Rough-in Almanac namespaces

Summary:
Ref T6741. Ref T10246.

Root problem: to provide Drydock in the cluster, we need to expose Almanac, and doing so would let users accidentally or intentionally create a bunch of `repo006.phacility.net` devices/services which could conflict with the real ones we manage.

There's currently no way to say "you can't create anything named `*.blah.net`". This adds "namespaces", which let you do that (well, not yet, but they will after the next diff).

After the next diff, if you try to create `repo003.phacility.net`, but the namespace `phacility.net` already exists and you don't have permission to edit it, you'll be asked to choose a different name.

Also various modernizations and some new docs.

Test Plan:
  - Created cool namespaces like `this.computer`.
  - Almanac namespaces don't actually enforce policies yet.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6741, T10246

Differential Revision: https://secure.phabricator.com/D15324

Author: epriestley

resources/sql/autopatches/20160221.almanac.7.namespacen.sql

@@ -0,0 +1,7 @@
+CREATE TABLE {$NAMESPACE}_almanac.almanac_namespacename_ngrams (
+  id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  objectID INT UNSIGNED NOT NULL,
+  ngram CHAR(3) NOT NULL COLLATE {$COLLATE_TEXT},
+  KEY `key_object` (objectID),
+  KEY `key_ngram` (ngram, objectID)
+) ENGINE=InnoDB, COLLATE {$COLLATE_TEXT};

resources/sql/autopatches/20160221.almanac.8.namespace.sql

@@ -0,0 +1,14 @@
+CREATE TABLE {$NAMESPACE}_almanac.almanac_namespace (
+  id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  phid VARBINARY(64) NOT NULL,
+  name VARCHAR(128) NOT NULL COLLATE {$COLLATE_TEXT},
+  nameIndex BINARY(12) NOT NULL,
+  mailKey BINARY(20) NOT NULL,
+  viewPolicy VARBINARY(64) NOT NULL,
+  editPolicy VARBINARY(64) NOT NULL,
+  dateCreated INT UNSIGNED NOT NULL,
+  dateModified INT UNSIGNED NOT NULL,
+  UNIQUE KEY `key_phid` (phid),
+  UNIQUE KEY `key_nameindex` (nameIndex),
+  KEY `key_name` (name)
+) ENGINE=InnoDB, COLLATE {$COLLATE_TEXT};

resources/sql/autopatches/20160221.almanac.9.namespacex.sql

@@ -0,0 +1,19 @@
+CREATE TABLE {$NAMESPACE}_almanac.almanac_namespacetransaction (
+  id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  phid VARBINARY(64) NOT NULL,
+  authorPHID VARBINARY(64) NOT NULL,
+  objectPHID VARBINARY(64) NOT NULL,
+  viewPolicy VARBINARY(64) NOT NULL,
+  editPolicy VARBINARY(64) NOT NULL,
+  commentPHID VARBINARY(64) DEFAULT NULL,
+  commentVersion INT UNSIGNED NOT NULL,
+  transactionType VARCHAR(32) COLLATE {$COLLATE_TEXT} NOT NULL,
+  oldValue LONGTEXT COLLATE {$COLLATE_TEXT} NOT NULL,
+  newValue LONGTEXT COLLATE {$COLLATE_TEXT} NOT NULL,
+  contentSource LONGTEXT COLLATE {$COLLATE_TEXT} NOT NULL,
+  metadata LONGTEXT COLLATE {$COLLATE_TEXT} NOT NULL,
+  dateCreated INT UNSIGNED NOT NULL,
+  dateModified INT UNSIGNED NOT NULL,
+  UNIQUE KEY `key_phid` (`phid`),
+  KEY `key_object` (`objectPHID`)
+) ENGINE=InnoDB, COLLATE {$COLLATE_TEXT};

