feat: storage bucket credential states #4933
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
api
core/db
core/gen
core
core/proto
core/types
core/sql
core/daemon
core/server
labels
This comment has been minimized.
This comment has been minimized.
elimt
force-pushed
the
llb-worker-storage-bucket-state
branch
from
9f8a38d to
ece3ab3
Compare
This comment has been minimized.
This comment has been minimized.
…Secret` Update domain code to replace references of `StorageBucketSecret` to `StorageBucketCredentialManagedSecret`
Co-authored-by: Damian Debkowski <[email protected]>
…tate with SBC State
elimt
force-pushed
the
llb-worker-storage-bucket-state
branch
from
ece3ab3 to
7821e93
Compare
|
Database schema diff between To understand how these diffs are generated and some limitations see the Functionsdiff --git a/.schema-diff/funcs_e812a19a841f34a281b66c6e4806e8d11756af4d/delete_storage_bucket_credential_subtype.sql b/.schema-diff/funcs_e812a19a841f34a281b66c6e4806e8d11756af4d/delete_storage_bucket_credential_subtype.sql
new file mode 100644
index 000000000..34afae5fb
--- /dev/null
+++ b/.schema-diff/funcs_e812a19a841f34a281b66c6e4806e8d11756af4d/delete_storage_bucket_credential_subtype.sql
@@ -0,0 +1,37 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: delete_storage_bucket_credential_subtype(); type: function; schema: public; owner: -
+--
+
+create function public.delete_storage_bucket_credential_subtype() returns trigger
+ language plpgsql
+ as $$
+ begin
+ delete from storage_bucket_credential
+ where private_id = old.private_id;
+ return null; -- result is ignored since this is an after trigger
+ end;
+ $$;
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/funcs_e812a19a841f34a281b66c6e4806e8d11756af4d/insert_storage_bucket_credential_subtype.sql b/.schema-diff/funcs_e812a19a841f34a281b66c6e4806e8d11756af4d/insert_storage_bucket_credential_subtype.sql
new file mode 100644
index 000000000..a5c372f4d
--- /dev/null
+++ b/.schema-diff/funcs_e812a19a841f34a281b66c6e4806e8d11756af4d/insert_storage_bucket_credential_subtype.sql
@@ -0,0 +1,39 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: insert_storage_bucket_credential_subtype(); type: function; schema: public; owner: -
+--
+
+create function public.insert_storage_bucket_credential_subtype() returns trigger
+ language plpgsql
+ as $$
+ begin
+ insert into storage_bucket_credential
+ (private_id, storage_bucket_id)
+ values
+ (new.private_id, new.storage_bucket_id);
+ return new;
+ end;
+ $$;
+
+
+--
+-- postgresql database dump complete
+--
+Tablesdiff --git a/.schema-diff/tables_488c4ea44e7844d8856ce125ded7fddbea6cbb15/public storage_plugin_storage_bucket_secret.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public storage_bucket_credential.sql
similarity index 100%
rename from .schema-diff/tables_488c4ea44e7844d8856ce125ded7fddbea6cbb15/public storage_plugin_storage_bucket_secret.sql
rename to .schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public storage_bucket_credential.sql
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public storage_bucket_credential_environmental.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public storage_bucket_credential_environmental.sql
new file mode 100644
index 000000000..267d87acc
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public storage_bucket_credential_environmental.sql
@@ -0,0 +1,22 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public storage_bucket_credential_managed_secret.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public storage_bucket_credential_managed_secret.sql
new file mode 100644
index 000000000..267d87acc
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public storage_bucket_credential_managed_secret.sql
@@ -0,0 +1,22 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_permission_type_enm.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_permission_type_enm.sql
new file mode 100644
index 000000000..267d87acc
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_permission_type_enm.sql
@@ -0,0 +1,22 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_state.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_state.sql
new file mode 100644
index 000000000..267d87acc
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_state.sql
@@ -0,0 +1,22 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_state_enm.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_state_enm.sql
new file mode 100644
index 000000000..267d87acc
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/public worker_storage_bucket_credential_state_enm.sql
@@ -0,0 +1,22 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential.sql
new file mode 100644
index 000000000..028bbd627
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential.sql
@@ -0,0 +1,43 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+set default_tablespace = '';
+
+set default_table_access_method = heap;
