more work towards DB versioning

author: Christian Grothoff <christian@grothoff.org> 2020-01-17 01:55:01 +0100
committer: Christian Grothoff <christian@grothoff.org> 2020-01-17 01:55:01 +0100
commit: 8ea2af444feec46e9086bb6c410762b18c7252fe (patch)
tree: 44eea8e4c21956813c19a1b443b1082c51bd3cbe
parent: 5b11d19b678283d6fbc72dc9fb3d5f3cfabc1d92 (diff)
10 files changed, 628 insertions, 38 deletions
diff --git a/doc/prebuilt b/doc/prebuilt
-Subproject ca53235ccfa0458ebf11c204888ca370e20ec3f
+Subproject 934a6a18301e81c4fd1b3a8cda2dc13dca4741c
diff --git a/src/auditordb/0000.sql b/src/auditordb/0000.sql
new file mode 100644
index 00000000..1483e201
--- /dev/null
+++ b/src/auditordb/0000.sql
@@ -0,0 +1,293 @@
+-- LICENSE AND COPYRIGHT
+--
+-- Copyright (C) 2010 Hubert depesz Lubaczewski
+--
+-- This program is distributed under the (Revised) BSD License:
+-- L<http://www.opensource.org/licenses/bsd-license.php>
+--
+-- Redistribution and use in source and binary forms, with or without
+-- modification, are permitted provided that the following conditions
+-- are met:
+--
+-- * Redistributions of source code must retain the above copyright
+-- notice, this list of conditions and the following disclaimer.
+--
+-- * Redistributions in binary form must reproduce the above copyright
+--   notice, this list of conditions and the following disclaimer in the
+--   documentation and/or other materials provided with the distribution.
+--
+-- * Neither the name of Hubert depesz Lubaczewski's Organization
+--   nor the names of its contributors may be used to endorse or
+--   promote products derived from this software without specific
+--   prior written permission.
+--
+-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+-- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+-- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+-- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+-- SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+-- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+-- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+-- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+--
+-- Code origin: https://gitlab.com/depesz/Versioning/blob/master/install.versioning.sql
+--
+--
+-- # NAME
+--
+-- **Versioning** - simplistic take on tracking and applying changes to databases.
+--
+-- # DESCRIPTION
+--
+-- This project strives to provide simple way to manage changes to
+-- database.
+--
+-- Instead of making changes on development server, then finding
+-- differences between production and development, deciding which ones
+-- should be installed on production, and finding a way to install them -
+-- you start with writing diffs themselves!
+--
+-- # INSTALLATION
+--
+-- To install versioning simply run install.versioning.sql in your database
+-- (all of them: production, stage, test, devel, ...).
+--
+-- # USAGE
+--
+-- In your files with patches to database, put whole logic in single
+-- transaction, and use \_v.\* functions - usually \_v.register_patch() at
+-- least to make sure everything is OK.
+--
+-- For example. Let's assume you have patch files:
+--
+-- ## 0001.sql:
+--
+-- ```
+-- create table users (id serial primary key, username text);
+-- ```
+--
+-- ## 0002.sql:
+--
+-- ```
+-- insert into users (username) values ('depesz');
+-- ```
+-- To change it to use versioning you would change the files, to this
+-- state:
+--
+-- 0000.sql:
+--
+-- ```
+-- BEGIN;
+-- select _v.register_patch('000-base', NULL, NULL);
+-- create table users (id serial primary key, username text);
+-- COMMIT;
+-- ```
+--
+-- ## 0002.sql:
+--
+-- ```
+-- BEGIN;
+-- select _v.register_patch('001-users', ARRAY['000-base'], NULL);
+-- insert into users (username) values ('depesz');
+-- COMMIT;
+-- ```
+--
+-- This will make sure that patch 001-users can only be applied after
+-- 000-base.
+--
+-- # AVAILABLE FUNCTIONS
+--
+-- ## \_v.register_patch( TEXT )
+--
+-- Registers named patch, or dies if it is already registered.
+--
+-- Returns integer which is id of patch in \_v.patches table - only if it
+-- succeeded.
+--
+-- ## \_v.register_patch( TEXT, TEXT[] )
+--
+-- Same as \_v.register_patch( TEXT ), but checks is all given patches (given as
+-- array in second argument) are already registered.
+--
+-- ## \_v.register_patch( TEXT, TEXT[], TEXT[] )
+--
+-- Same as \_v.register_patch( TEXT, TEXT[] ), but also checks if there are no conflicts with preexisting patches.
+--
+-- Third argument is array of names of patches that conflict with current one. So
+-- if any of them is installed - register_patch will error out.
