015
        )
5✔
2016
        err = p.DB.QueryRow(findAZResourceLocationByIDQuery, dbCommitment.AZResourceID, dbProject.ID).
5✔
2017
                Scan(&loc.ServiceType, &loc.ResourceName, &loc.AvailabilityZone, &totalConfirmed)
5✔
2018
        if errors.Is(err, sql.ErrNoRows) {
5✔
2019
                // defense in depth: this should not happen because all the relevant tables are connected by FK constraints
×
2020
                http.Error(w, "no route to this commitment", http.StatusNotFound)
×
2021
                return
×
2022
        } else if respondwith.ObfuscatedErrorText(w, err) {
5✔
2023
                return
×
2024
        }
×
2025
        behavior := p.Cluster.CommitmentBehaviorForResource(loc.ServiceType, loc.ResourceName).ForDomain(dbDomain.Name)
5✔
2026
        if !slices.Contains(behavior.Durations, req.Duration) {
6✔
2027
                msg := fmt.Sprintf("provided duration: %s does not match the config %v", req.Duration, behavior.Durations)
1✔
2028
                http.Error(w, msg, http.StatusUnprocessableEntity)
1✔
2029
                return
1✔
2030
        }
1✔
2031

2032
        newExpiresAt := req.Duration.AddTo(dbCommitment.ConfirmBy.UnwrapOr(dbCommitment.CreatedAt))
4✔
2033
        if newExpiresAt.Before(dbCommitment.ExpiresAt) {
5✔
2034
                msg := fmt.Sprintf("duration change from %s to %s forbidden", dbCommitment.Duration, req.Duration)
1✔
2035
                http.Error(w, msg, http.StatusForbidden)
1✔
2036
                return
1✔
2037
        }
1✔
2038

2039
        maybeServiceInfo, err := p.Cluster.InfoForService(loc.ServiceType)
3✔
2040
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
2041
                return
×
2042
        }
×
2043
        serviceInfo, ok := maybeServiceInfo.Unpack()
3✔
2044
        if !ok {
3✔
2045
                http.Error(w, "service not found", http.StatusNotFound)
×
2046
                return
×
2047
        }
×
2048

2049
        // might only reject in the remote-case, locally we accept extensions as limes does not know future capacity
2050
        commitmentChangeResponse, err := p.DelegateChangeCommitments(r.Context(), liquid.CommitmentChangeRequest{
3✔
2051
                AZ:          loc.AvailabilityZone,
3✔
2052
                InfoVersion: serviceInfo.Version,
3✔
2053
                ByProject: map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset{
3✔
2054
                        dbProject.UUID: {
3✔
2055
                                ProjectMetadata: liquidProjectMetadataFromDBProject(*dbProject, *dbDomain, serviceInfo),
3✔
2056
                                ByResource: map[liquid.ResourceName]liquid.ResourceCommitmentChangeset{
3✔
2057
                                        loc.ResourceName: {
3✔
2058
                                                TotalConfirmedBefore: totalConfirmed,
3✔
2059
                                                TotalConfirmedAfter:  totalConfirmed,
3✔
2060
                                                // TODO: change when introducing "guaranteed" commitments
3✔
2061
                                                TotalGuaranteedBefore: 0,
3✔
2062
                                                TotalGuaranteedAfter:  0,
3✔
2063
                                                Commitments: []liquid.Commitment{
3✔
2064
                                                        {
3✔
2065
                                                                UUID:         dbCommitment.UUID,
3✔
2066
                                                                OldStatus:    Some(dbCommitment.Status),
3✔
2067
                                                                NewStatus:    Some(dbCommitment.Status),
3✔
2068
                                                                Amount:       dbCommitment.Amount,
3✔
2069
                                                                ConfirmBy:    dbCommitment.ConfirmBy,
3✔
2070
                                                                ExpiresAt:    newExpiresAt,
3✔
2071
                                                                OldExpiresAt: Some(dbCommitment.ExpiresAt.Local()),
3✔
2072
                                                        },
3✔
2073
                                                },
3✔
2074
                                        },
3✔
2075
                                },
3✔
2076
                        },
3✔
2077
                },
3✔
2078
        }, loc.ServiceType, serviceInfo, p.DB)
3✔
2079
        if respondwith.ObfuscatedErrorText(w, err) {
3✔
2080
                return
×
2081
        }
×
2082

2083
        dbCommitment.Duration = req.Duration
3✔
2084
        dbCommitment.ExpiresAt = newExpiresAt
3✔
2085
        if commitmentChangeResponse.RejectionReason != "" {
4✔
2086
                evaluateRetryHeader(commitmentChangeResponse, w)
1✔
2087
                http.Error(w, commitmentChangeResponse.RejectionReason, http.StatusConflict)
1✔
2088
                return
1✔
2089
        }
1✔
2090

