Added OIDC client CORS attributes

migrations/versions/c8d2e4f6a1b3_consolidate_sessions.py

@@ -38,7 +38,7 @@ def upgrade():
             is_compliance_only, created_at, updated_at, deleted_at
         )
         SELECT
-            id, 'superadmin', superadmin_id, token, 'active',
+            id, 'superadmin', superadmin_id, token, 'ACTIVE',
             ip_address, user_agent, NULL,
             expires_at, last_activity_at, revoked_at, revoked_reason,
             FALSE, created_at, updated_at, deleted_at

migrations/versions/e1f2a3b4c5d6_merge_branches.py

@@ -0,0 +1,23 @@
+"""Merge branches: consolidate_sessions + remove_sudo_api_keys.
+
+Revision ID: e1f2a3b4c5d6
+Revises: c8d2e4f6a1b3, d1e2f3g4h5i6
+Create Date: 2026-05-19 12:45:00.000000
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = 'e1f2a3b4c5d6'
+down_revision = ('c8d2e4f6a1b3', 'd1e2f3g4h5i6')
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    pass
+
+
+def downgrade():
+    pass

migrations/versions/merge_approval_membership_tables.py

@@ -7,6 +7,7 @@ Create Date: 2026-05-02 00:00:00.000000
 
 from alembic import op
 import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
 
 
 # revision identifiers, used by Alembic.
@@ -21,6 +22,21 @@ depends_on = None
 # ---------------------------------------------------------------------------
 
 def upgrade():
+    # ------------------------------------------------------------------
+    # Step 0: Ensure enum types exist (they may already exist from old tables)
+    # ------------------------------------------------------------------
+    op.execute("""
+        DO $$
+        BEGIN
+            IF NOT EXISTS (SELECT 1 FROM pg_type WHERE typname = 'approval_grant_type') THEN
+                CREATE TYPE approval_grant_type AS ENUM ('requested', 'assigned');
+            END IF;
+            IF NOT EXISTS (SELECT 1 FROM pg_type WHERE typname = 'approval_state') THEN
+                CREATE TYPE approval_state AS ENUM ('pending', 'approved', 'rejected', 'revoked', 'suspended');
+            END IF;
+        END$$;
+    """)
+
     # ------------------------------------------------------------------
     # Step 1: Create the new network_access_requests table
     # ------------------------------------------------------------------
@@ -34,12 +50,12 @@ def upgrade():
         sa.Column('granted_by_user_id', sa.String(length=36), nullable=True),
         sa.Column(
             'grant_type',
-            sa.Enum('requested', 'assigned', name='approval_grant_type', create_type=False),
+            postgresql.ENUM('requested', 'assigned', name='approval_grant_type', create_type=False),
             nullable=False,
         ),
         sa.Column(
             'status',
-            sa.Enum(
+            postgresql.ENUM(
                 'pending', 'approved', 'rejected', 'revoked', 'suspended',
                 name='approval_state', create_type=False,
             ),
@@ -334,12 +350,12 @@ def downgrade():
         sa.Column('granted_by_user_id', sa.String(length=36), nullable=True),
         sa.Column(
             'grant_type',
-            sa.Enum('requested', 'assigned', name='approval_grant_type', create_type=False),
+            postgresql.ENUM('requested', 'assigned', name='approval_grant_type', create_type=False),
             nullable=False,
         ),
         sa.Column(
             'state',
-            sa.Enum(
+            postgresql.ENUM(
                 'pending', 'approved', 'rejected', 'revoked', 'suspended',
                 name='approval_state', create_type=False,
             ),
@@ -437,7 +453,7 @@ def downgrade():
         sa.Column('user_network_approval_id', sa.String(length=36), nullable=True),
         sa.Column(
             'state',
-            sa.Enum(
+            postgresql.ENUM(
                 'pending_device_registration',
                 'pending_request',
                 'pending_manager_approval',