internal/db: ensure new columns are not null (#4197)

Ensure the new create_time and update_time columns are marked as not null after populating the data. Also ensure that the data is populated safely with an updated query pattern inspired by the auth method pattern.
2 years ago · f0dbddb9e3
parent 40d9c3fd1d
commit f0dbddb9e3
4 changed files with 91 additions and 43 deletions
--- a/internal/db/schema/migrations/oss/postgres/80/02_target_base_table_updates.up.sql
+++ b/internal/db/schema/migrations/oss/postgres/80/02_target_base_table_updates.up.sql
@ -7,15 +7,23 @@ begin;
  -- It already has the create time.
  alter table target add column update_time wt_timestamp;

-  -- Update rows with current values
-  update target
-    set update_time = target_tcp.update_time
-    from target as t
-    left join target_tcp on t.public_id = target_tcp.public_id;
+
+  -- Update rows with current values from the subtype target tables.
+  with sub_target as (
+    select public_id,
+           update_time
+      from target_tcp
+     union
+    select public_id,
+           update_time
+      from target_ssh
+  )
  update target
-    set update_time = target_ssh.update_time
-    from target as t
-    left join target_ssh on t.public_id = target_ssh.public_id;
+     set update_time = sub_target.update_time
+    from sub_target
+   where target.public_id = sub_target.public_id;
+
+  alter table target alter column update_time set not null;

  -- Add trigger to update the new column on every subtype update.
  create function update_target_table_update_time() returns trigger
--- a/internal/db/schema/migrations/oss/postgres/80/03_credential_static_base_table_updates.up.sql
+++ b/internal/db/schema/migrations/oss/postgres/80/03_credential_static_base_table_updates.up.sql
@ -4,22 +4,36 @@
 begin;

  -- Add create_time and update_time to credential_static table.
-  alter table credential_static add column create_time wt_timestamp;
-  alter table credential_static add column update_time wt_timestamp;
+  alter table credential_static
+    add column create_time wt_timestamp,
+    add column update_time wt_timestamp;

-  -- Update rows with current values
+  -- Update rows with current values from the subtype static credential tables.
+  with sub_credential as (
+    select public_id,
+           create_time,
+           update_time
+      from credential_static_json_credential
+     union
+    select public_id,
+           create_time,
+           update_time
+      from credential_static_ssh_private_key_credential
+     union
+    select public_id,
+           create_time,
+           update_time
+      from credential_static_username_password_credential
+  )
  update credential_static
-    set create_time = csj.create_time, update_time = csj.update_time
-    from credential_static as cs
-    left join credential_static_json_credential as csj on cs.public_id = csj.public_id;
-  update credential_static
-    set create_time = cssshpk.create_time, update_time = cssshpk.update_time
-    from credential_static as cs
-    left join credential_static_ssh_private_key_credential as cssshpk on cs.public_id = cssshpk.public_id;
-  update credential_static
-    set create_time = csupw.create_time, update_time = csupw.update_time
-    from credential_static as cs
-    left join credential_static_username_password_credential as csupw on cs.public_id = csupw.public_id;
+     set create_time = sub_credential.create_time,
+         update_time = sub_credential.update_time
+    from sub_credential
+   where credential_static.public_id = sub_credential.public_id;
+
+  alter table credential_static
+    alter column create_time set not null,
+    alter column update_time set not null;

  -- Replace the insert trigger to also set the create_time
  -- Replaces the insert_credential_static_subtype function defined in 46/01_credentials.up.sql
--- a/internal/db/schema/migrations/oss/postgres/80/04_credential_library_base_table_updates.up.sql
+++ b/internal/db/schema/migrations/oss/postgres/80/04_credential_library_base_table_updates.up.sql
@ -4,18 +4,31 @@
 begin;

  -- Add create_time and update_time to credential_library table.
-  alter table credential_library add column create_time wt_timestamp;
-  alter table credential_library add column update_time wt_timestamp;
+  alter table credential_library
+    add column create_time wt_timestamp,
+    add column update_time wt_timestamp;

-  -- Update rows with current values
+  -- Update rows with current values from the subtype credential library tables.
+  with sub_credential_library as (
+    select public_id,
+           create_time,
+           update_time
+      from credential_vault_library
+     union
+    select public_id,
+           create_time,
+           update_time
+      from credential_vault_ssh_cert_library
+  )
  update credential_library
-    set create_time = cvl.create_time, update_time = cvl.update_time
-    from credential_library as cl
-    left join credential_vault_library as cvl on cl.public_id = cvl.public_id;
-  update credential_library
-    set create_time = cvscl.create_time, update_time = cvscl.update_time
-    from credential_library as cl
-    left join credential_vault_ssh_cert_library as cvscl on cl.public_id = cvscl.public_id;
+     set create_time = sub_credential_library.create_time,
+         update_time = sub_credential_library.update_time
+    from sub_credential_library
+   where credential_library.public_id = sub_credential_library.public_id;
+
+  alter table credential_library
+    alter column create_time set not null,
+    alter column update_time set not null;

  -- Replace the insert trigger to also set the create_time
  -- Replaces the insert_credential_library_subtype function defined in 46/01_credentials.up.sql
--- a/internal/db/schema/migrations/oss/postgres/80/07_credential_store_base_table_updates.up.sql
+++ b/internal/db/schema/migrations/oss/postgres/80/07_credential_store_base_table_updates.up.sql
@ -4,22 +4,35 @@
 begin;

  -- Add create_time and update_time to credential_store table.
-  alter table credential_store add column create_time wt_timestamp;
-  alter table credential_store add column update_time wt_timestamp;
+  alter table credential_store
+    add column create_time wt_timestamp,
+    add column update_time wt_timestamp;

-  -- Update rows with current values
+  -- Update rows with current values from the subtype credential store tables.
+  with sub_credential_store as (
+    select public_id,
+           create_time,
+           update_time
+      from credential_vault_store
+     union
+    select public_id,
+           create_time,
+           update_time
+      from credential_static_store
+  )
  update credential_store
-    set create_time = cvs.create_time, update_time = cvs.update_time
-    from credential_store as cl
-    left join credential_vault_store as cvs on cl.public_id = cvs.public_id;
-  update credential_store
-    set create_time = css.create_time, update_time = css.update_time
-    from credential_store as cl
-    left join credential_static_store as css on cl.public_id = css.public_id;
+     set create_time = sub_credential_store.create_time,
+         update_time = sub_credential_store.update_time
+    from sub_credential_store
+   where credential_store.public_id = sub_credential_store.public_id;
+
+  alter table credential_store
+    alter column create_time set not null,
+    alter column update_time set not null;

  -- Replace the insert trigger to also set the create_time
  -- Replaces the insert_credential_store_subtype function defined in 44/01_credentials.up.sql
-   create or replace function insert_credential_store_subtype() returns trigger
+  create or replace function insert_credential_store_subtype() returns trigger
  as $$
  begin
    insert into credential_store