+
+--
+-- name: storage_bucket_credential; type: table; schema: public; owner: -
+--
+
+create table public.storage_bucket_credential (
+ private_id public.wt_private_id not null,
+ storage_bucket_id public.wt_public_id not null
+);
+
+
+--
+-- name: table storage_bucket_credential; type: comment; schema: public; owner: -
+--
+
+comment on table public.storage_bucket_credential is 'storage bucket credential contains entries that represent an abstract storage bucket credential.';
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental.sql
new file mode 100644
index 000000000..3cc6165b4
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental.sql
@@ -0,0 +1,43 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+set default_tablespace = '';
+
+set default_table_access_method = heap;
+
+--
+-- name: storage_bucket_credential_environmental; type: table; schema: public; owner: -
+--
+
+create table public.storage_bucket_credential_environmental (
+ private_id public.wt_private_id default public.wt_url_safe_id() not null,
+ storage_bucket_id public.wt_public_id not null
+);
+
+
+--
+-- name: table storage_bucket_credential_environmental; type: comment; schema: public; owner: -
+--
+
+comment on table public.storage_bucket_credential_environmental is 'storage bucket credential environmental contains entries that represent an storage bucket credential subtype.';
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret.sql
similarity index 58%
rename from .schema-diff/tables_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret.sql
rename to .schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret.sql
index 8f13392a1..bf43aa2fe 100644
--- a/.schema-diff/tables_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret.sql
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret.sql
@@ -21,17 +21,25 @@ set default_tablespace = '';
set default_table_access_method = heap;
--
--- name: storage_plugin_storage_bucket_secret; type: table; schema: public; owner: -
+-- name: storage_bucket_credential_managed_secret; type: table; schema: public; owner: -
--
-create table public.storage_plugin_storage_bucket_secret (
+create table public.storage_bucket_credential_managed_secret (
+ private_id public.wt_private_id default public.wt_url_safe_id() not null,
storage_bucket_id public.wt_public_id not null,
secrets_encrypted bytea not null,
- key_id text not null,
+ key_id public.wt_public_id not null,
constraint secrets_must_not_be_empty check ((length(secrets_encrypted) > 0))
);
+--
+-- name: table storage_bucket_credential_managed_secret; type: comment; schema: public; owner: -
+--
+
+comment on table public.storage_bucket_credential_managed_secret is 'storage bucket credential managed secret contains entries that represent an storage bucket credential subtype.';
+
+
--
-- postgresql database dump complete
--
diff --git a/.schema-diff/tables_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_plugin_storage_bucket.sql
index 905bfae4a..07c96be89 100644
--- a/.schema-diff/tables_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket.sql
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_plugin_storage_bucket.sql
@@ -38,6 +38,7 @@ create table public.storage_plugin_storage_bucket (
worker_filter public.wt_bexprfilter not null,
attributes bytea,
secrets_hmac bytea,
+ storage_bucket_credential_id public.wt_private_id,
constraint bucket_name_must_not_be_empty check ((length(btrim(bucket_name)) > 0))
);
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm.sql
new file mode 100644
index 000000000..372adaeb0
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm.sql
@@ -0,0 +1,43 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+set default_tablespace = '';
+
+set default_table_access_method = heap;
+
+--
+-- name: worker_storage_bucket_credential_permission_type_enm; type: table; schema: public; owner: -
+--
+
+create table public.worker_storage_bucket_credential_permission_type_enm (
+ type text not null,
+ constraint only_predefined_permission_types_allowed check ((type = any (array['read'::text, 'write'::text, 'delete'::text])))
+);
+
+
+--
+-- name: table worker_storage_bucket_credential_permission_type_enm; type: comment; schema: public; owner: -
+--
+
+comment on table public.worker_storage_bucket_credential_permission_type_enm is 'worker_storage_bucket_credential_permission_type_enm is an enumeration table for storage bucket credential permission types.';
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state.sql
new file mode 100644
index 000000000..373262cfe
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state.sql
@@ -0,0 +1,47 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+set default_tablespace = '';
+
+set default_table_access_method = heap;
+
+--
+-- name: worker_storage_bucket_credential_state; type: table; schema: public; owner: -
+--
+
+create table public.worker_storage_bucket_credential_state (
