diff --git a/src/main/resources/db/migration/V001__create_tenants.sql b/src/main/resources/db/migration/V001__create_tenants.sql deleted file mode 100644 index 80746f9..0000000 --- a/src/main/resources/db/migration/V001__create_tenants.sql +++ /dev/null @@ -1,17 +0,0 @@ -CREATE TABLE tenants ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - name VARCHAR(255) NOT NULL, - slug VARCHAR(100) NOT NULL UNIQUE, - tier VARCHAR(20) NOT NULL DEFAULT 'LOW', - status VARCHAR(20) NOT NULL DEFAULT 'PROVISIONING', - logto_org_id VARCHAR(255), - stripe_customer_id VARCHAR(255), - stripe_subscription_id VARCHAR(255), - settings JSONB NOT NULL DEFAULT '{}', - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() -); - -CREATE INDEX idx_tenants_slug ON tenants (slug); -CREATE INDEX idx_tenants_status ON tenants (status); -CREATE INDEX idx_tenants_logto_org_id ON tenants (logto_org_id); diff --git a/src/main/resources/db/migration/V001__init.sql b/src/main/resources/db/migration/V001__init.sql new file mode 100644 index 0000000..ca542c7 --- /dev/null +++ b/src/main/resources/db/migration/V001__init.sql @@ -0,0 +1,95 @@ +-- Cameleer SaaS schema baseline +-- Consolidated from V001-V015 + +-- Tenants +CREATE TABLE tenants ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + name VARCHAR(255) NOT NULL, + slug VARCHAR(100) NOT NULL, + tier VARCHAR(20) NOT NULL DEFAULT 'LOW', + status VARCHAR(20) NOT NULL DEFAULT 'PROVISIONING', + logto_org_id VARCHAR(255), + stripe_customer_id VARCHAR(255), + stripe_subscription_id VARCHAR(255), + settings JSONB NOT NULL DEFAULT '{}', + server_endpoint VARCHAR(512), + provision_error TEXT, + db_password VARCHAR(255), + ca_applied_at TIMESTAMPTZ, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() +); + +CREATE UNIQUE INDEX tenants_slug_active_key ON tenants (slug) WHERE status != 'DELETED'; +CREATE INDEX idx_tenants_status ON tenants (status); +CREATE INDEX idx_tenants_logto_org_id ON tenants (logto_org_id); + +-- Licenses +CREATE TABLE licenses ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE, + tier VARCHAR(20) NOT NULL, + features JSONB NOT NULL DEFAULT '{}', + limits JSONB NOT NULL DEFAULT '{}', + issued_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + expires_at TIMESTAMPTZ NOT NULL, + revoked_at TIMESTAMPTZ, + token TEXT NOT NULL, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() +); + +CREATE INDEX idx_licenses_tenant_id ON licenses (tenant_id); +CREATE INDEX idx_licenses_expires_at ON licenses (expires_at); + +-- Audit log +CREATE TABLE audit_log ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + actor_id UUID, + actor_email VARCHAR(255), + tenant_id UUID, + action VARCHAR(100) NOT NULL, + resource VARCHAR(500), + environment VARCHAR(50), + source_ip VARCHAR(45), + result VARCHAR(20) NOT NULL DEFAULT 'SUCCESS', + metadata JSONB, + created_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_audit_log_tenant ON audit_log (tenant_id, created_at DESC); +CREATE INDEX idx_audit_log_actor ON audit_log (actor_id, created_at DESC); +CREATE INDEX idx_audit_log_action ON audit_log (action, created_at DESC); + +-- Platform TLS certificates +CREATE TABLE certificates ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + status VARCHAR(10) NOT NULL CHECK (status IN ('ACTIVE', 'STAGED', 'ARCHIVED')), + subject VARCHAR(500), + issuer VARCHAR(500), + not_before TIMESTAMPTZ, + not_after TIMESTAMPTZ, + fingerprint VARCHAR(128), + has_ca BOOLEAN NOT NULL DEFAULT FALSE, + self_signed BOOLEAN NOT NULL DEFAULT FALSE, + uploaded_by UUID, + created_at TIMESTAMPTZ NOT NULL DEFAULT now(), + activated_at TIMESTAMPTZ, + archived_at TIMESTAMPTZ +); + +-- Per-tenant CA certificates +CREATE TABLE tenant_ca_certs ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE, + status VARCHAR(10) NOT NULL CHECK (status IN ('ACTIVE', 'STAGED')), + label VARCHAR(200), + subject VARCHAR(500), + issuer VARCHAR(500), + fingerprint VARCHAR(128), + not_before TIMESTAMPTZ, + not_after TIMESTAMPTZ, + cert_pem TEXT NOT NULL, + created_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_tenant_ca_certs_tenant ON tenant_ca_certs(tenant_id); diff --git a/src/main/resources/db/migration/V002__create_licenses.sql b/src/main/resources/db/migration/V002__create_licenses.sql deleted file mode 100644 index c7984f7..0000000 --- a/src/main/resources/db/migration/V002__create_licenses.sql +++ /dev/null @@ -1,15 +0,0 @@ -CREATE TABLE licenses ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE, - tier VARCHAR(20) NOT NULL, - features JSONB NOT NULL DEFAULT '{}', - limits JSONB NOT NULL DEFAULT '{}', - issued_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - expires_at TIMESTAMPTZ NOT NULL, - revoked_at TIMESTAMPTZ, - token TEXT NOT NULL, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() -); - -CREATE INDEX idx_licenses_tenant_id ON licenses (tenant_id); -CREATE INDEX idx_licenses_expires_at ON licenses (expires_at); diff --git a/src/main/resources/db/migration/V003__create_environments.sql b/src/main/resources/db/migration/V003__create_environments.sql deleted file mode 100644 index 99c1423..0000000 --- a/src/main/resources/db/migration/V003__create_environments.sql +++ /dev/null @@ -1,12 +0,0 @@ -CREATE TABLE environments ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE, - slug VARCHAR(100) NOT NULL, - display_name VARCHAR(255) NOT NULL, - status VARCHAR(20) NOT NULL DEFAULT 'ACTIVE', - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - UNIQUE(tenant_id, slug) -); - -CREATE INDEX idx_environments_tenant_id ON environments(tenant_id); diff --git a/src/main/resources/db/migration/V004__create_api_keys.sql b/src/main/resources/db/migration/V004__create_api_keys.sql deleted file mode 100644 index c3a748a..0000000 --- a/src/main/resources/db/migration/V004__create_api_keys.sql +++ /dev/null @@ -1,12 +0,0 @@ -CREATE TABLE api_keys ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - environment_id UUID NOT NULL REFERENCES environments(id) ON DELETE CASCADE, - key_hash VARCHAR(64) NOT NULL, - key_prefix VARCHAR(12) NOT NULL, - status VARCHAR(20) NOT NULL DEFAULT 'ACTIVE', - created_at TIMESTAMPTZ NOT NULL DEFAULT now(), - revoked_at TIMESTAMPTZ -); - -CREATE INDEX idx_api_keys_env ON api_keys(environment_id); -CREATE INDEX idx_api_keys_hash ON api_keys(key_hash); diff --git a/src/main/resources/db/migration/V005__create_apps.sql b/src/main/resources/db/migration/V005__create_apps.sql deleted file mode 100644 index 1967bec..0000000 --- a/src/main/resources/db/migration/V005__create_apps.sql +++ /dev/null @@ -1,18 +0,0 @@ -CREATE TABLE apps ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - environment_id UUID NOT NULL REFERENCES environments(id) ON DELETE CASCADE, - slug VARCHAR(100) NOT NULL, - display_name VARCHAR(255) NOT NULL, - jar_storage_path VARCHAR(500), - jar_checksum VARCHAR(64), - jar_original_filename VARCHAR(255), - jar_size_bytes BIGINT, - exposed_port INTEGER, - current_deployment_id UUID, - previous_deployment_id UUID, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - UNIQUE(environment_id, slug) -); - -CREATE INDEX idx_apps_environment_id ON apps(environment_id); diff --git a/src/main/resources/db/migration/V006__create_deployments.sql b/src/main/resources/db/migration/V006__create_deployments.sql deleted file mode 100644 index bf9898e..0000000 --- a/src/main/resources/db/migration/V006__create_deployments.sql +++ /dev/null @@ -1,16 +0,0 @@ -CREATE TABLE deployments ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - app_id UUID NOT NULL REFERENCES apps(id) ON DELETE CASCADE, - version INTEGER NOT NULL, - image_ref VARCHAR(500) NOT NULL, - desired_status VARCHAR(20) NOT NULL DEFAULT 'RUNNING', - observed_status VARCHAR(20) NOT NULL DEFAULT 'BUILDING', - orchestrator_metadata JSONB DEFAULT '{}', - error_message TEXT, - deployed_at TIMESTAMPTZ, - stopped_at TIMESTAMPTZ, - created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), - UNIQUE(app_id, version) -); - -CREATE INDEX idx_deployments_app_id ON deployments(app_id); diff --git a/src/main/resources/db/migration/V007__create_audit_log.sql b/src/main/resources/db/migration/V007__create_audit_log.sql deleted file mode 100644 index df7d155..0000000 --- a/src/main/resources/db/migration/V007__create_audit_log.sql +++ /dev/null @@ -1,17 +0,0 @@ -CREATE TABLE audit_log ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - actor_id UUID, - actor_email VARCHAR(255), - tenant_id UUID, - action VARCHAR(100) NOT NULL, - resource VARCHAR(500), - environment VARCHAR(50), - source_ip VARCHAR(45), - result VARCHAR(20) NOT NULL DEFAULT 'SUCCESS', - metadata JSONB, - created_at TIMESTAMPTZ NOT NULL DEFAULT now() -); - -CREATE INDEX idx_audit_log_tenant ON audit_log (tenant_id, created_at DESC); -CREATE INDEX idx_audit_log_actor ON audit_log (actor_id, created_at DESC); -CREATE INDEX idx_audit_log_action ON audit_log (action, created_at DESC); diff --git a/src/main/resources/db/migration/V008__add_app_resource_limits.sql b/src/main/resources/db/migration/V008__add_app_resource_limits.sql deleted file mode 100644 index 3fb16be..0000000 --- a/src/main/resources/db/migration/V008__add_app_resource_limits.sql +++ /dev/null @@ -1,2 +0,0 @@ -ALTER TABLE apps ADD COLUMN memory_limit VARCHAR(20); -ALTER TABLE apps ADD COLUMN cpu_shares INTEGER; diff --git a/src/main/resources/db/migration/V010__drop_migrated_tables.sql b/src/main/resources/db/migration/V010__drop_migrated_tables.sql deleted file mode 100644 index 668a304..0000000 --- a/src/main/resources/db/migration/V010__drop_migrated_tables.sql +++ /dev/null @@ -1,7 +0,0 @@ --- V010__drop_migrated_tables.sql --- Drop tables that have been migrated to cameleer3-server - -DROP TABLE IF EXISTS deployments CASCADE; -DROP TABLE IF EXISTS apps CASCADE; -DROP TABLE IF EXISTS environments CASCADE; -DROP TABLE IF EXISTS api_keys CASCADE; diff --git a/src/main/resources/db/migration/V011__add_provisioning_fields.sql b/src/main/resources/db/migration/V011__add_provisioning_fields.sql deleted file mode 100644 index 9623f1b..0000000 --- a/src/main/resources/db/migration/V011__add_provisioning_fields.sql +++ /dev/null @@ -1,3 +0,0 @@ --- V011__add_provisioning_fields.sql -ALTER TABLE tenants ADD COLUMN server_endpoint VARCHAR(512); -ALTER TABLE tenants ADD COLUMN provision_error TEXT; diff --git a/src/main/resources/db/migration/V012__create_certificates.sql b/src/main/resources/db/migration/V012__create_certificates.sql deleted file mode 100644 index d6124af..0000000 --- a/src/main/resources/db/migration/V012__create_certificates.sql +++ /dev/null @@ -1,19 +0,0 @@ --- Certificate management: track platform TLS certs and CA bundles -CREATE TABLE certificates ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - status VARCHAR(10) NOT NULL CHECK (status IN ('ACTIVE', 'STAGED', 'ARCHIVED')), - subject VARCHAR(500), - issuer VARCHAR(500), - not_before TIMESTAMPTZ, - not_after TIMESTAMPTZ, - fingerprint VARCHAR(128), - has_ca BOOLEAN NOT NULL DEFAULT FALSE, - self_signed BOOLEAN NOT NULL DEFAULT FALSE, - uploaded_by UUID, - created_at TIMESTAMPTZ NOT NULL DEFAULT now(), - activated_at TIMESTAMPTZ, - archived_at TIMESTAMPTZ -); - --- Track when each tenant last picked up the CA bundle -ALTER TABLE tenants ADD COLUMN ca_applied_at TIMESTAMPTZ; diff --git a/src/main/resources/db/migration/V013__create_tenant_ca_certs.sql b/src/main/resources/db/migration/V013__create_tenant_ca_certs.sql deleted file mode 100644 index 4127361..0000000 --- a/src/main/resources/db/migration/V013__create_tenant_ca_certs.sql +++ /dev/null @@ -1,16 +0,0 @@ --- Per-tenant CA certificates for enterprise SSO trust -CREATE TABLE tenant_ca_certs ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE, - status VARCHAR(10) NOT NULL CHECK (status IN ('ACTIVE', 'STAGED')), - label VARCHAR(200), - subject VARCHAR(500), - issuer VARCHAR(500), - fingerprint VARCHAR(128), - not_before TIMESTAMPTZ, - not_after TIMESTAMPTZ, - cert_pem TEXT NOT NULL, - created_at TIMESTAMPTZ NOT NULL DEFAULT now() -); - -CREATE INDEX idx_tenant_ca_certs_tenant ON tenant_ca_certs(tenant_id); diff --git a/src/main/resources/db/migration/V014__tenant_slug_partial_unique.sql b/src/main/resources/db/migration/V014__tenant_slug_partial_unique.sql deleted file mode 100644 index b072d87..0000000 --- a/src/main/resources/db/migration/V014__tenant_slug_partial_unique.sql +++ /dev/null @@ -1,5 +0,0 @@ --- Replace absolute unique constraint on slug with partial unique index --- that excludes DELETED tenants, allowing slug reuse after soft-delete. -ALTER TABLE tenants DROP CONSTRAINT tenants_slug_key; -DROP INDEX IF EXISTS idx_tenants_slug; -CREATE UNIQUE INDEX tenants_slug_active_key ON tenants (slug) WHERE status != 'DELETED'; diff --git a/src/main/resources/db/migration/V015__add_tenant_db_password.sql b/src/main/resources/db/migration/V015__add_tenant_db_password.sql deleted file mode 100644 index c8d5fe0..0000000 --- a/src/main/resources/db/migration/V015__add_tenant_db_password.sql +++ /dev/null @@ -1 +0,0 @@ -ALTER TABLE tenants ADD COLUMN db_password VARCHAR(255);