CB-3834 Secret manager database schema

dbeaver · Jan 24, 2024 · b6feb13 · b6feb13
1 parent 8df248b
commit b6feb13
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 1 deletion.
diff --git a/server/bundles/io.cloudbeaver.service.security/db/cb_schema_create.sql b/server/bundles/io.cloudbeaver.service.security/db/cb_schema_create.sql
@@ -315,3 +315,25 @@ CREATE TABLE {table_prefix}CB_USER_SECRETS
     PRIMARY KEY (USER_ID, SECRET_ID),
     FOREIGN KEY (USER_ID) REFERENCES {table_prefix}CB_USER (USER_ID) ON DELETE CASCADE
 );
+
+CREATE TABLE {table_prefix}CB_SUBJECT_SECRETS
+(
+    SUBJECT_ID                     VARCHAR(128) NOT NULL,
+    SECRET_ID                      VARCHAR(255) NOT NULL,
+
+    PROJECT_ID                     VARCHAR(128),
+    OBJECT_TYPE                    VARCHAR(32),
+    OBJECT_ID                      VARCHAR(128),
+
+    SECRET_VALUE                   TEXT NOT NULL,
+
+    ENCODING_TYPE                  VARCHAR(32) DEFAULT 'PLAINTEXT' NOT NULL,
+    CREATE_TIME                    TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+    UPDATE_TIME                    TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+
+    PRIMARY KEY (SUBJECT_ID, SECRET_ID),
+    FOREIGN KEY (SUBJECT_ID) REFERENCES {table_prefix}CB_SUBJECT (SUBJECT_ID) ON DELETE CASCADE
+);
+
+CREATE INDEX IDX_SUBJECT_SECRETS_PROJECT ON {table_prefix}CB_SUBJECT_SECRETS (PROJECT_ID,SUBJECT_ID);
+CREATE INDEX IDX_SUBJECT_SECRETS_OBJECT ON {table_prefix}CB_SUBJECT_SECRETS (PROJECT_ID,OBJECT_TYPE,OBJECT_ID);
diff --git a/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_16.sql b/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_16.sql
@@ -0,0 +1,26 @@
+CREATE TABLE {table_prefix}CB_SUBJECT_SECRETS
+(
+    SUBJECT_ID                     VARCHAR(128) NOT NULL,
+    SECRET_ID                      VARCHAR(255) NOT NULL,
+
+    PROJECT_ID                     VARCHAR(128),
+    OBJECT_TYPE                    VARCHAR(32),
+    OBJECT_ID                      VARCHAR(128),
+
+    SECRET_VALUE                   TEXT NOT NULL,
+
+    ENCODING_TYPE                  VARCHAR(32) DEFAULT 'PLAINTEXT' NOT NULL,
+    CREATE_TIME                    TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+    UPDATE_TIME                    TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+
+    PRIMARY KEY (SUBJECT_ID, SECRET_ID),
+    FOREIGN KEY (SUBJECT_ID) REFERENCES {table_prefix}CB_SUBJECT (SUBJECT_ID) ON DELETE CASCADE
+    );
+
+CREATE INDEX IDX_SUBJECT_SECRETS_PROJECT ON {table_prefix}CB_SUBJECT_SECRETS (PROJECT_ID,SUBJECT_ID);
+CREATE INDEX IDX_SUBJECT_SECRETS_OBJECT ON {table_prefix}CB_SUBJECT_SECRETS (PROJECT_ID,OBJECT_TYPE,OBJECT_ID);
+
+INSERT INTO {table_prefix}CB_SUBJECT_SECRETS (SUBJECT_ID, SECRET_ID, SECRET_VALUE, ENCODING_TYPE, CREATE_TIME, UPDATE_TIME)
+SELECT USER_ID, SECRET_ID, SECRET_VALUE, ENCODING_TYPE, UPDATE_TIME, UPDATE_TIME FROM {table_prefix}CB_USER_SECRETS;
+
+DROP TABLE {table_prefix}CB_USER_SECRETS;
diff --git a/...es/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/db/CBDatabase.java b/...es/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/db/CBDatabase.java
@@ -73,7 +73,7 @@ public class CBDatabase {
     public static final String SCHEMA_UPDATE_SQL_PATH = "db/cb_schema_update_";
 
     private static final int LEGACY_SCHEMA_VERSION = 1;
-    private static final int CURRENT_SCHEMA_VERSION = 15;
+    private static final int CURRENT_SCHEMA_VERSION = 16;
 
     private static final String DEFAULT_DB_USER_NAME = "cb-data";
     private static final String DEFAULT_DB_PWD_FILE = ".database-credentials.dat";