+ worker_id public.wt_public_id not null,
+ storage_bucket_credential_id public.wt_private_id not null,
+ permission_type text not null,
+ state text not null,
+ error_details text,
+ checked_at public.wt_timestamp
+);
+
+
+--
+-- name: table worker_storage_bucket_credential_state; type: comment; schema: public; owner: -
+--
+
+comment on table public.worker_storage_bucket_credential_state is 'worker storage bucket credential state contains entries that represent an association between a worker and storage bucket credential.';
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm.sql b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm.sql
new file mode 100644
index 000000000..d9c554006
--- /dev/null
+++ b/.schema-diff/tables_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm.sql
@@ -0,0 +1,43 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+set default_tablespace = '';
+
+set default_table_access_method = heap;
+
+--
+-- name: worker_storage_bucket_credential_state_enm; type: table; schema: public; owner: -
+--
+
+create table public.worker_storage_bucket_credential_state_enm (
+ state text not null,
+ constraint only_predefined_state_types_allowed check ((state = any (array['ok'::text, 'error'::text, 'unknown'::text])))
+);
+
+
+--
+-- name: table worker_storage_bucket_credential_state_enm; type: comment; schema: public; owner: -
+--
+
+comment on table public.worker_storage_bucket_credential_state_enm is 'worker_storage_bucket_credential_state_enm is an enumeration table for storage bucket credential state types.';
+
+
+--
+-- postgresql database dump complete
+--
+Viewsdiff --git a/.schema-diff/views_488c4ea44e7844d8856ce125ded7fddbea6cbb15/find_session_recordings_for_delete.sql b/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/find_session_recordings_for_delete.sql
index 0c900f6b5..fbadbb2a3 100644
--- a/.schema-diff/views_488c4ea44e7844d8856ce125ded7fddbea6cbb15/find_session_recordings_for_delete.sql
+++ b/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/find_session_recordings_for_delete.sql
@@ -35,14 +35,15 @@ create view public.find_session_recordings_for_delete as
sb.worker_filter,
sb.attributes,
sb.secrets_hmac,
- sbs.secrets_encrypted,
- sbs.key_id,
+ sb.storage_bucket_credential_id,
+ sbcms.secrets_encrypted,
+ sbcms.key_id,
plg.scope_id as plugin_scope_id,
plg.name as plugin_name,
plg.description as plugin_description
from (((public.recording_session rs
left join public.storage_plugin_storage_bucket sb on (((sb.public_id)::text = (rs.storage_bucket_id)::text)))
- left join public.storage_plugin_storage_bucket_secret sbs on (((sbs.storage_bucket_id)::text = (sb.public_id)::text)))
+ left join public.storage_bucket_credential_managed_secret sbcms on (((sbcms.storage_bucket_id)::text = (sb.public_id)::text)))
left join public.plugin plg on (((plg.public_id)::text = (sb.plugin_id)::text)))
where (((rs.delete_after)::timestamp with time zone < now()) or ((rs.delete_time)::timestamp with time zone < now()))
order by rs.delete_time desc, rs.delete_after desc;
diff --git a/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_all_subtypes.sql b/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_all_subtypes.sql
new file mode 100644
index 000000000..b87f267c3
--- /dev/null
+++ b/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_all_subtypes.sql
@@ -0,0 +1,49 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: storage_bucket_credential_all_subtypes; type: view; schema: public; owner: -
+--
+
+create view public.storage_bucket_credential_all_subtypes as
+ select storage_bucket_credential_managed_secret.private_id,
+ storage_bucket_credential_managed_secret.storage_bucket_id,
+ storage_bucket_credential_managed_secret.key_id,
+ storage_bucket_credential_managed_secret.secrets_encrypted,
+ 'managed_secret'::text as type
+ from public.storage_bucket_credential_managed_secret
+union
+ select storage_bucket_credential_environmental.private_id,
+ storage_bucket_credential_environmental.storage_bucket_id,
+ ''::text as key_id,
+ '\x'::bytea as secrets_encrypted,
+ 'environmental'::text as type
+ from public.storage_bucket_credential_environmental;
+
+
+--
+-- name: view storage_bucket_credential_all_subtypes; type: comment; schema: public; owner: -
+--
+
+comment on view public.storage_bucket_credential_all_subtypes is 'storage_bucket_credential_all_subtypes is a view that contains all storage bucket credential subtypes. there are two subtypes: environmental & managed secret. columns that are not applicable to the given subtype will have an empty value by default, not null.';
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/views_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_with_secret.sql b/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_plugin_storage_bucket_with_secret.sql
index bd055e030..93d66f06a 100644
