diff --git a/internal/db/schema/migrations/oss/postgres/82/04_wh_auth_token_insert.up.sql b/internal/db/schema/migrations/oss/postgres/82/04_wh_auth_token_insert.up.sql new file mode 100644 index 0000000000..776da6f2ac --- /dev/null +++ b/internal/db/schema/migrations/oss/postgres/82/04_wh_auth_token_insert.up.sql @@ -0,0 +1,51 @@ +-- Copyright (c) HashiCorp, Inc. +-- SPDX-License-Identifier: BUSL-1.1 + +begin; + create function wh_auth_token_issued(p_auth_token_id wt_public_id, issued_ts wt_timestamp, last_accessed_ts wt_timestamp) returns void + as $$ + declare + new_row wh_auth_token_accumulating_fact%rowtype; + begin + insert into wh_auth_token_accumulating_fact ( + auth_token_id, + user_key, + auth_token_issued_date_key, + auth_token_issued_time_key, + auth_token_issued_time, + auth_token_approximate_last_access_date_key, + auth_token_approximate_last_access_time_key, + auth_token_approximate_last_access_time, + auth_token_approximate_active_time_range, + auth_token_valid_time_range + ) + select p_auth_token_id, + wh_upsert_user(p_auth_token_id), + wh_date_key(issued_ts), + wh_time_key(issued_ts), + issued_ts, + wh_date_key(last_accessed_ts), + wh_time_key(last_accessed_ts), + last_accessed_ts, + tstzrange(issued_ts, last_accessed_ts, '[]'), + tstzrange(issued_ts, 'infinity'::wt_timestamp, '[]') + returning * into strict new_row; + return; + end; + $$ language plpgsql; + comment on function wh_auth_token_issued is + 'wh_auth_token_issued is a function called when an auth token is issued to insert a fact into the auth token accumulating fact table.'; + + create function auth_token_inserted() returns trigger + as $$ + begin + if new.status = 'token issued' then + perform wh_auth_token_issued(new.public_id, new.update_time, new.approximate_last_access_time); + end if; + return null; + end; + $$ language plpgsql; + + create trigger auth_token_inserted after insert on auth_token + for each row execute procedure auth_token_inserted(); +commit; diff --git a/internal/db/sqltest/tests/wh/auth_token/insert.sql b/internal/db/sqltest/tests/wh/auth_token/insert.sql new file mode 100644 index 0000000000..2e1959cd2b --- /dev/null +++ b/internal/db/sqltest/tests/wh/auth_token/insert.sql @@ -0,0 +1,81 @@ +-- Copyright (c) HashiCorp, Inc. +-- SPDX-License-Identifier: BUSL-1.1 + +begin; + select plan(4); + + select wtt_load('widgets', 'iam', 'kms'); + + -- Create a user dimension for corresponding auth token's user. + insert into wh_user_dimension ( + user_id, user_name, user_description, + auth_account_id, auth_account_type, auth_account_name, auth_account_description, + auth_method_id, auth_method_type, auth_method_name, auth_method_description, + user_organization_id, user_organization_name, user_organization_description, + current_row_indicator, + row_effective_time, row_expiration_time, + auth_method_external_id, auth_account_external_id, auth_account_full_name, auth_account_email + ) values ( + 'u_____user1', 'None', 'None', + 'a______acc1', 'None', 'None', 'None', + 'am______am1', 'None', 'None', 'None', + 'o______org1', 'None', 'None', + 'current', + now(), 'infinity'::timestamptz, + 'None', 'None', 'None', 'None' + ); + + -- Create auth method and account to use for making auth tokens. + insert into auth_password_conf + (password_method_id, private_id) + values + ('apm___widget', 'apmc__widget'); + insert into auth_password_method + (scope_id, public_id, password_conf_id, name) + values + ('o_____widget', 'apm___widget', 'apmc__widget', 'Widget Auth Password'); + insert into auth_password_account + (auth_method_id, public_id, login_name) + values + ('apm___widget', 'apa___walter', 'walter'); + update auth_account set iam_user_id = 'u_____walter' where public_id = 'apa___walter'; + + -- should start with no facts for this user. + select is(count(*), 0::bigint) + from wh_auth_token_accumulating_fact + where user_id = 'u_____walter'; + + -- Insert with status 'auth token pending' should not create a auth token fact. + insert into auth_token + (key_id, auth_account_id, public_id, token, status) + values + ('kdkv___widget', 'apa___walter', 'tok___walter1', 'tok___walter1'::bytea, 'auth token pending'); + select is(count(*), 0::bigint) from wh_auth_token_accumulating_fact where user_id = 'u_____walter'; + + -- Insert an auth token wuth the 'token issued' status. + insert into auth_token + (key_id, auth_account_id, public_id, token, status) + values + ('kdkv___widget', 'apa___walter', 'tok___walter2', 'tok___walter2'::bytea, 'token issued'); + + -- should have one fact for this user. + select is(count(*), 1::bigint) + from wh_auth_token_accumulating_fact + where user_id = 'u_____walter'; + select is( + wh_auth_token_accumulating_fact.*, + row('tok___walter2', + 'u_____walter', (select key from wh_user_dimension where user_id = 'u_____walter'), + wh_date_key(now()), wh_time_key(now()), now(), + -1, -1, 'infinity'::timestamptz, + wh_date_key(now()), wh_time_key(now()), now(), + tstzrange(now(), now(), '[]'), + tstzrange(now(), 'infinity'::timestamptz, '[]'), + 1 + )::wh_auth_token_accumulating_fact + ) + from wh_auth_token_accumulating_fact + where user_id = 'u_____walter'; + + select * from finish(); +rollback;