+--
+-- ## \_v.unregister_patch( TEXT )
+--
+-- Removes information about given patch from the versioning data.
+--
+-- It doesn't remove objects that were created by this patch - just removes
+-- metainformation.
+--
+-- ## \_v.assert_user_is_superuser()
+--
+-- Make sure that current patch is being loaded by superuser.
+--
+-- If it's not - it will raise exception, and break transaction.
+--
+-- ## \_v.assert_user_is_not_superuser()
+--
+-- Make sure that current patch is not being loaded by superuser.
+--
+-- If it is - it will raise exception, and break transaction.
+--
+-- ## \_v.assert_user_is_one_of(TEXT, TEXT, ... )
+--
+-- Make sure that current patch is being loaded by one of listed users.
+--
+-- If ```current_user``` is not listed as one of arguments - function will raise
+-- exception and break the transaction.
+
+BEGIN;
+
+-- This file adds versioning support to database it will be loaded to.
+-- It requires that PL/pgSQL is already loaded - will raise exception otherwise.
+-- All versioning "stuff" (tables, functions) is in "_v" schema.
+
+-- All functions are defined as 'RETURNS SETOF INT4' to be able to make them to RETURN literaly nothing (0 rows).
+-- >> RETURNS VOID<< IS similar, but it still outputs "empty line" in psql when calling.
+CREATE SCHEMA IF NOT EXISTS _v;
+COMMENT ON SCHEMA _v IS 'Schema for versioning data and functionality.';
+
+CREATE TABLE IF NOT EXISTS _v.patches (
+    patch_name  TEXT        PRIMARY KEY,
+    applied_tsz TIMESTAMPTZ NOT NULL DEFAULT now(),
+    applied_by  TEXT        NOT NULL,
+    requires    TEXT[],
+    conflicts   TEXT[]
+);
+COMMENT ON TABLE _v.patches              IS 'Contains information about what patches are currently applied on database.';
+COMMENT ON COLUMN _v.patches.patch_name  IS 'Name of patch, has to be unique for every patch.';
+COMMENT ON COLUMN _v.patches.applied_tsz IS 'When the patch was applied.';
+COMMENT ON COLUMN _v.patches.applied_by  IS 'Who applied this patch (PostgreSQL username)';
+COMMENT ON COLUMN _v.patches.requires    IS 'List of patches that are required for given patch.';
+COMMENT ON COLUMN _v.patches.conflicts   IS 'List of patches that conflict with given patch.';
+
+CREATE OR REPLACE FUNCTION _v.register_patch( IN in_patch_name TEXT, IN in_requirements TEXT[], in_conflicts TEXT[], OUT versioning INT4 ) RETURNS setof INT4 AS $$
+DECLARE
+    t_text   TEXT;
+    t_text_a TEXT[];
+    i INT4;
+BEGIN
+    -- Thanks to this we know only one patch will be applied at a time
+    LOCK TABLE _v.patches IN EXCLUSIVE MODE;
+
+    SELECT patch_name INTO t_text FROM _v.patches WHERE patch_name = in_patch_name;
+    IF FOUND THEN
+        RAISE EXCEPTION 'Patch % is already applied!', in_patch_name;
+    END IF;
+
+    t_text_a := ARRAY( SELECT patch_name FROM _v.patches WHERE patch_name = any( in_conflicts ) );
+    IF array_upper( t_text_a, 1 ) IS NOT NULL THEN
+        RAISE EXCEPTION 'Versioning patches conflict. Conflicting patche(s) installed: %.', array_to_string( t_text_a, ', ' );
+    END IF;
+
+    IF array_upper( in_requirements, 1 ) IS NOT NULL THEN
+        t_text_a := '{}';
+        FOR i IN array_lower( in_requirements, 1 ) .. array_upper( in_requirements, 1 ) LOOP
+            SELECT patch_name INTO t_text FROM _v.patches WHERE patch_name = in_requirements[i];
+            IF NOT FOUND THEN
+                t_text_a := t_text_a || in_requirements[i];
+            END IF;
+        END LOOP;
+        IF array_upper( t_text_a, 1 ) IS NOT NULL THEN
+            RAISE EXCEPTION 'Missing prerequisite(s): %.', array_to_string( t_text_a, ', ' );
+        END IF;
+    END IF;
+
+    INSERT INTO _v.patches (patch_name, applied_tsz, applied_by, requires, conflicts ) VALUES ( in_patch_name, now(), current_user, coalesce( in_requirements, '{}' ), coalesce( in_conflicts, '{}' ) );
+    RETURN;
+END;
+$$ language plpgsql;
+COMMENT ON FUNCTION _v.register_patch( TEXT, TEXT[], TEXT[] ) IS 'Function to register patches in database. Raises exception if there are conflicts, prerequisites are not installed or the migration has already been installed.';
+
+CREATE OR REPLACE FUNCTION _v.register_patch( TEXT, TEXT[] ) RETURNS setof INT4 AS $$
