From 4a5518ac32fda3a7caefb7d3e12138a1c914d51f Mon Sep 17 00:00:00 2001 From: sourcegraph-bot-devx <127119266+sourcegraph-bot-devx@users.noreply.github.com> Date: Thu, 19 Dec 2024 18:06:02 +0000 Subject: [PATCH] Add artifacts for v5.11.0 --- TAG | 2 +- gql/cody_context.graphql | 8 - gql/githubapps.graphql | 227 +--- gql/multitenantgithubapp.graphql | 344 ++++++ gql/prompt_tags.graphql | 150 +++ gql/prompts.graphql | 60 ++ gql/schema.graphql | 67 +- .../down.sql | 52 + .../metadata.yaml | 3 + .../up.sql | 55 + .../down.sql | 32 + .../metadata.yaml | 3 + .../1732716803_tenant_policy_init_plan/up.sql | 36 + .../down.sql | 1 + .../metadata.yaml | 2 + .../up.sql | 2 + .../down.sql | 3 + .../metadata.yaml | 2 + .../1733175896_make_tenantsid_a_serial/up.sql | 10 + .../1733927758_drop_tenant/down.sql | 1 + .../1733927758_drop_tenant/metadata.yaml | 2 + .../1733927758_drop_tenant/up.sql | 1 + .../1734544626_add_tenant_back/down.sql | 1 + .../1734544626_add_tenant_back/metadata.yaml | 2 + .../1734544626_add_tenant_back/up.sql | 34 + migrations/codeinsights/squashed.sql | 102 +- .../down.sql | 24 + .../metadata.yaml | 3 + .../1732716553_tenant_policy_init_plan/up.sql | 28 + .../down.sql | 1 + .../metadata.yaml | 2 + .../up.sql | 2 + .../down.sql | 3 + .../metadata.yaml | 2 + .../1733175891_make_tenantsid_a_serial/up.sql | 10 + .../codeintel/1733926716_drop_tenant/down.sql | 1 + .../1733926716_drop_tenant/metadata.yaml | 2 + .../codeintel/1733926716_drop_tenant/up.sql | 1 + .../1734544580_add_tenant_back/down.sql | 1 + .../1734544580_add_tenant_back/metadata.yaml | 2 + .../1734544580_add_tenant_back/up.sql | 34 + migrations/codeintel/squashed.sql | 64 +- .../down.sql | 5 + .../down.sql | 382 +++++++ .../metadata.yaml | 3 + .../up.sql | 410 ++++++++ .../1732032110_contributor_data/down.sql | 3 + .../1732032110_contributor_data/metadata.yaml | 2 + .../1732032110_contributor_data/up.sql | 51 + .../down.sql | 203 ++++ .../metadata.yaml | 3 + .../1732702405_tenant_policy_init_plan/up.sql | 208 ++++ .../down.sql | 1 + .../metadata.yaml | 2 + .../up.sql | 2 + .../down.sql | 2 + .../metadata.yaml | 2 + .../up.sql | 2 + .../1732865837_repo_name_lower/down.sql | 1 + .../1732865837_repo_name_lower/metadata.yaml | 2 + .../1732865837_repo_name_lower/up.sql | 30 + .../down.sql | 1 + .../metadata.yaml | 3 + .../1732884201_repo_name_lower_unique/up.sql | 1 + .../1732884352_repo_name_lower_trgm/down.sql | 1 + .../metadata.yaml | 3 + .../1732884352_repo_name_lower_trgm/up.sql | 1 + .../down.sql | 5 + .../metadata.yaml | 2 + .../up.sql | 10 + .../down.sql | 3 + .../metadata.yaml | 2 + .../1733175598_make_tenantsid_a_serial/up.sql | 10 + .../down.sql | 2 + .../metadata.yaml | 2 + .../up.sql | 16 + .../down.sql | 17 + .../metadata.yaml | 2 + .../up.sql | 18 + .../down.sql | 55 + .../metadata.yaml | 2 + .../up.sql | 61 ++ .../down.sql | 6 + .../metadata.yaml | 2 + .../up.sql | 6 + .../1733396287_prompt_labels/down.sql | 2 + .../1733396287_prompt_labels/metadata.yaml | 2 + .../frontend/1733396287_prompt_labels/up.sql | 40 + .../down.sql | 16 + .../metadata.yaml | 2 + .../up.sql | 1 + .../down.sql | 12 + .../metadata.yaml | 2 + .../1733840223_drop_query_runner_state/up.sql | 1 + .../down.sql | 1 + .../metadata.yaml | 2 + .../up.sql | 19 + .../1733912207_drop_discussions/down.sql | 110 ++ .../1733912207_drop_discussions/metadata.yaml | 2 + .../1733912207_drop_discussions/up.sql | 5 + .../down.sql | 6 + .../metadata.yaml | 2 + .../up.sql | 6 + .../1734017751_drop_tenant_id_fk/down.sql | 16 + .../metadata.yaml | 2 + .../1734017751_drop_tenant_id_fk/up.sql | 11 + .../down.sql | 2 + .../metadata.yaml | 2 + .../1734086786_rls_policy_for_tenants/up.sql | 11 + migrations/frontend/squashed.sql | 994 +++++++++--------- 110 files changed, 3350 insertions(+), 846 deletions(-) create mode 100755 gql/multitenantgithubapp.graphql create mode 100755 gql/prompt_tags.graphql create mode 100644 migrations/codeinsights/1730943699_make_dbworker_tenant_aware/down.sql create mode 100644 migrations/codeinsights/1730943699_make_dbworker_tenant_aware/metadata.yaml create mode 100644 migrations/codeinsights/1730943699_make_dbworker_tenant_aware/up.sql create mode 100644 migrations/codeinsights/1732716803_tenant_policy_init_plan/down.sql create mode 100644 migrations/codeinsights/1732716803_tenant_policy_init_plan/metadata.yaml create mode 100644 migrations/codeinsights/1732716803_tenant_policy_init_plan/up.sql create mode 100644 migrations/codeinsights/1732783501_tenants_add_external_url/down.sql create mode 100644 migrations/codeinsights/1732783501_tenants_add_external_url/metadata.yaml create mode 100644 migrations/codeinsights/1732783501_tenants_add_external_url/up.sql create mode 100644 migrations/codeinsights/1733175896_make_tenantsid_a_serial/down.sql create mode 100644 migrations/codeinsights/1733175896_make_tenantsid_a_serial/metadata.yaml create mode 100644 migrations/codeinsights/1733175896_make_tenantsid_a_serial/up.sql create mode 100644 migrations/codeinsights/1733927758_drop_tenant/down.sql create mode 100644 migrations/codeinsights/1733927758_drop_tenant/metadata.yaml create mode 100644 migrations/codeinsights/1733927758_drop_tenant/up.sql create mode 100644 migrations/codeinsights/1734544626_add_tenant_back/down.sql create mode 100644 migrations/codeinsights/1734544626_add_tenant_back/metadata.yaml create mode 100644 migrations/codeinsights/1734544626_add_tenant_back/up.sql create mode 100644 migrations/codeintel/1732716553_tenant_policy_init_plan/down.sql create mode 100644 migrations/codeintel/1732716553_tenant_policy_init_plan/metadata.yaml create mode 100644 migrations/codeintel/1732716553_tenant_policy_init_plan/up.sql create mode 100644 migrations/codeintel/1732783493_tenants_add_external_url/down.sql create mode 100644 migrations/codeintel/1732783493_tenants_add_external_url/metadata.yaml create mode 100644 migrations/codeintel/1732783493_tenants_add_external_url/up.sql create mode 100644 migrations/codeintel/1733175891_make_tenantsid_a_serial/down.sql create mode 100644 migrations/codeintel/1733175891_make_tenantsid_a_serial/metadata.yaml create mode 100644 migrations/codeintel/1733175891_make_tenantsid_a_serial/up.sql create mode 100644 migrations/codeintel/1733926716_drop_tenant/down.sql create mode 100644 migrations/codeintel/1733926716_drop_tenant/metadata.yaml create mode 100644 migrations/codeintel/1733926716_drop_tenant/up.sql create mode 100644 migrations/codeintel/1734544580_add_tenant_back/down.sql create mode 100644 migrations/codeintel/1734544580_add_tenant_back/metadata.yaml create mode 100644 migrations/codeintel/1734544580_add_tenant_back/up.sql create mode 100644 migrations/frontend/1730763013_make_dbworker_tenant_aware/down.sql create mode 100644 migrations/frontend/1730763013_make_dbworker_tenant_aware/metadata.yaml create mode 100644 migrations/frontend/1730763013_make_dbworker_tenant_aware/up.sql create mode 100644 migrations/frontend/1732032110_contributor_data/down.sql create mode 100644 migrations/frontend/1732032110_contributor_data/metadata.yaml create mode 100644 migrations/frontend/1732032110_contributor_data/up.sql create mode 100644 migrations/frontend/1732702405_tenant_policy_init_plan/down.sql create mode 100644 migrations/frontend/1732702405_tenant_policy_init_plan/metadata.yaml create mode 100644 migrations/frontend/1732702405_tenant_policy_init_plan/up.sql create mode 100644 migrations/frontend/1732712874_tenants_add_external_url/down.sql create mode 100644 migrations/frontend/1732712874_tenants_add_external_url/metadata.yaml create mode 100644 migrations/frontend/1732712874_tenants_add_external_url/up.sql create mode 100644 migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/down.sql create mode 100644 migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/metadata.yaml create mode 100644 migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/up.sql create mode 100644 migrations/frontend/1732865837_repo_name_lower/down.sql create mode 100644 migrations/frontend/1732865837_repo_name_lower/metadata.yaml create mode 100644 migrations/frontend/1732865837_repo_name_lower/up.sql create mode 100644 migrations/frontend/1732884201_repo_name_lower_unique/down.sql create mode 100644 migrations/frontend/1732884201_repo_name_lower_unique/metadata.yaml create mode 100644 migrations/frontend/1732884201_repo_name_lower_unique/up.sql create mode 100644 migrations/frontend/1732884352_repo_name_lower_trgm/down.sql create mode 100644 migrations/frontend/1732884352_repo_name_lower_trgm/metadata.yaml create mode 100644 migrations/frontend/1732884352_repo_name_lower_trgm/up.sql create mode 100644 migrations/frontend/1732884503_repo_name_lower_add_constraint/down.sql create mode 100644 migrations/frontend/1732884503_repo_name_lower_add_constraint/metadata.yaml create mode 100644 migrations/frontend/1732884503_repo_name_lower_add_constraint/up.sql create mode 100644 migrations/frontend/1733175598_make_tenantsid_a_serial/down.sql create mode 100644 migrations/frontend/1733175598_make_tenantsid_a_serial/metadata.yaml create mode 100644 migrations/frontend/1733175598_make_tenantsid_a_serial/up.sql create mode 100644 migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/down.sql create mode 100644 migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/metadata.yaml create mode 100644 migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/up.sql create mode 100644 migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/down.sql create mode 100644 migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/metadata.yaml create mode 100644 migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/up.sql create mode 100644 migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/down.sql create mode 100644 migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/metadata.yaml create mode 100644 migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/up.sql create mode 100644 migrations/frontend/1733391631_contributor_data_bytes_columns/down.sql create mode 100644 migrations/frontend/1733391631_contributor_data_bytes_columns/metadata.yaml create mode 100644 migrations/frontend/1733391631_contributor_data_bytes_columns/up.sql create mode 100644 migrations/frontend/1733396287_prompt_labels/down.sql create mode 100644 migrations/frontend/1733396287_prompt_labels/metadata.yaml create mode 100644 migrations/frontend/1733396287_prompt_labels/up.sql create mode 100644 migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/down.sql create mode 100644 migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/metadata.yaml create mode 100644 migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/up.sql create mode 100644 migrations/frontend/1733840223_drop_query_runner_state/down.sql create mode 100644 migrations/frontend/1733840223_drop_query_runner_state/metadata.yaml create mode 100644 migrations/frontend/1733840223_drop_query_runner_state/up.sql create mode 100644 migrations/frontend/1733841106_external_service_sync_jobs_pk/down.sql create mode 100644 migrations/frontend/1733841106_external_service_sync_jobs_pk/metadata.yaml create mode 100644 migrations/frontend/1733841106_external_service_sync_jobs_pk/up.sql create mode 100644 migrations/frontend/1733912207_drop_discussions/down.sql create mode 100644 migrations/frontend/1733912207_drop_discussions/metadata.yaml create mode 100644 migrations/frontend/1733912207_drop_discussions/up.sql create mode 100644 migrations/frontend/1733925071_prompt_labels_name_update/down.sql create mode 100644 migrations/frontend/1733925071_prompt_labels_name_update/metadata.yaml create mode 100644 migrations/frontend/1733925071_prompt_labels_name_update/up.sql create mode 100644 migrations/frontend/1734017751_drop_tenant_id_fk/down.sql create mode 100644 migrations/frontend/1734017751_drop_tenant_id_fk/metadata.yaml create mode 100644 migrations/frontend/1734017751_drop_tenant_id_fk/up.sql create mode 100644 migrations/frontend/1734086786_rls_policy_for_tenants/down.sql create mode 100644 migrations/frontend/1734086786_rls_policy_for_tenants/metadata.yaml create mode 100644 migrations/frontend/1734086786_rls_policy_for_tenants/up.sql diff --git a/TAG b/TAG index d823ae8..ff9c6e1 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -v5.10.3940 +v5.11.0 diff --git a/gql/cody_context.graphql b/gql/cody_context.graphql index 428ba6a..6060c95 100755 --- a/gql/cody_context.graphql +++ b/gql/cody_context.graphql @@ -171,14 +171,6 @@ type ChatIntentResponse { """ score: Float! """ - Confidence score assigned by the "code search" intent detection model (the higher the score, the more likely it is that the query is about code search). - """ - searchScore: Float! - """ - Confidence score assigned by the "edit" intent detection model (the higher the score, the more likely it is that the query is about an edit command). - """ - editScore: Float! - """ All intents and scores computed by the intent detection model """ allScores: [IntentScore!]! diff --git a/gql/githubapps.graphql b/gql/githubapps.graphql index 2032564..e0f71d0 100755 --- a/gql/githubapps.graphql +++ b/gql/githubapps.graphql @@ -2,63 +2,29 @@ extend type Mutation { """ Delete a GitHub App. The GitHub App, along with all of its associated code host connections and authentication provider, will be deleted. + 🚨 SECURITY: Requires site-admin. """ deleteGitHubApp(gitHubApp: ID!): EmptyResponse """ Refresh a GitHub App. This fetches information about the GitHub app and updates all installations associated with it. + 🚨 SECURITY: Requires site-admin. """ refreshGitHubApp(gitHubApp: ID!): EmptyResponse - - """ - NOT FOR GENERAL USE. Sets the list of repos that are configured for cloning for this installation. - """ - setReposForInstallationID(installationID: Int!, repos: [String!]!): EmptyResponse } extend type Query { """ All configured GitHub Apps, optionally filtered by the domain in which they are used. + 🚨 SECURITY: Requires site-admin. """ gitHubApps(domain: GitHubAppDomain): GitHubAppConnection! """ - Looks up a GitHub App by its ID. - """ - gitHubApp(id: ID!): GitHubApp - """ Looks up a GitHub App by its AppID and BaseURL. + 🚨 SECURITY: Requires site-admin. """ gitHubAppByAppID(appID: Int!, baseURL: String!): GitHubApp - """ - NOT FOR GENERAL USE. Fetches the configured GitHub App for multitenant. - """ - multitenantGitHubApp: GitHubAppForUser! -} - -""" -The viewer's permission for a repository that is accessible to a GitHub App installation. -""" -enum GitHubAppRepositoryViewerPermission { - """ - The repository permission is unknown or not determined. - """ - UNKNOWN - - """ - Can read, clone, and push to this repository. Can also manage issues, pull requests, and repository settings, including adding collaborators. - """ - ADMIN - - """ - Can read, clone, and push to this repository. Can also manage issues and pull requests. - """ - WRITE - - """ - Can read and clone this repository. Can also open and comment on issues and pull requests. - """ - READ } """ @@ -173,40 +139,6 @@ type GitHubApp implements Node { webhook: Webhook } -""" -A GitHub App configuration that uses the authenticated user's access token. -""" -type GitHubAppForUser { - """ - Unique ID of the GitHub App - """ - id: ID! - """ - The name of the GitHub App - """ - name: String! - """ - The client ID of the OAuth provider backing the GitHub App. - """ - clientID: String! - """ - The URL of the GitHub App page - """ - appURL: String! - """ - The logo URL of the GitHub App - """ - logo: String! - """ - Fetches a list of installation IDs for this GitHub App using the authenticated user's access token. - """ - installations: [GitHubAppInstallationForUser!]! - """ - Fetches a single installation with the given ID using the authenticated user's access token. - """ - installation(installationID: Int!): GitHubAppInstallationForUser! -} - """ Represents a GitHub account on which the App was installed. """ @@ -250,154 +182,3 @@ type Installation { """ externalServices(first: Int): ExternalServiceConnection! } - -""" -Represents a single GitHub App installation that's resolved using the user's access token. -""" -type GitHubAppInstallationForUser { - """ - The installation ID of the App. - """ - id: Int! - """ - The installation URL. - """ - url: String! - """ - The account on which the App was installed - """ - account: GitHubAccount! - """ - Fetch the repositories from GitHub that this installation has access to. - """ - installationRepos(page: Int!): GitHubAppRepositoryForInstallationConnection - """ - Which repositories to clone using this installation. - """ - reposToClone: [String!]! -} - -""" -A GitHub repository that is accessible to a GitHub App installation. -""" -type GitHubAppInstallationRepository { - """ - ID of repository (GitHub GraphQL ID, not GitHub database ID) - """ - id: ID! - - """ - The integer database id - """ - databaseID: Int! - - """ - Full name of repository ("owner/name") - """ - nameWithOwner: String! - - """ - Description of repository - """ - description: String - - """ - The web URL of this repository ("https://github.com/foo/bar") - """ - url: String! - - """ - Whether the repository is private - """ - isPrivate: Boolean! - - """ - Whether the repository is a fork of another repository - """ - isFork: Boolean! - - """ - Whether the repository is archived on the code host - """ - isArchived: Boolean! - - """ - Whether the repository is locked on the code host - """ - isLocked: Boolean! - - """ - ADMIN, WRITE, READ, or UNKNOWN - """ - viewerPermission: GitHubAppRepositoryViewerPermission! - - """ - List of topics the repository is tagged with - """ - repositoryTopics: [String!]! - - """ - Number of stargazers - """ - stargazerCount: Int! - - """ - Number of forks - """ - forkCount: Int! - - """ - Repository visibility (public, private, internal, or unknown) - """ - visibility: GitHubAppRepositoryVisibility! - - """ - Disk usage in kibibytes - """ - diskUsageKibibytes: Int! -} - -""" -An enum representing the visibility status of a GitHub repository. -""" -enum GitHubAppRepositoryVisibility { - """ - Repository is visible to everyone - """ - PUBLIC - - """ - Repository is only visible to authorized users - """ - PRIVATE - - """ - Repository is visible to organization members - """ - INTERNAL - - """ - Repository visibility could not be determined - """ - UNKNOWN -} - -""" -A connection to a list of GitHub repositories that are accessible to a GitHub App installation. -""" -type GitHubAppRepositoryForInstallationConnection { - """ - A list of repositories. - """ - nodes: [GitHubAppInstallationRepository!]! - - """ - The total count of repositories in the connection. - """ - totalCount: Int! - - """ - Pagination information. - """ - pageInfo: PageInfo! -} diff --git a/gql/multitenantgithubapp.graphql b/gql/multitenantgithubapp.graphql new file mode 100755 index 0000000..dab780d --- /dev/null +++ b/gql/multitenantgithubapp.graphql @@ -0,0 +1,344 @@ +extend type Query { + """ + Contains queries relevant for this workspace. Not available outside of a Workspaces + environment. + + DO NOT DEPEND ON ANY RESOLVERS IN THIS OBJECT, THIS IS NOT A STABLE API. + """ + workspace: WorkspaceQuery! +} + +extend type Mutation { + """ + Contains mutations relevant for this workspace. Not available outside of a Workspaces + environment. + + DO NOT DEPEND ON ANY RESOLVERS IN THIS OBJECT, THIS IS NOT A STABLE API. + """ + workspace: WorkspaceMutation! +} + +""" +Contains queries relevant for this workspace. Not available outside of a Workspaces +environment. +""" +type WorkspaceQuery { + """ + The configured GitHub App for this workspace. + """ + gitHubApp: WorkspaceGitHubApp! +} + +""" +Contains mutations relevant for this workspace. Not available outside of a Workspaces +environment. +""" +type WorkspaceMutation { + """ + Sets the list of repos that are configured for cloning. Sourcegraph will create + multiple code host connections from this list, one for each installation and one + for public repos if no installations exist. + + Names must be provided in GitHub OWNER/NAME format. + """ + setGitHubAppRepositories(repositories: [String!]!): EmptyResponse +} + +""" +The GitHub App configuration used by workspaces GitHub setup that uses the authenticated +user's App-scoped access token for interacting with GitHub. +""" +type WorkspaceGitHubApp { + """ + The name of the GitHub App. + """ + name: String! + """ + The client ID of the OAuth provider backing the GitHub App. + """ + clientID: String! + """ + The URL of the GitHub App page on GitHub. + """ + appURL: String! + """ + The applicable limits for repositories synced with GitHub for this GitHub App. + """ + workspaceLimits: WorkspaceGitHubAppLimits! + """ + API to list / search public GitHub repositories with no additional filters. + This endpoint can be used to validate and autocomplete a OSS repo that should + be added to the workspace. + """ + listPublicGitHubRepositories( + """ + Pagination arg. + """ + first: Int! + """ + Pagination arg. + """ + after: String + """ + The search term when searching for a repo. + """ + search: String! + ): WorkspaceGitHubAppRepositoryConnection! + """ + API to list / search the authenticated users GitHub repositories. + This endpoint can be used to list repos in the current users GitHub account. + Private repositories are only returned when the App is installed on them. + """ + listUserGitHubRepositories( + """ + Pagination arg. + """ + first: Int! + """ + Pagination arg. + """ + after: String + """ + An optional search term when searching for a repo. Leave blank to apply no filtering. + """ + search: String + ): WorkspaceGitHubAppRepositoryConnection! + """ + Fetches all installations for this GitHub App that the authenticated user has access to. + """ + installations: [WorkspaceGitHubAppInstallation!]! + """ + Fetches a single installation with the given ID. This API only returns when the authenticated + user has access to it. + """ + installation(installationID: Int!): WorkspaceGitHubAppInstallation + """ + The list of repositories currently selected for cloning across all installations plus public repos. + """ + selectedRepositories: [WorkspaceGitHubAppRepository!]! +} + +""" +Represents a single GitHub App installation that's resolved using the user's access token. +""" +type WorkspaceGitHubAppInstallation { + """ + The installation ID of the App. + """ + installationID: Int! + """ + The URL to the installation. + """ + url: String! + """ + The account on which the App was installed + """ + account: WorkspaceGitHubAppAccount! + """ + API to list / search GitHub repositories that belong to this installation. + This endpoint can be used to list repos in the installation GitHub account that + this GitHub App can currently access and clone. + Private repositories are only returned when the App is installed on them. + """ + installationRepos( + """ + Pagination arg. + """ + first: Int! + """ + Pagination arg. + """ + after: String + """ + An optional search term when searching for a repo. Leave blank to apply no filtering. + """ + search: String + ): WorkspaceGitHubAppRepositoryConnection! +} + +""" +Represents a GitHub account on which the App was installed. +""" +type WorkspaceGitHubAppAccount { + """ + The login username of the account. + """ + login: String! + """ + The avatar URL of the account. + """ + avatarURL: String! + """ + A link to the account on GitHub. + """ + url: String! + """ + The account type. + """ + type: String! +} + +""" +A connection to a list of GitHub repositories that are accessible to a GitHub App installation. +""" +type WorkspaceGitHubAppRepositoryConnection { + """ + A list of repositories. + """ + nodes: [WorkspaceGitHubAppRepository!]! + + """ + The total count of repositories in the connection. + """ + totalCount: Int! + + """ + Pagination information. + """ + pageInfo: PageInfo! +} + +""" +A GitHub repository that is accessible to a GitHub App installation. +""" +type WorkspaceGitHubAppRepository { + """ + ID of repository (GitHub GraphQL ID, not GitHub database ID or Sourcegraph GraphQL ID) + """ + id: String! + + """ + The integer database id + """ + databaseID: Int! + + """ + Full name of repository ("owner/name") + """ + nameWithOwner: String! + + """ + Description of repository + """ + description: String + + """ + The web URL of this repository ("https://github.com/foo/bar") + """ + url: String! + + """ + Whether the repository is private + """ + isPrivate: Boolean! + + """ + Whether the repository is a fork of another repository + """ + isFork: Boolean! + + """ + Whether the repository is archived on the code host + """ + isArchived: Boolean! + + """ + Whether the repository is locked on the code host + """ + isLocked: Boolean! + + """ + ADMIN, WRITE, READ, or UNKNOWN + """ + viewerPermission: WorkspaceGitHubAppRepositoryViewerPermission! + + """ + List of topics the repository is tagged with + """ + repositoryTopics: [String!]