add flags_id nullable field to new Flake model

[joseph-sentry]

No description provided.

[Swatinem]

BinaryField. What kind of data do you plan to put there? Also noticing now that test_id is also a BinaryField. Will these hold (non-base16-encoded) hash values?

[joseph-sentry]

yes, they're both has values. I think i can probably indicate it somehow with some sort of max length in the binary field but the test_id is meant to be 16 bytes and the flags_id is meant to be 8 bytes. they're both generated using mmh3 and they don't have any particular encoding hence: BinaryField. In BQ they're defined as BYTES fields

[Swatinem]

we have a normal index on repo_id and test_id, but are you planning on having any kind of uniqueness constraint based on the test_id or the flags_id?

it should be fine if both are still also dependent on the repo_id.

just thinking of that as I recently read https://orlp.net/blog/breaking-hash-functions/ which is a very well written post about how to trivially cause collisions of mmh3 and similar non cryptographic hash functions.
it would be really bad if one customer could mess with another customers data based on such trivially breakable hash values.

[joseph-sentry]

i think the uniqueness constraint should be on (repoid, test_id, flags_id) so that will isolate test_id collisions to a single customer. The mistake I made with the Test model previously is that the primary key was the test_id, which was all around a bad idea.

At least this strategy of isolating unique (test_id, flags_id) combinations to the repo means that one customer can't mess with another, however this still leaves an opening for open source repos (or any repo that doesn't protect its uploads) to be polluted. I'm not sure how to fix that problem.