--- a/.schema-diff/views_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_with_secret.sql
+++ b/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_plugin_storage_bucket_with_secret.sql
@@ -34,10 +34,11 @@ create view public.storage_plugin_storage_bucket_with_secret as
spsb.worker_filter,
spsb.attributes,
spsb.secrets_hmac,
- spsbs.secrets_encrypted,
- spsbs.key_id
+ sbcms.secrets_encrypted,
+ sbcms.key_id,
+ spsb.storage_bucket_credential_id
from (public.storage_plugin_storage_bucket spsb
- left join public.storage_plugin_storage_bucket_secret spsbs on (((spsbs.storage_bucket_id)::text = (spsb.public_id)::text)));
+ left join public.storage_bucket_credential_managed_secret sbcms on (((sbcms.storage_bucket_id)::text = (spsb.public_id)::text)));
--
diff --git a/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/update_worker_storage_bucket_credential.sql b/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/update_worker_storage_bucket_credential.sql
new file mode 100644
index 000000000..af5f5592a
--- /dev/null
+++ b/.schema-diff/views_e812a19a841f34a281b66c6e4806e8d11756af4d/update_worker_storage_bucket_credential.sql
@@ -0,0 +1,53 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: update_worker_storage_bucket_credential; type: view; schema: public; owner: -
+--
+
+create view public.update_worker_storage_bucket_credential as
+ select distinct sb.scope_id as storage_bucket_scope_id,
+ sb.name as storage_bucket_name,
+ sb.description as storage_bucket_description,
+ sb.bucket_name as storage_bucket_bucket_name,
+ sb.bucket_prefix as storage_bucket_bucket_prefix,
+ sb.worker_filter as storage_bucket_worker_filter,
+ sb.attributes as storage_bucket_attributes,
+ sb.plugin_id,
+ pl.name as plugin_name,
+ pl.description as plugin_description,
+ sbc.storage_bucket_id,
+ sbcms.secrets_encrypted as ct_secrets,
+ sbcms.key_id
+ from (((public.storage_bucket_credential sbc
+ join public.storage_plugin_storage_bucket sb on (((sbc.storage_bucket_id)::text = (sb.public_id)::text)))
+ join public.plugin pl on (((sb.plugin_id)::text = (pl.public_id)::text)))
+ left join public.storage_bucket_credential_managed_secret sbcms on (((sbc.private_id)::text = (sbcms.private_id)::text)));
+
+
+--
+-- name: view update_worker_storage_bucket_credential; type: comment; schema: public; owner: -
+--
+
+comment on view public.update_worker_storage_bucket_credential is 'update_worker_storage_bucket_credential is used find workers using storage bucket credentials that need to be updated to the latest version.';
+
+
+--
+-- postgresql database dump complete
+--
+Triggersdiff --git a/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential immutable_columns.sql b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential immutable_columns.sql
new file mode 100644
index 000000000..b25737ae8
--- /dev/null
+++ b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential immutable_columns.sql
@@ -0,0 +1,29 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: storage_bucket_credential immutable_columns; type: trigger; schema: public; owner: -
+--
+
+create trigger immutable_columns before update on public.storage_bucket_credential for each row execute function public.immutable_columns('private_id', 'storage_bucket_id');
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental delete_storage_bucket_credential_subtype.sql b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental delete_storage_bucket_credential_subtype.sql
new file mode 100644
index 000000000..de91a7720
--- /dev/null
+++ b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental delete_storage_bucket_credential_subtype.sql
@@ -0,0 +1,29 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: storage_bucket_credential_environmental delete_storage_bucket_credential_subtype; type: trigger; schema: public; owner: -
+--
+
+create trigger delete_storage_bucket_credential_subtype after delete on public.storage_bucket_credential_environmental for each row execute function public.delete_storage_bucket_credential_subtype();
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental immutable_columns.sql b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental immutable_columns.sql
new file mode 100644
index 000000000..61ed733e6
--- /dev/null
+++ b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental immutable_columns.sql
@@ -0,0 +1,29 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: storage_bucket_credential_environmental immutable_columns; type: trigger; schema: public; owner: -
+--
+
+create trigger immutable_columns before update on public.storage_bucket_credential_environmental for each row execute function public.immutable_columns('private_id', 'storage_bucket_id');
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental insert_storage_bucket_credential_subtype.sql b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental insert_storage_bucket_credential_subtype.sql
new file mode 100644