+    SELECT _v.register_patch( $1, $2, NULL );
+$$ language sql;
+COMMENT ON FUNCTION _v.register_patch( TEXT, TEXT[] ) IS 'Wrapper to allow registration of patches without conflicts.';
+CREATE OR REPLACE FUNCTION _v.register_patch( TEXT ) RETURNS setof INT4 AS $$
+    SELECT _v.register_patch( $1, NULL, NULL );
+$$ language sql;
+COMMENT ON FUNCTION _v.register_patch( TEXT ) IS 'Wrapper to allow registration of patches without requirements and conflicts.';
+
+CREATE OR REPLACE FUNCTION _v.unregister_patch( IN in_patch_name TEXT, OUT versioning INT4 ) RETURNS setof INT4 AS $$
+DECLARE
+    i        INT4;
+    t_text_a TEXT[];
+BEGIN
+    -- Thanks to this we know only one patch will be applied at a time
+    LOCK TABLE _v.patches IN EXCLUSIVE MODE;
+
+    t_text_a := ARRAY( SELECT patch_name FROM _v.patches WHERE in_patch_name = ANY( requires ) );
+    IF array_upper( t_text_a, 1 ) IS NOT NULL THEN
+        RAISE EXCEPTION 'Cannot uninstall %, as it is required by: %.', in_patch_name, array_to_string( t_text_a, ', ' );
+    END IF;
+
+    DELETE FROM _v.patches WHERE patch_name = in_patch_name;
+    GET DIAGNOSTICS i = ROW_COUNT;
+    IF i < 1 THEN
+        RAISE EXCEPTION 'Patch % is not installed, so it can''t be uninstalled!', in_patch_name;
+    END IF;
+
+    RETURN;
+END;
+$$ language plpgsql;
+COMMENT ON FUNCTION _v.unregister_patch( TEXT ) IS 'Function to unregister patches in database. Dies if the patch is not registered, or if unregistering it would break dependencies.';
+
+CREATE OR REPLACE FUNCTION _v.assert_patch_is_applied( IN in_patch_name TEXT ) RETURNS TEXT as $$
+DECLARE
+    t_text TEXT;
+BEGIN
+    SELECT patch_name INTO t_text FROM _v.patches WHERE patch_name = in_patch_name;
+    IF NOT FOUND THEN
+        RAISE EXCEPTION 'Patch % is not applied!', in_patch_name;
+    END IF;
+    RETURN format('Patch %s is applied.', in_patch_name);
+END;
+$$ language plpgsql;
+COMMENT ON FUNCTION _v.assert_patch_is_applied( TEXT ) IS 'Function that can be used to make sure that patch has been applied.';
+
+CREATE OR REPLACE FUNCTION _v.assert_user_is_superuser() RETURNS TEXT as $$
+DECLARE
+    v_super bool;
+BEGIN
+    SELECT usesuper INTO v_super FROM pg_user WHERE usename = current_user;
+    IF v_super THEN
+        RETURN 'assert_user_is_superuser: OK';
+    END IF;
+    RAISE EXCEPTION 'Current user is not superuser - cannot continue.';
+END;
+$$ language plpgsql;
+COMMENT ON FUNCTION _v.assert_user_is_superuser() IS 'Function that can be used to make sure that patch is being applied using superuser account.';
+
+CREATE OR REPLACE FUNCTION _v.assert_user_is_not_superuser() RETURNS TEXT as $$
+DECLARE
+    v_super bool;
+BEGIN
+    SELECT usesuper INTO v_super FROM pg_user WHERE usename = current_user;
+    IF v_super THEN
+        RAISE EXCEPTION 'Current user is superuser - cannot continue.';
+    END IF;
+    RETURN 'assert_user_is_not_superuser: OK';
+END;
+$$ language plpgsql;
+COMMENT ON FUNCTION _v.assert_user_is_not_superuser() IS 'Function that can be used to make sure that patch is being applied using normal (not superuser) account.';
+
+CREATE OR REPLACE FUNCTION _v.assert_user_is_one_of(VARIADIC p_acceptable_users TEXT[] ) RETURNS TEXT as $$
+DECLARE
+BEGIN
+    IF current_user = any( p_acceptable_users ) THEN
+        RETURN 'assert_user_is_one_of: OK';
+    END IF;
+    RAISE EXCEPTION 'User is not one of: % - cannot continue.', p_acceptable_users;
+END;
+$$ language plpgsql;
+COMMENT ON FUNCTION _v.assert_user_is_one_of(TEXT[]) IS 'Function that can be used to make sure that patch is being applied by one of defined users.';
+
+COMMIT;
diff --git a/src/auditordb/0001.sql b/src/auditordb/0001.sql
new file mode 100644
index 00000000..425436e2
--- /dev/null
+++ b/src/auditordb/0001.sql
@@ -0,0 +1,237 @@
+--
+-- This file is part of TALER
+-- Copyright (C) 2014--2020 Taler Systems SA
+--
+-- TALER is free software; you can redistribute it and/or modify it under the
+-- terms of the GNU General Public License as published by the Free Software
+-- Foundation; either version 3, or (at your option) any later version.
