76 lines
2.5 KiB
Python
76 lines
2.5 KiB
Python
"""Shared bluesky-pds P4 data-integrity helpers.
|
|
|
|
The marker is a DETERMINISTIC atproto account (recipe-aware data living in the PDS's sqlite store
|
|
under /pds), NOT a loose file — so the restore assertion genuinely catches a restore that fails to
|
|
bring the account back (e.g. if the running PDS holds its sqlite open and never reloads the restored
|
|
files, the same data-loss class cc-ci caught in immich/mattermost). The handle is derived from the
|
|
per-run domain so ops.py (seed/wipe) and the test_<op>.py overlays agree without passing state.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
import re
|
|
import shlex
|
|
import sys
|
|
|
|
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
|
|
from harness import http as harness_http, lifecycle # noqa: E402
|
|
|
|
PDS_HOST_LOCAL = "http://localhost:3000"
|
|
_PW = "ccci-P4-marker-pw-2026"
|
|
|
|
|
|
def _handle(domain: str) -> str:
|
|
return f"ccci-p4.{domain}"
|
|
|
|
|
|
def _email(domain: str) -> str:
|
|
return f"ccci-p4@{domain}"
|
|
|
|
|
|
def _goat_admin(domain: str, args: str) -> str:
|
|
"""`goat pds admin <args>` inside the PDS `app` container (admin bypasses invite requirement)."""
|
|
cmd = (
|
|
f"goat pds admin {args} "
|
|
f'--admin-password "$(cat /run/secrets/pds_admin_password)" '
|
|
f"--pds-host {PDS_HOST_LOCAL} 2>&1"
|
|
)
|
|
return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], timeout=120)
|
|
|
|
|
|
def account_did(domain: str) -> str | None:
|
|
"""The marker account's DID if it exists (public XRPC describeRepo by handle), else None."""
|
|
st, body = harness_http.http_get(
|
|
f"https://{domain}/xrpc/com.atproto.repo.describeRepo?repo={_handle(domain)}"
|
|
)
|
|
if st == 200 and isinstance(body, dict):
|
|
return body.get("did")
|
|
return None
|
|
|
|
|
|
def account_exists(domain: str) -> bool:
|
|
return account_did(domain) is not None
|
|
|
|
|
|
def create_account(domain: str) -> str:
|
|
"""Idempotently create the deterministic marker account; return its DID."""
|
|
did = account_did(domain)
|
|
if did:
|
|
return did
|
|
out = _goat_admin(
|
|
domain,
|
|
f"account create --handle {shlex.quote(_handle(domain))} "
|
|
f"--email {shlex.quote(_email(domain))} --password {shlex.quote(_PW)}",
|
|
)
|
|
m = re.search(r"did:plc:[a-z0-9]+", out)
|
|
assert m, f"goat account create produced no DID. Output:\n{out[:400]!r}"
|
|
return m.group(0)
|
|
|
|
|
|
def delete_account(domain: str) -> None:
|
|
"""Delete the marker account (so a successful restore is observable). No-op if already gone."""
|
|
did = account_did(domain)
|
|
if did:
|
|
_goat_admin(domain, f"account delete {did}")
|