index 000000000..43bb96b7a
--- /dev/null
+++ b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental insert_storage_bucket_credential_subtype.sql
@@ -0,0 +1,29 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: storage_bucket_credential_environmental insert_storage_bucket_credential_subtype; type: trigger; schema: public; owner: -
+--
+
+create trigger insert_storage_bucket_credential_subtype before insert on public.storage_bucket_credential_environmental for each row execute function public.insert_storage_bucket_credential_subtype();
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret delete_storage_bucket_credential_subtype.sql b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret delete_storage_bucket_credential_subtype.sql
new file mode 100644
index 000000000..633d9f4c3
--- /dev/null
+++ b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret delete_storage_bucket_credential_subtype.sql
@@ -0,0 +1,29 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: storage_bucket_credential_managed_secret delete_storage_bucket_credential_subtype; type: trigger; schema: public; owner: -
+--
+
+create trigger delete_storage_bucket_credential_subtype after delete on public.storage_bucket_credential_managed_secret for each row execute function public.delete_storage_bucket_credential_subtype();
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret immutable_columns.sql b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret immutable_columns.sql
new file mode 100644
index 000000000..517330c11
--- /dev/null
+++ b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret immutable_columns.sql
@@ -0,0 +1,29 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: storage_bucket_credential_managed_secret immutable_columns; type: trigger; schema: public; owner: -
+--
+
+create trigger immutable_columns before update on public.storage_bucket_credential_managed_secret for each row execute function public.immutable_columns('private_id', 'storage_bucket_id');
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret insert_storage_bucket_credential_subtype.sql b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret insert_storage_bucket_credential_subtype.sql
new file mode 100644
index 000000000..c82bf4809
--- /dev/null
+++ b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret insert_storage_bucket_credential_subtype.sql
@@ -0,0 +1,29 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: storage_bucket_credential_managed_secret insert_storage_bucket_credential_subtype; type: trigger; schema: public; owner: -
+--
+
+create trigger insert_storage_bucket_credential_subtype before insert on public.storage_bucket_credential_managed_secret for each row execute function public.insert_storage_bucket_credential_subtype();
+
+
+--
+-- postgresql database dump complete
+--
+
diff --git a/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state immutable_columns.sql b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state immutable_columns.sql
new file mode 100644
index 000000000..8e99d8487
--- /dev/null
+++ b/.schema-diff/triggers_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state immutable_columns.sql
@@ -0,0 +1,29 @@
+--
+-- postgresql database dump
+--
+
+-- dumped from database version 13.15
+-- dumped by pg_dump version 14.12 (ubuntu 14.12-1.pgdg22.04+1)
+
+set statement_timeout = 0;
+set lock_timeout = 0;
+set idle_in_transaction_session_timeout = 0;
+set client_encoding = 'utf8';
+set standard_conforming_strings = on;
+select pg_catalog.set_config('search_path', '', false);
+set check_function_bodies = false;
+set xmloption = content;
+set client_min_messages = warning;
+set row_security = off;
+
+--
+-- name: worker_storage_bucket_credential_state immutable_columns; type: trigger; schema: public; owner: -
+--
+
+create trigger immutable_columns before update on public.worker_storage_bucket_credential_state for each row execute function public.immutable_columns('worker_id', 'storage_bucket_credential_id');
+
+
+--
+-- postgresql database dump complete
+--
+IndexesUnchanged Constraintsdiff --git a/.schema-diff/constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/credential_pkey.sql b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/credential_pkey.sql
index e2032b487..c420e79b5 100644
--- a/.schema-diff/constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/credential_pkey.sql
+++ b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/credential_pkey.sql
@@ -16,5 +16,7 @@
add constraint recording_dynamic_credential_pkey primary key (recording_id, credential_vault_store_hst_id, credential_library_hst_id, credential_purpose);
-- name: recording_static_credential recording_static_credential_pkey; type: constraint; schema: public; owner: -
add constraint recording_static_credential_pkey primary key (recording_id, credential_static_store_hst_id, credential_static_hst_id, credential_purpose);