+--
+-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+-- A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License along with
+-- TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+--
+
+-- Everything in one big transaction
+BEGIN;
+
+-- Check patch versioning is in place.
+SELECT _v.register_patch('auditor-0001', NULL, NULL);
+
+
+CREATE TABLE IF NOT EXISTS auditor_exchanges
+  (master_pub BYTEA PRIMARY KEY CHECK (LENGTH(master_pub)=32)
+  ,exchange_url VARCHAR NOT NULL
+  );
+-- Table with list of signing keys of exchanges we are auditing
+CREATE TABLE IF NOT EXISTS auditor_exchange_signkeys
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,ep_start INT8 NOT NULL
+  ,ep_expire INT8 NOT NULL
+  ,ep_end INT8 NOT NULL
+  ,exchange_pub BYTEA NOT NULL CHECK (LENGTH(exchange_pub)=32)
+  ,master_sig BYTEA NOT NULL CHECK (LENGTH(master_sig)=64)
+  );
+-- Table with all of the denomination keys that the auditor
+-- is aware of.
+CREATE TABLE IF NOT EXISTS auditor_denominations
+  (denom_pub_hash BYTEA PRIMARY KEY CHECK (LENGTH(denom_pub_hash)=64)
+  ,master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,valid_from INT8 NOT NULL
+  ,expire_withdraw INT8 NOT NULL
+  ,expire_deposit INT8 NOT NULL
+  ,expire_legal INT8 NOT NULL
+  ,coin_val INT8 NOT NULL
+  ,coin_frac INT4 NOT NULL
+  ,fee_withdraw_val INT8 NOT NULL
+  ,fee_withdraw_frac INT4 NOT NULL
+  ,fee_deposit_val INT8 NOT NULL
+  ,fee_deposit_frac INT4 NOT NULL
+  ,fee_refresh_val INT8 NOT NULL
+  ,fee_refresh_frac INT4 NOT NULL
+  ,fee_refund_val INT8 NOT NULL
+  ,fee_refund_frac INT4 NOT NULL
+  );
+-- Table indicating up to which transactions the auditor has
+-- processed the exchange database.  Used for SELECTing the
+-- statements to process.  The indices below include the last
+-- serial ID from the respective tables that we have
+-- processed. Thus, we need to select those table entries that are
+-- strictly larger (and process in monotonically increasing
+-- order).
+CREATE TABLE IF NOT EXISTS auditor_progress_reserve
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,last_reserve_in_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_reserve_out_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_reserve_payback_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_reserve_close_serial_id INT8 NOT NULL DEFAULT 0
+  );
+CREATE TABLE IF NOT EXISTS auditor_progress_aggregation
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,last_wire_out_serial_id INT8 NOT NULL DEFAULT 0
+  );
+CREATE TABLE IF NOT EXISTS auditor_progress_deposit_confirmation
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,last_deposit_confirmation_serial_id INT8 NOT NULL DEFAULT 0
+  );
+CREATE TABLE IF NOT EXISTS auditor_progress_coin
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,last_withdraw_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_deposit_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_melt_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_refund_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_payback_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_payback_refresh_serial_id INT8 NOT NULL DEFAULT 0
+  );
+CREATE TABLE IF NOT EXISTS wire_auditor_account_progress
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,account_name TEXT NOT NULL
+  ,last_wire_reserve_in_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_wire_wire_out_serial_id INT8 NOT NULL DEFAULT 0
+  ,wire_in_off INT8
+  ,wire_out_off INT8
+  );
+CREATE TABLE IF NOT EXISTS wire_auditor_progress
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,last_timestamp INT8 NOT NULL
+  ,last_reserve_close_uuid INT8 NOT NULL
+  );
+-- Table with all of the customer reserves and their respective
+-- balances that the auditor is aware of.
+-- last_reserve_out_serial_id marks the last withdrawal from
+-- reserves_out about this reserve that the auditor is aware of,
+-- and last_reserve_in_serial_id is the last reserve_in
+-- operation about this reserve that the auditor is aware of.