2091
        _, err = p.DB.Update(&dbCommitment)
2✔
2092
        if respondwith.ObfuscatedErrorText(w, err) {
2✔
2093
                return
×
2094
        }
×
2095

2096
        resourceInfo := core.InfoForResource(serviceInfo, loc.ResourceName)
2✔
2097
        c := p.convertCommitmentToDisplayForm(dbCommitment, loc, token, resourceInfo.Unit)
2✔
2098
        p.auditor.Record(audittools.Event{
2✔
2099
                Time:       p.timeNow(),
2✔
2100
                Request:    r,
2✔
2101
                User:       token,
2✔
2102
                ReasonCode: http.StatusOK,
2✔
2103
                Action:     cadf.UpdateAction,
2✔
2104
                Target: commitmentEventTarget{
2✔
2105
                        DomainID:    dbDomain.UUID,
2✔
2106
                        DomainName:  dbDomain.Name,
2✔
2107
                        ProjectID:   dbProject.UUID,
2✔
2108
                        ProjectName: dbProject.Name,
2✔
2109
                        Commitments: []limesresources.Commitment{c},
2✔
2110
                },
2✔
2111
        })
2✔
2112

2✔
2113
        respondwith.JSON(w, http.StatusOK, map[string]any{"commitment": c})
2✔
2114
}
2115

2116
// DelegateChangeCommitments decides whether LiquidClient.ChangeCommitments() should be called,
2117
// depending on the setting of liquid.ResourceInfo.HandlesCommitments. If not, it routes the
2118
// operation to be performed locally on the database. In case the LiquidConnection is not filled,
2119
// a LiquidClient is instantiated on the fly to perform the operation. It utilizes a given ServiceInfo so that no
2120
// double retrieval is necessary caused by operations to assemble the liquid.CommitmentChange.
2121
func (p *v1Provider) DelegateChangeCommitments(ctx context.Context, req liquid.CommitmentChangeRequest, serviceType db.ServiceType, serviceInfo liquid.ServiceInfo, dbi db.Interface) (result liquid.CommitmentChangeResponse, err error) {
49✔
2122
        localCommitmentChanges := liquid.CommitmentChangeRequest{
49✔
2123
                DryRun:      req.DryRun,
49✔
2124
                AZ:          req.AZ,
49✔
2125
                InfoVersion: req.InfoVersion,
49✔
2126
                ByProject:   make(map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset),
49✔
2127
        }
49✔
2128
        remoteCommitmentChanges := liquid.CommitmentChangeRequest{
49✔
2129
                DryRun:      req.DryRun,
49✔
2130
                AZ:          req.AZ,
49✔
2131
                InfoVersion: req.InfoVersion,
49✔
2132
                ByProject:   make(map[liquid.ProjectUUID]liquid.ProjectCommitmentChangeset),
49✔
2133
        }
49✔
2134
        for projectUUID, projectCommitmentChangeset := range req.ByProject {
101✔
2135
                for resourceName, resourceCommitmentChangeset := range projectCommitmentChangeset.ByResource {
107✔
2136
                        // this is just to make the tests deterministic because time.Local != local IANA time (after parsing)
55✔
2137
                        for i, commitment := range resourceCommitmentChangeset.Commitments {
117✔
2138
                                commitment.ExpiresAt = commitment.ExpiresAt.Local()
62✔
2139
                                commitment.ConfirmBy = options.Map(commitment.ConfirmBy, time.Time.Local)
62✔
2140
                                resourceCommitmentChangeset.Commitments[i] = commitment
62✔
2141
                        }
62✔
2142