+-- name: storage_bucket_credential storage_bucket_credential_pkey; type: constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_pkey primary key (private_id);
-- name: target_static_credential target_static_credential_pkey; type: constraint; schema: public; owner: -
add constraint target_static_credential_pkey primary key (project_id, target_id, credential_static_id, credential_purpose);
diff --git a/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental_pkey.sql b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental_pkey.sql
new file mode 100644
index 000000000..7a55a0b62
--- /dev/null
+++ b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_environmental_pkey.sql
@@ -0,0 +1,2 @@
+-- name: storage_bucket_credential_environmental storage_bucket_credential_environmental_pkey; type: constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_environmental_pkey primary key (private_id);
diff --git a/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret_pkey.sql b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret_pkey.sql
new file mode 100644
index 000000000..57b78163f
--- /dev/null
+++ b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_managed_secret_pkey.sql
@@ -0,0 +1,2 @@
+-- name: storage_bucket_credential_managed_secret storage_bucket_credential_managed_secret_pkey; type: constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_managed_secret_pkey primary key (private_id);
diff --git a/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_pkey.sql b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_pkey.sql
new file mode 100644
index 000000000..b7ad1888b
--- /dev/null
+++ b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_pkey.sql
@@ -0,0 +1,2 @@
+-- name: storage_bucket_credential storage_bucket_credential_pkey; type: constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_pkey primary key (private_id);
diff --git a/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_storage_bucket_id_uq.sql b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_storage_bucket_id_uq.sql
new file mode 100644
index 000000000..11941c752
--- /dev/null
+++ b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_storage_bucket_id_uq.sql
@@ -0,0 +1,2 @@
+-- name: storage_bucket_credential storage_bucket_credential_storage_bucket_id_uq; type: constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_storage_bucket_id_uq unique (storage_bucket_id);
diff --git a/.schema-diff/constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret_pkey.sql b/.schema-diff/constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret_pkey.sql
deleted file mode 100644
index 7f8de7595..000000000
--- a/.schema-diff/constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret_pkey.sql
+++ /dev/null
@@ -1,2 +0,0 @@
--- name: storage_plugin_storage_bucket_secret storage_plugin_storage_bucket_secret_pkey; type: constraint; schema: public; owner: -
- add constraint storage_plugin_storage_bucket_secret_pkey primary key (storage_bucket_id);
diff --git a/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm_pkey.sql b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm_pkey.sql
new file mode 100644
index 000000000..1e2b6f7ce
--- /dev/null
+++ b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm_pkey.sql
@@ -0,0 +1,2 @@
+-- name: worker_storage_bucket_credential_permission_type_enm worker_storage_bucket_credential_permission_type_enm_pkey; type: constraint; schema: public; owner: -
+ add constraint worker_storage_bucket_credential_permission_type_enm_pkey primary key (type);
diff --git a/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm_pkey.sql b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm_pkey.sql
new file mode 100644
index 000000000..780fa8d45
--- /dev/null
+++ b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm_pkey.sql
@@ -0,0 +1,2 @@
+-- name: worker_storage_bucket_credential_state_enm worker_storage_bucket_credential_state_enm_pkey; type: constraint; schema: public; owner: -
+ add constraint worker_storage_bucket_credential_state_enm_pkey primary key (state);
diff --git a/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_pkey.sql b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_pkey.sql
new file mode 100644
index 000000000..a1fdef0a8
--- /dev/null
+++ b/.schema-diff/constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_pkey.sql
@@ -0,0 +1,2 @@
+-- name: worker_storage_bucket_credential_state worker_storage_bucket_credential_state_pkey; type: constraint; schema: public; owner: -
+ add constraint worker_storage_bucket_credential_state_pkey primary key (worker_id, storage_bucket_credential_id, permission_type);Foreign Key Constraintsdiff --git a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/credential_fkey.sql b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/credential_fkey.sql
index 6a2fcedd4..d2fa8b3ac 100644
--- a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/credential_fkey.sql
