feat(dw): Update auth token fact when auth token is deleted

This adds a function and after delete trigger to the auth_token table to ensure that a corresponding auth token fact is updated with the deleted time and sets the auth token valid time range. The data warehouse will only be updated if the token that was deleted is in the 'token issued' status.
2 years ago · 2318284561
parent 81cbea177f
commit 2318284561
2 changed files with 108 additions and 0 deletions
--- a/internal/db/schema/migrations/oss/postgres/82/06_wh_auth_token_delete.up.sql
+++ b/internal/db/schema/migrations/oss/postgres/82/06_wh_auth_token_delete.up.sql
@ -0,0 +1,33 @@
+-- Copyright (c) HashiCorp, Inc.
+-- SPDX-License-Identifier: BUSL-1.1
+
+begin;
+  create function wh_auth_token_deleted(p_auth_token_id wt_public_id) returns void
+  as $$
+  begin
+    update wh_auth_token_accumulating_fact
+       set auth_token_deleted_date_key = wh_date_key(now()),
+           auth_token_deleted_time_key = wh_time_key(now()),
+           auth_token_deleted_time     = now(),
+           auth_token_valid_time_range = tstzrange(lower(auth_token_valid_time_range), now(), '[]')
+     where auth_token_id = p_auth_token_id;
+    return;
+  end;
+  $$ language plpgsql;
+  comment on function wh_auth_token_deleted is
+    'wh_auth_token_deleted is a function that updates the wh_auth_token_accumulating_fact'
+    'when a previously issued auth_token is deleted.';
+
+  create function auth_token_deleted() returns trigger
+  as $$
+  begin
+    if old.status = 'token issued' then
+      perform wh_auth_token_deleted(old.public_id);
+    end if;
+    return null;
+  end;
+  $$ language plpgsql;
+
+  create trigger auth_token_deleted after delete on auth_token
+    for each row execute procedure auth_token_deleted();
+commit;
--- a/internal/db/sqltest/tests/wh/auth_token/delete.sql
+++ b/internal/db/sqltest/tests/wh/auth_token/delete.sql
@ -0,0 +1,75 @@
+-- Copyright (c) HashiCorp, Inc.
+-- SPDX-License-Identifier: BUSL-1.1
+
+begin;
+  select plan(14);
+
+  -- should have an auth token for carly
+  select is(count(*), 1::bigint)
+    from auth_token
+   where public_id = 'tok____carly';
+
+  -- should have one fact for carly.
+  select is(count(*), 1::bigint)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+  -- the fact should not have a deleted time.
+  select is(auth_token_deleted_date_key, -1)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+  select is(auth_token_deleted_time_key, -1)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+  select is(auth_token_deleted_time, 'infinity'::wh_timestamp)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+  select is(upper(auth_token_valid_time_range), 'infinity'::timestamptz)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+
+  -- Now delete the auth token and confirm the fact was updated properly.
+  delete
+    from auth_token
+   where public_id = 'tok____carly';
+
+  -- should still have one fact
+  select is(count(*), 1::bigint)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+  -- times should be updated to have a deleted time.
+  select is(auth_token_deleted_date_key, wh_date_key(now()))
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+  select is(auth_token_deleted_time_key, wh_time_key(now()))
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+  select is(auth_token_deleted_time, now()::wh_timestamp)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+  select is(upper(auth_token_valid_time_range), now())
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u______carly';
+
+  -- should have an auth token for cora that is in pending status
+  select is(count(*), 1::bigint)
+    from auth_token
+   where public_id = 'tok_____cora'
+     and status    = 'auth token pending';
+
+  -- since the auth token is pending, there should be no fact for cora.
+  select is(count(*), 0::bigint)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u_______cora';
+
+  -- Now delete the pending auth token, this should not result in a fact.
+  delete
+    from auth_token
+   where public_id = 'tok_____cora';
+
+  select is(count(*), 0::bigint)
+    from wh_auth_token_accumulating_fact
+   where user_id = 'u_______cora';
+
+
+  select * from finish();
+rollback;