diff --git a/internal/db/schema/migrations/oss/postgres/82/06_wh_auth_token_delete.up.sql b/internal/db/schema/migrations/oss/postgres/82/06_wh_auth_token_delete.up.sql new file mode 100644 index 0000000000..8edd19b98a --- /dev/null +++ b/internal/db/schema/migrations/oss/postgres/82/06_wh_auth_token_delete.up.sql @@ -0,0 +1,33 @@ +-- Copyright (c) HashiCorp, Inc. +-- SPDX-License-Identifier: BUSL-1.1 + +begin; + create function wh_auth_token_deleted(p_auth_token_id wt_public_id) returns void + as $$ + begin + update wh_auth_token_accumulating_fact + set auth_token_deleted_date_key = wh_date_key(now()), + auth_token_deleted_time_key = wh_time_key(now()), + auth_token_deleted_time = now(), + auth_token_valid_time_range = tstzrange(lower(auth_token_valid_time_range), now(), '[]') + where auth_token_id = p_auth_token_id; + return; + end; + $$ language plpgsql; + comment on function wh_auth_token_deleted is + 'wh_auth_token_deleted is a function that updates the wh_auth_token_accumulating_fact' + 'when a previously issued auth_token is deleted.'; + + create function auth_token_deleted() returns trigger + as $$ + begin + if old.status = 'token issued' then + perform wh_auth_token_deleted(old.public_id); + end if; + return null; + end; + $$ language plpgsql; + + create trigger auth_token_deleted after delete on auth_token + for each row execute procedure auth_token_deleted(); +commit; diff --git a/internal/db/sqltest/tests/wh/auth_token/delete.sql b/internal/db/sqltest/tests/wh/auth_token/delete.sql new file mode 100644 index 0000000000..f289b1a2fa --- /dev/null +++ b/internal/db/sqltest/tests/wh/auth_token/delete.sql @@ -0,0 +1,75 @@ +-- Copyright (c) HashiCorp, Inc. +-- SPDX-License-Identifier: BUSL-1.1 + +begin; + select plan(14); + + -- should have an auth token for carly + select is(count(*), 1::bigint) + from auth_token + where public_id = 'tok____carly'; + + -- should have one fact for carly. + select is(count(*), 1::bigint) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + -- the fact should not have a deleted time. + select is(auth_token_deleted_date_key, -1) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + select is(auth_token_deleted_time_key, -1) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + select is(auth_token_deleted_time, 'infinity'::wh_timestamp) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + select is(upper(auth_token_valid_time_range), 'infinity'::timestamptz) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + + -- Now delete the auth token and confirm the fact was updated properly. + delete + from auth_token + where public_id = 'tok____carly'; + + -- should still have one fact + select is(count(*), 1::bigint) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + -- times should be updated to have a deleted time. + select is(auth_token_deleted_date_key, wh_date_key(now())) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + select is(auth_token_deleted_time_key, wh_time_key(now())) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + select is(auth_token_deleted_time, now()::wh_timestamp) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + select is(upper(auth_token_valid_time_range), now()) + from wh_auth_token_accumulating_fact + where user_id = 'u______carly'; + + -- should have an auth token for cora that is in pending status + select is(count(*), 1::bigint) + from auth_token + where public_id = 'tok_____cora' + and status = 'auth token pending'; + + -- since the auth token is pending, there should be no fact for cora. + select is(count(*), 0::bigint) + from wh_auth_token_accumulating_fact + where user_id = 'u_______cora'; + + -- Now delete the pending auth token, this should not result in a fact. + delete + from auth_token + where public_id = 'tok_____cora'; + + select is(count(*), 0::bigint) + from wh_auth_token_accumulating_fact + where user_id = 'u_______cora'; + + + select * from finish(); +rollback;