database

type Datastore interface {
	// ListNamespaces returns the entire list of known Namespaces.
	ListNamespaces() ([]Namespace, error)

	// InsertLayer stores a Layer in the database.
	//
	// A Layer is uniquely identified by its Name.
	// The Name and EngineVersion fields are mandatory.
	// If a Parent is specified, it is expected that it has been retrieved using
	// FindLayer.
	// If a Layer that already exists is inserted and the EngineVersion of the
	// given Layer is higher than the stored one, the stored Layer should be
	// updated.
	// The function has to be idempotent, inserting a layer that already exists
	// shouldn't return an error.
	InsertLayer(Layer) error

	// FindLayer retrieves a Layer from the database.
	//
	// When `withFeatures` is true, the Features field should be filled.
	// When `withVulnerabilities` is true, the Features field should be filled
	// and their AffectedBy fields should contain every vulnerabilities that
	// affect them.
	FindLayer(name string, withFeatures, withVulnerabilities bool) (Layer, error)

	// DeleteLayer deletes a Layer from the database and every layers that are
	// based on it, recursively.
	DeleteLayer(name string) error

	// ListVulnerabilities returns the list of vulnerabilities of a particular
	// Namespace.
	//
	// The Limit and page parameters are used to paginate the return list.
	// The first given page should be 0.
	// The function should return the next available page. If there are no more
	// pages, -1 has to be returned.
	ListVulnerabilities(namespaceName string, limit int, page int) ([]Vulnerability, int, error)

	// InsertVulnerabilities stores the given Vulnerabilities in the database,
	// updating them if necessary.
	//
	// A vulnerability is uniquely identified by its Namespace and its Name.
	// The FixedIn field may only contain a partial list of Features that are
	// affected by the Vulnerability, along with the version in which the
	// vulnerability is fixed. It is the responsibility of the implementation to
	// update the list properly.
	// A version equals to versionfmt.MinVersion means that the given Feature is
	// not being affected by the Vulnerability at all and thus, should be removed
	// from the list.
	// It is important that Features should be unique in the FixedIn list. For
	// example, it doesn't make sense to have two `openssl` Feature listed as a
	// Vulnerability can only be fixed in one Version. This is true because
	// Vulnerabilities and Features are namespaced (i.e. specific to one
	// operating system).
	// Each vulnerability insertion or update has to create a Notification that
	// will contain the old and the updated Vulnerability, unless
	// createNotification equals to true.
	InsertVulnerabilities(vulnerabilities []Vulnerability, createNotification bool) error

	// FindVulnerability retrieves a Vulnerability from the database, including
	// the FixedIn list.
	FindVulnerability(namespaceName, name string) (Vulnerability, error)

	// DeleteVulnerability removes a Vulnerability from the database.
	//
	// It has to create a Notification that will contain the old Vulnerability.
	DeleteVulnerability(namespaceName, name string) error

	// InsertVulnerabilityFixes adds new FixedIn Feature or update the Versions
	// of existing ones to the specified Vulnerability in the database.
	//
	// It has has to create a Notification that will contain the old and the
	// updated Vulnerability.
	InsertVulnerabilityFixes(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error

	// DeleteVulnerabilityFix removes a FixedIn Feature from the specified
	// Vulnerability in the database. It can be used to store the fact that a
	// Vulnerability no longer affects the given Feature in any Version.
	//
	// It has has to create a Notification that will contain the old and the
	// updated Vulnerability.
	DeleteVulnerabilityFix(vulnerabilityNamespace, vulnerabilityName, featureName string) error

	// GetAvailableNotification returns the Name, Created, Notified and Deleted
	// fields of a Notification that should be handled.
	//
	// The renotify interval defines how much time after being marked as Notified
	// by SetNotificationNotified, a Notification that hasn't been deleted should
	// be returned again by this function.
	// A Notification for which there is a valid Lock with the same Name should
	// not be returned.
	GetAvailableNotification(renotifyInterval time.Duration) (VulnerabilityNotification, error)

	// GetNotification returns a Notification, including its OldVulnerability and
	// NewVulnerability fields.
	//
	// On these Vulnerabilities, LayersIntroducingVulnerability should be filled
	// with every Layer that introduces the Vulnerability (i.e. adds at least one
	// affected FeatureVersion).
	// The Limit and page parameters are used to paginate
	// LayersIntroducingVulnerability. The first given page should be
	// VulnerabilityNotificationFirstPage. The function will then return the next
	// available page. If there is no more page, NoVulnerabilityNotificationPage
	// has to be returned.
	GetNotification(name string, limit int, page VulnerabilityNotificationPageNumber) (VulnerabilityNotification, VulnerabilityNotificationPageNumber, error)