+CREATE TABLE IF NOT EXISTS auditor_reserves
+  (reserve_pub BYTEA NOT NULL CHECK(LENGTH(reserve_pub)=32)
+  ,master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,reserve_balance_val INT8 NOT NULL
+  ,reserve_balance_frac INT4 NOT NULL
+  ,withdraw_fee_balance_val INT8 NOT NULL
+  ,withdraw_fee_balance_frac INT4 NOT NULL
+  ,expiration_date INT8 NOT NULL
+  ,auditor_reserves_rowid BIGSERIAL UNIQUE
+  ,origin_account TEXT
+  );
+CREATE INDEX auditor_reserves_by_reserve_pub
+  ON auditor_reserves
+  (reserve_pub);
+-- Table with the sum of the balances of all customer reserves
+-- (by exchange's master public key)
+CREATE TABLE IF NOT EXISTS auditor_reserve_balance
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,reserve_balance_val INT8 NOT NULL
+  ,reserve_balance_frac INT4 NOT NULL
+  ,withdraw_fee_balance_val INT8 NOT NULL
+  ,withdraw_fee_balance_frac INT4 NOT NULL
+  );
+-- Table with the sum of the balances of all wire fees
+-- (by exchange's master public key)
+CREATE TABLE IF NOT EXISTS auditor_wire_fee_balance
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,wire_fee_balance_val INT8 NOT NULL
+  ,wire_fee_balance_frac INT4 NOT NULL
+  );
+-- Table with all of the outstanding denomination coins that the
+-- exchange is aware of and what the respective balances are
+-- (outstanding as well as issued overall which implies the
+-- maximum value at risk).  We also count the number of coins
+-- issued (withdraw, refresh-reveal) and the number of coins seen
+-- at the exchange (refresh-commit, deposit), not just the amounts. */GNUNET_PQ_make_execute (
+CREATE TABLE IF NOT EXISTS auditor_denomination_pending
+  (denom_pub_hash BYTEA PRIMARY KEY REFERENCES auditor_denominations (denom_pub_hash) ON DELETE CASCADE
+  ,denom_balance_val INT8 NOT NULL
+  ,denom_balance_frac INT4 NOT NULL
+  ,denom_loss_val INT8 NOT NULL
+  ,denom_loss_frac INT4 NOT NULL
+  ,num_issued INT8 NOT NULL
+  ,denom_risk_val INT8 NOT NULL
+  ,denom_risk_frac INT4 NOT NULL
+  ,payback_loss_val INT8 NOT NULL
+  ,payback_loss_frac INT4 NOT NULL
+  );
+-- Table with the sum of the outstanding coins from
+-- auditor_denomination_pending (denom_pubs must belong to the
+-- respective's exchange's master public key); it represents the
+-- auditor_balance_summary of the exchange at this point (modulo
+-- unexpected historic_loss-style events where denomination keys are
+-- compromised)
+CREATE TABLE IF NOT EXISTS auditor_balance_summary
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,denom_balance_val INT8 NOT NULL
+  ,denom_balance_frac INT4 NOT NULL
+  ,deposit_fee_balance_val INT8 NOT NULL
+  ,deposit_fee_balance_frac INT4 NOT NULL
+  ,melt_fee_balance_val INT8 NOT NULL
+  ,melt_fee_balance_frac INT4 NOT NULL
+  ,refund_fee_balance_val INT8 NOT NULL
+  ,refund_fee_balance_frac INT4 NOT NULL
+  ,risk_val INT8 NOT NULL
+  ,risk_frac INT4 NOT NULL
+  ,loss_val INT8 NOT NULL
+  ,loss_frac INT4 NOT NULL
+  );
+-- Table with historic profits; basically, when a denom_pub has
+-- expired and everything associated with it is garbage collected,
+-- the final profits end up in here; note that the denom_pub here
+-- is not a foreign key, we just keep it as a reference point.
+-- revenue_balance is the sum of all of the profits we made on the
+-- coin except for withdraw fees (which are in
+-- historic_reserve_revenue); the deposit, melt and refund fees are given
+-- individually; the delta to the revenue_balance is from coins that
+-- were withdrawn but never deposited prior to expiration.
+CREATE TABLE IF NOT EXISTS auditor_historic_denomination_revenue
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,denom_pub_hash BYTEA PRIMARY KEY CHECK (LENGTH(denom_pub_hash)=64)
+  ,revenue_timestamp INT8 NOT NULL
+  ,revenue_balance_val INT8 NOT NULL
+  ,revenue_balance_frac INT4 NOT NULL
+  ,loss_balance_val INT8 NOT NULL
+  ,loss_balance_frac INT4 NOT NULL
+  );
+-- Table with historic profits from reserves; we eventually
+-- GC auditor_historic_reserve_revenue, and then store the totals
+-- in here (by time intervals).
