From c2d63a21ac5ecae0a95be1ec2319bdbbab2a54ac Mon Sep 17 00:00:00 2001 From: Darcy Ye Date: Mon, 18 Nov 2024 11:50:21 +0800 Subject: [PATCH 1/3] feat(schemas): add saml_application_secres table --- ...1231-add-saml-application-secrets-table.ts | 40 +++++++++++++++++++ .../tables/saml_application_secrets.sql | 22 ++++++++++ 2 files changed, 62 insertions(+) create mode 100644 packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts create mode 100644 packages/schemas/tables/saml_application_secrets.sql diff --git a/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts new file mode 100644 index 00000000000..5b48d070cd8 --- /dev/null +++ b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts @@ -0,0 +1,40 @@ +import { sql } from '@silverhand/slonik'; + +import type { AlterationScript } from '../lib/types/alteration.js'; + +import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js'; + +const alteration: AlterationScript = { + up: async (pool) => { + await pool.query(sql` + create table saml_application_secrets ( + id varchar(21) not null, + tenant_id varchar(21) not null + references tenants (id) on update cascade on delete cascade, + application_id varchar(21) not null + references applications (id) on update cascade on delete cascade, + private_key text not null, + certificate text not null, + created_at timestamptz not null default now(), + expires_at timestamptz not null, + active boolean not null, + primary key (id), + constraint application_type + check (check_application_type(application_id, 'SAML')) + ); + + create unique index saml_application_secrets__unique_active_secret + on saml_application_secrets (application_id, active) + where active; + `); + await applyTableRls(pool, 'saml_application_secrets'); + }, + down: async (pool) => { + await dropTableRls(pool, 'saml_application_secrets'); + await pool.query(sql` + drop table saml_application_secrets; + `); + }, +}; + +export default alteration; diff --git a/packages/schemas/tables/saml_application_secrets.sql b/packages/schemas/tables/saml_application_secrets.sql new file mode 100644 index 00000000000..998e8bf41a1 --- /dev/null +++ b/packages/schemas/tables/saml_application_secrets.sql @@ -0,0 +1,22 @@ +/* init_order = 2 */ + +create table saml_application_secrets ( + id varchar(21) not null, + tenant_id varchar(21) not null + references tenants (id) on update cascade on delete cascade, + application_id varchar(21) not null + references applications (id) on update cascade on delete cascade, + private_key text not null, + certificate text not null, + created_at timestamptz not null default now(), + expires_at timestamptz not null, + active boolean not null, + primary key (id), + constraint application_type + check (check_application_type(application_id, 'SAML')) +); + +-- Only one active secret per application +create unique index saml_application_secrets__unique_active_secret + on saml_application_secrets (application_id, active) + where active; From 9bed048d57d31949f98583834087231041e2277b Mon Sep 17 00:00:00 2001 From: Darcy Ye Date: Tue, 19 Nov 2024 14:06:28 +0800 Subject: [PATCH 2/3] chore: update schema --- .../next-1731901231-add-saml-application-secrets-table.ts | 8 ++++---- packages/schemas/tables/saml_application_secrets.sql | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts index 5b48d070cd8..28aef8f7d83 100644 --- a/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts +++ b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts @@ -13,18 +13,18 @@ const alteration: AlterationScript = { references tenants (id) on update cascade on delete cascade, application_id varchar(21) not null references applications (id) on update cascade on delete cascade, - private_key text not null, - certificate text not null, + private_key varchar not null, + certificate varchar not null, created_at timestamptz not null default now(), expires_at timestamptz not null, active boolean not null, - primary key (id), + primary key (tenant_id, application_id, id), constraint application_type check (check_application_type(application_id, 'SAML')) ); create unique index saml_application_secrets__unique_active_secret - on saml_application_secrets (application_id, active) + on saml_application_secrets (tenant_id, application_id, active) where active; `); await applyTableRls(pool, 'saml_application_secrets'); diff --git a/packages/schemas/tables/saml_application_secrets.sql b/packages/schemas/tables/saml_application_secrets.sql index 998e8bf41a1..8725ab1d8c9 100644 --- a/packages/schemas/tables/saml_application_secrets.sql +++ b/packages/schemas/tables/saml_application_secrets.sql @@ -6,17 +6,17 @@ create table saml_application_secrets ( references tenants (id) on update cascade on delete cascade, application_id varchar(21) not null references applications (id) on update cascade on delete cascade, - private_key text not null, - certificate text not null, + private_key varchar not null, + certificate varchar not null, created_at timestamptz not null default now(), expires_at timestamptz not null, active boolean not null, - primary key (id), + primary key (tenant_id, application_id, id), constraint application_type check (check_application_type(application_id, 'SAML')) ); -- Only one active secret per application create unique index saml_application_secrets__unique_active_secret - on saml_application_secrets (application_id, active) + on saml_application_secrets (tenant_id, application_id, active) where active; From 4de302685a29bfb29eea309dea776287d8e075a6 Mon Sep 17 00:00:00 2001 From: Darcy Ye Date: Wed, 20 Nov 2024 15:42:29 +0800 Subject: [PATCH 3/3] chore: update secret table columns type --- .../next-1731901231-add-saml-application-secrets-table.ts | 4 ++-- packages/schemas/tables/saml_application_secrets.sql | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts index 28aef8f7d83..165b73a284a 100644 --- a/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts +++ b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts @@ -13,8 +13,8 @@ const alteration: AlterationScript = { references tenants (id) on update cascade on delete cascade, application_id varchar(21) not null references applications (id) on update cascade on delete cascade, - private_key varchar not null, - certificate varchar not null, + private_key text not null, + certificate text not null, created_at timestamptz not null default now(), expires_at timestamptz not null, active boolean not null, diff --git a/packages/schemas/tables/saml_application_secrets.sql b/packages/schemas/tables/saml_application_secrets.sql index 8725ab1d8c9..4a9c7825722 100644 --- a/packages/schemas/tables/saml_application_secrets.sql +++ b/packages/schemas/tables/saml_application_secrets.sql @@ -6,8 +6,8 @@ create table saml_application_secrets ( references tenants (id) on update cascade on delete cascade, application_id varchar(21) not null references applications (id) on update cascade on delete cascade, - private_key varchar not null, - certificate varchar not null, + private_key text not null, + certificate text not null, created_at timestamptz not null default now(), expires_at timestamptz not null, active boolean not null,