! + + """ + Number of stargazers + """ + stargazerCount: Int! + + """ + Number of forks + """ + forkCount: Int! + + """ + Repository visibility (public, private, internal, or unknown) + """ + visibility: WorkspaceGitHubAppRepositoryVisibility! + + """ + Disk usage in kibibytes + """ + diskUsageKibibytes: Int! +} + +""" +The viewer's permission for a repository that is accessible to a GitHub App installation. +""" +enum WorkspaceGitHubAppRepositoryViewerPermission { + """ + The repository permission is unknown or not determined. + """ + UNKNOWN + + """ + Can read, clone, and push to this repository. Can also manage issues, pull requests, and repository settings, including adding collaborators. + """ + ADMIN + + """ + Can read, clone, and push to this repository. Can also manage issues and pull requests. + """ + WRITE + + """ + Can read and clone this repository. Can also open and comment on issues and pull requests. + """ + READ +} + +""" +An enum representing the visibility status of a GitHub repository. +""" +enum WorkspaceGitHubAppRepositoryVisibility { + """ + Repository is visible to everyone + """ + PUBLIC + + """ + Repository is only visible to authorized users + """ + PRIVATE + + """ + Repository is visible to organization members + """ + INTERNAL + + """ + Repository visibility could not be determined + """ + UNKNOWN +} + +""" +Limits for a workspace GitHub App. +""" +type WorkspaceGitHubAppLimits { + """ + The maximum number of repositories that can be synced with the workspace GitHub App. + """ + maximumRepositoryCount: Int! + """ + The maximum size of all selected repositories combined that can be synced with + the workspace GitHub App. + """ + maximumRepositorySizeBytes: BigInt! +} diff --git a/gql/prompt_tags.graphql b/gql/prompt_tags.graphql new file mode 100755 index 0000000..903f1ba --- /dev/null +++ b/gql/prompt_tags.graphql @@ -0,0 +1,150 @@ +extend type Mutation { + """ + Create a prompt tag. + """ + createPromptTag(input: PromptTagCreateInput!): PromptTag! + + """ + Update a prompt tag. + """ + updatePromptTag(id: ID!, input: PromptTagUpdateInput!): PromptTag! + + """ + Delete a prompt tag. + """ + deletePromptTag(id: ID!): EmptyResponse +} + +extend type Query { + """ + List of prompt tags, which can be applied to prompts. + """ + promptTags( + """ + The limit argument for forward pagination. + """ + first: Int + + """ + The limit argument for backward pagination. + """ + last: Int + + """ + The cursor argument for forward pagination. + """ + after: String + + """ + The cursor argument for backward pagination. + """ + before: String + + """ + Search prompt tags by name. + """ + query: String + + """ + The field to sort by. + """ + orderBy: PromptTagsOrderBy = PROMPT_TAG_NAME + + """ + The field to sort by multiple fields. + """ + orderByMultiple: [PromptTagsOrderBy!] + ): PromptTagsConnection! +} + +""" +The ways that a list of prompt tags can be ordered. +""" +enum PromptTagsOrderBy { + PROMPT_TAG_NAME +} + +""" +The input that describes a prompt tag to create. +""" +input PromptTagCreateInput { + """ + The name of the prompt tag. + """ + name: String! +} + +""" +The input that describes a prompt tag to update. +""" +input PromptTagUpdateInput { + """ + The name of the prompt tag. + """ + name: String! +} + +""" +A paginated connection for prompt tags. +""" +type PromptTagsConnection implements Connection { + """ + A list of prompt tags. + """ + nodes: [PromptTag!]! + + """ + The total number of prompt tags in the connection. + """ + totalCount: Int! + + """ + Pagination information. + """ + pageInfo: ConnectionPageInfo! +} + +""" +A prompt tag. +""" +type PromptTag implements Node { + """ + The unique ID of this prompt tag. + """ + id: ID! + + """ + The name of the prompt tag, which is unique among all of the tenant's prompt tags. + """ + name: String! + + """ + The user who created the prompt tag. + """ + createdBy: User + + """ + The date of the prompt tag's creation. + """ + createdAt: DateTime! + + """ + The user who created the prompt tag. + """ + updatedBy: User + + """ + The date of the prompt tag's creation. + """ + updatedAt: DateTime! + + """ + The URL of this prompt tag. + """ + url: String! + + """ + Whether the viewer can edit and delete this prompt tag. + """ + viewerCanAdminister: Boolean! +} diff --git a/gql/prompts.graphql b/gql/prompts.graphql index df17d03..8704323 100755 --- a/gql/prompts.graphql +++ b/gql/prompts.graphql @@ -104,6 +104,11 @@ extend type Query { The field to sort by multiple fields. """ orderByMultiple: [PromptsOrderBy!] + + """ + Filter by tag IDs. + """ + tags: [ID!] ): PromptsConnection! } @@ -155,6 +160,11 @@ input PromptInput { Whether the prompt is recommended. """ recommended: Boolean + + """ + The tags for the prompt. + """ + tags: [ID!] } """ @@ -213,6 +223,11 @@ input PromptUpdateInput { Whether the prompt is recommended. """ recommended: Boolean + + """ + The new tags delete and override any existing tags. + """ + tags: [ID!] } """ @@ -355,6 +370,51 @@ type Prompt implements Node { Whether the prompt is built-in prompt. Built-in prompts are not editable. """ builtin: Boolean! + + """ + Tags associated with this prompt. + """ + tags( + """ + The limit argument for forward pagination. + """ + first: Int + + """ + The limit argument for backward pagination. + """ + last: Int + + """ + The cursor argument for forward pagination. + """ + after: String + + """ + The cursor argument for backward pagination. + """ + before: String + ): PromptToTagsConnection! +} + +""" +A paginated connection for prompt tags. +""" +type PromptToTagsConnection implements Connection { + """ + A list of prompt tags. + """ + nodes: [PromptTag!]! + + """ + The total number of prompt tags in the connection. + """ + totalCount: Int! + + """ + Pagination information. + """ + pageInfo: ConnectionPageInfo! } """ diff --git a/gql/schema.graphql b/gql/schema.graphql index 03e3c4b..f86bbbb 100755 --- a/gql/schema.graphql +++ b/gql/schema.graphql @@ -520,10 +520,6 @@ type Mutation { The site ID that the client was connected to when the event was logged. """ connectedSiteID: String - """ - The connected site's license key, hashed using sha256. Used for uniquely identifying the site. - """ - hashedLicenseKey: String ): EmptyResponse @deprecated(reason: "use telemetry { recordEvent } instead") """ Logs a batch of events. @@ -992,10 +988,6 @@ input Event { The site ID that the client was connected to when the event was logged. """ connectedSiteID: String - """ - The connected site's license key, hashed using sha256. Used for uniquely identifying the site. - """ - hashedLicenseKey: String } """ @@ -3431,6 +3423,12 @@ type ExternalServiceSyncJob implements Node { """ reposDeleted: Int! + """ + The number of repos that the sync job _wanted_ to delete. The actual number + of deletions could be constrained by the code host config. + """ + reposWantedToDelete: Int! + """ The number of existing repos whose metadata has changed during this sync job. """ @@ -6292,7 +6290,6 @@ type User implements Node & SettingsSubject & Namespace { username: String! """ The user's primary email address. - Only the user and site admins can access this field. """ email: String! @deprecated(reason: "use emails instead") """ @@ -6383,12 +6380,10 @@ type User implements Node & SettingsSubject & Namespace { ): EventLogsConnection! """ The user's email addresses. - Only the user and site admins can access this field. """ emails: [UserEmail!]! """ Whether the user has a verified email or not. - Only the user and site admins can access this field. """ hasVerifiedEmail: Boolean! """ @@ -7196,11 +7191,6 @@ type Site implements SettingsSubject { """ allowEditExternalServicesWithFile: Boolean! """ - Whether the site is over the limit for free user accounts, and a warning needs to be shown to all users. - Only applies if the site does not have a valid license. - """ - freeUsersExceeded: Boolean! - """ Alerts to display to the viewer. """ alerts: [Alert!]! @@ -7279,20 +7269,6 @@ type Site implements SettingsSubject { eventsCount: SiteUsersNumberRangeInput ): SiteUsers! - """ - Monitoring overview for this site. - Note: This is primarily used for displaying recently-fired alerts in the web app. If your intent - is to monitor Sourcegraph, it is better to configure alerting or query Prometheus directly in - order to ensure that if the frontend goes down you still receive alerts: - Configure alerting: https://sourcegraph.com/docs/admin/observability/alerting - Query Prometheus directly: https://sourcegraph.com/docs/admin/observability/alerting_custom_consumption - """ - monitoringStatistics( - """ - Days of history (based on current UTC time). - """ - days: Int @deprecated(reason: "No longer supported - will be removed after Sourcegraph 4.5") - ): MonitoringStatistics! """ Whether changes can be made to site settings through the API. When global settings are configured through the GLOBAL_SETTINGS_FILE environment variable, site settings edits cannot be made through the API. @@ -8457,19 +8433,6 @@ type SiteUsagePeriod { integrationUserCount: Int! } -""" -Monitoring overview. -""" -type MonitoringStatistics { - """ - Alerts fired in this time span. - """ - alerts: [MonitoringAlert!]! - @deprecated( - reason: "No longer supported, and will no longer return data - query will be removed after Sourcegraph 4.5" - ) -} - """ A high-level monitoring alert, for details see https://sourcegraph.com/docs/admin/observability/metrics#high-level-alerting-metrics """ @@ -8585,14 +8548,9 @@ type ProductSubscriptionStatus { actualUserCountDate: String! """ The number of users allowed. If there is a license, this is equal to ProductLicenseInfo.userCount. Otherwise, - it is the user limit for instances without a license, or null if there is no limit. - """ - maximumAllowedUserCount: Int + it is the user limit for instances without a license. """ - The number of free users allowed on a site without a license before a warning is shown to all users, or null - if a valid license is in use. - """ - noLicenseWarningUserCount: Int + maximumAllowedUserCount: Int! """ The product license associated with this subscription. If no license key is applied, a free plan is assumed. @@ -8645,10 +8603,6 @@ type ProductLicenseInfo { This indicates the reason the license is invalid. It'll be null if `isValid` is true. """ licenseInvalidityReason: String - """ - The license key, hashed using sha256. - """ - hashedKey: String } """ @@ -10345,6 +10299,11 @@ enum PermissionNamespace { Permissions related to workspace repo administration. """ WORKSPACE_REPOSITORIES + + """ + Permissions related to exported telemetry. + """ + EXPORTED_TELEMETRY } """ diff --git a/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/down.sql b/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/down.sql new file mode 100644 index 0000000..ac6cafc --- /dev/null +++ b/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/down.sql @@ -0,0 +1,52 @@ +CREATE POLICY isolation_policy_2 ON insights_data_retention_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON insights_data_retention_jobs; +ALTER POLICY isolation_policy_2 ON insights_data_retention_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON insights_background_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON insights_background_jobs; +ALTER POLICY isolation_policy_2 ON insights_background_jobs RENAME TO tenant_isolation_policy; + +DROP VIEW IF EXISTS insights_jobs_backfill_in_progress; +CREATE OR REPLACE VIEW insights_jobs_backfill_in_progress AS + SELECT jobs.id, + jobs.state, + jobs.failure_message, + jobs.queued_at, + jobs.started_at, + jobs.finished_at, + jobs.process_after, + jobs.num_resets, + jobs.num_failures, + jobs.last_heartbeat_at, + jobs.execution_logs, + jobs.worker_hostname, + jobs.cancel, + jobs.backfill_id, + isb.state AS backfill_state, + isb.estimated_cost, + width_bucket(isb.estimated_cost, (0)::double precision, max((isb.estimated_cost + (1)::double precision)) OVER (), 4) AS cost_bucket + FROM (insights_background_jobs jobs + JOIN insight_series_backfill isb ON ((jobs.backfill_id = isb.id))) + WHERE (isb.state = 'processing'::text); + +DROP VIEW IF EXISTS insights_jobs_backfill_new; +CREATE OR REPLACE VIEW insights_jobs_backfill_new AS + SELECT jobs.id, + jobs.state, + jobs.failure_message, + jobs.queued_at, + jobs.started_at, + jobs.finished_at, + jobs.process_after, + jobs.num_resets, + jobs.num_failures, + jobs.last_heartbeat_at, + jobs.execution_logs, + jobs.worker_hostname, + jobs.cancel, + jobs.backfill_id, + isb.state AS backfill_state, + isb.estimated_cost + FROM (insights_background_jobs jobs + JOIN insight_series_backfill isb ON ((jobs.backfill_id = isb.id))) + WHERE (isb.state = 'new'::text); diff --git a/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/metadata.yaml b/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/metadata.yaml new file mode 100644 index 0000000..ff0ff89 --- /dev/null +++ b/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/metadata.yaml @@ -0,0 +1,3 @@ +name: Make dbworker tenant aware +parents: [1732716803] +bestEffortTerminateBlockingTransactions: true diff --git a/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/up.sql b/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/up.sql new file mode 100644 index 0000000..1e3f8de --- /dev/null +++ b/migrations/codeinsights/1730943699_make_dbworker_tenant_aware/up.sql @@ -0,0 +1,55 @@ +CREATE POLICY isolation_policy_2 ON insights_data_retention_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON insights_data_retention_jobs; +ALTER POLICY isolation_policy_2 ON insights_data_retention_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON insights_background_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON insights_background_jobs; +ALTER POLICY isolation_policy_2 ON insights_background_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW insights_jobs_backfill_in_progress AS + SELECT jobs.id, + jobs.state, + jobs.failure_message, + jobs.queued_at, + jobs.started_at, + jobs.finished_at, + jobs.process_after, + jobs.num_resets, + jobs.num_failures, + jobs.last_heartbeat_at, + jobs.execution_logs, + jobs.worker_hostname, + jobs.cancel, + jobs.backfill_id, + isb.state AS backfill_state, + isb.estimated_cost, + width_bucket(isb.estimated_cost, (0)::double precision, max((isb.estimated_cost + (1)::double precision)) OVER (), 4) AS cost_bucket, + jobs.tenant_id + FROM (insights_background_jobs jobs + JOIN insight_series_backfill isb ON ((jobs.backfill_id = isb.id))) + WHERE (isb.state = 'processing'::text); +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW insights_jobs_backfill_new AS + SELECT jobs.id, + jobs.state, + jobs.failure_message, + jobs.queued_at, + jobs.started_at, + jobs.finished_at, + jobs.process_after, + jobs.num_resets, + jobs.num_failures, + jobs.last_heartbeat_at, + jobs.execution_logs, + jobs.worker_hostname, + jobs.cancel, + jobs.backfill_id, + isb.state AS backfill_state, + isb.estimated_cost, + jobs.tenant_id + FROM (insights_background_jobs jobs + JOIN insight_series_backfill isb ON ((jobs.backfill_id = isb.id))) + WHERE (isb.state = 'new'::text); diff --git a/migrations/codeinsights/1732716803_tenant_policy_init_plan/down.sql b/migrations/codeinsights/1732716803_tenant_policy_init_plan/down.sql new file mode 100644 index 0000000..557953b --- /dev/null +++ b/migrations/codeinsights/1732716803_tenant_policy_init_plan/down.sql @@ -0,0 +1,32 @@ +CREATE OR REPLACE FUNCTION migrate_tenant_policy_init_plan_codeinsights(table_name text) +RETURNS void AS $$ +BEGIN + EXECUTE format('CREATE POLICY tenant_isolation_policy_new ON %I USING ((tenant_id = (current_setting(''app.current_tenant''::text))::integer));', table_name, table_name); + EXECUTE format('DROP POLICY IF EXISTS tenant_isolation_policy ON %I', table_name); + EXECUTE format('DROP POLICY IF EXISTS %I_isolation_policy ON %I', table_name, table_name); + EXECUTE format('ALTER POLICY tenant_isolation_policy_new ON %I RENAME TO %I_isolation_policy', table_name, table_name); +END; +$$ LANGUAGE plpgsql; + +SELECT migrate_tenant_policy_init_plan_codeinsights('archived_insight_series_recording_times'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('archived_series_points'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('dashboard_grants'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('dashboard_insight_view'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('dashboard'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_series_backfill'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_series_incomplete_points'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_series'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_series_recording_times'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_view_grants'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_view'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_view_series'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insights_background_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insights_data_retention_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('metadata'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('repo_iterator_errors'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('repo_iterator'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('repo_names'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('series_points'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('series_points_snapshots'); COMMIT AND CHAIN; + +DROP FUNCTION migrate_tenant_policy_init_plan_codeinsights(text); diff --git a/migrations/codeinsights/1732716803_tenant_policy_init_plan/metadata.yaml b/migrations/codeinsights/1732716803_tenant_policy_init_plan/metadata.yaml new file mode 100644 index 0000000..10161c4 --- /dev/null +++ b/migrations/codeinsights/1732716803_tenant_policy_init_plan/metadata.yaml @@ -0,0 +1,3 @@ +name: tenant policy init plan +parents: [1727578688, 1727489239, 1725708046] +bestEffortTerminateBlockingTransactions: true diff --git a/migrations/codeinsights/1732716803_tenant_policy_init_plan/up.sql b/migrations/codeinsights/1732716803_tenant_policy_init_plan/up.sql new file mode 100644 index 0000000..752ee79 --- /dev/null +++ b/migrations/codeinsights/1732716803_tenant_policy_init_plan/up.sql @@ -0,0 +1,36 @@ +-- This migration updates our tenant_isolation_policy such that we can +-- evaluate app.current_tenant once in the init plan. Additionally we move to +-- using a single policy name for all tables. + +CREATE OR REPLACE FUNCTION migrate_tenant_policy_init_plan_codeinsights(table_name text) +RETURNS void AS $$ +BEGIN + EXECUTE format('CREATE POLICY tenant_isolation_policy_new ON %I USING (tenant_id = (SELECT current_setting(''app.current_tenant''::text)::integer AS current_tenant))', table_name); + EXECUTE format('DROP POLICY IF EXISTS tenant_isolation_policy ON %I', table_name); + EXECUTE format('DROP POLICY IF EXISTS %I_isolation_policy ON %I', table_name, table_name); + EXECUTE format('ALTER POLICY tenant_isolation_policy_new ON %I RENAME TO tenant_isolation_policy', table_name); +END; +$$ LANGUAGE plpgsql; + +SELECT migrate_tenant_policy_init_plan_codeinsights('archived_insight_series_recording_times'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('archived_series_points'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('dashboard_grants'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('dashboard_insight_view'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('dashboard'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_series_backfill'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_series_incomplete_points'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_series'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_series_recording_times'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_view_grants'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_view'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insight_view_series'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insights_background_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('insights_data_retention_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('metadata'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('repo_iterator_errors'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('repo_iterator'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('repo_names'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('series_points'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeinsights('series_points_snapshots'); COMMIT AND CHAIN; + +DROP FUNCTION migrate_tenant_policy_init_plan_codeinsights(text); diff --git a/migrations/codeinsights/1732783501_tenants_add_external_url/down.sql b/migrations/codeinsights/1732783501_tenants_add_external_url/down.sql new file mode 100644 index 0000000..55b792b --- /dev/null +++ b/migrations/codeinsights/1732783501_tenants_add_external_url/down.sql @@ -0,0 +1 @@ +ALTER TABLE tenants DROP COLUMN IF EXISTS external_url; diff --git a/migrations/codeinsights/1732783501_tenants_add_external_url/metadata.yaml b/migrations/codeinsights/1732783501_tenants_add_external_url/metadata.yaml new file mode 100644 index 0000000..9918ce4 --- /dev/null +++ b/migrations/codeinsights/1732783501_tenants_add_external_url/metadata.yaml @@ -0,0 +1,2 @@ +name: tenants_add_external_url +parents: [1727578688, 1727489239, 1725708046] diff --git a/migrations/codeinsights/1732783501_tenants_add_external_url/up.sql b/migrations/codeinsights/1732783501_tenants_add_external_url/up.sql new file mode 100644 index 0000000..69d710a --- /dev/null +++ b/migrations/codeinsights/1732783501_tenants_add_external_url/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE tenants + ADD COLUMN IF NOT EXISTS external_url TEXT NOT NULL DEFAULT '' CHECK (LOWER(external_url) = external_url); diff --git a/migrations/codeinsights/1733175896_make_tenantsid_a_serial/down.sql b/migrations/codeinsights/1733175896_make_tenantsid_a_serial/down.sql new file mode 100644 index 0000000..5ba793a --- /dev/null +++ b/migrations/codeinsights/1733175896_make_tenantsid_a_serial/down.sql @@ -0,0 +1,3 @@ +ALTER TABLE tenants ALTER COLUMN id DROP DEFAULT; + +DROP SEQUENCE IF EXISTS tenants_id_seq; diff --git a/migrations/codeinsights/1733175896_make_tenantsid_a_serial/metadata.yaml b/migrations/codeinsights/1733175896_make_tenantsid_a_serial/metadata.yaml new file mode 100644 index 0000000..4e9be63 --- /dev/null +++ b/migrations/codeinsights/1733175896_make_tenantsid_a_serial/metadata.yaml @@ -0,0 +1,2 @@ +name: Make tenants.id a SERIAL +parents: [1730943699, 1732783501] diff --git a/migrations/codeinsights/1733175896_make_tenantsid_a_serial/up.sql b/migrations/codeinsights/1733175896_make_tenantsid_a_serial/up.sql new file mode 100644 index 0000000..fb6e32a --- /dev/null +++ b/migrations/codeinsights/1733175896_make_tenantsid_a_serial/up.sql @@ -0,0 +1,10 @@ +-- Make sure we start with at least 2 to leave room for the default tenant. +CREATE SEQUENCE IF NOT EXISTS tenants_id_seq AS integer START WITH 2; + +ALTER TABLE tenants ALTER COLUMN id SET DEFAULT nextval('tenants_id_seq'); + +-- Adjust the sequence to match the current maximum value in the column. +SELECT setval('tenants_id_seq', COALESCE(MAX(id), 1)) FROM tenants; + +-- Ensure the sequence is owned by the column (for cleanup on table drop). +ALTER SEQUENCE tenants_id_seq OWNED BY tenants.id; diff --git a/migrations/codeinsights/1733927758_drop_tenant/down.sql b/migrations/codeinsights/1733927758_drop_tenant/down.sql new file mode 100644 index 0000000..fcf4a75 --- /dev/null +++ b/migrations/codeinsights/1733927758_drop_tenant/down.sql @@ -0,0 +1 @@ +-- made a noop since added back in 1734544626_add_tenant_back diff --git a/migrations/codeinsights/1733927758_drop_tenant/metadata.yaml b/migrations/codeinsights/1733927758_drop_tenant/metadata.yaml new file mode 100644 index 0000000..aa082a1 --- /dev/null +++ b/migrations/codeinsights/1733927758_drop_tenant/metadata.yaml @@ -0,0 +1,2 @@ +name: drop tenant +parents: [1733175896] diff --git a/migrations/codeinsights/1733927758_drop_tenant/up.sql b/migrations/codeinsights/1733927758_drop_tenant/up.sql new file mode 100644 index 0000000..fcf4a75 --- /dev/null +++ b/migrations/codeinsights/1733927758_drop_tenant/up.sql @@ -0,0 +1 @@ +-- made a noop since added back in 1734544626_add_tenant_back diff --git a/migrations/codeinsights/1734544626_add_tenant_back/down.sql b/migrations/codeinsights/1734544626_add_tenant_back/down.sql new file mode 100644 index 0000000..c1b04b7 --- /dev/null +++ b/migrations/codeinsights/1734544626_add_tenant_back/down.sql @@ -0,0 +1 @@ +-- noop since we nooped 1733927758_drop_tenant diff --git a/migrations/codeinsights/1734544626_add_tenant_back/metadata.yaml b/migrations/codeinsights/1734544626_add_tenant_back/metadata.yaml new file mode 100644 index 0000000..3b89b94 --- /dev/null +++ b/migrations/codeinsights/1734544626_add_tenant_back/metadata.yaml @@ -0,0 +1,2 @@ +name: add_tenant_back +parents: [1733927758] diff --git a/migrations/codeinsights/1734544626_add_tenant_back/up.sql b/migrations/codeinsights/1734544626_add_tenant_back/up.sql new file mode 100644 index 0000000..0376a75 --- /dev/null +++ b/migrations/codeinsights/1734544626_add_tenant_back/up.sql @@ -0,0 +1,34 @@ +-- undoes 1733927758_drop_tenant which is now a noop + +CREATE TABLE IF NOT EXISTS tenants ( + id bigint PRIMARY KEY, + name text NOT NULL, + created_at timestamp with time zone NOT NULL DEFAULT now(), + updated_at timestamp with time zone NOT NULL DEFAULT now(), + workspace_id uuid NOT NULL, + display_name text, + state tenant_state NOT NULL DEFAULT 'active'::tenant_state, + external_url text NOT NULL DEFAULT '', + CONSTRAINT tenants_name_key UNIQUE (name), + CONSTRAINT tenants_workspace_id_key UNIQUE (workspace_id), + CONSTRAINT tenant_name_length CHECK (char_length(name) <= 32 AND char_length(name) >= 3), + CONSTRAINT tenant_name_valid_chars CHECK (name ~ '^[a-z](?:[a-z0-9\_-])*[a-z0-9]$'::text), + CONSTRAINT tenants_external_url_check CHECK (lower(external_url) = external_url) +); + +COMMENT ON TABLE tenants IS 'The table that holds all tenants known to the instance. In enterprise instances, this table will only contain the "default" tenant.'; +COMMENT ON COLUMN tenants.id IS 'The ID of the tenant. To keep tenants globally addressable, and be able to move them aronud instances more easily, the ID is NOT a serial and has to be specified explicitly. The creator of the tenant is responsible for choosing a unique ID, if it cares.'; +COMMENT ON COLUMN tenants.name IS 'The name of the tenant. This may be displayed to the user and must be unique.'; + +INSERT INTO tenants (id, name, workspace_id, created_at, updated_at) VALUES (1, 'default', '6a6b043c-ffed-42ec-b1f4-abc231cd7222', '2024-09-28 09:41:00.000000+00', '2024-09-28 09:41:00.000000+00') ON CONFLICT DO NOTHING; + +-- Make sure we start with at least 2 to leave room for the default tenant. +CREATE SEQUENCE IF NOT EXISTS tenants_id_seq AS integer START WITH 2; + +ALTER TABLE tenants ALTER COLUMN id SET DEFAULT nextval('tenants_id_seq'); + +-- Adjust the sequence to match the current maximum value in the column. +SELECT setval('tenants_id_seq', COALESCE(MAX(id), 1)) FROM tenants; + +-- Ensure the sequence is owned by the column (for cleanup on table drop). +ALTER SEQUENCE tenants_id_seq OWNED BY tenants.id; diff --git a/migrations/codeinsights/squashed.sql b/migrations/codeinsights/squashed.sql index c283e42..687f257 100644 --- a/migrations/codeinsights/squashed.sql +++ b/migrations/codeinsights/squashed.sql @@ -406,7 +406,8 @@ CREATE VIEW insights_jobs_backfill_in_progress AS jobs.backfill_id, isb.state AS backfill_state, isb.estimated_cost, - width_bucket(isb.estimated_cost, (0)::double precision, max((isb.estimated_cost + (1)::double precision)) OVER (), 4) AS cost_bucket + width_bucket(isb.estimated_cost, (0)::double precision, max((isb.estimated_cost + (1)::double precision)) OVER (), 4) AS cost_bucket, + jobs.tenant_id FROM (insights_background_jobs jobs JOIN insight_series_backfill isb ON ((jobs.backfill_id = isb.id))) WHERE (isb.state = 'processing'::text); @@ -427,7 +428,8 @@ CREATE VIEW insights_jobs_backfill_new AS jobs.cancel, jobs.backfill_id, isb.state AS backfill_state, - isb.estimated_cost + isb.estimated_cost, + jobs.tenant_id FROM (insights_background_jobs jobs JOIN insight_series_backfill isb ON ((jobs.backfill_id = isb.id))) WHERE (isb.state = 'new'::text); @@ -571,8 +573,10 @@ CREATE TABLE tenants ( state tenant_state DEFAULT 'active'::tenant_state NOT NULL, workspace_id uuid NOT NULL, display_name text, + external_url text DEFAULT ''::text NOT NULL, CONSTRAINT tenant_name_length CHECK (((char_length(name) <= 32) AND (char_length(name) >= 3))), - CONSTRAINT tenant_name_valid_chars CHECK ((name ~ '^[a-z](?:[a-z0-9\_-])*[a-z0-9]$'::text)) + CONSTRAINT tenant_name_valid_chars CHECK ((name ~ '^[a-z](?:[a-z0-9\_-])*[a-z0-9]$'::text)), + CONSTRAINT tenants_external_url_check CHECK ((lower(external_url) = external_url)) ); COMMENT ON TABLE tenants IS 'The table that holds all tenants known to the instance. In enterprise instances, this table will only contain the "default" tenant.'; @@ -587,6 +591,16 @@ COMMENT ON COLUMN tenants.workspace_id IS 'The ID in workspaces service of the t COMMENT ON COLUMN tenants.display_name IS 'An optional display name for the tenant. This is used for rendering the tenant name in the UI.'; +CREATE SEQUENCE tenants_id_seq + AS integer + START WITH 2 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE tenants_id_seq OWNED BY tenants.id; + ALTER TABLE ONLY dashboard ALTER COLUMN id SET DEFAULT nextval('dashboard_id_seq'::regclass); ALTER TABLE ONLY dashboard_grants ALTER COLUMN id SET DEFAULT nextval('dashboard_grants_id_seq'::regclass); @@ -615,6 +629,8 @@ ALTER TABLE ONLY repo_iterator_errors ALTER COLUMN id SET DEFAULT nextval('repo_ ALTER TABLE ONLY repo_names ALTER COLUMN id SET DEFAULT nextval('repo_names_id_seq'::regclass); +ALTER TABLE ONLY tenants ALTER COLUMN id SET DEFAULT nextval('tenants_id_seq'::regclass); + ALTER TABLE ONLY archived_insight_series_recording_times ADD CONSTRAINT archived_insight_series_recor_insight_series_id_recording_t_key UNIQUE (insight_series_id, recording_time); @@ -790,82 +806,84 @@ ALTER TABLE ONLY series_points ALTER TABLE archived_insight_series_recording_times ENABLE ROW LEVEL SECURITY; -CREATE POLICY archived_insight_series_recording_times_isolation_policy ON archived_insight_series_recording_times USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE archived_series_points ENABLE ROW LEVEL SECURITY; -CREATE POLICY archived_series_points_isolation_policy ON archived_series_points USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE dashboard ENABLE ROW LEVEL SECURITY; ALTER TABLE dashboard_grants ENABLE ROW LEVEL SECURITY; -CREATE POLICY dashboard_grants_isolation_policy ON dashboard_grants USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE dashboard_insight_view ENABLE ROW LEVEL SECURITY; -CREATE POLICY dashboard_insight_view_isolation_policy ON dashboard_insight_view USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - -CREATE POLICY dashboard_isolation_policy ON dashboard USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE insight_series ENABLE ROW LEVEL SECURITY; ALTER TABLE insight_series_backfill ENABLE ROW LEVEL SECURITY; -CREATE POLICY insight_series_backfill_isolation_policy ON insight_series_backfill USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE insight_series_incomplete_points ENABLE ROW LEVEL SECURITY; -CREATE POLICY insight_series_incomplete_points_isolation_policy ON insight_series_incomplete_points USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - -CREATE POLICY insight_series_isolation_policy ON insight_series USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE insight_series_recording_times ENABLE ROW LEVEL SECURITY; -CREATE POLICY insight_series_recording_times_isolation_policy ON insight_series_recording_times USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE insight_view ENABLE ROW LEVEL SECURITY; ALTER TABLE insight_view_grants ENABLE ROW LEVEL SECURITY; -CREATE POLICY insight_view_grants_isolation_policy ON insight_view_grants USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - -CREATE POLICY insight_view_isolation_policy ON insight_view USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE insight_view_series ENABLE ROW LEVEL SECURITY; -CREATE POLICY insight_view_series_isolation_policy ON insight_view_series USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE insights_background_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY insights_background_jobs_isolation_policy ON insights_background_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE insights_data_retention_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY insights_data_retention_jobs_isolation_policy ON insights_data_retention_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE metadata ENABLE ROW LEVEL SECURITY; -CREATE POLICY metadata_isolation_policy ON metadata USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE repo_iterator ENABLE ROW LEVEL SECURITY; ALTER TABLE repo_iterator_errors ENABLE ROW LEVEL SECURITY; -CREATE POLICY repo_iterator_errors_isolation_policy ON repo_iterator_errors USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE repo_names ENABLE ROW LEVEL SECURITY; -CREATE POLICY repo_iterator_isolation_policy ON repo_iterator USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE series_points ENABLE ROW LEVEL SECURITY; -ALTER TABLE repo_names ENABLE ROW LEVEL SECURITY; +ALTER TABLE series_points_snapshots ENABLE ROW LEVEL SECURITY; -CREATE POLICY repo_names_isolation_policy ON repo_names USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON archived_insight_series_recording_times USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE series_points ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON archived_series_points USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY series_points_isolation_policy ON series_points USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON dashboard USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE series_points_snapshots ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON dashboard_grants USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON dashboard_insight_view USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON insight_series USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON insight_series_backfill USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON insight_series_incomplete_points USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON insight_series_recording_times USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON insight_view USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON insight_view_grants USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON insight_view_series USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON insights_background_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); + +CREATE POLICY tenant_isolation_policy ON insights_data_retention_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); + +CREATE POLICY tenant_isolation_policy ON metadata USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON repo_iterator USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON repo_iterator_errors USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON repo_names USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON series_points USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON series_points_snapshots USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY series_points_snapshots_isolation_policy ON series_points_snapshots USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +INSERT INTO tenants (id, name, created_at, updated_at, state, workspace_id, display_name, external_url) VALUES (1, 'default', '2024-09-28 09:41:00+00', '2024-09-28 09:41:00+00', 'active', '6a6b043c-ffed-42ec-b1f4-abc231cd7222', NULL, ''); -INSERT INTO tenants (id, name, created_at, updated_at, state, workspace_id, display_name) VALUES (1, 'default', '2024-09-28 09:41:00+00', '2024-09-28 09:41:00+00', 'active', '6a6b043c-ffed-42ec-b1f4-abc231cd7222', NULL); \ No newline at end of file +SELECT pg_catalog.setval('tenants_id_seq', 1, true); \ No newline at end of file diff --git a/migrations/codeintel/1732716553_tenant_policy_init_plan/down.sql b/migrations/codeintel/1732716553_tenant_policy_init_plan/down.sql new file mode 100644 index 0000000..8fd3d85 --- /dev/null +++ b/migrations/codeintel/1732716553_tenant_policy_init_plan/down.sql @@ -0,0 +1,24 @@ +CREATE OR REPLACE FUNCTION migrate_tenant_policy_init_plan_codeintel(table_name text) +RETURNS void AS $$ +BEGIN + EXECUTE format('CREATE POLICY tenant_isolation_policy_new ON %I USING ((tenant_id = (current_setting(''app.current_tenant''::text))::integer));', table_name, table_name); + EXECUTE format('DROP POLICY IF EXISTS tenant_isolation_policy ON %I', table_name); + EXECUTE format('DROP POLICY IF EXISTS %I_isolation_policy ON %I', table_name, table_name); + EXECUTE format('ALTER POLICY tenant_isolation_policy_new ON %I RENAME TO %I_isolation_policy', table_name, table_name); +END; +$$ LANGUAGE plpgsql; + +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_last_reconcile'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_document_lookup'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_document_lookup_schema_versions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_documents_dereference_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_documents'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_metadata'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_symbol_names'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_symbols'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_symbols_schema_versions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('rockskip_ancestry'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('rockskip_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('rockskip_symbols'); COMMIT AND CHAIN; + +DROP FUNCTION migrate_tenant_policy_init_plan_codeintel(text); diff --git a/migrations/codeintel/1732716553_tenant_policy_init_plan/metadata.yaml b/migrations/codeintel/1732716553_tenant_policy_init_plan/metadata.yaml new file mode 100644 index 0000000..21e128d --- /dev/null +++ b/migrations/codeintel/1732716553_tenant_policy_init_plan/metadata.yaml @@ -0,0 +1,3 @@ +name: tenant policy init plan +parents: [1727399325, 1728357053, 1725546291, 1726095852, 1727489142] +bestEffortTerminateBlockingTransactions: true diff --git a/migrations/codeintel/1732716553_tenant_policy_init_plan/up.sql b/migrations/codeintel/1732716553_tenant_policy_init_plan/up.sql new file mode 100644 index 0000000..0ab335b --- /dev/null +++ b/migrations/codeintel/1732716553_tenant_policy_init_plan/up.sql @@ -0,0 +1,28 @@ +-- This migration updates our tenant_isolation_policy such that we can +-- evaluate app.current_tenant once in the init plan. Additionally we move to +-- using a single policy name for all tables. + +CREATE OR REPLACE FUNCTION migrate_tenant_policy_init_plan_codeintel(table_name text) +RETURNS void AS $$ +BEGIN + EXECUTE format('CREATE POLICY tenant_isolation_policy_new ON %I USING (tenant_id = (SELECT current_setting(''app.current_tenant''::text)::integer AS current_tenant))', table_name); + EXECUTE format('DROP POLICY IF EXISTS tenant_isolation_policy ON %I', table_name); + EXECUTE format('DROP POLICY IF EXISTS %I_isolation_policy ON %I', table_name, table_name); + EXECUTE format('ALTER POLICY tenant_isolation_policy_new ON %I RENAME TO tenant_isolation_policy', table_name); +END; +$$ LANGUAGE plpgsql; + +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_last_reconcile'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_document_lookup'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_document_lookup_schema_versions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_documents_dereference_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_documents'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_metadata'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_symbol_names'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_symbols'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('codeintel_scip_symbols_schema_versions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('rockskip_ancestry'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('rockskip_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_codeintel('rockskip_symbols'); COMMIT AND CHAIN; + +DROP FUNCTION migrate_tenant_policy_init_plan_codeintel(text); diff --git a/migrations/codeintel/1732783493_tenants_add_external_url/down.sql b/migrations/codeintel/1732783493_tenants_add_external_url/down.sql new file mode 100644 index 0000000..55b792b --- /dev/null +++ b/migrations/codeintel/1732783493_tenants_add_external_url/down.sql @@ -0,0 +1 @@ +ALTER TABLE tenants DROP COLUMN IF EXISTS external_url; diff --git a/migrations/codeintel/1732783493_tenants_add_external_url/metadata.yaml b/migrations/codeintel/1732783493_tenants_add_external_url/metadata.yaml new file mode 100644 index 0000000..62d3fa0 --- /dev/null +++ b/migrations/codeintel/1732783493_tenants_add_external_url/metadata.yaml @@ -0,0 +1,2 @@ +name: tenants_add_external_url +parents: [1727399325, 1728357053, 1725546291, 1726095852, 1727489142] diff --git a/migrations/codeintel/1732783493_tenants_add_external_url/up.sql b/migrations/codeintel/1732783493_tenants_add_external_url/up.sql new file mode 100644 index 0000000..69d710a --- /dev/null +++ b/migrations/codeintel/1732783493_tenants_add_external_url/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE tenants + ADD COLUMN IF NOT EXISTS external_url TEXT NOT NULL DEFAULT '' CHECK (LOWER(external_url) = external_url); diff --git a/migrations/codeintel/1733175891_make_tenantsid_a_serial/down.sql b/migrations/codeintel/1733175891_make_tenantsid_a_serial/down.sql new file mode 100644 index 0000000..5ba793a --- /dev/null +++ b/migrations/codeintel/1733175891_make_tenantsid_a_serial/down.sql @@ -0,0 +1,3 @@ +ALTER TABLE tenants ALTER COLUMN id DROP DEFAULT; + +DROP SEQUENCE IF EXISTS tenants_id_seq; diff --git a/migrations/codeintel/1733175891_make_tenantsid_a_serial/metadata.yaml b/migrations/codeintel/1733175891_make_tenantsid_a_serial/metadata.yaml new file mode 100644 index 0000000..92f745f --- /dev/null +++ b/migrations/codeintel/1733175891_make_tenantsid_a_serial/metadata.yaml @@ -0,0 +1,2 @@ +name: Make tenants.id a SERIAL +parents: [1732716553, 1732783493] diff --git a/migrations/codeintel/1733175891_make_tenantsid_a_serial/up.sql b/migrations/codeintel/1733175891_make_tenantsid_a_serial/up.sql new file mode 100644 index 0000000..fb6e32a --- /dev/null +++ b/migrations/codeintel/1733175891_make_tenantsid_a_serial/up.sql @@ -0,0 +1,10 @@ +-- Make sure we start with at least 2 to leave room for the default tenant. +CREATE SEQUENCE IF NOT EXISTS tenants_id_seq AS integer START WITH 2; + +ALTER TABLE tenants ALTER COLUMN id SET DEFAULT nextval('tenants_id_seq'); + +-- Adjust the sequence to match the current maximum value in the column. +SELECT setval('tenants_id_seq', COALESCE(MAX(id), 1)) FROM tenants; + +-- Ensure the sequence is owned by the column (for cleanup on table drop). +ALTER SEQUENCE tenants_id_seq OWNED BY tenants.id; diff --git a/migrations/codeintel/1733926716_drop_tenant/down.sql b/migrations/codeintel/1733926716_drop_tenant/down.sql new file mode 100644 index 0000000..0947410 --- /dev/null +++ b/migrations/codeintel/1733926716_drop_tenant/down.sql @@ -0,0 +1 @@ +-- noop since 1734544580_add_tenant_back diff --git a/migrations/codeintel/1733926716_drop_tenant/metadata.yaml b/migrations/codeintel/1733926716_drop_tenant/metadata.yaml new file mode 100644 index 0000000..5ebc329 --- /dev/null +++ b/migrations/codeintel/1733926716_drop_tenant/metadata.yaml @@ -0,0 +1,2 @@ +name: drop tenant +parents: [1733175891] diff --git a/migrations/codeintel/1733926716_drop_tenant/up.sql b/migrations/codeintel/1733926716_drop_tenant/up.sql new file mode 100644 index 0000000..0947410 --- /dev/null +++ b/migrations/codeintel/1733926716_drop_tenant/up.sql @@ -0,0 +1 @@ +-- noop since 1734544580_add_tenant_back diff --git a/migrations/codeintel/1734544580_add_tenant_back/down.sql b/migrations/codeintel/1734544580_add_tenant_back/down.sql new file mode 100644 index 0000000..62e3628 --- /dev/null +++ b/migrations/codeintel/1734544580_add_tenant_back/down.sql @@ -0,0 +1 @@ +-- noop since it undoes 1733926716_drop_tenant diff --git a/migrations/codeintel/1734544580_add_tenant_back/metadata.yaml b/migrations/codeintel/1734544580_add_tenant_back/metadata.yaml new file mode 100644 index 0000000..b2d9c6a --- /dev/null +++ b/migrations/codeintel/1734544580_add_tenant_back/metadata.yaml @@ -0,0 +1,2 @@ +name: add_tenant_back +parents: [1733926716] diff --git a/migrations/codeintel/1734544580_add_tenant_back/up.sql b/migrations/codeintel/1734544580_add_tenant_back/up.sql new file mode 100644 index 0000000..25b86b8 --- /dev/null +++ b/migrations/codeintel/1734544580_add_tenant_back/up.sql @@ -0,0 +1,34 @@ +-- undoes 1733926716_drop_tenant which is now a noop + +CREATE TABLE IF NOT EXISTS tenants ( + id bigint PRIMARY KEY, + name text NOT NULL, + created_at timestamp with time zone NOT NULL DEFAULT now(), + updated_at timestamp with time zone NOT NULL DEFAULT now(), + workspace_id uuid NOT NULL, + display_name text, + state tenant_state NOT NULL DEFAULT 'active'::tenant_state, + external_url text NOT NULL DEFAULT '', + CONSTRAINT tenants_name_key UNIQUE (name), + CONSTRAINT tenants_workspace_id_key UNIQUE (workspace_id), + CONSTRAINT tenant_name_length CHECK (char_length(name) <= 32 AND char_length(name) >= 3), + CONSTRAINT tenant_name_valid_chars CHECK (name ~ '^[a-z](?:[a-z0-9\_-])*[a-z0-9]$'::text), + CONSTRAINT tenants_external_url_check CHECK (lower(external_url) = external_url) +); + +COMMENT ON TABLE tenants IS 'The table that holds all tenants known to the instance. In enterprise instances, this table will only contain the "default" tenant.'; +COMMENT ON COLUMN tenants.id IS 'The ID of the tenant. To keep tenants globally addressable, and be able to move them aronud instances more easily, the ID is NOT a serial and has to be specified explicitly. The creator of the tenant is responsible for choosing a unique ID, if it cares.'; +COMMENT ON COLUMN tenants.name IS 'The name of the tenant. This may be displayed to the user and must be unique.'; + +INSERT INTO tenants (id, name, workspace_id, created_at, updated_at) VALUES (1, 'default', '6a6b043c-ffed-42ec-b1f4-abc231cd7222', '2024-09-28 09:41:00.000000+00', '2024-09-28 09:41:00.000000+00') ON CONFLICT DO NOTHING; + +-- Make sure we start with at least 2 to leave room for the default tenant. +CREATE SEQUENCE IF NOT EXISTS tenants_id_seq AS integer START WITH 2; + +ALTER TABLE tenants ALTER COLUMN id SET DEFAULT nextval('tenants_id_seq'); + +-- Adjust the sequence to match the current maximum value in the column. +SELECT setval('tenants_id_seq', COALESCE(MAX(id), 1)) FROM tenants; + +-- Ensure the sequence is owned by the column (for cleanup on table drop). +ALTER SEQUENCE tenants_id_seq OWNED BY tenants.id; diff --git a/migrations/codeintel/squashed.sql b/migrations/codeintel/squashed.sql index d02722e..d2ddeb0 100644 --- a/migrations/codeintel/squashed.sql +++ b/migrations/codeintel/squashed.sql @@ -351,8 +351,10 @@ CREATE TABLE tenants ( workspace_id uuid NOT NULL, display_name text, state tenant_state DEFAULT 'active'::tenant_state NOT NULL, + external_url text DEFAULT ''::text NOT NULL, CONSTRAINT tenant_name_length CHECK (((char_length(name) <= 32) AND (char_length(name) >= 3))), - CONSTRAINT tenant_name_valid_chars CHECK ((name ~ '^[a-z](?:[a-z0-9\_-])*[a-z0-9]$'::text)) + CONSTRAINT tenant_name_valid_chars CHECK ((name ~ '^[a-z](?:[a-z0-9\_-])*[a-z0-9]$'::text)), + CONSTRAINT tenants_external_url_check CHECK ((lower(external_url) = external_url)) ); COMMENT ON TABLE tenants IS 'The table that holds all tenants known to the instance. In enterprise instances, this table will only contain the "default" tenant.'; @@ -367,6 +369,16 @@ COMMENT ON COLUMN tenants.display_name IS 'An optional display name for the tena COMMENT ON COLUMN tenants.state IS 'The state of the tenant. Can be active, suspended, dormant or deleted.'; +CREATE SEQUENCE tenants_id_seq + AS integer + START WITH 2 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE tenants_id_seq OWNED BY tenants.id; + ALTER TABLE ONLY codeintel_scip_document_lookup ALTER COLUMN id SET DEFAULT nextval('codeintel_scip_document_lookup_id_seq'::regclass); ALTER TABLE ONLY codeintel_scip_documents ALTER COLUMN id SET DEFAULT nextval('codeintel_scip_documents_id_seq'::regclass); @@ -381,6 +393,8 @@ ALTER TABLE ONLY rockskip_repos ALTER COLUMN id SET DEFAULT nextval('rockskip_re ALTER TABLE ONLY rockskip_symbols ALTER COLUMN id SET DEFAULT nextval('rockskip_symbols_id_seq'::regclass); +ALTER TABLE ONLY tenants ALTER COLUMN id SET DEFAULT nextval('tenants_id_seq'::regclass); + ALTER TABLE ONLY codeintel_last_reconcile ADD CONSTRAINT codeintel_last_reconcile_dump_id_key UNIQUE (dump_id); @@ -472,50 +486,52 @@ ALTER TABLE ONLY codeintel_scip_symbols ALTER TABLE codeintel_last_reconcile ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_last_reconcile_isolation_policy ON codeintel_last_reconcile USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeintel_scip_document_lookup ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_scip_document_lookup_isolation_policy ON codeintel_scip_document_lookup USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeintel_scip_document_lookup_schema_versions ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_scip_document_lookup_schema_versions_isolation_policy ON codeintel_scip_document_lookup_schema_versions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeintel_scip_documents ENABLE ROW LEVEL SECURITY; ALTER TABLE codeintel_scip_documents_dereference_logs ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_scip_documents_dereference_logs_isolation_policy ON codeintel_scip_documents_dereference_logs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE codeintel_scip_metadata ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_scip_documents_isolation_policy ON codeintel_scip_documents USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE codeintel_scip_symbol_names ENABLE ROW LEVEL SECURITY; -ALTER TABLE codeintel_scip_metadata ENABLE ROW LEVEL SECURITY; +ALTER TABLE codeintel_scip_symbols ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_scip_metadata_isolation_policy ON codeintel_scip_metadata USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE codeintel_scip_symbols_schema_versions ENABLE ROW LEVEL SECURITY; -ALTER TABLE codeintel_scip_symbol_names ENABLE ROW LEVEL SECURITY; +ALTER TABLE rockskip_ancestry ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_scip_symbol_names_isolation_policy ON codeintel_scip_symbol_names USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE rockskip_repos ENABLE ROW LEVEL SECURITY; -ALTER TABLE codeintel_scip_symbols ENABLE ROW LEVEL SECURITY; +ALTER TABLE rockskip_symbols ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_scip_symbols_isolation_policy ON codeintel_scip_symbols USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON codeintel_last_reconcile USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE codeintel_scip_symbols_schema_versions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON codeintel_scip_document_lookup USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY codeintel_scip_symbols_schema_versions_isolation_policy ON codeintel_scip_symbols_schema_versions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON codeintel_scip_document_lookup_schema_versions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE rockskip_ancestry ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON codeintel_scip_documents USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY rockskip_ancestry_isolation_policy ON rockskip_ancestry USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON codeintel_scip_documents_dereference_logs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE rockskip_repos ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON codeintel_scip_metadata USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY rockskip_repos_isolation_policy ON rockskip_repos USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON codeintel_scip_symbol_names USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE rockskip_symbols ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON codeintel_scip_symbols USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON codeintel_scip_symbols_schema_versions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON rockskip_ancestry USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON rockskip_repos USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON rockskip_symbols USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY rockskip_symbols_isolation_policy ON rockskip_symbols USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +INSERT INTO tenants (id, name, created_at, updated_at, workspace_id, display_name, state, external_url) VALUES (1, 'default', '2024-09-28 09:41:00+00', '2024-09-28 09:41:00+00', '6a6b043c-ffed-42ec-b1f4-abc231cd7222', NULL, 'active', ''); -INSERT INTO tenants (id, name, created_at, updated_at, workspace_id, display_name, state) VALUES (1, 'default', '2024-09-28 09:41:00+00', '2024-09-28 09:41:00+00', '6a6b043c-ffed-42ec-b1f4-abc231cd7222', NULL, 'active'); \ No newline at end of file +SELECT pg_catalog.setval('tenants_id_seq', 1, true); \ No newline at end of file diff --git a/migrations/frontend/1729579045_remove_event_logs_export_allowlist/down.sql b/migrations/frontend/1729579045_remove_event_logs_export_allowlist/down.sql index cdd5e77..91ee969 100644 --- a/migrations/frontend/1729579045_remove_event_logs_export_allowlist/down.sql +++ b/migrations/frontend/1729579045_remove_event_logs_export_allowlist/down.sql @@ -9,3 +9,8 @@ COMMENT ON TABLE event_logs_export_allowlist IS 'An allowlist of events that are COMMENT ON COLUMN event_logs_export_allowlist.event_name IS 'Name of the event that corresponds to event_logs.name'; CREATE UNIQUE INDEX IF NOT EXISTS event_logs_export_allowlist_event_name_idx ON event_logs_export_allowlist USING btree (event_name, tenant_id); + +ALTER TABLE event_logs_export_allowlist ENABLE ROW LEVEL SECURITY; + +DROP POLICY IF EXISTS event_logs_export_allowlist_isolation_policy ON event_logs_export_allowlist; +CREATE POLICY event_logs_export_allowlist_isolation_policy ON event_logs_export_allowlist USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); diff --git a/migrations/frontend/1730763013_make_dbworker_tenant_aware/down.sql b/migrations/frontend/1730763013_make_dbworker_tenant_aware/down.sql new file mode 100644 index 0000000..60496dd --- /dev/null +++ b/migrations/frontend/1730763013_make_dbworker_tenant_aware/down.sql @@ -0,0 +1,382 @@ +CREATE POLICY isolation_policy_2 ON batch_spec_resolution_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON batch_spec_resolution_jobs; +ALTER POLICY isolation_policy_2 ON batch_spec_resolution_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON batch_spec_workspace_execution_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON batch_spec_workspace_execution_jobs; +ALTER POLICY isolation_policy_2 ON batch_spec_workspace_execution_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON changeset_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON changeset_jobs; +ALTER POLICY isolation_policy_2 ON changeset_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON cm_action_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON cm_action_jobs; +ALTER POLICY isolation_policy_2 ON cm_action_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON cm_trigger_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON cm_trigger_jobs; +ALTER POLICY isolation_policy_2 ON cm_trigger_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON context_detection_embedding_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON context_detection_embedding_jobs; +ALTER POLICY isolation_policy_2 ON context_detection_embedding_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON exhaustive_search_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON exhaustive_search_jobs; +ALTER POLICY isolation_policy_2 ON exhaustive_search_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON exhaustive_search_repo_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON exhaustive_search_repo_jobs; +ALTER POLICY isolation_policy_2 ON exhaustive_search_repo_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON exhaustive_search_repo_revision_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON exhaustive_search_repo_revision_jobs; +ALTER POLICY isolation_policy_2 ON exhaustive_search_repo_revision_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON explicit_permissions_bitbucket_projects_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON explicit_permissions_bitbucket_projects_jobs; +ALTER POLICY isolation_policy_2 ON explicit_permissions_bitbucket_projects_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON external_service_sync_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON external_service_sync_jobs; +ALTER POLICY isolation_policy_2 ON external_service_sync_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON gitserver_relocator_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON gitserver_relocator_jobs; +ALTER POLICY isolation_policy_2 ON gitserver_relocator_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON insights_query_runner_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON insights_query_runner_jobs; +ALTER POLICY isolation_policy_2 ON insights_query_runner_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON lsif_dependency_indexing_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON lsif_dependency_indexing_jobs; +ALTER POLICY isolation_policy_2 ON lsif_dependency_indexing_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON lsif_dependency_syncing_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON lsif_dependency_syncing_jobs; +ALTER POLICY isolation_policy_2 ON lsif_dependency_syncing_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON lsif_indexes USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON lsif_indexes; +ALTER POLICY isolation_policy_2 ON lsif_indexes RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON lsif_uploads USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON lsif_uploads; +ALTER POLICY isolation_policy_2 ON lsif_uploads RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON outbound_webhook_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON outbound_webhook_jobs; +ALTER POLICY isolation_policy_2 ON outbound_webhook_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON own_background_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON own_background_jobs; +ALTER POLICY isolation_policy_2 ON own_background_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON permission_sync_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON permission_sync_jobs; +ALTER POLICY isolation_policy_2 ON permission_sync_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON repo_context_stats_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON repo_context_stats_jobs; +ALTER POLICY isolation_policy_2 ON repo_context_stats_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON repo_embedding_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON repo_embedding_jobs; +ALTER POLICY isolation_policy_2 ON repo_embedding_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON repo_update_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON repo_update_jobs; +ALTER POLICY isolation_policy_2 ON repo_update_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON syntactic_scip_indexing_jobs USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON syntactic_scip_indexing_jobs; +ALTER POLICY isolation_policy_2 ON syntactic_scip_indexing_jobs RENAME TO tenant_isolation_policy; + +CREATE POLICY isolation_policy_2 ON changesets USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON changesets; +ALTER POLICY isolation_policy_2 ON changesets RENAME TO tenant_isolation_policy; + +DROP VIEW IF EXISTS batch_spec_workspace_execution_jobs_with_rank; +CREATE OR REPLACE VIEW batch_spec_workspace_execution_jobs_with_rank AS +SELECT j.id, + j.batch_spec_workspace_id, + j.state, + j.failure_message, + j.started_at, + j.finished_at, + j.process_after, + j.num_resets, + j.num_failures, + j.execution_logs, + j.worker_hostname, + j.last_heartbeat_at, + j.created_at, + j.updated_at, + j.cancel, + j.queued_at, + j.user_id, + j.version, + q.place_in_global_queue, + q.place_in_user_queue +FROM batch_spec_workspace_execution_jobs j +LEFT JOIN batch_spec_workspace_execution_queue q ON j.id = q.id; + + +DROP VIEW IF EXISTS external_service_sync_jobs_with_next_sync_at; +CREATE OR REPLACE VIEW external_service_sync_jobs_with_next_sync_at AS +SELECT j.id, + j.state, + j.failure_message, + j.queued_at, + j.started_at, + j.finished_at, + j.process_after, + j.num_resets, + j.num_failures, + j.execution_logs, + j.external_service_id, + e.next_sync_at +FROM external_services e +JOIN external_service_sync_jobs j ON e.id = j.external_service_id; + + +DROP VIEW IF EXISTS gitserver_relocator_jobs_with_repo_name; +CREATE OR REPLACE VIEW gitserver_relocator_jobs_with_repo_name AS +SELECT glj.id, + glj.state, + glj.queued_at, + glj.failure_message, + glj.started_at, + glj.finished_at, + glj.process_after, + glj.num_resets, + glj.num_failures, + glj.last_heartbeat_at, + glj.execution_logs, + glj.worker_hostname, + glj.repo_id, + glj.source_hostname, + glj.dest_hostname, + glj.delete_source, + r.name AS repo_name +FROM gitserver_relocator_jobs glj +JOIN repo r ON r.id = glj.repo_id; + +DROP VIEW IF EXISTS lsif_dumps_with_repository_name; +DROP VIEW IF EXISTS lsif_dumps; +CREATE OR REPLACE VIEW lsif_dumps AS +SELECT u.id, + u.commit, + u.root, + u.queued_at, + u.uploaded_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.indexer, + u.indexer_version, + u.num_parts, + u.uploaded_parts, + u.process_after, + u.num_resets, + u.upload_size, + u.num_failures, + u.associated_index_id, + u.expired, + u.last_retention_scan_at, + u.finished_at AS processed_at +FROM lsif_uploads u +WHERE u.state = 'completed'::text + OR u.state = 'deleting'::text; + +CREATE OR REPLACE VIEW lsif_dumps_with_repository_name AS +SELECT u.id, + u.commit, + u.root, + u.queued_at, + u.uploaded_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.indexer, + u.indexer_version, + u.num_parts, + u.uploaded_parts, + u.process_after, + u.num_resets, + u.upload_size, + u.num_failures, + u.associated_index_id, + u.expired, + u.last_retention_scan_at, + u.processed_at, + r.name AS repository_name +FROM lsif_dumps u +JOIN repo r ON r.id = u.repository_id +WHERE r.deleted_at IS NULL; + + +DROP VIEW IF EXISTS lsif_uploads_with_repository_name; +CREATE OR REPLACE VIEW lsif_uploads_with_repository_name AS +SELECT u.id, + u.commit, + u.root, + u.queued_at, + u.uploaded_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.indexer, + u.indexer_version, + u.num_parts, + u.uploaded_parts, + u.process_after, + u.num_resets, + u.upload_size, + u.num_failures, + u.associated_index_id, + u.content_type, + u.should_reindex, + u.expired, + u.last_retention_scan_at, + r.name AS repository_name, + u.uncompressed_size +FROM lsif_uploads u +JOIN repo r ON r.id = u.repository_id +WHERE r.deleted_at IS NULL; + + +DROP VIEW IF EXISTS own_background_jobs_config_aware; +CREATE OR REPLACE VIEW own_background_jobs_config_aware AS +SELECT obj.id, + obj.state, + obj.failure_message, + obj.queued_at, + obj.started_at, + obj.finished_at, + obj.process_after, + obj.num_resets, + obj.num_failures, + obj.last_heartbeat_at, + obj.execution_logs, + obj.worker_hostname, + obj.cancel, + obj.repo_id, + obj.job_type, + osc.name AS config_name +FROM own_background_jobs obj +JOIN own_signal_configurations osc ON obj.job_type = osc.id +WHERE osc.enabled IS TRUE; + + +DROP VIEW IF EXISTS lsif_indexes_with_repository_name; +CREATE OR REPLACE VIEW lsif_indexes_with_repository_name AS +SELECT u.id, + u.commit, + u.queued_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.process_after, + u.num_resets, + u.num_failures, + u.docker_steps, + u.root, + u.indexer, + u.indexer_args, + u.outfile, + u.log_contents, + u.execution_logs, + u.local_steps, + u.should_reindex, + u.requested_envvars, + r.name AS repository_name, + u.enqueuer_user_id +FROM lsif_indexes u +JOIN repo r ON r.id = u.repository_id +WHERE r.deleted_at IS NULL; + + +DROP VIEW IF EXISTS syntactic_scip_indexing_jobs_with_repository_name; +CREATE OR REPLACE VIEW syntactic_scip_indexing_jobs_with_repository_name AS +SELECT u.id, + u.commit, + u.queued_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.process_after, + u.num_resets, + u.num_failures, + u.execution_logs, + u.should_reindex, + u.enqueuer_user_id, + r.name AS repository_name +FROM syntactic_scip_indexing_jobs u +JOIN repo r ON r.id = u.repository_id +WHERE r.deleted_at IS NULL; + +DROP VIEW IF EXISTS reconciler_changesets; +CREATE OR REPLACE VIEW reconciler_changesets AS +SELECT c.id, + c.batch_change_ids, + c.repo_id, + c.queued_at, + c.created_at, + c.updated_at, + c.metadata, + c.external_id, + c.external_service_type, + c.external_deleted_at, + c.external_branch, + c.external_updated_at, + c.external_state, + c.external_review_state, + c.external_check_state, + c.commit_verification, + c.diff_stat_added, + c.diff_stat_deleted, + c.sync_state, + c.current_spec_id, + c.previous_spec_id, + c.publication_state, + c.owned_by_batch_change_id, + c.reconciler_state, + c.computed_state, + c.failure_message, + c.started_at, + c.finished_at, + c.process_after, + c.num_resets, + c.closing, + c.num_failures, + c.log_contents, + c.execution_logs, + c.syncer_error, + c.external_title, + c.worker_hostname, + c.ui_publication_state, + c.last_heartbeat_at, + c.external_fork_name, + c.external_fork_namespace, + c.detached_at, + c.previous_failure_message + FROM (changesets c + JOIN repo r ON ((r.id = c.repo_id))) + WHERE ((r.deleted_at IS NULL) AND (EXISTS ( SELECT 1 + FROM ((batch_changes + LEFT JOIN users namespace_user ON ((batch_changes.namespace_user_id = namespace_user.id))) + LEFT JOIN orgs namespace_org ON ((batch_changes.namespace_org_id = namespace_org.id))) + WHERE ((c.batch_change_ids ? (batch_changes.id)::text) AND (namespace_user.deleted_at IS NULL) AND (namespace_org.deleted_at IS NULL))))); diff --git a/migrations/frontend/1730763013_make_dbworker_tenant_aware/metadata.yaml b/migrations/frontend/1730763013_make_dbworker_tenant_aware/metadata.yaml new file mode 100644 index 0000000..514524f --- /dev/null +++ b/migrations/frontend/1730763013_make_dbworker_tenant_aware/metadata.yaml @@ -0,0 +1,3 @@ +name: Make dbworker tenant aware +parents: [1732702405] +bestEffortTerminateBlockingTransactions: true diff --git a/migrations/frontend/1730763013_make_dbworker_tenant_aware/up.sql b/migrations/frontend/1730763013_make_dbworker_tenant_aware/up.sql new file mode 100644 index 0000000..828498b --- /dev/null +++ b/migrations/frontend/1730763013_make_dbworker_tenant_aware/up.sql @@ -0,0 +1,410 @@ +CREATE POLICY isolation_policy_2 ON batch_spec_resolution_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON batch_spec_resolution_jobs; +ALTER POLICY isolation_policy_2 ON batch_spec_resolution_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON batch_spec_workspace_execution_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON batch_spec_workspace_execution_jobs; +ALTER POLICY isolation_policy_2 ON batch_spec_workspace_execution_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON changeset_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON changeset_jobs; +ALTER POLICY isolation_policy_2 ON changeset_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON cm_action_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON cm_action_jobs; +ALTER POLICY isolation_policy_2 ON cm_action_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON cm_trigger_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON cm_trigger_jobs; +ALTER POLICY isolation_policy_2 ON cm_trigger_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON context_detection_embedding_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON context_detection_embedding_jobs; +ALTER POLICY isolation_policy_2 ON context_detection_embedding_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON exhaustive_search_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON exhaustive_search_jobs; +ALTER POLICY isolation_policy_2 ON exhaustive_search_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON exhaustive_search_repo_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON exhaustive_search_repo_jobs; +ALTER POLICY isolation_policy_2 ON exhaustive_search_repo_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON exhaustive_search_repo_revision_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON exhaustive_search_repo_revision_jobs; +ALTER POLICY isolation_policy_2 ON exhaustive_search_repo_revision_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON explicit_permissions_bitbucket_projects_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON explicit_permissions_bitbucket_projects_jobs; +ALTER POLICY isolation_policy_2 ON explicit_permissions_bitbucket_projects_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON external_service_sync_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON external_service_sync_jobs; +ALTER POLICY isolation_policy_2 ON external_service_sync_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON gitserver_relocator_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON gitserver_relocator_jobs; +ALTER POLICY isolation_policy_2 ON gitserver_relocator_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON insights_query_runner_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON insights_query_runner_jobs; +ALTER POLICY isolation_policy_2 ON insights_query_runner_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON lsif_dependency_indexing_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON lsif_dependency_indexing_jobs; +ALTER POLICY isolation_policy_2 ON lsif_dependency_indexing_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON lsif_dependency_syncing_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON lsif_dependency_syncing_jobs; +ALTER POLICY isolation_policy_2 ON lsif_dependency_syncing_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON lsif_indexes USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON lsif_indexes; +ALTER POLICY isolation_policy_2 ON lsif_indexes RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON lsif_uploads USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON lsif_uploads; +ALTER POLICY isolation_policy_2 ON lsif_uploads RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON outbound_webhook_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON outbound_webhook_jobs; +ALTER POLICY isolation_policy_2 ON outbound_webhook_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON own_background_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON own_background_jobs; +ALTER POLICY isolation_policy_2 ON own_background_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON permission_sync_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON permission_sync_jobs; +ALTER POLICY isolation_policy_2 ON permission_sync_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON repo_context_stats_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON repo_context_stats_jobs; +ALTER POLICY isolation_policy_2 ON repo_context_stats_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON repo_embedding_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON repo_embedding_jobs; +ALTER POLICY isolation_policy_2 ON repo_embedding_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON repo_update_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON repo_update_jobs; +ALTER POLICY isolation_policy_2 ON repo_update_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON syntactic_scip_indexing_jobs USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON syntactic_scip_indexing_jobs; +ALTER POLICY isolation_policy_2 ON syntactic_scip_indexing_jobs RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY isolation_policy_2 ON changesets USING ((SELECT current_setting('app.current_tenant'::text) = 'workertenant') OR tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'workertenant')::integer AS current_tenant)); +DROP POLICY tenant_isolation_policy ON changesets; +ALTER POLICY isolation_policy_2 ON changesets RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW batch_spec_workspace_execution_jobs_with_rank AS +SELECT j.id, + j.batch_spec_workspace_id, + j.state, + j.failure_message, + j.started_at, + j.finished_at, + j.process_after, + j.num_resets, + j.num_failures, + j.execution_logs, + j.worker_hostname, + j.last_heartbeat_at, + j.created_at, + j.updated_at, + j.cancel, + j.queued_at, + j.user_id, + j.version, + q.place_in_global_queue, + q.place_in_user_queue, + j.tenant_id +FROM batch_spec_workspace_execution_jobs j +LEFT JOIN batch_spec_workspace_execution_queue q ON j.id = q.id; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW external_service_sync_jobs_with_next_sync_at AS +SELECT j.id, + j.state, + j.failure_message, + j.queued_at, + j.started_at, + j.finished_at, + j.process_after, + j.num_resets, + j.num_failures, + j.execution_logs, + j.external_service_id, + e.next_sync_at, + e.tenant_id +FROM external_services e +JOIN external_service_sync_jobs j ON e.id = j.external_service_id; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW gitserver_relocator_jobs_with_repo_name AS +SELECT glj.id, + glj.state, + glj.queued_at, + glj.failure_message, + glj.started_at, + glj.finished_at, + glj.process_after, + glj.num_resets, + glj.num_failures, + glj.last_heartbeat_at, + glj.execution_logs, + glj.worker_hostname, + glj.repo_id, + glj.source_hostname, + glj.dest_hostname, + glj.delete_source, + r.name AS repo_name, + glj.tenant_id +FROM gitserver_relocator_jobs glj +JOIN repo r ON r.id = glj.repo_id; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW lsif_dumps AS +SELECT u.id, + u.commit, + u.root, + u.queued_at, + u.uploaded_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.indexer, + u.indexer_version, + u.num_parts, + u.uploaded_parts, + u.process_after, + u.num_resets, + u.upload_size, + u.num_failures, + u.associated_index_id, + u.expired, + u.last_retention_scan_at, + u.finished_at AS processed_at, + u.tenant_id +FROM lsif_uploads u +WHERE u.state = 'completed'::text + OR u.state = 'deleting'::text; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW lsif_dumps_with_repository_name AS +SELECT u.id, + u.commit, + u.root, + u.queued_at, + u.uploaded_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.indexer, + u.indexer_version, + u.num_parts, + u.uploaded_parts, + u.process_after, + u.num_resets, + u.upload_size, + u.num_failures, + u.associated_index_id, + u.expired, + u.last_retention_scan_at, + u.processed_at, + r.name AS repository_name, + u.tenant_id +FROM lsif_dumps u +JOIN repo r ON r.id = u.repository_id +WHERE r.deleted_at IS NULL; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW lsif_uploads_with_repository_name AS +SELECT u.id, + u.commit, + u.root, + u.queued_at, + u.uploaded_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.indexer, + u.indexer_version, + u.num_parts, + u.uploaded_parts, + u.process_after, + u.num_resets, + u.upload_size, + u.num_failures, + u.associated_index_id, + u.content_type, + u.should_reindex, + u.expired, + u.last_retention_scan_at, + r.name AS repository_name, + u.uncompressed_size, + u.tenant_id +FROM lsif_uploads u +JOIN repo r ON r.id = u.repository_id +WHERE r.deleted_at IS NULL; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW own_background_jobs_config_aware AS +SELECT obj.id, + obj.state, + obj.failure_message, + obj.queued_at, + obj.started_at, + obj.finished_at, + obj.process_after, + obj.num_resets, + obj.num_failures, + obj.last_heartbeat_at, + obj.execution_logs, + obj.worker_hostname, + obj.cancel, + obj.repo_id, + obj.job_type, + osc.name AS config_name, + obj.tenant_id +FROM own_background_jobs obj +JOIN own_signal_configurations osc ON obj.job_type = osc.id +WHERE osc.enabled IS TRUE; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW lsif_indexes_with_repository_name AS +SELECT u.id, + u.commit, + u.queued_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.process_after, + u.num_resets, + u.num_failures, + u.docker_steps, + u.root, + u.indexer, + u.indexer_args, + u.outfile, + u.log_contents, + u.execution_logs, + u.local_steps, + u.should_reindex, + u.requested_envvars, + r.name AS repository_name, + u.enqueuer_user_id, + u.tenant_id +FROM lsif_indexes u +JOIN repo r ON r.id = u.repository_id +WHERE r.deleted_at IS NULL; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW syntactic_scip_indexing_jobs_with_repository_name AS +SELECT u.id, + u.commit, + u.queued_at, + u.state, + u.failure_message, + u.started_at, + u.finished_at, + u.repository_id, + u.process_after, + u.num_resets, + u.num_failures, + u.execution_logs, + u.should_reindex, + u.enqueuer_user_id, + r.name AS repository_name, + u.tenant_id +FROM syntactic_scip_indexing_jobs u +JOIN repo r ON r.id = u.repository_id +WHERE r.deleted_at IS NULL; +COMMIT AND CHAIN; + +CREATE OR REPLACE VIEW reconciler_changesets AS +SELECT c.id, + c.batch_change_ids, + c.repo_id, + c.queued_at, + c.created_at, + c.updated_at, + c.metadata, + c.external_id, + c.external_service_type, + c.external_deleted_at, + c.external_branch, + c.external_updated_at, + c.external_state, + c.external_review_state, + c.external_check_state, + c.commit_verification, + c.diff_stat_added, + c.diff_stat_deleted, + c.sync_state, + c.current_spec_id, + c.previous_spec_id, + c.publication_state, + c.owned_by_batch_change_id, + c.reconciler_state, + c.computed_state, + c.failure_message, + c.started_at, + c.finished_at, + c.process_after, + c.num_resets, + c.closing, + c.num_failures, + c.log_contents, + c.execution_logs, + c.syncer_error, + c.external_title, + c.worker_hostname, + c.ui_publication_state, + c.last_heartbeat_at, + c.external_fork_name, + c.external_fork_namespace, + c.detached_at, + c.previous_failure_message, + c.tenant_id + FROM (changesets c + JOIN repo r ON ((r.id = c.repo_id))) + WHERE ((r.deleted_at IS NULL) AND (EXISTS ( SELECT 1 + FROM ((batch_changes + LEFT JOIN users namespace_user ON ((batch_changes.namespace_user_id = namespace_user.id))) + LEFT JOIN orgs namespace_org ON ((batch_changes.namespace_org_id = namespace_org.id))) + WHERE ((c.batch_change_ids ? (batch_changes.id)::text) AND (namespace_user.deleted_at IS NULL) AND (namespace_org.deleted_at IS NULL))))); diff --git a/migrations/frontend/1732032110_contributor_data/down.sql b/migrations/frontend/1732032110_contributor_data/down.sql new file mode 100644 index 0000000..b112fdd --- /dev/null +++ b/migrations/frontend/1732032110_contributor_data/down.sql @@ -0,0 +1,3 @@ +DROP TABLE IF EXISTS contributor_data; +DROP TABLE IF EXISTS contributor_repos; +DROP TABLE IF EXISTS contributor_jobs; diff --git a/migrations/frontend/1732032110_contributor_data/metadata.yaml b/migrations/frontend/1732032110_contributor_data/metadata.yaml new file mode 100644 index 0000000..94fa583 --- /dev/null +++ b/migrations/frontend/1732032110_contributor_data/metadata.yaml @@ -0,0 +1,2 @@ +name: Contributor data +parents: [1729862219, 1731708707] diff --git a/migrations/frontend/1732032110_contributor_data/up.sql b/migrations/frontend/1732032110_contributor_data/up.sql new file mode 100644 index 0000000..5e3934f --- /dev/null +++ b/migrations/frontend/1732032110_contributor_data/up.sql @@ -0,0 +1,51 @@ +CREATE TABLE IF NOT EXISTS contributor_data +( + author_email TEXT NOT NULL, + repo_id INTEGER NOT NULL REFERENCES repo (id) ON DELETE CASCADE, + author_name TEXT NOT NULL, + most_recent_commit_sha TEXT NOT NULL, + last_commit_date TIMESTAMP WITH TIME ZONE NOT NULL, + number_of_commits INTEGER NOT NULL, + tenant_id INTEGER NOT NULL DEFAULT current_setting('app.current_tenant')::integer, + PRIMARY KEY (tenant_id, author_email, author_name, repo_id) +); +ALTER TABLE contributor_data ENABLE ROW LEVEL SECURITY; +DROP POLICY IF EXISTS tenant_isolation_policy ON contributor_data; +CREATE POLICY tenant_isolation_policy ON contributor_data AS PERMISSIVE FOR ALL TO PUBLIC USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); + +CREATE TABLE IF NOT EXISTS contributor_repos +( + repo_id INTEGER NOT NULL REFERENCES repo (id) ON DELETE CASCADE, + last_processed_commit_sha TEXT NOT NULL, + tenant_id INTEGER NOT NULL DEFAULT current_setting('app.current_tenant')::integer, + PRIMARY KEY (tenant_id, repo_id) +); +ALTER TABLE contributor_repos ENABLE ROW LEVEL SECURITY; +DROP POLICY IF EXISTS tenant_isolation_policy ON contributor_repos; +CREATE POLICY tenant_isolation_policy ON contributor_repos AS PERMISSIVE FOR ALL TO PUBLIC USING (tenant_id = (SELECT current_setting('app.current_tenant'::text)::integer AS current_tenant)); + +CREATE TABLE IF NOT EXISTS contributor_jobs +( + id SERIAL PRIMARY KEY, + state text DEFAULT 'queued', + failure_message text, + queued_at timestamp with time zone DEFAULT NOW(), + started_at timestamp with time zone, + finished_at timestamp with time zone, + process_after timestamp with time zone, + num_resets integer not null default 0, + num_failures integer not null default 0, + last_heartbeat_at timestamp with time zone, + execution_logs json[], + worker_hostname text not null default '', + cancel boolean not null default false, + + repo_id INTEGER NOT NULL REFERENCES repo (id) ON DELETE CASCADE, + repo_name TEXT NOT NULL, + from_commit TEXT, + tenant_id INTEGER NOT NULL DEFAULT current_setting('app.current_tenant')::integer +); + +ALTER TABLE contributor_jobs ENABLE ROW LEVEL SECURITY; +DROP POLICY IF EXISTS tenant_isolation_policy ON contributor_jobs; +CREATE POLICY tenant_isolation_policy ON contributor_jobs AS PERMISSIVE FOR ALL TO PUBLIC USING (( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant))); diff --git a/migrations/frontend/1732702405_tenant_policy_init_plan/down.sql b/migrations/frontend/1732702405_tenant_policy_init_plan/down.sql new file mode 100644 index 0000000..559cccc --- /dev/null +++ b/migrations/frontend/1732702405_tenant_policy_init_plan/down.sql @@ -0,0 +1,203 @@ +CREATE OR REPLACE FUNCTION migrate_tenant_policy_init_plan_frontend(table_name text) +RETURNS void AS $$ +BEGIN + EXECUTE format('CREATE POLICY tenant_isolation_policy_new ON %I USING ((tenant_id = (current_setting(''app.current_tenant''::text))::integer));', table_name, table_name); + EXECUTE format('DROP POLICY IF EXISTS tenant_isolation_policy ON %I', table_name); + EXECUTE format('DROP POLICY IF EXISTS %I_isolation_policy ON %I', table_name, table_name); + EXECUTE format('ALTER POLICY tenant_isolation_policy_new ON %I RENAME TO %I_isolation_policy', table_name, table_name); +END; +$$ LANGUAGE plpgsql; + +SELECT migrate_tenant_policy_init_plan_frontend('access_requests'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('access_tokens'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('aggregated_user_statistics'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('assigned_owners'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('assigned_teams'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_changes'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_changes_site_credentials'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_execution_cache_entries'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_resolution_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_workspace_execution_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_workspace_execution_last_dequeues'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_workspace_files'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_workspaces'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_specs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cached_available_indexers'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('changeset_events'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('changeset_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('changeset_specs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('changesets'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_action_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_emails'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_last_searched'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_monitors'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_queries'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_recipients'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_slack_webhooks'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_trigger_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_webhooks'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('code_hosts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_autoindex_queue'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_autoindexing_exceptions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_commit_dates'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_inference_scripts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_langugage_support_requests'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeowners_individual_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeowners'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeowners_owners'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cody_audit_log'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('commit_authors'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('configuration_policies_audit_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('context_detection_embedding_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('discussion_comments'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('discussion_mail_reply_tokens'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('discussion_threads'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('discussion_threads_target_repo'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('event_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('event_logs_scrape_state'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('event_logs_scrape_state_own'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('executor_heartbeats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('executor_job_tokens'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('executor_secret_access_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('executor_secrets'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('exhaustive_search_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('exhaustive_search_repo_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('exhaustive_search_repo_revision_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('explicit_permissions_bitbucket_projects_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('external_service_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('external_service_sync_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('external_services'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('feature_flag_overrides'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('feature_flags'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('github_app_installs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('github_apps'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('gitserver_relocator_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('gitserver_repos_statistics'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('gitserver_repos_sync_output'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('global_state'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('insights_query_runner_jobs_dependencies'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('insights_query_runner_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('insights_settings_migration_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_configuration_policies'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_configuration_policies_repository_pattern_lookup'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_dependency_indexing_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_dependency_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_dependency_syncing_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_dirty_repositories'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_index_configuration'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_indexes'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_last_index_scan'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_last_retention_scan'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_nearest_uploads'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_nearest_uploads_links'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_packages'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_references'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_retention_configuration'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads_audit_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads_reference_counts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads_visible_at_tip'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads_vulnerability_scan'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('names'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('namespace_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('notebook_stars'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('notebooks'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('org_invitations'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('org_members'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('org_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('orgs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('out_of_band_migrations_errors'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('outbound_webhook_event_types'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('outbound_webhook_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('outbound_webhook_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('outbound_webhooks'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_aggregate_recent_contribution'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_aggregate_recent_view'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_background_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_signal_configurations'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_signal_recent_contribution'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('ownership_path_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('package_repo_filters'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('package_repo_versions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('permission_sync_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('phabricator_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('prompts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('query_runner_state'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('registry_extension_releases'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('registry_extensions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_commits_changelists'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_context_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_context_stats_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_embedding_job_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_embedding_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_kvps'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_paths'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_pending_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_statistics'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_update_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('role_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('roles'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('saved_searches'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('search_context_default'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('search_context_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('search_context_stars'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('search_contexts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('security_event_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('settings'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('sub_repo_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('survey_responses'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('syntactic_scip_indexing_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('syntactic_scip_last_index_scan'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('team_members'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('teams'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('telemetry_events_export_queue'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('temporary_settings'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_credentials'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_emails'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_external_accounts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_onboarding_tour'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_pending_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_repo_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_roles'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('users'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('vulnerabilities'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('vulnerability_affected_packages'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('vulnerability_affected_symbols'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('vulnerability_matches'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('webhook_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('webhooks'); COMMIT AND CHAIN; + +CREATE POLICY tenant_isolation_policy_new ON gitserver_repos + USING ( + (current_setting('app.current_tenant'::text) = 'zoekttenant') OR + tenant_id = (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant')::integer) + ); +DROP POLICY IF EXISTS tenant_isolation_policy ON gitserver_repos; +DROP POLICY IF EXISTS gitserver_repos_isolation_policy ON gitserver_repos; +ALTER POLICY tenant_isolation_policy_new ON gitserver_repos RENAME TO gitserver_repos_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY tenant_isolation_policy_new ON repo + USING ( + (current_setting('app.current_tenant'::text) = 'zoekttenant') OR + tenant_id = (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant')::integer) + ); +DROP POLICY IF EXISTS tenant_isolation_policy ON repo; +DROP POLICY IF EXISTS repo_isolation_policy ON repo; +ALTER POLICY tenant_isolation_policy_new ON repo RENAME TO repo_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY tenant_isolation_policy_new ON zoekt_repos + USING ( + (current_setting('app.current_tenant'::text) = 'zoekttenant') OR + tenant_id = (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant')::integer) + ); +DROP POLICY IF EXISTS tenant_isolation_policy ON zoekt_repos; +DROP POLICY IF EXISTS zoekt_repos_isolation_policy ON zoekt_repos; +ALTER POLICY tenant_isolation_policy_new ON zoekt_repos RENAME TO zoekt_repos_isolation_policy; +COMMIT AND CHAIN; + +DROP FUNCTION migrate_tenant_policy_init_plan_frontend(text); diff --git a/migrations/frontend/1732702405_tenant_policy_init_plan/metadata.yaml b/migrations/frontend/1732702405_tenant_policy_init_plan/metadata.yaml new file mode 100644 index 0000000..135944d --- /dev/null +++ b/migrations/frontend/1732702405_tenant_policy_init_plan/metadata.yaml @@ -0,0 +1,3 @@ +name: tenant policy init plan +parents: [1730239195, 1731594915, 1732012685, 1732021884] +bestEffortTerminateBlockingTransactions: true diff --git a/migrations/frontend/1732702405_tenant_policy_init_plan/up.sql b/migrations/frontend/1732702405_tenant_policy_init_plan/up.sql new file mode 100644 index 0000000..8e1e5c2 --- /dev/null +++ b/migrations/frontend/1732702405_tenant_policy_init_plan/up.sql @@ -0,0 +1,208 @@ +-- This migration updates our tenant_isolation_policy such that we can +-- evaluate app.current_tenant once in the init plan. Additionally we move to +-- using a single policy name for all tables. + +CREATE OR REPLACE FUNCTION migrate_tenant_policy_init_plan_frontend(table_name text) +RETURNS void AS $$ +BEGIN + EXECUTE format('CREATE POLICY tenant_isolation_policy_new ON %I USING (tenant_id = (SELECT current_setting(''app.current_tenant''::text)::integer AS current_tenant))', table_name); + EXECUTE format('DROP POLICY IF EXISTS tenant_isolation_policy ON %I', table_name); + EXECUTE format('DROP POLICY IF EXISTS %I_isolation_policy ON %I', table_name, table_name); + EXECUTE format('ALTER POLICY tenant_isolation_policy_new ON %I RENAME TO tenant_isolation_policy', table_name); +END; +$$ LANGUAGE plpgsql; + +SELECT migrate_tenant_policy_init_plan_frontend('access_requests'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('access_tokens'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('aggregated_user_statistics'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('assigned_owners'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('assigned_teams'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_changes'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_changes_site_credentials'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_execution_cache_entries'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_resolution_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_workspace_execution_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_workspace_execution_last_dequeues'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_workspace_files'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_spec_workspaces'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('batch_specs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cached_available_indexers'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('changeset_events'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('changeset_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('changeset_specs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('changesets'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_action_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_emails'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_last_searched'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_monitors'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_queries'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_recipients'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_slack_webhooks'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_trigger_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cm_webhooks'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('code_hosts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_autoindex_queue'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_autoindexing_exceptions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_commit_dates'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_inference_scripts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeintel_langugage_support_requests'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeowners_individual_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeowners'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('codeowners_owners'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('cody_audit_log'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('commit_authors'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('configuration_policies_audit_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('context_detection_embedding_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('discussion_comments'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('discussion_mail_reply_tokens'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('discussion_threads'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('discussion_threads_target_repo'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('event_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('event_logs_scrape_state'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('event_logs_scrape_state_own'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('executor_heartbeats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('executor_job_tokens'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('executor_secret_access_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('executor_secrets'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('exhaustive_search_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('exhaustive_search_repo_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('exhaustive_search_repo_revision_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('explicit_permissions_bitbucket_projects_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('external_service_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('external_service_sync_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('external_services'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('feature_flag_overrides'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('feature_flags'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('github_app_installs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('github_apps'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('gitserver_relocator_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('gitserver_repos_statistics'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('gitserver_repos_sync_output'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('global_state'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('insights_query_runner_jobs_dependencies'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('insights_query_runner_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('insights_settings_migration_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_configuration_policies'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_configuration_policies_repository_pattern_lookup'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_dependency_indexing_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_dependency_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_dependency_syncing_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_dirty_repositories'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_index_configuration'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_indexes'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_last_index_scan'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_last_retention_scan'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_nearest_uploads'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_nearest_uploads_links'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_packages'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_references'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_retention_configuration'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads_audit_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads_reference_counts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads_visible_at_tip'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('lsif_uploads_vulnerability_scan'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('names'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('namespace_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('notebook_stars'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('notebooks'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('org_invitations'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('org_members'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('org_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('orgs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('out_of_band_migrations_errors'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('outbound_webhook_event_types'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('outbound_webhook_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('outbound_webhook_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('outbound_webhooks'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_aggregate_recent_contribution'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_aggregate_recent_view'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_background_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_signal_configurations'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('own_signal_recent_contribution'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('ownership_path_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('package_repo_filters'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('package_repo_versions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('permission_sync_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('phabricator_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('prompts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('query_runner_state'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('registry_extension_releases'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('registry_extensions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_commits_changelists'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_context_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_context_stats_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_embedding_job_stats'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_embedding_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_kvps'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_paths'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_pending_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_statistics'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('repo_update_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('role_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('roles'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('saved_searches'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('search_context_default'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('search_context_repos'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('search_context_stars'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('search_contexts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('security_event_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('settings'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('sub_repo_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('survey_responses'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('syntactic_scip_indexing_jobs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('syntactic_scip_last_index_scan'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('team_members'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('teams'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('telemetry_events_export_queue'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('temporary_settings'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_credentials'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_emails'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_external_accounts'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_onboarding_tour'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_pending_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_repo_permissions'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('user_roles'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('users'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('vulnerabilities'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('vulnerability_affected_packages'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('vulnerability_affected_symbols'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('vulnerability_matches'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('webhook_logs'); COMMIT AND CHAIN; +SELECT migrate_tenant_policy_init_plan_frontend('webhooks'); COMMIT AND CHAIN; + +-- The following tables allow zoekttenant to access the whole table. +CREATE POLICY tenant_isolation_policy_new ON gitserver_repos USING (( + (SELECT current_setting('app.current_tenant'::text) = 'zoekttenant') + OR + (tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant')::integer AS current_tenant)) +)); +DROP POLICY IF EXISTS tenant_isolation_policy ON gitserver_repos; +DROP POLICY IF EXISTS gitserver_repos_isolation_policy ON gitserver_repos; +ALTER POLICY tenant_isolation_policy_new ON gitserver_repos RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY tenant_isolation_policy_new ON repo USING (( + (SELECT current_setting('app.current_tenant'::text) = 'zoekttenant') + OR + (tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant')::integer AS current_tenant)) +)); +DROP POLICY IF EXISTS tenant_isolation_policy ON repo; +DROP POLICY IF EXISTS repo_isolation_policy ON repo; +ALTER POLICY tenant_isolation_policy_new ON repo RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +CREATE POLICY tenant_isolation_policy_new ON zoekt_repos USING (( + (SELECT current_setting('app.current_tenant'::text) = 'zoekttenant') + OR + (tenant_id = (SELECT NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant')::integer AS current_tenant)) +)); +DROP POLICY IF EXISTS tenant_isolation_policy ON zoekt_repos; +DROP POLICY IF EXISTS zoekt_repos_isolation_policy ON zoekt_repos; +ALTER POLICY tenant_isolation_policy_new ON zoekt_repos RENAME TO tenant_isolation_policy; +COMMIT AND CHAIN; + +DROP FUNCTION migrate_tenant_policy_init_plan_frontend(text); diff --git a/migrations/frontend/1732712874_tenants_add_external_url/down.sql b/migrations/frontend/1732712874_tenants_add_external_url/down.sql new file mode 100644 index 0000000..2aa7971 --- /dev/null +++ b/migrations/frontend/1732712874_tenants_add_external_url/down.sql @@ -0,0 +1 @@ +alter table tenants drop column if exists external_url; diff --git a/migrations/frontend/1732712874_tenants_add_external_url/metadata.yaml b/migrations/frontend/1732712874_tenants_add_external_url/metadata.yaml new file mode 100644 index 0000000..edbfc7f --- /dev/null +++ b/migrations/frontend/1732712874_tenants_add_external_url/metadata.yaml @@ -0,0 +1,2 @@ +name: tenants_add_external_url +parents: [1730239195, 1731594915, 1732012685, 1732021884] diff --git a/migrations/frontend/1732712874_tenants_add_external_url/up.sql b/migrations/frontend/1732712874_tenants_add_external_url/up.sql new file mode 100644 index 0000000..69d710a --- /dev/null +++ b/migrations/frontend/1732712874_tenants_add_external_url/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE tenants + ADD COLUMN IF NOT EXISTS external_url TEXT NOT NULL DEFAULT '' CHECK (LOWER(external_url) = external_url); diff --git a/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/down.sql b/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/down.sql new file mode 100644 index 0000000..4068bbf --- /dev/null +++ b/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/down.sql @@ -0,0 +1,2 @@ +ALTER TABLE IF EXISTS external_service_sync_jobs +DROP COLUMN IF EXISTS repos_wanted_to_delete; diff --git a/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/metadata.yaml b/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/metadata.yaml new file mode 100644 index 0000000..59184e8 --- /dev/null +++ b/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/metadata.yaml @@ -0,0 +1,2 @@ +name: add_wanted_to_delete_column_to_sync_jobs +parents: [1732702405] diff --git a/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/up.sql b/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/up.sql new file mode 100644 index 0000000..1ef7e2a --- /dev/null +++ b/migrations/frontend/1732801504_add_wanted_to_delete_column_to_sync_jobs/up.sql @@ -0,0 +1,2 @@ +ALTER TABLE IF EXISTS external_service_sync_jobs +ADD COLUMN IF NOT EXISTS repos_wanted_to_delete INTEGER NOT NULL DEFAULT 0; diff --git a/migrations/frontend/1732865837_repo_name_lower/down.sql b/migrations/frontend/1732865837_repo_name_lower/down.sql new file mode 100644 index 0000000..d44bb6c --- /dev/null +++ b/migrations/frontend/1732865837_repo_name_lower/down.sql @@ -0,0 +1 @@ +ALTER TABLE repo DROP COLUMN IF EXISTS name_lower; diff --git a/migrations/frontend/1732865837_repo_name_lower/metadata.yaml b/migrations/frontend/1732865837_repo_name_lower/metadata.yaml new file mode 100644 index 0000000..59cbc2e --- /dev/null +++ b/migrations/frontend/1732865837_repo_name_lower/metadata.yaml @@ -0,0 +1,2 @@ +name: repo name lower +parents: [1732702405] diff --git a/migrations/frontend/1732865837_repo_name_lower/up.sql b/migrations/frontend/1732865837_repo_name_lower/up.sql new file mode 100644 index 0000000..02b5ebb --- /dev/null +++ b/migrations/frontend/1732865837_repo_name_lower/up.sql @@ -0,0 +1,30 @@ +-- With RLS enabled postgres can't use any index involving the name column. It +-- can't use it since citext relies on functions which are not marked +-- LEAKPROOF. So we introduce a new column name_lower which we will only ever +-- query in the WHERE clause but not return. + +-- GENERATED ALWAYS AS is like a view but for a column. STORED so its written +-- to disk so we avoid RLS policies. lower COLLATE "C" we used previously, but +-- it also means we can do simple byte by byte lowering in go. + +-- This migration is split into several to try and avoid taking table locks. +-- Unfortunetly the adding of the column does require a table lock. + +ALTER TABLE repo ADD COLUMN IF NOT EXISTS name_lower text + GENERATED ALWAYS AS (lower(name::text) COLLATE "C") STORED; + +-- Later migrations add repo_name_lower_unique and repo_name_lower_trgm_idx + +-- Other indexes +-- Do not need, won't be used on MT so can keep querying name +-- "repo_hashed_name_idx" btree (sha256(lower(name::text)::bytea)) WHERE deleted_at IS NULL +-- +-- I don't know why this one exists. I guess case:yes type:repo searches? I will defer fixing this then to a migration where we port name to text. Need to think more though. +-- "repo_name_case_sensitive_trgm_idx" gin ((name::text) gin_trgm_ops) +-- +-- This index seems like it shouldn't include name? Maybe was useful when minimalrepo was just id and name +-- "repo_non_deleted_id_name_idx" btree (id, name) WHERE deleted_at IS NULL + +-- indexes we can drop once the app no longer queries name: +-- "repo_name_idx" btree (lower(name::text) COLLATE "C") +-- "repo_name_trgm" gin (lower(name::text) gin_trgm_ops) diff --git a/migrations/frontend/1732884201_repo_name_lower_unique/down.sql b/migrations/frontend/1732884201_repo_name_lower_unique/down.sql new file mode 100644 index 0000000..7d6d9fe --- /dev/null +++ b/migrations/frontend/1732884201_repo_name_lower_unique/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS repo_name_lower_unique_tmp; diff --git a/migrations/frontend/1732884201_repo_name_lower_unique/metadata.yaml b/migrations/frontend/1732884201_repo_name_lower_unique/metadata.yaml new file mode 100644 index 0000000..028fd2b --- /dev/null +++ b/migrations/frontend/1732884201_repo_name_lower_unique/metadata.yaml @@ -0,0 +1,3 @@ +name: repo name lower unique +parents: [1732865837] +createIndexConcurrently: true diff --git a/migrations/frontend/1732884201_repo_name_lower_unique/up.sql b/migrations/frontend/1732884201_repo_name_lower_unique/up.sql new file mode 100644 index 0000000..42cf710 --- /dev/null +++ b/migrations/frontend/1732884201_repo_name_lower_unique/up.sql @@ -0,0 +1 @@ +CREATE UNIQUE INDEX CONCURRENTLY IF NOT EXISTS repo_name_lower_unique_tmp ON repo (name_lower, tenant_id); diff --git a/migrations/frontend/1732884352_repo_name_lower_trgm/down.sql b/migrations/frontend/1732884352_repo_name_lower_trgm/down.sql new file mode 100644 index 0000000..eebd126 --- /dev/null +++ b/migrations/frontend/1732884352_repo_name_lower_trgm/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS repo_name_lower_trgm_idx; diff --git a/migrations/frontend/1732884352_repo_name_lower_trgm/metadata.yaml b/migrations/frontend/1732884352_repo_name_lower_trgm/metadata.yaml new file mode 100644 index 0000000..3f8f28e --- /dev/null +++ b/migrations/frontend/1732884352_repo_name_lower_trgm/metadata.yaml @@ -0,0 +1,3 @@ +name: repo name lower trgm +parents: [1732884201] +createIndexConcurrently: true diff --git a/migrations/frontend/1732884352_repo_name_lower_trgm/up.sql b/migrations/frontend/1732884352_repo_name_lower_trgm/up.sql new file mode 100644 index 0000000..fd5af4e --- /dev/null +++ b/migrations/frontend/1732884352_repo_name_lower_trgm/up.sql @@ -0,0 +1 @@ +CREATE INDEX CONCURRENTLY IF NOT EXISTS repo_name_lower_trgm_idx ON repo USING gin (name_lower gin_trgm_ops); diff --git a/migrations/frontend/1732884503_repo_name_lower_add_constraint/down.sql b/migrations/frontend/1732884503_repo_name_lower_add_constraint/down.sql new file mode 100644 index 0000000..eecc6f7 --- /dev/null +++ b/migrations/frontend/1732884503_repo_name_lower_add_constraint/down.sql @@ -0,0 +1,5 @@ +-- There is no way to preserve the underlying index, so we recreate it. + +ALTER TABLE repo DROP CONSTRAINT IF EXISTS repo_name_lower_unique; + +CREATE UNIQUE INDEX IF NOT EXISTS repo_name_lower_unique_tmp ON repo (name_lower, tenant_id); diff --git a/migrations/frontend/1732884503_repo_name_lower_add_constraint/metadata.yaml b/migrations/frontend/1732884503_repo_name_lower_add_constraint/metadata.yaml new file mode 100644 index 0000000..6c05a36 --- /dev/null +++ b/migrations/frontend/1732884503_repo_name_lower_add_constraint/metadata.yaml @@ -0,0 +1,2 @@ +name: repo name lower add indexes +parents: [1732884201] diff --git a/migrations/frontend/1732884503_repo_name_lower_add_constraint/up.sql b/migrations/frontend/1732884503_repo_name_lower_add_constraint/up.sql new file mode 100644 index 0000000..86991c6 --- /dev/null +++ b/migrations/frontend/1732884503_repo_name_lower_add_constraint/up.sql @@ -0,0 +1,10 @@ +DO +$$ +BEGIN + IF to_regclass('repo_name_lower_unique_tmp') IS NOT NULL THEN + ALTER TABLE repo DROP CONSTRAINT IF EXISTS repo_name_lower_unique; + ALTER TABLE repo ADD CONSTRAINT repo_name_lower_unique UNIQUE USING INDEX repo_name_lower_unique_tmp DEFERRABLE; + END IF; +END +$$; +COMMIT AND CHAIN; diff --git a/migrations/frontend/1733175598_make_tenantsid_a_serial/down.sql b/migrations/frontend/1733175598_make_tenantsid_a_serial/down.sql new file mode 100644 index 0000000..5ba793a --- /dev/null +++ b/migrations/frontend/1733175598_make_tenantsid_a_serial/down.sql @@ -0,0 +1,3 @@ +ALTER TABLE tenants ALTER COLUMN id DROP DEFAULT; + +DROP SEQUENCE IF EXISTS tenants_id_seq; diff --git a/migrations/frontend/1733175598_make_tenantsid_a_serial/metadata.yaml b/migrations/frontend/1733175598_make_tenantsid_a_serial/metadata.yaml new file mode 100644 index 0000000..4d17ff4 --- /dev/null +++ b/migrations/frontend/1733175598_make_tenantsid_a_serial/metadata.yaml @@ -0,0 +1,2 @@ +name: Make tenants.id a SERIAL +parents: [1730763013, 1732801504, 1732884352, 1732884503, 1732712874] diff --git a/migrations/frontend/1733175598_make_tenantsid_a_serial/up.sql b/migrations/frontend/1733175598_make_tenantsid_a_serial/up.sql new file mode 100644 index 0000000..fb6e32a --- /dev/null +++ b/migrations/frontend/1733175598_make_tenantsid_a_serial/up.sql @@ -0,0 +1,10 @@ +-- Make sure we start with at least 2 to leave room for the default tenant. +CREATE SEQUENCE IF NOT EXISTS tenants_id_seq AS integer START WITH 2; + +ALTER TABLE tenants ALTER COLUMN id SET DEFAULT nextval('tenants_id_seq'); + +-- Adjust the sequence to match the current maximum value in the column. +SELECT setval('tenants_id_seq', COALESCE(MAX(id), 1)) FROM tenants; + +-- Ensure the sequence is owned by the column (for cleanup on table drop). +ALTER SEQUENCE tenants_id_seq OWNED BY tenants.id; diff --git a/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/down.sql b/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/down.sql new file mode 100644 index 0000000..76684f7 --- /dev/null +++ b/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/down.sql @@ -0,0 +1,2 @@ +CREATE UNIQUE INDEX IF NOT EXISTS repo_external_unique_idx ON repo (external_service_type, external_service_id, external_id, tenant_id); +ALTER TABLE repo DROP CONSTRAINT IF EXISTS repo_external_unique; diff --git a/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/metadata.yaml b/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/metadata.yaml new file mode 100644 index 0000000..1896ddf --- /dev/null +++ b/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/metadata.yaml @@ -0,0 +1,2 @@ +name: Make repo unique index a constraint to reference it +parents: [1733175598] diff --git a/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/up.sql b/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/up.sql new file mode 100644 index 0000000..84c9076 --- /dev/null +++ b/migrations/frontend/1733225966_repo_make_unique_index_a_constraint_to_reference_it/up.sql @@ -0,0 +1,16 @@ +CREATE OR REPLACE FUNCTION migrate_add_constraint_repo() +RETURNS void AS $$ +BEGIN + IF NOT EXISTS (SELECT true + FROM information_schema.table_constraints + WHERE constraint_name = 'repo_external_unique' + AND table_name = 'repo' + ) THEN + EXECUTE format('ALTER TABLE repo ADD CONSTRAINT repo_external_unique UNIQUE USING INDEX repo_external_unique_idx'); + END IF; +END; +$$ LANGUAGE plpgsql; + +SELECT migrate_add_constraint_repo(); + +DROP FUNCTION migrate_add_constraint_repo(); diff --git a/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/down.sql b/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/down.sql new file mode 100644 index 0000000..cda4d65 --- /dev/null +++ b/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/down.sql @@ -0,0 +1,17 @@ +CREATE OR REPLACE FUNCTION batch_spec_workspace_execution_last_dequeues_upsert() RETURNS trigger + LANGUAGE plpgsql + AS $$ BEGIN + INSERT INTO + batch_spec_workspace_execution_last_dequeues + SELECT + user_id, + MAX(started_at) as latest_dequeue + FROM + newtab + GROUP BY + user_id + ON CONFLICT (user_id) DO UPDATE SET + latest_dequeue = GREATEST(batch_spec_workspace_execution_last_dequeues.latest_dequeue, EXCLUDED.latest_dequeue); + + RETURN NULL; +END $$; diff --git a/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/metadata.yaml b/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/metadata.yaml new file mode 100644 index 0000000..5e1b218 --- /dev/null +++ b/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/metadata.yaml @@ -0,0 +1,2 @@ +name: Fix batch change execution job stats tenant propagation in trigger +parents: [1733225966, 1732032110] diff --git a/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/up.sql b/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/up.sql new file mode 100644 index 0000000..de19f17 --- /dev/null +++ b/migrations/frontend/1733312574_fix_batch_change_execution_job_stats_tenant_propagation_in_trigger/up.sql @@ -0,0 +1,18 @@ +CREATE OR REPLACE FUNCTION batch_spec_workspace_execution_last_dequeues_upsert() RETURNS trigger + LANGUAGE plpgsql + AS $$ BEGIN + INSERT INTO + batch_spec_workspace_execution_last_dequeues + SELECT + user_id, + MAX(started_at) as latest_dequeue, + tenant_id AS tenant_id + FROM + newtab + GROUP BY + user_id, tenant_id + ON CONFLICT (user_id) DO UPDATE SET + latest_dequeue = GREATEST(batch_spec_workspace_execution_last_dequeues.latest_dequeue, EXCLUDED.latest_dequeue); + + RETURN NULL; +END $$; diff --git a/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/down.sql b/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/down.sql new file mode 100644 index 0000000..1ba747d --- /dev/null +++ b/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/down.sql @@ -0,0 +1,55 @@ +CREATE OR REPLACE FUNCTION func_lsif_uploads_insert() RETURNS trigger + LANGUAGE plpgsql + AS $$ + BEGIN + INSERT INTO lsif_uploads_audit_logs + (upload_id, commit, root, repository_id, uploaded_at, + indexer, indexer_version, upload_size, associated_index_id, + content_type, + operation, transition_columns) + VALUES ( + NEW.id, NEW.commit, NEW.root, NEW.repository_id, NEW.uploaded_at, + NEW.indexer, NEW.indexer_version, NEW.upload_size, NEW.associated_index_id, + NEW.content_type, + 'create', func_lsif_uploads_transition_columns_diff( + (NULL, NULL, NULL, NULL, NULL, NULL), + func_row_to_lsif_uploads_transition_columns(NEW) + ) + ); + RETURN NULL; + END; +$$; + +CREATE OR REPLACE FUNCTION func_lsif_uploads_update() RETURNS trigger + LANGUAGE plpgsql + AS $$ + DECLARE + diff hstore[]; + BEGIN + diff = func_lsif_uploads_transition_columns_diff( + func_row_to_lsif_uploads_transition_columns(OLD), + func_row_to_lsif_uploads_transition_columns(NEW) + ); + + IF (array_length(diff, 1) > 0) THEN + INSERT INTO lsif_uploads_audit_logs + (reason, upload_id, commit, root, repository_id, uploaded_at, + indexer, indexer_version, upload_size, associated_index_id, + content_type, + operation, transition_columns) + VALUES ( + COALESCE(current_setting('codeintel.lsif_uploads_audit.reason', true), ''), + NEW.id, NEW.commit, NEW.root, NEW.repository_id, NEW.uploaded_at, + NEW.indexer, NEW.indexer_version, NEW.upload_size, NEW.associated_index_id, + NEW.content_type, + 'modify', diff + ); + END IF; + + RETURN NEW; + END; +$$; + +CREATE POLICY tenant_isolation_policy_new ON lsif_uploads_audit_logs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); +DROP POLICY IF EXISTS tenant_isolation_policy ON lsif_uploads_audit_logs; +ALTER POLICY tenant_isolation_policy_new ON lsif_uploads_audit_logs RENAME TO tenant_isolation_policy; diff --git a/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/metadata.yaml b/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/metadata.yaml new file mode 100644 index 0000000..23fbbdc --- /dev/null +++ b/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/metadata.yaml @@ -0,0 +1,2 @@ +name: fix tenant in lsif_uploads_audit_logs triggers +parents: [1733312574] diff --git a/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/up.sql b/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/up.sql new file mode 100644 index 0000000..be19936 --- /dev/null +++ b/migrations/frontend/1733324107_fix_tenant_in_lsif_uploads_audit_logs_triggers/up.sql @@ -0,0 +1,61 @@ +CREATE OR REPLACE FUNCTION func_lsif_uploads_insert() RETURNS trigger + LANGUAGE plpgsql + AS $$ + BEGIN + INSERT INTO lsif_uploads_audit_logs + (upload_id, commit, root, repository_id, uploaded_at, + indexer, indexer_version, upload_size, associated_index_id, + content_type, tenant_id, + operation, transition_columns) + VALUES ( + NEW.id, NEW.commit, NEW.root, NEW.repository_id, NEW.uploaded_at, + NEW.indexer, NEW.indexer_version, NEW.upload_size, NEW.associated_index_id, + NEW.content_type, NEW.tenant_id, + 'create', func_lsif_uploads_transition_columns_diff( + (NULL, NULL, NULL, NULL, NULL, NULL), + func_row_to_lsif_uploads_transition_columns(NEW) + ) + ); + RETURN NULL; + END; +$$; + +CREATE OR REPLACE FUNCTION func_lsif_uploads_update() RETURNS trigger + LANGUAGE plpgsql + AS $$ + DECLARE + diff hstore[]; + BEGIN + diff = func_lsif_uploads_transition_columns_diff( + func_row_to_lsif_uploads_transition_columns(OLD), + func_row_to_lsif_uploads_transition_columns(NEW) + ); + + IF (array_length(diff, 1) > 0) THEN + INSERT INTO lsif_uploads_audit_logs + (reason, upload_id, commit, root, repository_id, uploaded_at, + indexer, indexer_version, upload_size, associated_index_id, + content_type, tenant_id, + operation, transition_columns) + VALUES ( + COALESCE(current_setting('codeintel.lsif_uploads_audit.reason', true), ''), + NEW.id, NEW.commit, NEW.root, NEW.repository_id, NEW.uploaded_at, + NEW.indexer, NEW.indexer_version, NEW.upload_size, NEW.associated_index_id, + NEW.content_type, NEW.tenant_id, + 'modify', diff + ); + END IF; + + RETURN NEW; + END; +$$; + +CREATE POLICY tenant_isolation_policy_new ON lsif_uploads_audit_logs + AS PERMISSIVE FOR ALL TO PUBLIC + USING ( + (SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) + OR + (tenant_id = (SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)) + ); +DROP POLICY IF EXISTS tenant_isolation_policy ON lsif_uploads_audit_logs; +ALTER POLICY tenant_isolation_policy_new ON lsif_uploads_audit_logs RENAME TO tenant_isolation_policy; diff --git a/migrations/frontend/1733391631_contributor_data_bytes_columns/down.sql b/migrations/frontend/1733391631_contributor_data_bytes_columns/down.sql new file mode 100644 index 0000000..7c501e8 --- /dev/null +++ b/migrations/frontend/1733391631_contributor_data_bytes_columns/down.sql @@ -0,0 +1,6 @@ +DELETE FROM contributor_data WHERE true; +DELETE FROM contributor_jobs WHERE true; +DELETE FROM contributor_repos WHERE true; + +ALTER TABLE contributor_data ALTER COLUMN author_email SET DATA TYPE TEXT USING author_email::text; +ALTER TABLE contributor_data ALTER COLUMN author_name SET DATA TYPE TEXT USING author_name::text; diff --git a/migrations/frontend/1733391631_contributor_data_bytes_columns/metadata.yaml b/migrations/frontend/1733391631_contributor_data_bytes_columns/metadata.yaml new file mode 100644 index 0000000..7e26e64 --- /dev/null +++ b/migrations/frontend/1733391631_contributor_data_bytes_columns/metadata.yaml @@ -0,0 +1,2 @@ +name: Contributor data bytes columns +parents: [1733324107] diff --git a/migrations/frontend/1733391631_contributor_data_bytes_columns/up.sql b/migrations/frontend/1733391631_contributor_data_bytes_columns/up.sql new file mode 100644 index 0000000..5382c79 --- /dev/null +++ b/migrations/frontend/1733391631_contributor_data_bytes_columns/up.sql @@ -0,0 +1,6 @@ +DELETE FROM contributor_data WHERE true; +DELETE FROM contributor_jobs WHERE true; +DELETE FROM contributor_repos WHERE true; + +ALTER TABLE contributor_data ALTER COLUMN author_email SET DATA TYPE bytea USING author_email::bytea; +ALTER TABLE contributor_data ALTER COLUMN author_name SET DATA TYPE bytea USING author_name::bytea; diff --git a/migrations/frontend/1733396287_prompt_labels/down.sql b/migrations/frontend/1733396287_prompt_labels/down.sql new file mode 100644 index 0000000..487a45a --- /dev/null +++ b/migrations/frontend/1733396287_prompt_labels/down.sql @@ -0,0 +1,2 @@ +DROP TABLE IF EXISTS prompts_tags_mappings; +DROP TABLE IF EXISTS prompt_tags; diff --git a/migrations/frontend/1733396287_prompt_labels/metadata.yaml b/migrations/frontend/1733396287_prompt_labels/metadata.yaml new file mode 100644 index 0000000..0714fd4 --- /dev/null +++ b/migrations/frontend/1733396287_prompt_labels/metadata.yaml @@ -0,0 +1,2 @@ +name: Prompt labels +parents: [1733324107] diff --git a/migrations/frontend/1733396287_prompt_labels/up.sql b/migrations/frontend/1733396287_prompt_labels/up.sql new file mode 100644 index 0000000..ec90234 --- /dev/null +++ b/migrations/frontend/1733396287_prompt_labels/up.sql @@ -0,0 +1,40 @@ +CREATE TABLE IF NOT EXISTS prompt_tags +( + id SERIAL PRIMARY KEY, + name TEXT NOT NULL, + + created_by integer references users (id) ON DELETE SET NULL, + created_at timestamp with time zone DEFAULT now() NOT NULL, + updated_by integer references users (id) ON DELETE SET NULL, + updated_at timestamp with time zone DEFAULT now() NOT NULL, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL, + + CONSTRAINT prompt_tags_name_max_length CHECK ((char_length((name)::text) <= 255)), + CONSTRAINT prompt_tags_name_valid_chars CHECK ((name OPERATOR (~) + '^[a-zA-Z0-9](?:[a-zA-Z0-9]|[-.](?=[a-zA-Z0-9]))*-?$'::citext)), + UNIQUE (tenant_id, name) +); + +ALTER TABLE prompt_tags + ENABLE ROW LEVEL SECURITY; +DROP POLICY IF EXISTS tenant_isolation_policy ON prompt_tags; +CREATE POLICY tenant_isolation_policy ON prompt_tags AS PERMISSIVE FOR ALL TO PUBLIC USING (tenant_id = + (SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant)); + +CREATE TABLE IF NOT EXISTS prompts_tags_mappings +( + prompt_id integer references prompts (id) ON DELETE CASCADE, + prompt_tag_id integer references prompt_tags (id) ON DELETE CASCADE, + + created_by integer references users (id) ON DELETE SET NULL, + created_at timestamp with time zone DEFAULT now() NOT NULL, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL, + + PRIMARY KEY (prompt_id, prompt_tag_id, tenant_id) +); + +ALTER TABLE prompts_tags_mappings + ENABLE ROW LEVEL SECURITY; +DROP POLICY IF EXISTS tenant_isolation_policy ON prompts_tags_mappings; +CREATE POLICY tenant_isolation_policy ON prompts_tags_mappings AS PERMISSIVE FOR ALL TO PUBLIC USING (tenant_id = + (SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant)); diff --git a/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/down.sql b/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/down.sql new file mode 100644 index 0000000..2652f90 --- /dev/null +++ b/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/down.sql @@ -0,0 +1,16 @@ +CREATE OR REPLACE VIEW external_service_sync_jobs_with_next_sync_at AS + SELECT j.id, + j.state, + j.failure_message, + j.queued_at, + j.started_at, + j.finished_at, + j.process_after, + j.num_resets, + j.num_failures, + j.execution_logs, + j.external_service_id, + e.next_sync_at, + e.tenant_id + FROM (external_services e + JOIN external_service_sync_jobs j ON ((e.id = j.external_service_id))); diff --git a/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/metadata.yaml b/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/metadata.yaml new file mode 100644 index 0000000..3f7275a --- /dev/null +++ b/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/metadata.yaml @@ -0,0 +1,2 @@ +name: Drop external_service_sync_jobs_with_next_sync_at +parents: [1733391631] diff --git a/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/up.sql b/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/up.sql new file mode 100644 index 0000000..97fdb17 --- /dev/null +++ b/migrations/frontend/1733494804_drop_external_service_sync_jobs_with_next_sync_at/up.sql @@ -0,0 +1 @@ +DROP VIEW IF EXISTS external_service_sync_jobs_with_next_sync_at; diff --git a/migrations/frontend/1733840223_drop_query_runner_state/down.sql b/migrations/frontend/1733840223_drop_query_runner_state/down.sql new file mode 100644 index 0000000..c2b9830 --- /dev/null +++ b/migrations/frontend/1733840223_drop_query_runner_state/down.sql @@ -0,0 +1,12 @@ +CREATE TABLE IF NOT EXISTS query_runner_state ( + query text, + last_executed timestamp with time zone, + latest_result timestamp with time zone, + exec_duration_ns bigint, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL +); +ALTER TABLE query_runner_state ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_policy_new ON query_runner_state USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); +DROP POLICY IF EXISTS tenant_isolation_policy ON query_runner_state; +ALTER POLICY tenant_isolation_policy_new ON query_runner_state RENAME TO tenant_isolation_policy; diff --git a/migrations/frontend/1733840223_drop_query_runner_state/metadata.yaml b/migrations/frontend/1733840223_drop_query_runner_state/metadata.yaml new file mode 100644 index 0000000..9ea3b43 --- /dev/null +++ b/migrations/frontend/1733840223_drop_query_runner_state/metadata.yaml @@ -0,0 +1,2 @@ +name: drop query_runner_state +parents: [1733391631, 1733396287] diff --git a/migrations/frontend/1733840223_drop_query_runner_state/up.sql b/migrations/frontend/1733840223_drop_query_runner_state/up.sql new file mode 100644 index 0000000..ec8ba8e --- /dev/null +++ b/migrations/frontend/1733840223_drop_query_runner_state/up.sql @@ -0,0 +1 @@ +DROP TABLE IF EXISTS query_runner_state; diff --git a/migrations/frontend/1733841106_external_service_sync_jobs_pk/down.sql b/migrations/frontend/1733841106_external_service_sync_jobs_pk/down.sql new file mode 100644 index 0000000..db9206f --- /dev/null +++ b/migrations/frontend/1733841106_external_service_sync_jobs_pk/down.sql @@ -0,0 +1 @@ +ALTER TABLE external_service_sync_jobs DROP CONSTRAINT IF EXISTS external_service_sync_jobs_pkey; diff --git a/migrations/frontend/1733841106_external_service_sync_jobs_pk/metadata.yaml b/migrations/frontend/1733841106_external_service_sync_jobs_pk/metadata.yaml new file mode 100644 index 0000000..19656ed --- /dev/null +++ b/migrations/frontend/1733841106_external_service_sync_jobs_pk/metadata.yaml @@ -0,0 +1,2 @@ +name: external_service_sync_jobs pk +parents: [1733391631, 1733396287] diff --git a/migrations/frontend/1733841106_external_service_sync_jobs_pk/up.sql b/migrations/frontend/1733841106_external_service_sync_jobs_pk/up.sql new file mode 100644 index 0000000..8a8489f --- /dev/null +++ b/migrations/frontend/1733841106_external_service_sync_jobs_pk/up.sql @@ -0,0 +1,19 @@ +-- Remove duplicates keeping newest +DELETE FROM external_service_sync_jobs a +WHERE EXISTS ( + SELECT 1 FROM external_service_sync_jobs b + WHERE a.id = b.id + AND a.ctid < b.ctid +); + +-- Add primary key if it doesn't exist +DO $$ +BEGIN + IF NOT EXISTS ( + SELECT 1 FROM information_schema.table_constraints + WHERE table_name = 'external_service_sync_jobs' + AND constraint_type = 'PRIMARY KEY' + ) THEN + ALTER TABLE external_service_sync_jobs ADD PRIMARY KEY (id); + END IF; +END $$; diff --git a/migrations/frontend/1733912207_drop_discussions/down.sql b/migrations/frontend/1733912207_drop_discussions/down.sql new file mode 100644 index 0000000..1b5d056 --- /dev/null +++ b/migrations/frontend/1733912207_drop_discussions/down.sql @@ -0,0 +1,110 @@ +CREATE TABLE IF NOT EXISTS discussion_comments ( + id BIGSERIAL PRIMARY KEY, + thread_id bigint NOT NULL, + author_user_id integer NOT NULL, + contents text NOT NULL, + created_at timestamp with time zone DEFAULT now() NOT NULL, + updated_at timestamp with time zone DEFAULT now() NOT NULL, + deleted_at timestamp with time zone, + reports text[] DEFAULT '{}'::text[] NOT NULL, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL +); + +CREATE TABLE IF NOT EXISTS discussion_mail_reply_tokens ( + token text NOT NULL, + user_id integer NOT NULL, + thread_id bigint NOT NULL, + deleted_at timestamp with time zone, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL +); + +CREATE TABLE IF NOT EXISTS discussion_threads ( + id BIGSERIAL PRIMARY KEY, + author_user_id integer NOT NULL, + title text, + target_repo_id bigint, + created_at timestamp with time zone DEFAULT now() NOT NULL, + archived_at timestamp with time zone, + updated_at timestamp with time zone DEFAULT now() NOT NULL, + deleted_at timestamp with time zone, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL +); + +CREATE TABLE IF NOT EXISTS discussion_threads_target_repo ( + id BIGSERIAL PRIMARY KEY, + thread_id bigint NOT NULL, + repo_id integer NOT NULL, + path text, + branch text, + revision text, + start_line integer, + end_line integer, + start_character integer, + end_character integer, + lines_before text, + lines text, + lines_after text, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL +); + +CREATE INDEX IF NOT EXISTS discussion_comments_author_user_id_idx ON discussion_comments USING btree (author_user_id); + +CREATE INDEX IF NOT EXISTS discussion_comments_reports_array_length_idx ON discussion_comments USING btree (array_length(reports, 1)); + +CREATE INDEX IF NOT EXISTS discussion_comments_thread_id_idx ON discussion_comments USING btree (thread_id); + +CREATE INDEX IF NOT EXISTS discussion_mail_reply_tokens_user_id_thread_id_idx ON discussion_mail_reply_tokens USING btree (user_id, thread_id); + +CREATE INDEX IF NOT EXISTS discussion_threads_author_user_id_idx ON discussion_threads USING btree (author_user_id); + +CREATE INDEX IF NOT EXISTS discussion_threads_target_repo_repo_id_path_idx ON discussion_threads_target_repo USING btree (repo_id, path); + +DO $$ +BEGIN + IF NOT EXISTS ( + SELECT 1 FROM information_schema.table_constraints + WHERE constraint_name = 'discussion_comments_author_user_id_fkey' + ) THEN + ALTER TABLE discussion_mail_reply_tokens ADD CONSTRAINT discussion_mail_reply_tokens_pkey PRIMARY KEY (token, tenant_id); + + ALTER TABLE discussion_comments + ADD CONSTRAINT discussion_comments_author_user_id_fkey FOREIGN KEY (author_user_id) REFERENCES users(id) ON DELETE RESTRICT; + + ALTER TABLE discussion_comments + ADD CONSTRAINT discussion_comments_thread_id_fkey FOREIGN KEY (thread_id) REFERENCES discussion_threads(id) ON DELETE CASCADE; + + ALTER TABLE discussion_mail_reply_tokens + ADD CONSTRAINT discussion_mail_reply_tokens_thread_id_fkey FOREIGN KEY (thread_id) REFERENCES discussion_threads(id) ON DELETE CASCADE; + + ALTER TABLE discussion_mail_reply_tokens + ADD CONSTRAINT discussion_mail_reply_tokens_user_id_fkey FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE RESTRICT; + + ALTER TABLE discussion_threads + ADD CONSTRAINT discussion_threads_author_user_id_fkey FOREIGN KEY (author_user_id) REFERENCES users(id) ON DELETE RESTRICT; + + ALTER TABLE discussion_threads + ADD CONSTRAINT discussion_threads_target_repo_id_fk FOREIGN KEY (target_repo_id) REFERENCES discussion_threads_target_repo(id) ON DELETE CASCADE; + + ALTER TABLE discussion_threads_target_repo + ADD CONSTRAINT discussion_threads_target_repo_repo_id_fkey FOREIGN KEY (repo_id) REFERENCES repo(id) ON DELETE CASCADE; + + ALTER TABLE discussion_threads_target_repo + ADD CONSTRAINT discussion_threads_target_repo_thread_id_fkey FOREIGN KEY (thread_id) REFERENCES discussion_threads(id) ON DELETE CASCADE; + END IF; +END $$; + +CREATE POLICY tenant_isolation_policy_new ON discussion_comments USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); +DROP POLICY IF EXISTS tenant_isolation_policy ON discussion_comments; +ALTER POLICY tenant_isolation_policy_new ON discussion_comments RENAME TO tenant_isolation_policy; + +CREATE POLICY tenant_isolation_policy_new ON discussion_mail_reply_tokens USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); +DROP POLICY IF EXISTS tenant_isolation_policy ON discussion_mail_reply_tokens; +ALTER POLICY tenant_isolation_policy_new ON discussion_mail_reply_tokens RENAME TO tenant_isolation_policy; + +CREATE POLICY tenant_isolation_policy_new ON discussion_threads USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); +DROP POLICY IF EXISTS tenant_isolation_policy ON discussion_threads; +ALTER POLICY tenant_isolation_policy_new ON discussion_threads RENAME TO tenant_isolation_policy; + +CREATE POLICY tenant_isolation_policy_new ON discussion_threads_target_repo USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); +DROP POLICY IF EXISTS tenant_isolation_policy ON discussion_threads_target_repo; +ALTER POLICY tenant_isolation_policy_new ON discussion_threads_target_repo RENAME TO tenant_isolation_policy; diff --git a/migrations/frontend/1733912207_drop_discussions/metadata.yaml b/migrations/frontend/1733912207_drop_discussions/metadata.yaml new file mode 100644 index 0000000..b7a393d --- /dev/null +++ b/migrations/frontend/1733912207_drop_discussions/metadata.yaml @@ -0,0 +1,2 @@ +name: drop discussions +parents: [1733840223] diff --git a/migrations/frontend/1733912207_drop_discussions/up.sql b/migrations/frontend/1733912207_drop_discussions/up.sql new file mode 100644 index 0000000..030312a --- /dev/null +++ b/migrations/frontend/1733912207_drop_discussions/up.sql @@ -0,0 +1,5 @@ +DROP TABLE IF EXISTS + discussion_comments, + discussion_mail_reply_tokens, + discussion_threads_target_repo, + discussion_threads; diff --git a/migrations/frontend/1733925071_prompt_labels_name_update/down.sql b/migrations/frontend/1733925071_prompt_labels_name_update/down.sql new file mode 100644 index 0000000..118c4fc --- /dev/null +++ b/migrations/frontend/1733925071_prompt_labels_name_update/down.sql @@ -0,0 +1,6 @@ +ALTER TABLE prompt_tags +DROP CONSTRAINT prompt_tags_name_valid_chars; + +ALTER TABLE prompt_tags +ADD CONSTRAINT prompt_tags_name_valid_chars +CHECK ((name OPERATOR (~) '^[a-zA-Z0-9](?:[a-zA-Z0-9]|[-.](?=[a-zA-Z0-9]))*-?$'::citext)); diff --git a/migrations/frontend/1733925071_prompt_labels_name_update/metadata.yaml b/migrations/frontend/1733925071_prompt_labels_name_update/metadata.yaml new file mode 100644 index 0000000..4da1102 --- /dev/null +++ b/migrations/frontend/1733925071_prompt_labels_name_update/metadata.yaml @@ -0,0 +1,2 @@ +name: Prompt labels name update +parents: [1733912207, 1733841106] diff --git a/migrations/frontend/1733925071_prompt_labels_name_update/up.sql b/migrations/frontend/1733925071_prompt_labels_name_update/up.sql new file mode 100644 index 0000000..acad6ea --- /dev/null +++ b/migrations/frontend/1733925071_prompt_labels_name_update/up.sql @@ -0,0 +1,6 @@ +ALTER TABLE prompt_tags +DROP CONSTRAINT prompt_tags_name_valid_chars; + +ALTER TABLE prompt_tags +ADD CONSTRAINT prompt_tags_name_valid_chars +CHECK ((name OPERATOR (~) '^[a-zA-Z0-9](?:[a-zA-Z0-9]|[-._\s](?=[a-zA-Z0-9]))*-?$'::citext)); diff --git a/migrations/frontend/1734017751_drop_tenant_id_fk/down.sql b/migrations/frontend/1734017751_drop_tenant_id_fk/down.sql new file mode 100644 index 0000000..8c9716a --- /dev/null +++ b/migrations/frontend/1734017751_drop_tenant_id_fk/down.sql @@ -0,0 +1,16 @@ +DO $$ +BEGIN + IF NOT EXISTS ( + SELECT 1 + FROM information_schema.table_constraints + WHERE constraint_name = 'repo_update_jobs_tenant_id_fkey' + AND table_name = 'repo_update_jobs' + ) THEN + ALTER TABLE repo_update_jobs + ADD CONSTRAINT repo_update_jobs_tenant_id_fkey + FOREIGN KEY (tenant_id) + REFERENCES tenants(id) + ON UPDATE CASCADE + ON DELETE CASCADE; + END IF; +END $$; diff --git a/migrations/frontend/1734017751_drop_tenant_id_fk/metadata.yaml b/migrations/frontend/1734017751_drop_tenant_id_fk/metadata.yaml new file mode 100644 index 0000000..2f6bcbd --- /dev/null +++ b/migrations/frontend/1734017751_drop_tenant_id_fk/metadata.yaml @@ -0,0 +1,2 @@ +name: drop tenant_id fk +parents: [1733494804, 1733925071] diff --git a/migrations/frontend/1734017751_drop_tenant_id_fk/up.sql b/migrations/frontend/1734017751_drop_tenant_id_fk/up.sql new file mode 100644 index 0000000..cce3398 --- /dev/null +++ b/migrations/frontend/1734017751_drop_tenant_id_fk/up.sql @@ -0,0 +1,11 @@ +DO $$ +BEGIN + IF EXISTS ( + SELECT 1 + FROM information_schema.table_constraints + WHERE constraint_name = 'repo_update_jobs_tenant_id_fkey' + AND table_name = 'repo_update_jobs' + ) THEN + ALTER TABLE repo_update_jobs DROP CONSTRAINT repo_update_jobs_tenant_id_fkey; + END IF; +END $$; diff --git a/migrations/frontend/1734086786_rls_policy_for_tenants/down.sql b/migrations/frontend/1734086786_rls_policy_for_tenants/down.sql new file mode 100644 index 0000000..f1195f7 --- /dev/null +++ b/migrations/frontend/1734086786_rls_policy_for_tenants/down.sql @@ -0,0 +1,2 @@ +ALTER TABLE tenants DISABLE ROW LEVEL SECURITY; +DROP POLICY IF EXISTS tenant_isolation_policy ON tenants; diff --git a/migrations/frontend/1734086786_rls_policy_for_tenants/metadata.yaml b/migrations/frontend/1734086786_rls_policy_for_tenants/metadata.yaml new file mode 100644 index 0000000..dd488dd --- /dev/null +++ b/migrations/frontend/1734086786_rls_policy_for_tenants/metadata.yaml @@ -0,0 +1,2 @@ +name: rls policy for tenants +parents: [1734017751] diff --git a/migrations/frontend/1734086786_rls_policy_for_tenants/up.sql b/migrations/frontend/1734086786_rls_policy_for_tenants/up.sql new file mode 100644 index 0000000..85e18bb --- /dev/null +++ b/migrations/frontend/1734086786_rls_policy_for_tenants/up.sql @@ -0,0 +1,11 @@ +CREATE POLICY tenant_isolation_policy_new ON tenants + AS PERMISSIVE FOR ALL TO PUBLIC + USING ( + (SELECT (current_setting('app.current_tenant'::text) IN ('servicetenant'::text, 'workertenant'::text))) + OR + (id = (SELECT (NULLIF(NULLIF(current_setting('app.current_tenant'::text), 'servicetenant'::text), 'workertenant'::text))::integer AS current_tenant)) + ); +DROP POLICY IF EXISTS tenant_isolation_policy ON tenants; +ALTER POLICY tenant_isolation_policy_new ON tenants RENAME TO tenant_isolation_policy; + +ALTER TABLE tenants ENABLE ROW LEVEL SECURITY; diff --git a/migrations/frontend/squashed.sql b/migrations/frontend/squashed.sql index 350aeb1..e9e0ec3 100644 --- a/migrations/frontend/squashed.sql +++ b/migrations/frontend/squashed.sql @@ -110,11 +110,12 @@ CREATE FUNCTION batch_spec_workspace_execution_last_dequeues_upsert() RETURNS tr batch_spec_workspace_execution_last_dequeues SELECT user_id, - MAX(started_at) as latest_dequeue + MAX(started_at) as latest_dequeue, + tenant_id AS tenant_id FROM newtab GROUP BY - user_id + user_id, tenant_id ON CONFLICT (user_id) DO UPDATE SET latest_dequeue = GREATEST(batch_spec_workspace_execution_last_dequeues.latest_dequeue, EXCLUDED.latest_dequeue); @@ -366,12 +367,12 @@ CREATE FUNCTION func_lsif_uploads_insert() RETURNS trigger INSERT INTO lsif_uploads_audit_logs (upload_id, commit, root, repository_id, uploaded_at, indexer, indexer_version, upload_size, associated_index_id, - content_type, + content_type, tenant_id, operation, transition_columns) VALUES ( NEW.id, NEW.commit, NEW.root, NEW.repository_id, NEW.uploaded_at, NEW.indexer, NEW.indexer_version, NEW.upload_size, NEW.associated_index_id, - NEW.content_type, + NEW.content_type, NEW.tenant_id, 'create', func_lsif_uploads_transition_columns_diff( (NULL, NULL, NULL, NULL, NULL, NULL), func_row_to_lsif_uploads_transition_columns(NEW) @@ -436,13 +437,13 @@ CREATE FUNCTION func_lsif_uploads_update() RETURNS trigger INSERT INTO lsif_uploads_audit_logs (reason, upload_id, commit, root, repository_id, uploaded_at, indexer, indexer_version, upload_size, associated_index_id, - content_type, + content_type, tenant_id, operation, transition_columns) VALUES ( COALESCE(current_setting('codeintel.lsif_uploads_audit.reason', true), ''), NEW.id, NEW.commit, NEW.root, NEW.repository_id, NEW.uploaded_at, NEW.indexer, NEW.indexer_version, NEW.upload_size, NEW.associated_index_id, - NEW.content_type, + NEW.content_type, NEW.tenant_id, 'modify', diff ); END IF; @@ -1116,7 +1117,8 @@ CREATE VIEW batch_spec_workspace_execution_jobs_with_rank AS j.user_id, j.version, q.place_in_global_queue, - q.place_in_user_queue + q.place_in_user_queue, + j.tenant_id FROM (batch_spec_workspace_execution_jobs j LEFT JOIN batch_spec_workspace_execution_queue q ON ((j.id = q.id))); @@ -1303,6 +1305,7 @@ CREATE TABLE repo ( blocked jsonb, topics text[] GENERATED ALWAYS AS (extract_topics_from_metadata(external_service_type, metadata)) STORED, tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL, + name_lower text GENERATED ALWAYS AS ((lower((name)::text) COLLATE "C")) STORED, CONSTRAINT check_name_nonempty CHECK ((name OPERATOR(<>) ''::citext)), CONSTRAINT repo_metadata_check CHECK ((jsonb_typeof(metadata) = 'object'::text)) ); @@ -1988,104 +1991,74 @@ CREATE SEQUENCE context_detection_embedding_jobs_id_seq ALTER SEQUENCE context_detection_embedding_jobs_id_seq OWNED BY context_detection_embedding_jobs.id; -CREATE TABLE critical_and_site_config ( - id integer NOT NULL, - type critical_or_site NOT NULL, - contents text NOT NULL, - created_at timestamp with time zone DEFAULT now() NOT NULL, - updated_at timestamp with time zone DEFAULT now() NOT NULL, - author_user_id integer, - redacted_contents text +CREATE TABLE contributor_data ( + author_email bytea NOT NULL, + repo_id integer NOT NULL, + author_name bytea NOT NULL, + most_recent_commit_sha text NOT NULL, + last_commit_date timestamp with time zone NOT NULL, + number_of_commits integer NOT NULL, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL ); -COMMENT ON COLUMN critical_and_site_config.author_user_id IS 'A null value indicates that this config was most likely added by code on the start-up path, for example from the SITE_CONFIG_FILE unless the config itself was added before this column existed in which case it could also have been a user.'; - -COMMENT ON COLUMN critical_and_site_config.redacted_contents IS 'This column stores the contents but redacts all secrets. The redacted form is a sha256 hash of the secret appended to the REDACTED string. This is used to generate diffs between two subsequent changes in a way that allows us to detect changes to any secrets while also ensuring that we do not leak it in the diff. A null value indicates that this config was added before this column was added or redacting the secrets during write failed so we skipped writing to this column instead of a hard failure.'; - -CREATE SEQUENCE critical_and_site_config_id_seq - START WITH 1 - INCREMENT BY 1 - NO MINVALUE - NO MAXVALUE - CACHE 1; - -ALTER SEQUENCE critical_and_site_config_id_seq OWNED BY critical_and_site_config.id; - -CREATE TABLE discussion_comments ( - id bigint NOT NULL, - thread_id bigint NOT NULL, - author_user_id integer NOT NULL, - contents text NOT NULL, - created_at timestamp with time zone DEFAULT now() NOT NULL, - updated_at timestamp with time zone DEFAULT now() NOT NULL, - deleted_at timestamp with time zone, - reports text[] DEFAULT '{}'::text[] NOT NULL, +CREATE TABLE contributor_jobs ( + id integer NOT NULL, + state text DEFAULT 'queued'::text, + failure_message text, + queued_at timestamp with time zone DEFAULT now(), + started_at timestamp with time zone, + finished_at timestamp with time zone, + process_after timestamp with time zone, + num_resets integer DEFAULT 0 NOT NULL, + num_failures integer DEFAULT 0 NOT NULL, + last_heartbeat_at timestamp with time zone, + execution_logs json[], + worker_hostname text DEFAULT ''::text NOT NULL, + cancel boolean DEFAULT false NOT NULL, + repo_id integer NOT NULL, + repo_name text NOT NULL, + from_commit text, tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL ); -CREATE SEQUENCE discussion_comments_id_seq +CREATE SEQUENCE contributor_jobs_id_seq + AS integer START WITH 1 INCREMENT BY 1 NO MINVALUE NO MAXVALUE CACHE 1; -ALTER SEQUENCE discussion_comments_id_seq OWNED BY discussion_comments.id; +ALTER SEQUENCE contributor_jobs_id_seq OWNED BY contributor_jobs.id; -CREATE TABLE discussion_mail_reply_tokens ( - token text NOT NULL, - user_id integer NOT NULL, - thread_id bigint NOT NULL, - deleted_at timestamp with time zone, +CREATE TABLE contributor_repos ( + repo_id integer NOT NULL, + last_processed_commit_sha text NOT NULL, tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL ); -CREATE TABLE discussion_threads ( - id bigint NOT NULL, - author_user_id integer NOT NULL, - title text, - target_repo_id bigint, +CREATE TABLE critical_and_site_config ( + id integer NOT NULL, + type critical_or_site NOT NULL, + contents text NOT NULL, created_at timestamp with time zone DEFAULT now() NOT NULL, - archived_at timestamp with time zone, updated_at timestamp with time zone DEFAULT now() NOT NULL, - deleted_at timestamp with time zone, - tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL + author_user_id integer, + redacted_contents text ); -CREATE SEQUENCE discussion_threads_id_seq - START WITH 1 - INCREMENT BY 1 - NO MINVALUE - NO MAXVALUE - CACHE 1; - -ALTER SEQUENCE discussion_threads_id_seq OWNED BY discussion_threads.id; +COMMENT ON COLUMN critical_and_site_config.author_user_id IS 'A null value indicates that this config was most likely added by code on the start-up path, for example from the SITE_CONFIG_FILE unless the config itself was added before this column existed in which case it could also have been a user.'; -CREATE TABLE discussion_threads_target_repo ( - id bigint NOT NULL, - thread_id bigint NOT NULL, - repo_id integer NOT NULL, - path text, - branch text, - revision text, - start_line integer, - end_line integer, - start_character integer, - end_character integer, - lines_before text, - lines text, - lines_after text, - tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL -); +COMMENT ON COLUMN critical_and_site_config.redacted_contents IS 'This column stores the contents but redacts all secrets. The redacted form is a sha256 hash of the secret appended to the REDACTED string. This is used to generate diffs between two subsequent changes in a way that allows us to detect changes to any secrets while also ensuring that we do not leak it in the diff. A null value indicates that this config was added before this column was added or redacting the secrets during write failed so we skipped writing to this column instead of a hard failure.'; -CREATE SEQUENCE discussion_threads_target_repo_id_seq +CREATE SEQUENCE critical_and_site_config_id_seq START WITH 1 INCREMENT BY 1 NO MINVALUE NO MAXVALUE CACHE 1; -ALTER SEQUENCE discussion_threads_target_repo_id_seq OWNED BY discussion_threads_target_repo.id; +ALTER SEQUENCE critical_and_site_config_id_seq OWNED BY critical_and_site_config.id; CREATE TABLE event_logs ( id bigint NOT NULL, @@ -2450,7 +2423,8 @@ CREATE TABLE external_service_sync_jobs ( repos_deleted integer DEFAULT 0 NOT NULL, repos_modified integer DEFAULT 0 NOT NULL, repos_unmodified integer DEFAULT 0 NOT NULL, - tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL, + repos_wanted_to_delete integer DEFAULT 0 NOT NULL ); COMMENT ON COLUMN external_service_sync_jobs.repos_synced IS 'The number of repos synced during this sync job.'; @@ -2487,22 +2461,6 @@ CREATE TABLE external_services ( CONSTRAINT check_non_empty_config CHECK ((btrim(config) <> ''::text)) ); -CREATE VIEW external_service_sync_jobs_with_next_sync_at AS - SELECT j.id, - j.state, - j.failure_message, - j.queued_at, - j.started_at, - j.finished_at, - j.process_after, - j.num_resets, - j.num_failures, - j.execution_logs, - j.external_service_id, - e.next_sync_at - FROM (external_services e - JOIN external_service_sync_jobs j ON ((e.id = j.external_service_id))); - CREATE SEQUENCE external_services_id_seq START WITH 1 INCREMENT BY 1 @@ -2659,7 +2617,8 @@ CREATE VIEW gitserver_relocator_jobs_with_repo_name AS glj.source_hostname, glj.dest_hostname, glj.delete_source, - r.name AS repo_name + r.name AS repo_name, + glj.tenant_id FROM (gitserver_relocator_jobs glj JOIN repo r ON ((r.id = glj.repo_id))); @@ -3030,7 +2989,8 @@ CREATE VIEW lsif_dumps AS associated_index_id, expired, last_retention_scan_at, - finished_at AS processed_at + finished_at AS processed_at, + tenant_id FROM lsif_uploads u WHERE ((state = 'completed'::text) OR (state = 'deleting'::text)); @@ -3066,7 +3026,8 @@ CREATE VIEW lsif_dumps_with_repository_name AS u.expired, u.last_retention_scan_at, u.processed_at, - r.name AS repository_name + r.name AS repository_name, + u.tenant_id FROM (lsif_dumps u JOIN repo r ON ((r.id = u.repository_id))) WHERE (r.deleted_at IS NULL); @@ -3177,7 +3138,8 @@ CREATE VIEW lsif_indexes_with_repository_name AS u.should_reindex, u.requested_envvars, r.name AS repository_name, - u.enqueuer_user_id + u.enqueuer_user_id, + u.tenant_id FROM (lsif_indexes u JOIN repo r ON ((r.id = u.repository_id))) WHERE (r.deleted_at IS NULL); @@ -3423,7 +3385,8 @@ CREATE VIEW lsif_uploads_with_repository_name AS u.expired, u.last_retention_scan_at, r.name AS repository_name, - u.uncompressed_size + u.uncompressed_size, + u.tenant_id FROM (lsif_uploads u JOIN repo r ON ((r.id = u.repository_id))) WHERE (r.deleted_at IS NULL); @@ -3850,7 +3813,8 @@ CREATE VIEW own_background_jobs_config_aware AS obj.cancel, obj.repo_id, obj.job_type, - osc.name AS config_name + osc.name AS config_name, + obj.tenant_id FROM (own_background_jobs obj JOIN own_signal_configurations osc ON ((obj.job_type = osc.id))) WHERE (osc.enabled IS TRUE); @@ -4044,6 +4008,28 @@ CREATE SEQUENCE phabricator_repos_id_seq ALTER SEQUENCE phabricator_repos_id_seq OWNED BY phabricator_repos.id; +CREATE TABLE prompt_tags ( + id integer NOT NULL, + name text NOT NULL, + created_by integer, + created_at timestamp with time zone DEFAULT now() NOT NULL, + updated_by integer, + updated_at timestamp with time zone DEFAULT now() NOT NULL, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL, + CONSTRAINT prompt_tags_name_max_length CHECK ((char_length(name) <= 255)), + CONSTRAINT prompt_tags_name_valid_chars CHECK ((name ~ ('^[a-zA-Z0-9](?:[a-zA-Z0-9]|[-._\s](?