	// SetNotificationNotified marks a Notification as notified and thus, makes
	// it unavailable for GetAvailableNotification, until the renotify duration
	// is elapsed.
	SetNotificationNotified(name string) error

	// DeleteNotification marks a Notification as deleted, and thus, makes it
	// unavailable for GetAvailableNotification.
	DeleteNotification(name string) error

	// InsertKeyValue stores or updates a simple key/value pair in the database.
	InsertKeyValue(key, value string) error

	// GetKeyValue retrieves a value from the database from the given key.
	//
	// It returns an empty string if there is no such key.
	GetKeyValue(key string) (string, error)

	// Lock creates or renew a Lock in the database with the given name, owner
	// and duration.
	//
	// After the specified duration, the Lock expires by itself if it hasn't been
	// unlocked, and thus, let other users create a Lock with the same name.
	// However, the owner can renew its Lock by setting renew to true.
	// Lock should not block, it should instead returns whether the Lock has been
	// successfully acquired/renewed. If it's the case, the expiration time of
	// that Lock is returned as well.
	Lock(name string, owner string, duration time.Duration, renew bool) (bool, time.Time)

	// Unlock releases an existing Lock.
	Unlock(name, owner string)

	// FindLock returns the owner of a Lock specified by the name, and its
	// expiration time if it exists.
	FindLock(name string) (string, time.Time, error)

	// Ping returns the health status of the database.
	Ping() bool

	// Close closes the database and frees any allocated resource.
	Close()
}

type Driver func(RegistrableComponentConfig) (Datastore, error)

type Feature struct {
	Model

	Name      string
	Namespace Namespace
}

type FeatureVersion struct {
	Model

	Feature    Feature
	Version    string
	AffectedBy []Vulnerability

	// For output purposes. Only make sense when the feature version is in the context of an image.
	AddedBy Layer
}

type Layer struct {
	Model

	Name          string
	EngineVersion int
	Parent        *Layer
	Namespace     *Namespace
	Features      []FeatureVersion
}

type MetadataMap map[string]interface{}

type MockDatastore struct {
	FctListNamespaces           func() ([]Namespace, error)
	FctInsertLayer              func(Layer) error
	FctFindLayer                func(name string, withFeatures, withVulnerabilities bool) (Layer, error)
	FctDeleteLayer              func(name string) error
	FctListVulnerabilities      func(namespaceName string, limit int, page int) ([]Vulnerability, int, error)
	FctInsertVulnerabilities    func(vulnerabilities []Vulnerability, createNotification bool) error
	FctFindVulnerability        func(namespaceName, name string) (Vulnerability, error)
	FctDeleteVulnerability      func(namespaceName, name string) error
	FctInsertVulnerabilityFixes func(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error
	FctDeleteVulnerabilityFix   func(vulnerabilityNamespace, vulnerabilityName, featureName string) error
	FctGetAvailableNotification func(renotifyInterval time.Duration) (VulnerabilityNotification, error)
	FctGetNotification          func(name string, limit int, page VulnerabilityNotificationPageNumber) (VulnerabilityNotification, VulnerabilityNotificationPageNumber, error)
	FctSetNotificationNotified  func(name string) error
	FctDeleteNotification       func(name string) error
	FctInsertKeyValue           func(key, value string) error
	FctGetKeyValue              func(key string) (string, error)
	FctLock                     func(name string, owner string, duration time.Duration, renew bool) (bool, time.Time)
	FctUnlock                   func(name, owner string)
	FctFindLock                 func(name string) (string, time.Time, error)
	FctPing                     func() bool
	FctClose                    func()
}

type Model struct {
	ID int
}

type Namespace struct {
	Model

	Name          string
	VersionFormat string
}

type RegistrableComponentConfig struct {
	Type    string
	Options map[string]interface{}
}

type Severity string

type Vulnerability struct {
	Model

	Name      string
	Namespace Namespace

	Description string
	Link        string
	Severity    Severity

	Metadata MetadataMap

	FixedIn                        []FeatureVersion
	LayersIntroducingVulnerability []Layer

	// For output purposes. Only make sense when the vulnerability
	// is already about a specific Feature/FeatureVersion.
	FixedBy string `json:",omitempty"`
}

type VulnerabilityNotification struct {
	Model

	Name string

	Created  time.Time
	Notified time.Time
	Deleted  time.Time

	OldVulnerability *Vulnerability
	NewVulnerability *Vulnerability
}

type VulnerabilityNotificationPageNumber struct {
	// -1 means that we reached the end already.
	OldVulnerability int
	NewVulnerability int
}