src/__phutil_library_map__.php

@@ -28,6 +28,7 @@
     'AlmanacCoreCustomField' => 'applications/almanac/customfield/AlmanacCoreCustomField.php',
     'AlmanacCreateClusterServicesCapability' => 'applications/almanac/capability/AlmanacCreateClusterServicesCapability.php',
     'AlmanacCreateDevicesCapability' => 'applications/almanac/capability/AlmanacCreateDevicesCapability.php',
+    'AlmanacCreateNamespacesCapability' => 'applications/almanac/capability/AlmanacCreateNamespacesCapability.php',
     'AlmanacCreateNetworksCapability' => 'applications/almanac/capability/AlmanacCreateNetworksCapability.php',
     'AlmanacCreateServicesCapability' => 'applications/almanac/capability/AlmanacCreateServicesCapability.php',
     'AlmanacCustomField' => 'applications/almanac/customfield/AlmanacCustomField.php',
@@ -61,6 +62,19 @@
     'AlmanacManagementWorkflow' => 'applications/almanac/management/AlmanacManagementWorkflow.php',
     'AlmanacNames' => 'applications/almanac/util/AlmanacNames.php',
     'AlmanacNamesTestCase' => 'applications/almanac/util/__tests__/AlmanacNamesTestCase.php',
+    'AlmanacNamespace' => 'applications/almanac/storage/AlmanacNamespace.php',
+    'AlmanacNamespaceController' => 'applications/almanac/controller/AlmanacNamespaceController.php',
+    'AlmanacNamespaceEditController' => 'applications/almanac/controller/AlmanacNamespaceEditController.php',
+    'AlmanacNamespaceEditEngine' => 'applications/almanac/editor/AlmanacNamespaceEditEngine.php',
+    'AlmanacNamespaceEditor' => 'applications/almanac/editor/AlmanacNamespaceEditor.php',
+    'AlmanacNamespaceListController' => 'applications/almanac/controller/AlmanacNamespaceListController.php',
+    'AlmanacNamespaceNameNgrams' => 'applications/almanac/storage/AlmanacNamespaceNameNgrams.php',
+    'AlmanacNamespacePHIDType' => 'applications/almanac/phid/AlmanacNamespacePHIDType.php',
+    'AlmanacNamespaceQuery' => 'applications/almanac/query/AlmanacNamespaceQuery.php',
+    'AlmanacNamespaceSearchEngine' => 'applications/almanac/query/AlmanacNamespaceSearchEngine.php',
+    'AlmanacNamespaceTransaction' => 'applications/almanac/storage/AlmanacNamespaceTransaction.php',
+    'AlmanacNamespaceTransactionQuery' => 'applications/almanac/query/AlmanacNamespaceTransactionQuery.php',
+    'AlmanacNamespaceViewController' => 'applications/almanac/controller/AlmanacNamespaceViewController.php',
     'AlmanacNetwork' => 'applications/almanac/storage/AlmanacNetwork.php',
     'AlmanacNetworkController' => 'applications/almanac/controller/AlmanacNetworkController.php',
     'AlmanacNetworkEditController' => 'applications/almanac/controller/AlmanacNetworkEditController.php',
@@ -4000,6 +4014,7 @@
     ),
     'AlmanacCreateClusterServicesCapability' => 'PhabricatorPolicyCapability',
     'AlmanacCreateDevicesCapability' => 'PhabricatorPolicyCapability',
+    'AlmanacCreateNamespacesCapability' => 'PhabricatorPolicyCapability',
     'AlmanacCreateNetworksCapability' => 'PhabricatorPolicyCapability',
     'AlmanacCreateServicesCapability' => 'PhabricatorPolicyCapability',
     'AlmanacCustomField' => 'PhabricatorCustomField',
@@ -4047,6 +4062,28 @@
     'AlmanacManagementWorkflow' => 'PhabricatorManagementWorkflow',
     'AlmanacNames' => 'Phobject',
     'AlmanacNamesTestCase' => 'PhabricatorTestCase',
+    'AlmanacNamespace' => array(
+      'AlmanacDAO',
+      'PhabricatorPolicyInterface',
+      'PhabricatorCustomFieldInterface',
+      'PhabricatorApplicationTransactionInterface',
+      'PhabricatorProjectInterface',
+      'AlmanacPropertyInterface',
+      'PhabricatorDestructibleInterface',
+      'PhabricatorNgramsInterface',
+    ),
+    'AlmanacNamespaceController' => 'AlmanacController',
+    'AlmanacNamespaceEditController' => 'AlmanacController',
+    'AlmanacNamespaceEditEngine' => 'PhabricatorEditEngine',
+    'AlmanacNamespaceEditor' => 'PhabricatorApplicationTransactionEditor',
+    'AlmanacNamespaceListController' => 'AlmanacNamespaceController',
+    'AlmanacNamespaceNameNgrams' => 'PhabricatorSearchNgrams',
+    'AlmanacNamespacePHIDType' => 'PhabricatorPHIDType',
+    'AlmanacNamespaceQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
+    'AlmanacNamespaceSearchEngine' => 'PhabricatorApplicationSearchEngine',
+    'AlmanacNamespaceTransaction' => 'PhabricatorApplicationTransaction',
+    'AlmanacNamespaceTransactionQuery' => 'PhabricatorApplicationTransactionQuery',
+    'AlmanacNamespaceViewController' => 'AlmanacNamespaceController',
     'AlmanacNetwork' => array(
       'AlmanacDAO',
       'PhabricatorApplicationTransactionInterface',

src/applications/almanac/application/PhabricatorAlmanacApplication.php

@@ -29,7 +29,7 @@ public function getApplicationGroup() {
   public function getHelpDocumentationArticles(PhabricatorUser $viewer) {
     return array(
       array(
-        'name' => pht('Alamanac User Guide'),
+        'name' => pht('Almanac User Guide'),
         'href' => PhabricatorEnv::getDoclink('Almanac User Guide'),
       ),
     );
@@ -44,12 +44,12 @@ public function getRoutes() {
       '/almanac/' => array(
         '' => 'AlmanacConsoleController',
         'service/' => array(
-          '(?:query/(?P<queryKey>[^/]+)/)?' => 'AlmanacServiceListController',
+          $this->getQueryRoutePattern() => 'AlmanacServiceListController',
           'edit/(?:(?P<id>\d+)/)?' => 'AlmanacServiceEditController',
           'view/(?P<name>[^/]+)/' => 'AlmanacServiceViewController',
         ),
         'device/' => array(
-          '(?:query/(?P<queryKey>[^/]+)/)?' => 'AlmanacDeviceListController',
+          $this->getQueryRoutePattern() => 'AlmanacDeviceListController',
           'edit/(?:(?P<id>\d+)/)?' => 'AlmanacDeviceEditController',
           'view/(?P<name>[^/]+)/' => 'AlmanacDeviceViewController',
         ),
@@ -61,14 +61,20 @@ public function getRoutes() {
           '(?P<id>\d+)/' => 'AlmanacBindingViewController',
         ),
         'network/' => array(
-          '(?:query/(?P<queryKey>[^/]+)/)?' => 'AlmanacNetworkListController',
+          $this->getQueryRoutePattern()  => 'AlmanacNetworkListController',
           'edit/(?:(?P<id>\d+)/)?' => 'AlmanacNetworkEditController',
           '(?P<id>\d+)/' => 'AlmanacNetworkViewController',
         ),
         'property/' => array(
           'edit/' => 'AlmanacPropertyEditController',
           'delete/' => 'AlmanacPropertyDeleteController',
         ),
+        'namespace/' => array(
+          $this->getQueryRoutePattern() => 'AlmanacNamespaceListController',
+          $this->getEditRoutePattern('edit/')
+            => 'AlmanacNamespaceEditController',
+          '(?P<id>\d+)/' => 'AlmanacNamespaceViewController',
+        ),
       ),
     );
   }
@@ -84,6 +90,9 @@ protected function getCustomCapabilities() {
       AlmanacCreateNetworksCapability::CAPABILITY => array(
         'default' => PhabricatorPolicies::POLICY_ADMIN,
       ),
+      AlmanacCreateNamespacesCapability::CAPABILITY => array(
+        'default' => PhabricatorPolicies::POLICY_ADMIN,
+      ),
       AlmanacCreateClusterServicesCapability::CAPABILITY => array(
         'default' => PhabricatorPolicies::POLICY_ADMIN,
       ),

src/applications/almanac/capability/AlmanacCreateNamespacesCapability.php

@@ -0,0 +1,16 @@
+<?php
+
+final class AlmanacCreateNamespacesCapability
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = 'almanac.namespaces';
+
+  public function getCapabilityName() {
+    return pht('Can Create Namespaces');
+  }
+
+  public function describeCapabilityRejection() {
+    return pht('You do not have permission to create Almanac namespaces.');
+  }
+
+}

src/applications/almanac/controller/AlmanacConsoleController.php

@@ -12,26 +12,52 @@ public function handleRequest(AphrontRequest $request) {
     $menu = id(new PHUIObjectItemListView())
       ->setUser($viewer);
 
-    $menu->addItem(
-      id(new PHUIObjectItemView())
-        ->setHeader(pht('Services'))
-        ->setHref($this->getApplicationURI('service/'))
-        ->setIcon('fa-plug')
-        ->addAttribute(pht('Manage Almanac services.')));
-
     $menu->addItem(
       id(new PHUIObjectItemView())
         ->setHeader(pht('Devices'))
         ->setHref($this->getApplicationURI('device/'))
         ->setIcon('fa-server')
-        ->addAttribute(pht('Manage Almanac devices.')));
+        ->addAttribute(
+          pht(
+            'Create an inventory of physical and virtual hosts and '.
+            'devices.')));
+
+    $menu->addItem(
+      id(new PHUIObjectItemView())
+        ->setHeader(pht('Services'))
+        ->setHref($this->getApplicationURI('service/'))
+        ->setIcon('fa-plug')
+        ->addAttribute(
+          pht(
+            'Create and update services, and map them to interfaces on '.
+            'devices.')));
 
     $menu->addItem(
       id(new PHUIObjectItemView())
         ->setHeader(pht('Networks'))
         ->setHref($this->getApplicationURI('network/'))
         ->setIcon('fa-globe')
-        ->addAttribute(pht('Manage Almanac networks.')));
+        ->addAttribute(
+          pht(
+            'Manage public and private networks.')));
+
+    $menu->addItem(
+      id(new PHUIObjectItemView())
+        ->setHeader(pht('Namespaces'))
+        ->setHref($this->getApplicationURI('namespace/'))
+        ->setIcon('fa-asterisk')
+        ->addAttribute(
+          pht('Control who can create new named services and devices.')));
+
+    $docs_uri = PhabricatorEnv::getDoclink(
+      'Almanac User Guide');
+
+    $menu->addItem(
+      id(new PHUIObjectItemView())
+        ->setHeader(pht('Documentation'))
+        ->setHref($docs_uri)
+        ->setIcon('fa-book')
+        ->addAttribute(pht('Browse documentation for Almanac.')));
 
     $crumbs = $this->buildApplicationCrumbs();
     $crumbs->addTextCrumb(pht('Console'));

src/applications/almanac/controller/AlmanacNamespaceController.php

@@ -0,0 +1,14 @@
+<?php
+
+abstract class AlmanacNamespaceController extends AlmanacController {
+
+  protected function buildApplicationCrumbs() {
+    $crumbs = parent::buildApplicationCrumbs();
+
+    $list_uri = $this->getApplicationURI('namespace/');
+    $crumbs->addTextCrumb(pht('Namespaces'), $list_uri);
+
+    return $crumbs;
+  }
+
+}

src/applications/almanac/controller/AlmanacNamespaceEditController.php

@@ -0,0 +1,11 @@
+<?php
+
+final class AlmanacNamespaceEditController extends AlmanacController {
+
+  public function handleRequest(AphrontRequest $request) {
+    return id(new AlmanacNamespaceEditEngine())
+      ->setController($this)
+      ->buildResponse();
+  }
+
+}

src/applications/almanac/controller/AlmanacNamespaceListController.php

@@ -0,0 +1,26 @@
+<?php
+
+final class AlmanacNamespaceListController
+  extends AlmanacNamespaceController {
+
+  public function shouldAllowPublic() {
+    return true;
+  }
+
+  public function handleRequest(AphrontRequest $request) {
+    return id(new AlmanacNamespaceSearchEngine())
+      ->setController($this)
+      ->buildResponse();
+  }
+
+  protected function buildApplicationCrumbs() {
+    $crumbs = parent::buildApplicationCrumbs();
+
+    id(new AlmanacNamespaceEditEngine())
+      ->setViewer($this->getViewer())
+      ->addActionToCrumbs($crumbs);
+
+    return $crumbs;
+  }
+
+}

src/applications/almanac/controller/AlmanacNamespaceViewController.php

@@ -0,0 +1,87 @@
+<?php
+
+final class AlmanacNamespaceViewController
+  extends AlmanacNamespaceController {
+
+  public function shouldAllowPublic() {
+    return true;
+  }
+
+  public function handleRequest(AphrontRequest $request) {
+    $viewer = $request->getViewer();
+
+    $id = $request->getURIData('id');
+    $namespace = id(new AlmanacNamespaceQuery())
+      ->setViewer($viewer)
+      ->withIDs(array($id))
+      ->executeOne();
+    if (!$namespace) {
+      return new Aphront404Response();
+    }
+
+    $title = pht('Namespace %s', $namespace->getName());
+
+    $property_list = $this->buildPropertyList($namespace);
+    $action_list = $this->buildActionList($namespace);
+    $property_list->setActionList($action_list);
+
+    $header = id(new PHUIHeaderView())
+      ->setUser($viewer)
+      ->setHeader($namespace->getName())
+      ->setPolicyObject($namespace);
+
+    $box = id(new PHUIObjectBoxView())
+      ->setHeader($header)
+      ->addPropertyList($property_list);
+
+    $crumbs = $this->buildApplicationCrumbs();
+    $crumbs->addTextCrumb($namespace->getName());
+
+    $timeline = $this->buildTransactionTimeline(
+      $namespace,
+      new AlmanacNamespaceTransactionQuery());
+    $timeline->setShouldTerminate(true);
+
+    return $this->newPage()
+      ->setTitle($title)
+      ->setCrumbs($crumbs)
+      ->appendChild(
+        array(
+          $box,
+          $timeline,
+      ));
+  }
+
+  private function buildPropertyList(AlmanacNamespace $namespace) {
+    $viewer = $this->getViewer();
+
+    $properties = id(new PHUIPropertyListView())
+      ->setUser($viewer);
+
+    return $properties;
+  }
+
+  private function buildActionList(AlmanacNamespace $namespace) {
+    $viewer = $this->getViewer();
+    $id = $namespace->getID();
+
+    $can_edit = PhabricatorPolicyFilter::hasCapability(
+      $viewer,
+      $namespace,
+      PhabricatorPolicyCapability::CAN_EDIT);
+
+    $actions = id(new PhabricatorActionListView())
+      ->setUser($viewer);
+
+    $actions->addAction(
+      id(new PhabricatorActionView())
+        ->setIcon('fa-pencil')
+        ->setName(pht('Edit Namespace'))
+        ->setHref($this->getApplicationURI("namespace/edit/{$id}/"))
+        ->setWorkflow(!$can_edit)
+        ->setDisabled(!$can_edit));
+
+    return $actions;
+  }
+
+}