196 lines
11 KiB
Python
196 lines
11 KiB
Python
"""Superadmin
|
|
|
|
Revision ID: b4cd6c6b3b1c
|
|
Revises: 6a4c4ed4a5c6
|
|
Create Date: 2026-04-08 16:55:52.646980
|
|
|
|
"""
|
|
from alembic import op
|
|
import sqlalchemy as sa
|
|
|
|
|
|
# revision identifiers, used by Alembic.
|
|
revision = 'b4cd6c6b3b1c'
|
|
down_revision = '6a4c4ed4a5c6'
|
|
branch_labels = None
|
|
depends_on = None
|
|
|
|
|
|
def upgrade():
|
|
# --- Create superadmin tables (not captured by auto-generation) ---
|
|
op.create_table(
|
|
'superadmins',
|
|
sa.Column('id', sa.String(length=36), nullable=False),
|
|
sa.Column('email', sa.String(length=255), nullable=False),
|
|
sa.Column('password_hash', sa.String(length=255), nullable=False),
|
|
sa.Column('full_name', sa.String(length=255), nullable=True),
|
|
sa.Column('is_active', sa.Boolean(), nullable=False, server_default=sa.text('true')),
|
|
sa.Column('last_login_at', sa.DateTime(), nullable=True),
|
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
|
sa.PrimaryKeyConstraint('id'),
|
|
sa.UniqueConstraint('email'),
|
|
)
|
|
op.create_index(op.f('ix_superadmins_email'), 'superadmins', ['email'], unique=True)
|
|
|
|
op.create_table(
|
|
'superadmin_sessions',
|
|
sa.Column('id', sa.String(length=36), nullable=False),
|
|
sa.Column('superadmin_id', sa.String(length=36), nullable=False),
|
|
sa.Column('token', sa.String(length=255), nullable=False),
|
|
sa.Column('expires_at', sa.DateTime(), nullable=False),
|
|
sa.Column('last_activity_at', sa.DateTime(), nullable=False),
|
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
|
sa.Column('revoked_at', sa.DateTime(), nullable=True),
|
|
sa.Column('revoked_reason', sa.String(length=255), nullable=True),
|
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
|
sa.ForeignKeyConstraint(['superadmin_id'], ['superadmins.id']),
|
|
sa.PrimaryKeyConstraint('id'),
|
|
sa.UniqueConstraint('token'),
|
|
)
|
|
op.create_index(op.f('ix_superadmin_sessions_superadmin_id'), 'superadmin_sessions', ['superadmin_id'])
|
|
op.create_index(op.f('ix_superadmin_sessions_token'), 'superadmin_sessions', ['token'], unique=True)
|
|
|
|
op.create_table(
|
|
'superadmin_audit_logs',
|
|
sa.Column('id', sa.String(length=36), nullable=False),
|
|
sa.Column('superadmin_id', sa.String(length=36), nullable=False),
|
|
sa.Column('action', sa.String(length=100), nullable=False),
|
|
sa.Column('resource_type', sa.String(length=50), nullable=False),
|
|
sa.Column('resource_id', sa.String(length=36), nullable=True),
|
|
sa.Column('org_id', sa.String(length=36), nullable=True),
|
|
sa.Column('user_id', sa.String(length=36), nullable=True),
|
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
|
sa.Column('request_id', sa.String(length=100), nullable=True),
|
|
sa.Column('extra_data', sa.JSON(), nullable=True),
|
|
sa.Column('success', sa.Boolean(), nullable=False, server_default=sa.text('true')),
|
|
sa.Column('error_message', sa.String(length=500), nullable=True),
|
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
|
sa.ForeignKeyConstraint(['superadmin_id'], ['superadmins.id']),
|
|
sa.PrimaryKeyConstraint('id'),
|
|
)
|
|
op.create_index(op.f('ix_superadmin_audit_logs_superadmin_id'), 'superadmin_audit_logs', ['superadmin_id'])
|
|
op.create_index(op.f('ix_superadmin_audit_logs_action'), 'superadmin_audit_logs', ['action'])
|
|
op.create_index(op.f('ix_superadmin_audit_logs_resource_type'), 'superadmin_audit_logs', ['resource_type'])
|
|
op.create_index(op.f('ix_superadmin_audit_logs_resource_id'), 'superadmin_audit_logs', ['resource_id'])
|
|
op.create_index(op.f('ix_superadmin_audit_logs_org_id'), 'superadmin_audit_logs', ['org_id'])
|
|
op.create_index(op.f('ix_superadmin_audit_logs_user_id'), 'superadmin_audit_logs', ['user_id'])
|
|
|
|
# ### commands auto generated by Alembic - please adjust! ###
|
|
# Add unique constraints on id columns for all existing tables
|
|
op.create_unique_constraint(None, 'activation_sessions', ['id'])
|
|
op.create_unique_constraint(None, 'application_provider_configs', ['id'])
|
|
op.create_unique_constraint(None, 'audit_logs', ['id'])
|
|
op.create_unique_constraint(None, 'authentication_methods', ['id'])
|
|
op.create_unique_constraint(None, 'ca_permissions', ['id'])
|
|
op.create_unique_constraint(None, 'cas', ['id'])
|
|
op.create_unique_constraint(None, 'certificate_audit_logs', ['id'])
|
|
op.create_unique_constraint(None, 'department_cert_policies', ['id'])
|
|
op.create_unique_constraint(None, 'department_memberships', ['id'])
|
|
op.create_unique_constraint(None, 'department_principals', ['id'])
|
|
op.create_unique_constraint(None, 'departments', ['id'])
|
|
op.create_unique_constraint(None, 'device_network_memberships', ['id'])
|
|
op.create_unique_constraint(None, 'devices', ['id'])
|
|
op.create_unique_constraint(None, 'email_verification_tokens', ['id'])
|
|
op.create_unique_constraint(None, 'external_provider_configs', ['id'])
|
|
op.create_unique_constraint(None, 'kill_switch_events', ['id'])
|
|
op.create_unique_constraint(None, 'mfa_policy_compliance', ['id'])
|
|
op.create_unique_constraint(None, 'oauth_states', ['id'])
|
|
op.create_unique_constraint(None, 'oidc_audit_logs', ['id'])
|
|
op.create_unique_constraint(None, 'oidc_authorization_codes', ['id'])
|
|
op.create_unique_constraint(None, 'oidc_clients', ['id'])
|
|
op.create_unique_constraint(None, 'oidc_refresh_tokens', ['id'])
|
|
op.create_unique_constraint(None, 'oidc_sessions', ['id'])
|
|
op.create_unique_constraint(None, 'org_invite_tokens', ['id'])
|
|
op.create_unique_constraint(None, 'organization_api_keys', ['id'])
|
|
op.create_unique_constraint(None, 'organization_members', ['id'])
|
|
op.create_unique_constraint(None, 'organization_provider_overrides', ['id'])
|
|
op.create_unique_constraint(None, 'organization_security_policies', ['id'])
|
|
op.create_unique_constraint(None, 'organizations', ['id'])
|
|
op.create_unique_constraint(None, 'password_reset_tokens', ['id'])
|
|
op.create_unique_constraint(None, 'portal_networks', ['id'])
|
|
op.create_unique_constraint(None, 'principal_memberships', ['id'])
|
|
op.create_unique_constraint(None, 'principals', ['id'])
|
|
op.create_unique_constraint(None, 'sessions', ['id'])
|
|
op.create_unique_constraint(None, 'ssh_certificates', ['id'])
|
|
op.create_unique_constraint(None, 'ssh_keys', ['id'])
|
|
op.create_unique_constraint(None, 'superadmin_audit_logs', ['id'])
|
|
op.create_unique_constraint(None, 'superadmin_sessions', ['id'])
|
|
op.create_unique_constraint(None, 'superadmins', ['id'])
|
|
op.create_unique_constraint(None, 'user_network_approvals', ['id'])
|
|
op.create_unique_constraint(None, 'user_security_policies', ['id'])
|
|
op.create_unique_constraint(None, 'users', ['id'])
|
|
op.create_unique_constraint(None, 'zerotier_memberships', ['id'])
|
|
# ### end Alembic commands ###
|
|
|
|
|
|
def downgrade():
|
|
# ### commands auto generated by Alembic - please adjust! ###
|
|
op.drop_constraint(None, 'zerotier_memberships', type_='unique')
|
|
op.drop_constraint(None, 'users', type_='unique')
|
|
op.drop_constraint(None, 'user_security_policies', type_='unique')
|
|
op.drop_constraint(None, 'user_network_approvals', type_='unique')
|
|
op.drop_constraint(None, 'superadmins', type_='unique')
|
|
op.drop_constraint(None, 'superadmin_sessions', type_='unique')
|
|
op.drop_constraint(None, 'superadmin_audit_logs', type_='unique')
|
|
op.drop_constraint(None, 'ssh_keys', type_='unique')
|
|
op.drop_constraint(None, 'ssh_certificates', type_='unique')
|
|
op.drop_constraint(None, 'sessions', type_='unique')
|
|
op.drop_constraint(None, 'principals', type_='unique')
|
|
op.drop_constraint(None, 'principal_memberships', type_='unique')
|
|
op.drop_constraint(None, 'portal_networks', type_='unique')
|
|
op.drop_constraint(None, 'password_reset_tokens', type_='unique')
|
|
op.drop_constraint(None, 'organizations', type_='unique')
|
|
op.drop_constraint(None, 'organization_security_policies', type_='unique')
|
|
op.drop_constraint(None, 'organization_provider_overrides', type_='unique')
|
|
op.drop_constraint(None, 'organization_members', type_='unique')
|
|
op.drop_constraint(None, 'organization_api_keys', type_='unique')
|
|
op.drop_constraint(None, 'org_invite_tokens', type_='unique')
|
|
op.drop_constraint(None, 'oidc_sessions', type_='unique')
|
|
op.drop_constraint(None, 'oidc_refresh_tokens', type_='unique')
|
|
op.drop_constraint(None, 'oidc_clients', type_='unique')
|
|
op.drop_constraint(None, 'oidc_authorization_codes', type_='unique')
|
|
op.drop_constraint(None, 'oidc_audit_logs', type_='unique')
|
|
op.drop_constraint(None, 'oauth_states', type_='unique')
|
|
op.drop_constraint(None, 'mfa_policy_compliance', type_='unique')
|
|
op.drop_constraint(None, 'kill_switch_events', type_='unique')
|
|
op.drop_constraint(None, 'external_provider_configs', type_='unique')
|
|
op.drop_constraint(None, 'email_verification_tokens', type_='unique')
|
|
op.drop_constraint(None, 'devices', type_='unique')
|
|
op.drop_constraint(None, 'device_network_memberships', type_='unique')
|
|
op.drop_constraint(None, 'departments', type_='unique')
|
|
op.drop_constraint(None, 'department_principals', type_='unique')
|
|
op.drop_constraint(None, 'department_memberships', type_='unique')
|
|
op.drop_constraint(None, 'department_cert_policies', type_='unique')
|
|
op.drop_constraint(None, 'certificate_audit_logs', type_='unique')
|
|
op.drop_constraint(None, 'cas', type_='unique')
|
|
op.drop_constraint(None, 'ca_permissions', type_='unique')
|
|
op.drop_constraint(None, 'authentication_methods', type_='unique')
|
|
op.drop_constraint(None, 'audit_logs', type_='unique')
|
|
op.drop_constraint(None, 'application_provider_configs', type_='unique')
|
|
op.drop_constraint(None, 'activation_sessions', type_='unique')
|
|
# ### end Alembic commands ###
|
|
|
|
# --- Drop superadmin tables (reverse order due to FK dependencies) ---
|
|
op.drop_index(op.f('ix_superadmin_audit_logs_user_id'), table_name='superadmin_audit_logs')
|
|
op.drop_index(op.f('ix_superadmin_audit_logs_org_id'), table_name='superadmin_audit_logs')
|
|
op.drop_index(op.f('ix_superadmin_audit_logs_resource_id'), table_name='superadmin_audit_logs')
|
|
op.drop_index(op.f('ix_superadmin_audit_logs_resource_type'), table_name='superadmin_audit_logs')
|
|
op.drop_index(op.f('ix_superadmin_audit_logs_action'), table_name='superadmin_audit_logs')
|
|
op.drop_index(op.f('ix_superadmin_audit_logs_superadmin_id'), table_name='superadmin_audit_logs')
|
|
op.drop_table('superadmin_audit_logs')
|
|
|
|
op.drop_index(op.f('ix_superadmin_sessions_token'), table_name='superadmin_sessions')
|
|
op.drop_index(op.f('ix_superadmin_sessions_superadmin_id'), table_name='superadmin_sessions')
|
|
op.drop_table('superadmin_sessions')
|
|
|
|
op.drop_index(op.f('ix_superadmins_email'), table_name='superadmins')
|
|
op.drop_table('superadmins')
|