+++ b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/credential_fkey.sql
@@ -2,3 +2,7 @@
add constraint credential_fkey foreign key (public_id) references public.credential(public_id) on update cascade on delete cascade;
-- name: credential_dynamic credential_fkey; type: fk constraint; schema: public; owner: -
add constraint credential_fkey foreign key (public_id) references public.credential(public_id) on update cascade on delete cascade;
+-- name: storage_bucket_credential_managed_secret storage_bucket_credential_fkey; type: fk constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_fkey foreign key (private_id) references public.storage_bucket_credential(private_id) on update cascade on delete cascade;
+-- name: storage_bucket_credential_environmental storage_bucket_credential_fkey; type: fk constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_fkey foreign key (private_id) references public.storage_bucket_credential(private_id) on update cascade on delete cascade;
diff --git a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/kms_data_key_version_fkey.sql b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/kms_data_key_version_fkey.sql
index f7bc8abba..808a1d9e0 100644
--- a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/kms_data_key_version_fkey.sql
+++ b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/kms_data_key_version_fkey.sql
@@ -30,5 +30,5 @@
add constraint kms_data_key_version_fkey foreign key (key_id) references public.kms_data_key_version(private_id) on update cascade on delete restrict;
-- name: auth_ldap_bind_credential kms_data_key_version_fkey; type: fk constraint; schema: public; owner: -
add constraint kms_data_key_version_fkey foreign key (key_id) references public.kms_data_key_version(private_id) on update cascade on delete restrict;
--- name: storage_plugin_storage_bucket_secret kms_data_key_version_fkey; type: fk constraint; schema: public; owner: -
- add constraint kms_data_key_version_fkey foreign key (key_id) references public.kms_data_key_version(private_id) on update cascade on delete restrict;
+-- name: storage_bucket_credential_managed_secret kms_data_key_version_fkey; type: fk constraint; schema: public; owner: -
+ add constraint kms_data_key_version_fkey foreign key (key_id) references public.kms_data_key_version(private_id) on update cascade on delete cascade;
diff --git a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/server_worker_fkey.sql b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/server_worker_fkey.sql
index 2c4000e39..7723af6cf 100644
--- a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/server_worker_fkey.sql
+++ b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/server_worker_fkey.sql
@@ -8,3 +8,5 @@
add constraint server_worker_fkey foreign key (worker_id) references public.server_worker(public_id) on update cascade on delete cascade;
-- name: session_worker_protocol server_worker_fkey; type: fk constraint; schema: public; owner: -
add constraint server_worker_fkey foreign key (worker_id) references public.server_worker(public_id) on update cascade on delete cascade;
+-- name: worker_storage_bucket_credential_state server_worker_fkey; type: fk constraint; schema: public; owner: -
+ add constraint server_worker_fkey foreign key (worker_id) references public.server_worker(public_id) on update cascade on delete cascade;
diff --git a/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_fkey.sql b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_fkey.sql
new file mode 100644
index 000000000..96b0d08dd
--- /dev/null
+++ b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_fkey.sql
@@ -0,0 +1,4 @@
+-- name: storage_bucket_credential_managed_secret storage_bucket_credential_fkey; type: fk constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_fkey foreign key (private_id) references public.storage_bucket_credential(private_id) on update cascade on delete cascade;
+-- name: storage_bucket_credential_environmental storage_bucket_credential_fkey; type: fk constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_fkey foreign key (private_id) references public.storage_bucket_credential(private_id) on update cascade on delete cascade;
diff --git a/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_id_fkey.sql b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_id_fkey.sql
new file mode 100644
index 000000000..3dd6d0ba5
--- /dev/null
+++ b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_bucket_credential_id_fkey.sql
@@ -0,0 +1,4 @@
+-- name: storage_plugin_storage_bucket storage_bucket_credential_id_fkey; type: fk constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_id_fkey foreign key (storage_bucket_credential_id) references public.storage_bucket_credential(private_id) on update cascade deferrable initially deferred;