+CREATE TABLE IF NOT EXISTS auditor_historic_reserve_summary
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,start_date INT8 NOT NULL
+  ,end_date INT8 NOT NULL
+  ,reserve_profits_val INT8 NOT NULL
+  ,reserve_profits_frac INT4 NOT NULL
+  );
+CREATE INDEX auditor_historic_reserve_summary_by_master_pub_start_date
+  ON auditor_historic_reserve_summary
+  (master_pub
+  ,start_date);
+-- Table with deposit confirmation sent to us by merchants;
+-- we must check that the exchange reported these properly.
+CREATE TABLE IF NOT EXISTS deposit_confirmations
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,serial_id BIGSERIAL UNIQUE
+  ,h_contract_terms BYTEA CHECK (LENGTH(h_contract_terms)=64)
+  ,h_wire BYTEA CHECK (LENGTH(h_wire)=64)
+  ,timestamp INT8 NOT NULL
+  ,refund_deadline INT8 NOT NULL
+  ,amount_without_fee_val INT8 NOT NULL
+  ,amount_without_fee_frac INT4 NOT NULL
+  ,coin_pub BYTEA CHECK (LENGTH(coin_pub)=32)
+  ,merchant_pub BYTEA CHECK (LENGTH(merchant_pub)=32)
+  ,exchange_sig BYTEA CHECK (LENGTH(exchange_sig)=64)
+  ,exchange_pub BYTEA CHECK (LENGTH(exchange_pub)=32)
+  ,master_sig BYTEA CHECK (LENGTH(master_sig)=64)
+  ,PRIMARY KEY (h_contract_terms,h_wire,coin_pub,merchant_pub,exchange_sig,exchange_pub,master_sig)
+  );
+-- Table with the sum of the ledger, auditor_historic_revenue and
+-- the auditor_reserve_balance.  This is the
+-- final amount that the exchange should have in its bank account
+-- right now.
+CREATE TABLE IF NOT EXISTS auditor_predicted_result
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,balance_val INT8 NOT NULL
+  ,balance_frac INT4 NOT NULL
+  );
+
+-- Finally, commit everything
+COMMIT;
diff --git a/src/auditordb/9999.sql b/src/auditordb/9999.sql
new file mode 100644
index 00000000..d6add4b2
--- /dev/null
+++ b/src/auditordb/9999.sql
@@ -0,0 +1,53 @@
+--
+-- This file is part of TALER
+-- Copyright (C) 2014--2020 Taler Systems SA
+--
+-- TALER is free software; you can redistribute it and/or modify it under the
+-- terms of the GNU General Public License as published by the Free Software
+-- Foundation; either version 3, or (at your option) any later version.
+--
+-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+-- A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License along with
+-- TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+--
+
+-- Everything in one big transaction
+BEGIN;
+
+NOTE: This code is not yet ready / in use. It was archived here
+as we might want this kind of table in the future. It is NOT
+to be installed in a production system (hence in EXTRA_DIST and
+not in the SQL target!)
+
+-- Check patch versioning is in place.
+SELECT _v.register_patch('auditor-9999', NULL, NULL);
+
+
+-- Table with historic business ledger; basically, when the exchange
+-- operator decides to use operating costs for anything but wire
+-- transfers to merchants, it goes in here.  This happens when the
+-- operator users transaction fees for business expenses. purpose
+-- is free-form but should be a human-readable wire transfer
+-- identifier.   This is NOT yet used and outside of the scope of
+-- the core auditing logic. However, once we do take fees to use
+-- operating costs, and if we still want auditor_predicted_result to match
+-- the tables overall, we'll need a command-line tool to insert rows
+-- into this table and update auditor_predicted_result accordingly.
+-- (So this table for now just exists as a reminder of what we'll
+-- need in the long term.)
+CREATE TABLE IF NOT EXISTS auditor_historic_ledger
+  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,purpose VARCHAR NOT NULL
+  ,timestamp INT8 NOT NULL
+  ,balance_val INT8 NOT NULL
+  ,balance_frac INT4 NOT NULL
+  );
+CREATE INDEX history_ledger_by_master_pub_and_time
+  ON auditor_historic_ledger
+  (master_pub
+  ,timestamp);
+
+COMMIT;
diff --git a/src/auditordb/Makefile.am b/src/auditordb/Makefile.am
index 640f95f2..58aec5a8 100644
--- a/src/auditordb/Makefile.am
+++ b/src/auditordb/Makefile.am
@@ -11,9 +11,17 @@ pkgcfgdir = $(prefix)/share/taler/config.d/
 pkgcfg_DATA = \
   auditordb-postgres.conf
 
+sqldir = $(prefix)/share/taler/sql/auditor/
+
+sql_DATA = \
+  0000.sql \
+  0001.sql
+
 EXTRA_DIST = \
   auditordb-postgres.conf \
-  test-auditor-db-postgres.conf
+  test-auditor-db-postgres.conf \
+  $(sql_DATA) \
+  9999.sql
 
 plugindir = $(libdir)/taler
 
diff --git a/src/auditordb/plugin_auditordb_postgres.c b/src/auditordb/plugin_auditordb_postgres.c
index fb2d7731..25734fac 100644
--- a/src/auditordb/plugin_auditordb_postgres.c
+++ b/src/auditordb/plugin_auditordb_postgres.c
@@ -13,7 +13,6 @@
   You should have received a copy of the GNU General Public License along with
   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 */
-
 /**
  * @file plugin_auditordb_postgres.c
  * @brief Low-level (statement-level) Postgres database access for the auditor
@@ -94,10 +93,14 @@ struct PostgresClosure
 
 
 /**
- * Drop all Taler tables.  This should only be used by testcases.
+ * Drop all auditor tables OR deletes recoverable auditor state.
+ * This should only be used by testcases or when restarting the
+ * auditor from scratch.
  *
  * @param cls the `struct PostgresClosure` with the plugin-specific state
- * @param drop_exchangelist should we also drop the exchange and deposit_confirmations table?
+ * @param drop_exchangelist drop all tables, including schema versioning
+ *        and the exchange and deposit_confirmations table; NOT to be
+ *        used when restarting the auditor
  * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
  */
 static int
@@ -106,8 +109,26 @@ postgres_drop_tables (void *cls,
 {
   struct PostgresClosure *pc = cls;
   struct GNUNET_PQ_ExecuteStatement es[] = {
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_predicted_result;"),
+    GNUNET_PQ_make_execute (
+      "DELETE FROM auditor_historic_denomination_revenue;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_balance_summary;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_denomination_pending;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_reserve_balance;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_wire_fee_balance;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_reserves;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_progress_reserve;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_progress_aggregation;"),
+    GNUNET_PQ_make_execute (
+      "DELETE FROM auditor_progress_deposit_confirmation;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_progress_coin;"),
+    GNUNET_PQ_make_execute ("DELETE FROM wire_auditor_progress;"),
+    GNUNET_PQ_make_execute ("DELETE FROM wire_auditor_account_progress;"),
+    GNUNET_PQ_make_execute ("DELETE FROM auditor_historic_reserve_summary;"),
+    GNUNET_PQ_EXECUTE_STATEMENT_END
+  };
+  struct GNUNET_PQ_ExecuteStatement esx[] = {
     GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS auditor_predicted_result;"),
-    GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS auditor_historic_ledger;"),
     GNUNET_PQ_make_execute (
       "DROP TABLE IF EXISTS auditor_historic_denomination_revenue;"),
     GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS auditor_balance_summary;"),
@@ -127,14 +148,12 @@ postgres_drop_tables (void *cls,
       "DROP TABLE IF EXISTS wire_auditor_account_progress;"),
     GNUNET_PQ_make_execute (
       "DROP TABLE IF EXISTS auditor_historic_reserve_summary CASCADE;"),
-    GNUNET_PQ_EXECUTE_STATEMENT_END
-  };
-  struct GNUNET_PQ_ExecuteStatement esx[] = {
     GNUNET_PQ_make_execute (
       "DROP TABLE IF EXISTS auditor_denominations CASCADE;"),
     GNUNET_PQ_make_execute (
       "DROP TABLE IF EXISTS deposit_confirmations CASCADE;"),
     GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS auditor_exchanges CASCADE;"),
+    GNUNET_PQ_make_execute ("DROP SCHEMA IF EXISTS _v CASCADE;"),
     GNUNET_PQ_EXECUTE_STATEMENT_END
   };
   struct GNUNET_PQ_Context *conn;
@@ -149,10 +168,6 @@ postgres_drop_tables (void *cls,
   if (drop_exchangelist)
     ret = GNUNET_PQ_exec_statements (conn,
                                      esx);
-  /* TODO: we probably need a bit more fine-grained control
-     over drops for the '-r' option of taler-auditor; also,
-     for the testcase, we currently fail to drop the
-     auditor_denominations table... */
   GNUNET_PQ_disconnect (conn);
   return ret;
 }
@@ -377,27 +392,6 @@ postgres_create_tables (void *cls)
                             ",PRIMARY KEY (h_contract_terms, h_wire, coin_pub, "
                             "  merchant_pub, exchange_sig, exchange_pub, master_sig)"
                             ")"),
-    /* Table with historic business ledger; basically, when the exchange
-       operator decides to use operating costs for anything but wire
-       transfers to merchants, it goes in here.  This happens when the
-       operator users transaction fees for business expenses. "purpose"
-       is free-form but should be a human-readable wire transfer
-       identifier.   This is NOT yet used and outside of the scope of
-       the core auditing logic. However, once we do take fees to use
-       operating costs, and if we still want "auditor_predicted_result" to match
-       the tables overall, we'll need a command-line tool to insert rows
-       into this table and update "auditor_predicted_result" accordingly.
-       (So this table for now just exists as a reminder of what we'll
-       need in the long term.) */GNUNET_PQ_make_execute ("CREATE TABLE IF NOT EXISTS auditor_historic_ledger"
-                            "(master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE"
-                            ",purpose VARCHAR NOT NULL"
-                            ",timestamp INT8 NOT NULL"
-                            ",balance_val INT8 NOT NULL"
-                            ",balance_frac INT4 NOT NULL"
-                            ")"),
-    GNUNET_PQ_make_try_execute (
-      "CREATE INDEX history_ledger_by_master_pub_and_time "
-      "ON auditor_historic_ledger(master_pub,timestamp)"),
     /* Table with the sum of the ledger, auditor_historic_revenue and
        the auditor_reserve_balance.  This is the
        final amount that the exchange should have in its bank account
diff --git a/src/exchangedb/0001.sql b/src/exchangedb/0001.sql
index 92e0d599..45694fe0 100644
--- a/src/exchangedb/0001.sql
+++ b/src/exchangedb/0001.sql
@@ -18,7 +18,7 @@
 BEGIN;
 
 -- Check patch versioning is in place.
-SELECT _v.register_patch('0001', NULL, NULL);
+SELECT _v.register_patch('exchange-0001', NULL, NULL);
 
 
 -- Main denominations table. All the coins the exchange knows about.
diff --git a/src/exchangedb/Makefile.am b/src/exchangedb/Makefile.am
index d16cc8b3..52e1bdad 100644
--- a/src/exchangedb/Makefile.am
+++ b/src/exchangedb/Makefile.am
@@ -23,7 +23,7 @@ EXTRA_DIST = \
   exchangedb-postgres.conf \
   plugin_exchangedb_common.c \
   test-exchange-db-postgres.conf
-
+  $(sql_DATA)
 
 plugindir = $(libdir)/taler
 
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c
index b9c9d674..73db049e 100644
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@@ -166,6 +166,7 @@ postgres_drop_tables (void *cls)
     GNUNET_PQ_make_execute (
       "DROP TABLE IF EXISTS denomination_revocations CASCADE;"),
     GNUNET_PQ_make_execute ("DROP TABLE IF EXISTS denominations CASCADE;"),
+    GNUNET_PQ_make_execute ("DROP SCHEMA IF EXISTS _v CASCADE;"),
     GNUNET_PQ_EXECUTE_STATEMENT_END
   };
   struct GNUNET_PQ_Context *conn;
diff --git a/src/include/taler_auditordb_plugin.h b/src/include/taler_auditordb_plugin.h
index 14d477d3..18558c69 100644
--- a/src/include/taler_auditordb_plugin.h
+++ b/src/include/taler_auditordb_plugin.h
@@ -425,10 +425,14 @@ struct TALER_AUDITORDB_Plugin
 
 
   /**
-   * Drop the Taler tables.  This should only be used in testcases.
+   * Drop all auditor tables OR deletes recoverable auditor state.
+   * This should only be used by testcases or when restarting the
+   * auditor from scratch.
    *
-   * @param cls the @e cls of this struct with the plugin-specific state
-   * @param drop_exchangelist should we also drop the exchange and deposit_confirmations table?
+   * @param cls the `struct PostgresClosure` with the plugin-specific state
+   * @param drop_exchangelist drop all tables, including schema versioning
+   *        and the exchange and deposit_confirmations table; NOT to be
+   *        used when restarting the auditor
    * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
    */
   int
author	Christian Grothoff <christian@grothoff.org>	2020-01-17 01:55:01 +0100
committer	Christian Grothoff <christian@grothoff.org>	2020-01-17 01:55:01 +0100
commit	8ea2af444feec46e9086bb6c410762b18c7252fe (patch)
tree	44eea8e4c21956813c19a1b443b1082c51bd3cbe
parent	5b11d19b678283d6fbc72dc9fb3d5f3cfabc1d92 (diff)