backend

Carnivora Backend

The backend module provides everything required for the backend API. The backend API delivers content required for building configs etc. to clients, called machines.

Tables

backend.auth

Grants rights to backend API clients based on SQL roles.

Primary key

• role

Columns

• option jsonb

  Free options in JSON format

  Default

  '{}'
  

• role commons.t_key

  Grantee for right to access the backend date for the defined machine. A role is basically a user or a user group on the SQL server.

• machine dns.t_hostname

  Machine for which the rights are granted.

  References backend.machine.name

  On Delete: CASCADE

backend.machine

Physical or virtual machines that hosts services.

Primary key

• name

Columns

• option jsonb

  Free options in JSON format

  Default

  '{}'
  

• name dns.t_hostname

  Machine name

Functions

backend._active

Is not ‘del’

Parameters

• backend_status backend.t_status

Returns

boolean

RETURN backend_status IS NULL OR (backend_status <> 'del' AND backend_status <> 'old');

backend._conditional_notify

Notifies if first argument is true. Throws inaccessible otherwise.

Parameters

• p_condition boolean
• p_service commons.t_key
• p_subservice commons.t_key
• p_domain dns.t_hostname

Returns

void

IF p_condition THEN
    PERFORM backend._notify_domain(p_service, p_subservice, p_domain);
ELSE
    PERFORM commons._raise_inaccessible_or_missing();
END IF;

backend._conditional_notify_service_entity_name

Notifies if first argument is true. Throws inaccessible otherwise.

Parameters

• p_condition boolean
• p_service_entity_name dns.t_hostname
• p_service commons.t_key
• p_subservice commons.t_key

Returns

void

IF p_condition THEN
    PERFORM backend._notify_service_entity_name(p_service_entity_name, p_service, p_subservice);
ELSE
    PERFORM commons._raise_inaccessible_or_missing();
END IF;

backend._deleted

Is ‘del’

Parameters

• backend_status backend.t_status

Returns

boolean

RETURN backend_status IS NOT NULL AND backend_status = 'del';

backend._get_login

Shows informations for the current backend login. Throws an error if the current user is not a grantee for a machine.

Parameters

None

Returns

TABLE

Returned columns

• machine dns.t_hostname

IF (SELECT TRUE FROM "backend"."auth"
   WHERE "role"=session_user)
THEN
   RETURN QUERY SELECT backend.auth.machine FROM backend.auth
       WHERE "role"=session_user;
ELSE
   RAISE 'Connected role `%` is not a grantee for a machine.', session_user;
END IF;

backend._login_machine

Shows machine for the current backend login.

Parameters

None

Returns

dns.t_hostname

RETURN (SELECT machine FROM backend._get_login());

backend._machine_priviledged

Checks if a currently connected machine is priviledged to obtain data for a certain service for a certain domain name.

Warning

The parameter p_domain must be a domain, which means an entry in the column dns.service.domain. It must not be confused with a service_entity_name.

Parameters

• p_service commons.t_key
• p_domain dns.t_hostname

Returns

boolean

RETURN COALESCE(
    (
    SELECT TRUE FROM system.service_entity_machine AS t
        JOIN dns.service AS s
        ON
            s.service = p_service AND
            s.domain = p_domain

        WHERE
            t.service = p_service AND
            t.service_entity_name = s.service_entity_name AND
            t.machine_name = backend._login_machine()
    )
, FALSE);

backend._machine_priviledged_service

Checks if a currently connected machine is priviledged to obtain data for a certain service for a certain servicee name.

Warning

The parameter p_service_entity_name must be the name of a service entity. It must not be confused with a domain.

Parameters

• p_service commons.t_key
• p_service_entity_name dns.t_hostname

Returns

boolean

RETURN COALESCE(
    (
    SELECT TRUE FROM system.service_entity_machine AS t
        WHERE
            t.service = p_service AND
            t.service_entity_name = p_service_entity_name AND
            t.machine_name = backend._login_machine()
    )
, FALSE);

backend._notify

Informs a machine about changes. To listen to signals use

LISTEN "carnivora/machine.name.example"

on the machine. The payload has the form <service_entity_name>/<service>/<subservice>. For example mail.domain.example/email/mailbox for a mailbox related update.

Parameters

• p_machine dns.t_hostname
• p_service_entity_name dns.t_hostname
• p_service commons.t_key
• p_subservice commons.t_key

Returns

void

PERFORM
    pg_notify(
        'carnivora/' || p_machine,
         p_service_entity_name || '/' || p_service || '/' || p_subservice
        );

backend._notify_domain

Informs all machines about changes.

Warning

The parameter p_domain must be a domain, which means an entry in the column dns.service.domain. It must not be confused with a service_entity_name.

Parameters

• p_service commons.t_key
• p_subservice commons.t_key
• p_domain dns.t_hostname

Returns

void

PERFORM
    backend._notify(machine_name, s.service_entity_name, p_service, p_subservice)

FROM system.service_entity_machine AS t
    JOIN dns.service AS s
    ON
        s.service = p_service AND
        s.domain = p_domain

    WHERE
        t.service = p_service AND
        t.service_entity_name = s.service_entity_name
;

backend._notify_service_entity_name

Informs all machines about changes.

Warning

The parameter p_service_entity_name must be a servcie name. It must not be confused with a domain.

Parameters

• p_service_entity_name dns.t_hostname
• p_service commons.t_key
• p_subservice commons.t_key

Returns

void

PERFORM
    backend._notify(machine_name, p_service_entity_name, p_service, p_subservice)

FROM system.service_entity_machine AS t
    WHERE
        t.service = p_service AND
        t.service_entity_name = p_service_entity_name
;

Domains

backend.t_status

Backend status

Roles

backend

vms

Login

Disabled