feat: manually trigger anon rules

Author: rafbgarcia

internal/anonymize/anonymize.go

@@ -1,10 +1,14 @@
 package anonymize
 
 import (
+	"context"
 	"fmt"
+	"os/exec"
 	"strings"
 
 	"github.com/branchd-dev/branchd/internal/models"
+	"github.com/rs/zerolog"
+	"gorm.io/gorm"
 )
 
 // GenerateSQL generates anonymization SQL from rules
@@ -96,3 +100,78 @@ func renderTemplate(template string) string {
 func quoteIdentifier(name string) string {
 	return fmt.Sprintf("\"%s\"", strings.ReplaceAll(name, "\"", "\"\""))
 }
+
+// ApplyParams contains parameters needed to apply anonymization rules
+type ApplyParams struct {
+	DatabaseName   string
+	PostgresVersion string
+	PostgresPort   int
+}
+
+// Apply loads and applies anonymization rules to a database
+// Returns the number of rules applied and any error
+func Apply(ctx context.Context, db *gorm.DB, params ApplyParams, logger zerolog.Logger) (int, error) {
+	// Load all anonymization rules
+	var rules []models.AnonRule
+	if err := db.Find(&rules).Error; err != nil {
+		return 0, fmt.Errorf("failed to load anon rules: %w", err)
+	}
+
+	if len(rules) == 0 {
+		logger.Info().
+			Str("database_name", params.DatabaseName).
+			Msg("No anonymization rules configured, skipping")
+		return 0, nil
+	}
+
+	logger.Info().
+		Str("database_name", params.DatabaseName).
+		Int("rule_count", len(rules)).
+		Msg("Applying anonymization rules")
+
+	// Generate SQL from rules
+	sql := GenerateSQL(rules)
+	if sql == "" {
+		logger.Warn().Msg("Generated empty SQL from rules")
+		return 0, nil
+	}
+
+	// Execute anonymization SQL on the database
+	script := fmt.Sprintf(`#!/bin/bash
+set -euo pipefail
+
+DATABASE_NAME="%s"
+PG_VERSION="%s"
+PG_PORT="%d"
+PG_BIN="/usr/lib/postgresql/${PG_VERSION}/bin"
+
+echo "Applying anonymization rules to database ${DATABASE_NAME}"
+
+# Execute anonymization SQL with correct port
+sudo -u postgres ${PG_BIN}/psql -p ${PG_PORT} -d "${DATABASE_NAME}" <<'ANONYMIZE_SQL'
+%s
+ANONYMIZE_SQL
+
+echo "Anonymization completed successfully"
+`, params.DatabaseName, params.PostgresVersion, params.PostgresPort, sql)
+
+	cmd := exec.CommandContext(ctx, "bash", "-c", script)
+	outputBytes, err := cmd.CombinedOutput()
+	output := string(outputBytes)
+	if err != nil {
+		logger.Error().
+			Err(err).
+			Str("output", output).
+			Str("database_name", params.DatabaseName).
+			Msg("Failed to execute anonymization script")
+		return 0, fmt.Errorf("anonymization script execution failed: %w", err)
+	}
+
+	logger.Info().
+		Str("database_name", params.DatabaseName).
+		Int("rule_count", len(rules)).
+		Str("output", output).
+		Msg("Anonymization rules applied successfully")
+
+	return len(rules), nil
+}

internal/server/restore_handlers.go

@@ -12,6 +12,7 @@ import (
 	"github.com/hibiken/asynq"
 	"gorm.io/gorm"
 
+	"github.com/branchd-dev/branchd/internal/anonymize"
 	"github.com/branchd-dev/branchd/internal/models"
 	"github.com/branchd-dev/branchd/internal/tasks"
 )
@@ -269,3 +270,82 @@ func (s *Server) getRestoreLogs(c *gin.Context) {
 		"exists":      true,
 	})
 }
+
+// postgresVersionToPort maps PostgreSQL major version to its port
+func postgresVersionToPort(version string) int {
+	switch version {
+	case "14":
+		return 5414
+	case "15":
+		return 5415
+	case "16":
+		return 5416
+	case "17":
+		return 5417
+	default:
+		// Default to 5432 for unknown versions
+		return 5432
+	}
+}
+
+// @Summary Apply anonymization rules to restore
+// @Description Manually trigger anonymization rules on a specific restore
+// @Tags restores
+// @Produce json
+// @Security BearerAuth
+// @Param id path string true "Restore ID"
+// @Success 200 {object} map[string]interface{}
+// @Failure 404 {object} map[string]interface{}
+// @Failure 500 {object} map[string]interface{}
+// @Router /api/restores/{id}/anonymize [post]
+func (s *Server) applyAnonymization(c *gin.Context) {
+	restoreID := c.Param("id")
+
+	// Find restore
+	var restore models.Restore
+	if err := s.db.Where("id = ?", restoreID).First(&restore).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			c.JSON(http.StatusNotFound, gin.H{"error": "Restore not found"})
+			return
+		}
+		s.logger.Error().Err(err).Str("restore_id", restoreID).Msg("Failed to find restore")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Internal server error"})
+		return
+	}
+
+	// Load config to get PG version
+	var config models.Config
+	if err := s.db.First(&config).Error; err != nil {
+		s.logger.Error().Err(err).Msg("Failed to load config")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Internal server error"})
+		return
+	}
+
+	s.logger.Info().
+		Str("restore_id", restoreID).
+		Str("restore_name", restore.Name).
+		Msg("Manually triggering anonymization")
+
+	// Apply anonymization rules
+	pgPort := postgresVersionToPort(config.PostgresVersion)
+	rulesApplied, err := anonymize.Apply(c.Request.Context(), s.db, anonymize.ApplyParams{
+		DatabaseName:    restore.Name,
+		PostgresVersion: config.PostgresVersion,
+		PostgresPort:    pgPort,
+	}, s.logger)
+	if err != nil {
+		s.logger.Error().Err(err).Str("restore_id", restoreID).Msg("Failed to apply anonymization")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("Failed to apply anonymization: %v", err)})
+		return
+	}
+
+	s.logger.Info().
+		Str("restore_id", restoreID).
+		Int("rules_applied", rulesApplied).
+		Msg("Anonymization completed successfully")
+
+	c.JSON(http.StatusOK, gin.H{
+		"message":       "Anonymization completed successfully",
+		"rules_applied": rulesApplied,
+	})
+}