2143
                        if serviceInfo.Resources[resourceName].HandlesCommitments {
109✔
2144
                                _, exists := remoteCommitmentChanges.ByProject[projectUUID]
54✔
2145
                                if !exists {
105✔
2146
                                        remoteCommitmentChanges.ByProject[projectUUID] = liquid.ProjectCommitmentChangeset{
51✔
2147
                                                ByResource: make(map[liquid.ResourceName]liquid.ResourceCommitmentChangeset),
51✔
2148
                                        }
51✔
2149
                                }
51✔
2150
                                remoteCommitmentChanges.ByProject[projectUUID].ByResource[resourceName] = resourceCommitmentChangeset
54✔
2151
                                continue
54✔
2152
                        }
2153
                        _, exists := localCommitmentChanges.ByProject[projectUUID]
1✔
2154
                        if !exists {
2✔
2155
                                localCommitmentChanges.ByProject[projectUUID] = liquid.ProjectCommitmentChangeset{
1✔
2156
                                        ByResource: make(map[liquid.ResourceName]liquid.ResourceCommitmentChangeset),
1✔
2157
                                }
1✔
2158
                        }
1✔
2159
                        localCommitmentChanges.ByProject[projectUUID].ByResource[resourceName] = resourceCommitmentChangeset
1✔
2160
                }
2161
        }
2162
        for projectUUID, projectCommitmentChangeset := range localCommitmentChanges.ByProject {
50✔
2163
                if serviceInfo.CommitmentHandlingNeedsProjectMetadata {
1✔
2164
                        pcs := projectCommitmentChangeset
×
2165
                        pcs.ProjectMetadata = req.ByProject[projectUUID].ProjectMetadata
×
2166
                        localCommitmentChanges.ByProject[projectUUID] = pcs
×
2167
                }
×
2168
        }
2169
        for projectUUID, remoteCommitmentChangeset := range remoteCommitmentChanges.ByProject {
100✔
2170
                if serviceInfo.CommitmentHandlingNeedsProjectMetadata {
51✔
2171
                        rcs := remoteCommitmentChangeset
×
2172
                        rcs.ProjectMetadata = req.ByProject[projectUUID].ProjectMetadata
×
2173
                        remoteCommitmentChanges.ByProject[projectUUID] = rcs
×
2174
                }
×
2175
        }
2176

2177
        // check remote
2178
        if len(remoteCommitmentChanges.ByProject) != 0 {
97✔
2179
                var liquidClient core.LiquidClient
48✔
2180
                c := p.Cluster
48✔
2181
                if len(c.LiquidConnections) == 0 {
96✔
2182
                        // find the right ServiceType
48✔
2183
                        liquidClient, err = core.NewLiquidClient(c.Provider, c.EO, liquidapi.ClientOpts{ServiceType: "liquid-" + string(serviceType)})
48✔
2184
                        if err != nil {
48✔
NEW
2185
                                return result, fmt.Errorf("failed to create LiquidClient for service %s: %w", serviceType, err)
×
2186
                        }
×
2187
                } else {
×
2188
                        liquidClient = c.LiquidConnections[serviceType].LiquidClient
×
2189
                }
×
2190
                commitmentChangeResponse, err := liquidClient.ChangeCommitments(ctx, remoteCommitmentChanges)
48✔
2191
                if err != nil {
48✔
2192
                        return result, fmt.Errorf("failed to retrieve liquid ChangeCommitment response for service %s: %w", serviceType, err)
×
2193
                }
×
2194
                if commitmentChangeResponse.RejectionReason != "" {
53✔
2195
                        return commitmentChangeResponse, nil
5✔
2196
                }
5✔
2197
        }
2198

2199
        // check local
2200
        if len(localCommitmentChanges.ByProject) != 0 {
45✔
2201
                canAcceptLocally, err := datamodel.CanAcceptCommitmentChangeRequest(localCommitmentChanges, serviceType, p.Cluster, dbi)
1✔
2202
                if err != nil {
1✔
2203
                        return result, fmt.Errorf("failed to check local ChangeCommitment: %w", err)
×
2204
                }
×
2205
                if !canAcceptLocally {
1✔
2206
                        return liquid.CommitmentChangeResponse{
×
2207
                                RejectionReason: "not enough capacity!",
×
2208
                                RetryAt:         None[time.Time](),
×
2209
                        }, nil
×
2210
                }
×
2211
        }
2212

2213
        return result, nil
44✔
2214
}
2215

2216
func liquidProjectMetadataFromDBProject(dbProject db.Project, domain db.Domain, serviceInfo liquid.ServiceInfo) Option[liquid.ProjectMetadata] {
52✔
2217
        if !serviceInfo.CommitmentHandlingNeedsProjectMetadata {
104✔
2218
                return None[liquid.ProjectMetadata]()
52✔
2219
        }
52✔
2220
        return Some(core.KeystoneProjectFromDB(dbProject, core.KeystoneDomain{UUID: domain.UUID, Name: domain.Name}).ForLiquid())
×
2221
}
2222

2223
func evaluateRetryHeader(response liquid.CommitmentChangeResponse, w http.ResponseWriter) {
5✔
2224
        if retryAt, exists := response.RetryAt.Unpack(); exists && response.RejectionReason != "" {
5✔
2225
                w.Header().Set("Retry-After", retryAt.Format(time.RFC1123))
×
2226
        }
×
2227
}
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc