Add new column for new encyrption format (#3331)

mindersec · May 14, 2024 · fcf857b · fcf857b
1 parent daccbc1
commit fcf857b
Show file tree

Hide file tree

Showing 11 changed files with 92 additions and 72 deletions.
diff --git a/database/migrations/000056_encrypted_column.down.sql b/database/migrations/000056_encrypted_column.down.sql
@@ -0,0 +1,16 @@
+-- Copyright 2024 Stacklok, Inc
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--      http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+ALTER TABLE provider_access_tokens DROP COLUMN encrypted_access_token;
+ALTER TABLE session_store DROP COLUMN encrypted_redirect;
diff --git a/database/migrations/000056_encrypted_column.up.sql b/database/migrations/000056_encrypted_column.up.sql
@@ -0,0 +1,18 @@
+-- Copyright 2024 Stacklok, Inc
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--      http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- add columns for new encrypted data format
+
+ALTER TABLE provider_access_tokens ADD COLUMN encrypted_access_token JSONB;
+ALTER TABLE session_store ADD COLUMN encrypted_redirect TEXT;
diff --git a/database/mock/store.go b/database/mock/store.go
diff --git a/database/query/provider_access_tokens.sql b/database/query/provider_access_tokens.sql
@@ -9,16 +9,17 @@ SELECT * FROM provider_access_tokens WHERE provider = $1 AND project_id = $2 AND
 
 -- name: UpsertAccessToken :one
 INSERT INTO provider_access_tokens
-(project_id, provider, encrypted_token, expiration_time, owner_filter, enrollment_nonce)
+(project_id, provider, encrypted_token, expiration_time, owner_filter, enrollment_nonce, encrypted_access_token)
 VALUES
-    ($1, $2, $3, $4, $5, $6)
+    ($1, $2, $3, $4, $5, $6, $7)
 ON CONFLICT (project_id, provider)
     DO UPDATE SET
                   encrypted_token = $3,
                   expiration_time = $4,
                   owner_filter = $5,
                   enrollment_nonce = $6,
-                  updated_at = NOW()
+                  updated_at = NOW(),
+                  encrypted_access_token = $7
 WHERE provider_access_tokens.project_id = $1 AND provider_access_tokens.provider = $2
 RETURNING *;
 

diff --git a/database/query/session_store.sql b/database/query/session_store.sql
@@ -4,9 +4,6 @@ INSERT INTO session_store (provider, project_id, remote_user, session_state, own
 -- name: GetProjectIDBySessionState :one
 SELECT provider, project_id, remote_user, owner_filter, redirect_url FROM session_store WHERE session_state = $1;
 
--- name: DeleteSessionState :exec
-DELETE FROM session_store WHERE id = $1;
-
 -- name: DeleteSessionStateByProjectID :exec
 DELETE FROM session_store WHERE provider = $1 AND project_id = $2;
 

diff --git a/internal/db/models.go b/internal/db/models.go
diff --git a/internal/db/provider_access_tokens.sql.go b/internal/db/provider_access_tokens.sql.go
diff --git a/internal/db/querier.go b/internal/db/querier.go
diff --git a/internal/db/session_store.sql.go b/internal/db/session_store.sql.go
diff --git a/internal/verifier/verifyif/mock/verifyif.go b/internal/verifier/verifyif/mock/verifyif.go
diff --git a/pkg/api/protobuf/go/minder/v1/minder.pb.go b/pkg/api/protobuf/go/minder/v1/minder.pb.go