internal/server/server.go

@@ -260,6 +260,7 @@ func (s *Server) setupRouter() {
 		api.GET("/restores/:id/logs", s.getRestoreLogs)
 		api.DELETE("/restores/:id", s.deleteRestore)
 		api.POST("/restores/trigger-restore", s.triggerRestore)
+		api.POST("/restores/:id/anonymize", s.applyAnonymization)
 
 		// Anonymization rules (global)
 		api.GET("/anon-rules", s.listAnonRules)

internal/workers/pg_dump_restore.go

@@ -304,7 +304,13 @@ func HandlePgDumpRestoreWaitComplete(ctx context.Context, t *asynq.Task, client
 			Msg("Restore completed successfully")
 
 		// Apply anonymization rules before marking as ready
-		if err := applyAnonymizationRules(ctx, db, &config, &restoreModel, logger); err != nil {
+		pgPort := postgresVersionToPort(config.PostgresVersion)
+		_, err := anonymize.Apply(ctx, db, anonymize.ApplyParams{
+			DatabaseName:    restoreModel.Name,
+			PostgresVersion: config.PostgresVersion,
+			PostgresPort:    pgPort,
+		}, logger)
+		if err != nil {
 			logger.Error().Err(err).Msg("Failed to apply anonymization rules")
 			return fmt.Errorf("failed to apply anonymization rules: %w", err)
 		}
@@ -397,70 +403,3 @@ func calculateNextRefresh(cronExpr string, from time.Time) *time.Time {
 	return &next
 }
 
-// applyAnonymizationRules applies configured anonymization rules to a restored database
-func applyAnonymizationRules(ctx context.Context, db *gorm.DB, config *models.Config, database *models.Restore, logger zerolog.Logger) error {
-	// Load global anonymization rules
-	var rules []models.AnonRule
-	if err := db.Find(&rules).Error; err != nil {
-		return fmt.Errorf("failed to load anon rules: %w", err)
-	}
-
-	if len(rules) == 0 {
-		logger.Info().
-			Str("restore_id", database.ID).
-			Msg("No anonymization rules configured, skipping")
-		return nil
-	}
-
-	logger.Info().
-		Str("restore_id", database.ID).
-		Int("rule_count", len(rules)).
-		Msg("Applying anonymization rules")
-
-	// Generate SQL from rules
-	sql := anonymize.GenerateSQL(rules)
-	if sql == "" {
-		logger.Warn().Msg("Generated empty SQL from rules")
-		return nil
-	}
-
-	// Execute anonymization SQL on the database
-	pgPort := postgresVersionToPort(config.PostgresVersion)
-	script := fmt.Sprintf(`#!/bin/bash
-set -euo pipefail
-
-DATABASE_NAME="%s"
-PG_VERSION="%s"
-PG_PORT="%d"
-PG_BIN="/usr/lib/postgresql/${PG_VERSION}/bin"
-
-echo "Applying anonymization rules to database ${DATABASE_NAME}"
-
-# Execute anonymization SQL with correct port
-sudo -u postgres ${PG_BIN}/psql -p ${PG_PORT} -d "${DATABASE_NAME}" <<'ANONYMIZE_SQL'
-%s
-ANONYMIZE_SQL
-
-echo "Anonymization completed successfully"
-`, database.Name, config.PostgresVersion, pgPort, sql)
-
-	cmd := exec.CommandContext(ctx, "bash", "-c", script)
-	outputBytes, err := cmd.CombinedOutput()
-	output := string(outputBytes)
-	if err != nil {
-		logger.Error().
-			Err(err).
-			Str("output", output).
-			Str("database_name", database.Name).
-			Msg("Failed to execute anonymization script")
-		return fmt.Errorf("anonymization script execution failed: %w", err)
-	}
-
-	logger.Info().
-		Str("database_name", database.Name).
-		Int("rule_count", len(rules)).
-		Str("output", output).
-		Msg("Anonymization rules applied successfully")
-
-	return nil
-}

web/src/lib/openapi.ts

@@ -566,6 +566,15 @@ export class Api<
         ...params,
       }),
 
+    restoresAnonymizeCreate: (id: string, params: RequestParams = {}) =>
+      this.request<Record<string, any>, Record<string, any>>({
+        path: `/api/restores/${id}/anonymize`,
+        method: "POST",
+        secure: true,
+        format: "json",
+        ...params,
+      }),
+
     restoresLogsList: (
       id: string,
       query?: {