+-- name: worker_storage_bucket_credential_state storage_bucket_credential_id_fkey; type: fk constraint; schema: public; owner: -
+ add constraint storage_bucket_credential_id_fkey foreign key (storage_bucket_credential_id) references public.storage_bucket_credential(private_id) on update cascade on delete cascade;
diff --git a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_fkey.sql b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_plugin_storage_bucket_fkey.sql
index b039ec156..c9a341e50 100644
--- a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_fkey.sql
+++ b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/storage_plugin_storage_bucket_fkey.sql
@@ -2,3 +2,5 @@
add constraint storage_plugin_storage_bucket_fkey foreign key (storage_bucket_id) references public.storage_plugin_storage_bucket(public_id) on update cascade on delete set null;
-- name: recording_session storage_plugin_storage_bucket_fkey; type: fk constraint; schema: public; owner: -
add constraint storage_plugin_storage_bucket_fkey foreign key (storage_bucket_id) references public.storage_plugin_storage_bucket(public_id) on update cascade on delete restrict;
+-- name: storage_bucket_credential storage_plugin_storage_bucket_fkey; type: fk constraint; schema: public; owner: -
+ add constraint storage_plugin_storage_bucket_fkey foreign key (storage_bucket_id) references public.storage_plugin_storage_bucket(public_id) on update cascade on delete cascade deferrable initially deferred;
diff --git a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret_storage_bucket_id_fkey.sql b/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret_storage_bucket_id_fkey.sql
deleted file mode 100644
index ca64f6700..000000000
--- a/.schema-diff/fk_constraints_488c4ea44e7844d8856ce125ded7fddbea6cbb15/storage_plugin_storage_bucket_secret_storage_bucket_id_fkey.sql
+++ /dev/null
@@ -1,2 +0,0 @@
--- name: storage_plugin_storage_bucket_secret storage_plugin_storage_bucket_secret_storage_bucket_id_fkey; type: fk constraint; schema: public; owner: -
- add constraint storage_plugin_storage_bucket_secret_storage_bucket_id_fkey foreign key (storage_bucket_id) references public.storage_plugin_storage_bucket(public_id) on update cascade on delete cascade;
diff --git a/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm_fkey.sql b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm_fkey.sql
new file mode 100644
index 000000000..2e1c4d1fb
--- /dev/null
+++ b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_permission_type_enm_fkey.sql
@@ -0,0 +1,2 @@
+-- name: worker_storage_bucket_credential_state worker_storage_bucket_credential_permission_type_enm_fkey; type: fk constraint; schema: public; owner: -
+ add constraint worker_storage_bucket_credential_permission_type_enm_fkey foreign key (permission_type) references public.worker_storage_bucket_credential_permission_type_enm(type) on update cascade on delete restrict;
diff --git a/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm_fkey.sql b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm_fkey.sql
new file mode 100644
index 000000000..31fd8532d
--- /dev/null
+++ b/.schema-diff/fk_constraints_e812a19a841f34a281b66c6e4806e8d11756af4d/worker_storage_bucket_credential_state_enm_fkey.sql
@@ -0,0 +1,2 @@
+-- name: worker_storage_bucket_credential_state worker_storage_bucket_credential_state_enm_fkey; type: fk constraint; schema: public; owner: -
+ add constraint worker_storage_bucket_credential_state_enm_fkey foreign key (state) references public.worker_storage_bucket_credential_state_enm(state) on update cascade on delete restrict; |
elimt
approved these changes
Jul 17, 2024
louisruch
approved these changes
Jul 17, 2024
|
Manually merged. Not sure why this did not get updated |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
SBC (Storage Bucket Credential)
SBC is a resource that represents credentials for authentication and authorization with an external object store. An SBC belongs to one and only one storage bucket. A storage bucket must always have an SBC. There are two SBC types, managed secret and environmental.
SBC State
SBC State represents the SBC state represents the ability for a worker to perform a specific action using the storage bucket. SBC permission types represent an action that is required for the storage bucket to do as a routine task on an external object store. A permission type must have a permission state. A worker can be configured to use many storage buckets. For each storage bucket that a worker is configured to use, it will have all three SBC permission states (write, read, & delete).
Changes
The CLI & API
The worker
CLI&APIincludes theRemote Storage Statefield in read results. The SBC State for each applicable storage bucket will be shown.Worker Filtering
The controller will use the SBC state to filter out unhealthy protocol aware workers for requests that require interaction with a external storage service.