=[a-zA-Z0-9]))*-?$'::citext)::text)) +); + +CREATE SEQUENCE prompt_tags_id_seq + AS integer + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE prompt_tags_id_seq OWNED BY prompt_tags.id; + CREATE TABLE prompts ( id integer NOT NULL, name citext NOT NULL, @@ -4080,6 +4066,14 @@ CREATE SEQUENCE prompts_id_seq ALTER SEQUENCE prompts_id_seq OWNED BY prompts.id; +CREATE TABLE prompts_tags_mappings ( + prompt_id integer NOT NULL, + prompt_tag_id integer NOT NULL, + created_by integer, + created_at timestamp with time zone DEFAULT now() NOT NULL, + tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL +); + CREATE TABLE users ( id integer NOT NULL, username citext NOT NULL, @@ -4134,14 +4128,6 @@ CREATE VIEW prompts_view AS LEFT JOIN users ON ((users.id = prompts.owner_user_id))) LEFT JOIN orgs ON ((orgs.id = prompts.owner_org_id))); -CREATE TABLE query_runner_state ( - query text, - last_executed timestamp with time zone, - latest_result timestamp with time zone, - exec_duration_ns bigint, - tenant_id integer DEFAULT (current_setting('app.current_tenant'::text))::integer NOT NULL -); - CREATE VIEW reconciler_changesets AS SELECT c.id, c.batch_change_ids, @@ -4185,7 +4171,8 @@ CREATE VIEW reconciler_changesets AS c.external_fork_name, c.external_fork_namespace, c.detached_at, - c.previous_failure_message + c.previous_failure_message, + c.tenant_id FROM (changesets c JOIN repo r ON ((r.id = c.repo_id))) WHERE ((r.deleted_at IS NULL) AND (EXISTS ( SELECT 1 @@ -4731,7 +4718,8 @@ CREATE VIEW syntactic_scip_indexing_jobs_with_repository_name AS u.execution_logs, u.should_reindex, u.enqueuer_user_id, - r.name AS repository_name + r.name AS repository_name, + u.tenant_id FROM (syntactic_scip_indexing_jobs u JOIN repo r ON ((r.id = u.repository_id))) WHERE (r.deleted_at IS NULL); @@ -4820,8 +4808,10 @@ CREATE TABLE tenants ( workspace_id uuid NOT NULL, display_name text, state tenant_state DEFAULT 'active'::tenant_state NOT NULL, + external_url text DEFAULT ''::text NOT NULL, CONSTRAINT tenant_name_length CHECK (((char_length(name) <= 32) AND (char_length(name) >= 3))), - CONSTRAINT tenant_name_valid_chars CHECK ((name ~ '^[a-z](?:[a-z0-9\_-])*[a-z0-9]$'::text)) + CONSTRAINT tenant_name_valid_chars CHECK ((name ~ '^[a-z](?:[a-z0-9\_-])*[a-z0-9]$'::text)), + CONSTRAINT tenants_external_url_check CHECK ((lower(external_url) = external_url)) ); COMMENT ON TABLE tenants IS 'The table that holds all tenants known to the instance. In enterprise instances, this table will only contain the "default" tenant.'; @@ -4836,6 +4826,16 @@ COMMENT ON COLUMN tenants.display_name IS 'An optional display name for the tena COMMENT ON COLUMN tenants.state IS 'The state of the tenant. Can be active, suspended, dormant or deleted.'; +CREATE SEQUENCE tenants_id_seq + AS integer + START WITH 2 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE tenants_id_seq OWNED BY tenants.id; + CREATE VIEW tracking_changeset_specs_and_changesets AS SELECT changeset_specs.id AS changeset_spec_id, COALESCE(changesets.id, (0)::bigint) AS changeset_id, @@ -5237,13 +5237,9 @@ ALTER TABLE ONLY configuration_policies_audit_logs ALTER COLUMN sequence SET DEF ALTER TABLE ONLY context_detection_embedding_jobs ALTER COLUMN id SET DEFAULT nextval('context_detection_embedding_jobs_id_seq'::regclass); -ALTER TABLE ONLY critical_and_site_config ALTER COLUMN id SET DEFAULT nextval('critical_and_site_config_id_seq'::regclass); - -ALTER TABLE ONLY discussion_comments ALTER COLUMN id SET DEFAULT nextval('discussion_comments_id_seq'::regclass); +ALTER TABLE ONLY contributor_jobs ALTER COLUMN id SET DEFAULT nextval('contributor_jobs_id_seq'::regclass); -ALTER TABLE ONLY discussion_threads ALTER COLUMN id SET DEFAULT nextval('discussion_threads_id_seq'::regclass); - -ALTER TABLE ONLY discussion_threads_target_repo ALTER COLUMN id SET DEFAULT nextval('discussion_threads_target_repo_id_seq'::regclass); +ALTER TABLE ONLY critical_and_site_config ALTER COLUMN id SET DEFAULT nextval('critical_and_site_config_id_seq'::regclass); ALTER TABLE ONLY event_logs ALTER COLUMN id SET DEFAULT nextval('event_logs_id_seq'::regclass); @@ -5349,6 +5345,8 @@ ALTER TABLE ONLY permissions ALTER COLUMN id SET DEFAULT nextval('permissions_id ALTER TABLE ONLY phabricator_repos ALTER COLUMN id SET DEFAULT nextval('phabricator_repos_id_seq'::regclass); +ALTER TABLE ONLY prompt_tags ALTER COLUMN id SET DEFAULT nextval('prompt_tags_id_seq'::regclass); + ALTER TABLE ONLY prompts ALTER COLUMN id SET DEFAULT nextval('prompts_id_seq'::regclass); ALTER TABLE ONLY registry_extension_releases ALTER COLUMN id SET DEFAULT nextval('registry_extension_releases_id_seq'::regclass); @@ -5387,6 +5385,8 @@ ALTER TABLE ONLY teams ALTER COLUMN id SET DEFAULT nextval('teams_id_seq'::regcl ALTER TABLE ONLY temporary_settings ALTER COLUMN id SET DEFAULT nextval('temporary_settings_id_seq'::regclass); +ALTER TABLE ONLY tenants ALTER COLUMN id SET DEFAULT nextval('tenants_id_seq'::regclass); + ALTER TABLE ONLY user_credentials ALTER COLUMN id SET DEFAULT nextval('user_credentials_id_seq'::regclass); ALTER TABLE ONLY user_external_accounts ALTER COLUMN id SET DEFAULT nextval('user_external_accounts_id_seq'::regclass); @@ -5558,20 +5558,17 @@ ALTER TABLE ONLY commit_authors ALTER TABLE ONLY context_detection_embedding_jobs ADD CONSTRAINT context_detection_embedding_jobs_pkey PRIMARY KEY (id); -ALTER TABLE ONLY critical_and_site_config - ADD CONSTRAINT critical_and_site_config_pkey PRIMARY KEY (id); +ALTER TABLE ONLY contributor_data + ADD CONSTRAINT contributor_data_pkey PRIMARY KEY (tenant_id, author_email, author_name, repo_id); -ALTER TABLE ONLY discussion_comments - ADD CONSTRAINT discussion_comments_pkey PRIMARY KEY (id); +ALTER TABLE ONLY contributor_jobs + ADD CONSTRAINT contributor_jobs_pkey PRIMARY KEY (id); -ALTER TABLE ONLY discussion_mail_reply_tokens - ADD CONSTRAINT discussion_mail_reply_tokens_pkey PRIMARY KEY (token, tenant_id); +ALTER TABLE ONLY contributor_repos + ADD CONSTRAINT contributor_repos_pkey PRIMARY KEY (tenant_id, repo_id); -ALTER TABLE ONLY discussion_threads - ADD CONSTRAINT discussion_threads_pkey PRIMARY KEY (id); - -ALTER TABLE ONLY discussion_threads_target_repo - ADD CONSTRAINT discussion_threads_target_repo_pkey PRIMARY KEY (id); +ALTER TABLE ONLY critical_and_site_config + ADD CONSTRAINT critical_and_site_config_pkey PRIMARY KEY (id); ALTER TABLE ONLY event_logs ADD CONSTRAINT event_logs_pkey PRIMARY KEY (id); @@ -5618,6 +5615,9 @@ ALTER TABLE ONLY explicit_permissions_bitbucket_projects_jobs ALTER TABLE ONLY external_service_repos ADD CONSTRAINT external_service_repos_repo_id_external_service_id_unique UNIQUE (repo_id, external_service_id); +ALTER TABLE ONLY external_service_sync_jobs + ADD CONSTRAINT external_service_sync_jobs_pkey PRIMARY KEY (id); + ALTER TABLE ONLY external_services ADD CONSTRAINT external_services_pkey PRIMARY KEY (id); @@ -5801,9 +5801,18 @@ ALTER TABLE ONLY phabricator_repos ALTER TABLE ONLY phabricator_repos ADD CONSTRAINT phabricator_repos_repo_name_key UNIQUE (repo_name, tenant_id); +ALTER TABLE ONLY prompt_tags + ADD CONSTRAINT prompt_tags_pkey PRIMARY KEY (id); + +ALTER TABLE ONLY prompt_tags + ADD CONSTRAINT prompt_tags_tenant_id_name_key UNIQUE (tenant_id, name); + ALTER TABLE ONLY prompts ADD CONSTRAINT prompts_pkey PRIMARY KEY (id); +ALTER TABLE ONLY prompts_tags_mappings + ADD CONSTRAINT prompts_tags_mappings_pkey PRIMARY KEY (prompt_id, prompt_tag_id, tenant_id); + ALTER TABLE ONLY registry_extension_releases ADD CONSTRAINT registry_extension_releases_pkey PRIMARY KEY (id); @@ -5828,9 +5837,15 @@ ALTER TABLE ONLY repo_embedding_job_stats ALTER TABLE ONLY repo_embedding_jobs ADD CONSTRAINT repo_embedding_jobs_pkey PRIMARY KEY (id); +ALTER TABLE ONLY repo + ADD CONSTRAINT repo_external_unique UNIQUE (external_service_type, external_service_id, external_id, tenant_id); + ALTER TABLE ONLY repo_kvps ADD CONSTRAINT repo_kvps_pkey PRIMARY KEY (repo_id, key) INCLUDE (value); +ALTER TABLE ONLY repo + ADD CONSTRAINT repo_name_lower_unique UNIQUE (name_lower, tenant_id) DEFERRABLE; + ALTER TABLE ONLY repo ADD CONSTRAINT repo_name_unique UNIQUE (name, tenant_id) DEFERRABLE; @@ -6085,18 +6100,6 @@ CREATE INDEX configuration_policies_audit_logs_policy_id ON configuration_polici CREATE INDEX configuration_policies_audit_logs_timestamp ON configuration_policies_audit_logs USING brin (log_timestamp); -CREATE INDEX discussion_comments_author_user_id_idx ON discussion_comments USING btree (author_user_id); - -CREATE INDEX discussion_comments_reports_array_length_idx ON discussion_comments USING btree (array_length(reports, 1)); - -CREATE INDEX discussion_comments_thread_id_idx ON discussion_comments USING btree (thread_id); - -CREATE INDEX discussion_mail_reply_tokens_user_id_thread_id_idx ON discussion_mail_reply_tokens USING btree (user_id, thread_id); - -CREATE INDEX discussion_threads_author_user_id_idx ON discussion_threads USING btree (author_user_id); - -CREATE INDEX discussion_threads_target_repo_repo_id_path_idx ON discussion_threads_target_repo USING btree (repo_id, path); - CREATE INDEX event_logs_anonymous_user_id ON event_logs USING btree (anonymous_user_id); CREATE INDEX event_logs_name_timestamp ON event_logs USING btree (name, "timestamp" DESC); @@ -6349,8 +6352,6 @@ CREATE INDEX repo_description_trgm_idx ON repo USING gin (lower(description) gin CREATE INDEX repo_embedding_jobs_repo ON repo_embedding_jobs USING btree (repo_id, revision); -CREATE UNIQUE INDEX repo_external_unique_idx ON repo USING btree (external_service_type, external_service_id, external_id, tenant_id); - CREATE INDEX repo_fork ON repo USING btree (fork); CREATE INDEX repo_hashed_name_idx ON repo USING btree (sha256((lower((name)::text))::bytea)) WHERE (deleted_at IS NULL); @@ -6367,6 +6368,8 @@ CREATE INDEX repo_name_case_sensitive_trgm_idx ON repo USING gin (((name)::text) CREATE INDEX repo_name_idx ON repo USING btree (lower((name)::text) COLLATE "C"); +CREATE INDEX repo_name_lower_trgm_idx ON repo USING gin (name_lower gin_trgm_ops); + CREATE INDEX repo_name_trgm ON repo USING gin (lower((name)::text) gin_trgm_ops); CREATE INDEX repo_non_deleted_id_name_idx ON repo USING btree (id, name) WHERE (deleted_at IS NULL); @@ -6716,29 +6719,14 @@ ALTER TABLE ONLY codeowners_individual_stats ALTER TABLE ONLY codeowners ADD CONSTRAINT codeowners_repo_id_fkey FOREIGN KEY (repo_id) REFERENCES repo(id) ON DELETE CASCADE; -ALTER TABLE ONLY discussion_comments - ADD CONSTRAINT discussion_comments_author_user_id_fkey FOREIGN KEY (author_user_id) REFERENCES users(id) ON DELETE RESTRICT; - -ALTER TABLE ONLY discussion_comments - ADD CONSTRAINT discussion_comments_thread_id_fkey FOREIGN KEY (thread_id) REFERENCES discussion_threads(id) ON DELETE CASCADE; - -ALTER TABLE ONLY discussion_mail_reply_tokens - ADD CONSTRAINT discussion_mail_reply_tokens_thread_id_fkey FOREIGN KEY (thread_id) REFERENCES discussion_threads(id) ON DELETE CASCADE; +ALTER TABLE ONLY contributor_data + ADD CONSTRAINT contributor_data_repo_id_fkey FOREIGN KEY (repo_id) REFERENCES repo(id) ON DELETE CASCADE; -ALTER TABLE ONLY discussion_mail_reply_tokens - ADD CONSTRAINT discussion_mail_reply_tokens_user_id_fkey FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE RESTRICT; +ALTER TABLE ONLY contributor_jobs + ADD CONSTRAINT contributor_jobs_repo_id_fkey FOREIGN KEY (repo_id) REFERENCES repo(id) ON DELETE CASCADE; -ALTER TABLE ONLY discussion_threads - ADD CONSTRAINT discussion_threads_author_user_id_fkey FOREIGN KEY (author_user_id) REFERENCES users(id) ON DELETE RESTRICT; - -ALTER TABLE ONLY discussion_threads - ADD CONSTRAINT discussion_threads_target_repo_id_fk FOREIGN KEY (target_repo_id) REFERENCES discussion_threads_target_repo(id) ON DELETE CASCADE; - -ALTER TABLE ONLY discussion_threads_target_repo - ADD CONSTRAINT discussion_threads_target_repo_repo_id_fkey FOREIGN KEY (repo_id) REFERENCES repo(id) ON DELETE CASCADE; - -ALTER TABLE ONLY discussion_threads_target_repo - ADD CONSTRAINT discussion_threads_target_repo_thread_id_fkey FOREIGN KEY (thread_id) REFERENCES discussion_threads(id) ON DELETE CASCADE; +ALTER TABLE ONLY contributor_repos + ADD CONSTRAINT contributor_repos_repo_id_fkey FOREIGN KEY (repo_id) REFERENCES repo(id) ON DELETE CASCADE; ALTER TABLE ONLY executor_secret_access_logs ADD CONSTRAINT executor_secret_access_logs_executor_secret_id_fkey FOREIGN KEY (executor_secret_id) REFERENCES executor_secrets(id) ON DELETE CASCADE; @@ -6941,6 +6929,12 @@ ALTER TABLE ONLY permission_sync_jobs ALTER TABLE ONLY permission_sync_jobs ADD CONSTRAINT permission_sync_jobs_user_id_fkey FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE; +ALTER TABLE ONLY prompt_tags + ADD CONSTRAINT prompt_tags_created_by_fkey FOREIGN KEY (created_by) REFERENCES users(id) ON DELETE SET NULL; + +ALTER TABLE ONLY prompt_tags + ADD CONSTRAINT prompt_tags_updated_by_fkey FOREIGN KEY (updated_by) REFERENCES users(id) ON DELETE SET NULL; + ALTER TABLE ONLY prompts ADD CONSTRAINT prompts_created_by_fkey FOREIGN KEY (created_by) REFERENCES users(id) ON DELETE SET NULL; @@ -6950,6 +6944,15 @@ ALTER TABLE ONLY prompts ALTER TABLE ONLY prompts ADD CONSTRAINT prompts_owner_user_id_fkey FOREIGN KEY (owner_user_id) REFERENCES users(id) ON DELETE CASCADE; +ALTER TABLE ONLY prompts_tags_mappings + ADD CONSTRAINT prompts_tags_mappings_created_by_fkey FOREIGN KEY (created_by) REFERENCES users(id) ON DELETE SET NULL; + +ALTER TABLE ONLY prompts_tags_mappings + ADD CONSTRAINT prompts_tags_mappings_prompt_id_fkey FOREIGN KEY (prompt_id) REFERENCES prompts(id) ON DELETE CASCADE; + +ALTER TABLE ONLY prompts_tags_mappings + ADD CONSTRAINT prompts_tags_mappings_prompt_tag_id_fkey FOREIGN KEY (prompt_tag_id) REFERENCES prompt_tags(id) ON DELETE CASCADE; + ALTER TABLE ONLY prompts ADD CONSTRAINT prompts_updated_by_fkey FOREIGN KEY (updated_by) REFERENCES users(id) ON DELETE SET NULL; @@ -6989,9 +6992,6 @@ ALTER TABLE ONLY repo_paths ALTER TABLE ONLY repo_update_jobs ADD CONSTRAINT repo_update_jobs_repository_id_fkey FOREIGN KEY (repository_id) REFERENCES repo(id) ON DELETE CASCADE; -ALTER TABLE ONLY repo_update_jobs - ADD CONSTRAINT repo_update_jobs_tenant_id_fkey FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON UPDATE CASCADE ON DELETE CASCADE; - ALTER TABLE ONLY role_permissions ADD CONSTRAINT role_permissions_permission_id_fkey FOREIGN KEY (permission_id) REFERENCES permissions(id) ON DELETE CASCADE DEFERRABLE; @@ -7114,659 +7114,663 @@ ALTER TABLE ONLY zoekt_repos ALTER TABLE access_requests ENABLE ROW LEVEL SECURITY; -CREATE POLICY access_requests_isolation_policy ON access_requests USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE access_tokens ENABLE ROW LEVEL SECURITY; -CREATE POLICY access_tokens_isolation_policy ON access_tokens USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE aggregated_user_statistics ENABLE ROW LEVEL SECURITY; -CREATE POLICY aggregated_user_statistics_isolation_policy ON aggregated_user_statistics USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE assigned_owners ENABLE ROW LEVEL SECURITY; -CREATE POLICY assigned_owners_isolation_policy ON assigned_owners USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE assigned_teams ENABLE ROW LEVEL SECURITY; -CREATE POLICY assigned_teams_isolation_policy ON assigned_teams USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_changes ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_changes_isolation_policy ON batch_changes USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_changes_site_credentials ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_changes_site_credentials_isolation_policy ON batch_changes_site_credentials USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_spec_execution_cache_entries ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_spec_execution_cache_entries_isolation_policy ON batch_spec_execution_cache_entries USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_spec_resolution_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_spec_resolution_jobs_isolation_policy ON batch_spec_resolution_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_spec_workspace_execution_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_spec_workspace_execution_jobs_isolation_policy ON batch_spec_workspace_execution_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_spec_workspace_execution_last_dequeues ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_spec_workspace_execution_last_dequeues_isolation_policy ON batch_spec_workspace_execution_last_dequeues USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_spec_workspace_files ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_spec_workspace_files_isolation_policy ON batch_spec_workspace_files USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_spec_workspaces ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_spec_workspaces_isolation_policy ON batch_spec_workspaces USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE batch_specs ENABLE ROW LEVEL SECURITY; -CREATE POLICY batch_specs_isolation_policy ON batch_specs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cached_available_indexers ENABLE ROW LEVEL SECURITY; -CREATE POLICY cached_available_indexers_isolation_policy ON cached_available_indexers USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE changeset_events ENABLE ROW LEVEL SECURITY; -CREATE POLICY changeset_events_isolation_policy ON changeset_events USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE changeset_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY changeset_jobs_isolation_policy ON changeset_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE changeset_specs ENABLE ROW LEVEL SECURITY; -CREATE POLICY changeset_specs_isolation_policy ON changeset_specs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE changesets ENABLE ROW LEVEL SECURITY; -CREATE POLICY changesets_isolation_policy ON changesets USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_action_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_action_jobs_isolation_policy ON cm_action_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_emails ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_emails_isolation_policy ON cm_emails USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_last_searched ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_last_searched_isolation_policy ON cm_last_searched USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_monitors ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_monitors_isolation_policy ON cm_monitors USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_queries ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_queries_isolation_policy ON cm_queries USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_recipients ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_recipients_isolation_policy ON cm_recipients USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_slack_webhooks ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_slack_webhooks_isolation_policy ON cm_slack_webhooks USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_trigger_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_trigger_jobs_isolation_policy ON cm_trigger_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE cm_webhooks ENABLE ROW LEVEL SECURITY; -CREATE POLICY cm_webhooks_isolation_policy ON cm_webhooks USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE code_hosts ENABLE ROW LEVEL SECURITY; -CREATE POLICY code_hosts_isolation_policy ON code_hosts USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeintel_autoindex_queue ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_autoindex_queue_isolation_policy ON codeintel_autoindex_queue USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeintel_autoindexing_exceptions ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_autoindexing_exceptions_isolation_policy ON codeintel_autoindexing_exceptions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeintel_commit_dates ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_commit_dates_isolation_policy ON codeintel_commit_dates USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeintel_inference_scripts ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_inference_scripts_isolation_policy ON codeintel_inference_scripts USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeintel_langugage_support_requests ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeintel_langugage_support_requests_isolation_policy ON codeintel_langugage_support_requests USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); - ALTER TABLE codeowners ENABLE ROW LEVEL SECURITY; ALTER TABLE codeowners_individual_stats ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeowners_individual_stats_isolation_policy ON codeowners_individual_stats USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE codeowners_owners ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeowners_isolation_policy ON codeowners USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE cody_audit_log ENABLE ROW LEVEL SECURITY; -ALTER TABLE codeowners_owners ENABLE ROW LEVEL SECURITY; +ALTER TABLE commit_authors ENABLE ROW LEVEL SECURITY; -CREATE POLICY codeowners_owners_isolation_policy ON codeowners_owners USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE configuration_policies_audit_logs ENABLE ROW LEVEL SECURITY; -ALTER TABLE cody_audit_log ENABLE ROW LEVEL SECURITY; +ALTER TABLE context_detection_embedding_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY cody_audit_log_isolation_policy ON cody_audit_log USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE contributor_data ENABLE ROW LEVEL SECURITY; -ALTER TABLE commit_authors ENABLE ROW LEVEL SECURITY; +ALTER TABLE contributor_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY commit_authors_isolation_policy ON commit_authors USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE contributor_repos ENABLE ROW LEVEL SECURITY; -ALTER TABLE configuration_policies_audit_logs ENABLE ROW LEVEL SECURITY; +ALTER TABLE event_logs ENABLE ROW LEVEL SECURITY; -CREATE POLICY configuration_policies_audit_logs_isolation_policy ON configuration_policies_audit_logs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE event_logs_scrape_state ENABLE ROW LEVEL SECURITY; -ALTER TABLE context_detection_embedding_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE event_logs_scrape_state_own ENABLE ROW LEVEL SECURITY; -CREATE POLICY context_detection_embedding_jobs_isolation_policy ON context_detection_embedding_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE executor_heartbeats ENABLE ROW LEVEL SECURITY; -ALTER TABLE discussion_comments ENABLE ROW LEVEL SECURITY; +ALTER TABLE executor_job_tokens ENABLE ROW LEVEL SECURITY; -CREATE POLICY discussion_comments_isolation_policy ON discussion_comments USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE executor_secret_access_logs ENABLE ROW LEVEL SECURITY; -ALTER TABLE discussion_mail_reply_tokens ENABLE ROW LEVEL SECURITY; +ALTER TABLE executor_secrets ENABLE ROW LEVEL SECURITY; -CREATE POLICY discussion_mail_reply_tokens_isolation_policy ON discussion_mail_reply_tokens USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE exhaustive_search_jobs ENABLE ROW LEVEL SECURITY; -ALTER TABLE discussion_threads ENABLE ROW LEVEL SECURITY; +ALTER TABLE exhaustive_search_repo_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY discussion_threads_isolation_policy ON discussion_threads USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE exhaustive_search_repo_revision_jobs ENABLE ROW LEVEL SECURITY; -ALTER TABLE discussion_threads_target_repo ENABLE ROW LEVEL SECURITY; +ALTER TABLE explicit_permissions_bitbucket_projects_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY discussion_threads_target_repo_isolation_policy ON discussion_threads_target_repo USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE external_service_repos ENABLE ROW LEVEL SECURITY; -ALTER TABLE event_logs ENABLE ROW LEVEL SECURITY; +ALTER TABLE external_service_sync_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY event_logs_isolation_policy ON event_logs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE external_services ENABLE ROW LEVEL SECURITY; -ALTER TABLE event_logs_scrape_state ENABLE ROW LEVEL SECURITY; +ALTER TABLE feature_flag_overrides ENABLE ROW LEVEL SECURITY; -CREATE POLICY event_logs_scrape_state_isolation_policy ON event_logs_scrape_state USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE feature_flags ENABLE ROW LEVEL SECURITY; -ALTER TABLE event_logs_scrape_state_own ENABLE ROW LEVEL SECURITY; +ALTER TABLE github_app_installs ENABLE ROW LEVEL SECURITY; -CREATE POLICY event_logs_scrape_state_own_isolation_policy ON event_logs_scrape_state_own USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE github_apps ENABLE ROW LEVEL SECURITY; -ALTER TABLE executor_heartbeats ENABLE ROW LEVEL SECURITY; +ALTER TABLE gitserver_relocator_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY executor_heartbeats_isolation_policy ON executor_heartbeats USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE gitserver_repos ENABLE ROW LEVEL SECURITY; -ALTER TABLE executor_job_tokens ENABLE ROW LEVEL SECURITY; +ALTER TABLE gitserver_repos_statistics ENABLE ROW LEVEL SECURITY; -CREATE POLICY executor_job_tokens_isolation_policy ON executor_job_tokens USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE gitserver_repos_sync_output ENABLE ROW LEVEL SECURITY; -ALTER TABLE executor_secret_access_logs ENABLE ROW LEVEL SECURITY; +ALTER TABLE global_state ENABLE ROW LEVEL SECURITY; -CREATE POLICY executor_secret_access_logs_isolation_policy ON executor_secret_access_logs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE insights_query_runner_jobs ENABLE ROW LEVEL SECURITY; -ALTER TABLE executor_secrets ENABLE ROW LEVEL SECURITY; +ALTER TABLE insights_query_runner_jobs_dependencies ENABLE ROW LEVEL SECURITY; -CREATE POLICY executor_secrets_isolation_policy ON executor_secrets USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE insights_settings_migration_jobs ENABLE ROW LEVEL SECURITY; -ALTER TABLE exhaustive_search_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_configuration_policies ENABLE ROW LEVEL SECURITY; -CREATE POLICY exhaustive_search_jobs_isolation_policy ON exhaustive_search_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_configuration_policies_repository_pattern_lookup ENABLE ROW LEVEL SECURITY; -ALTER TABLE exhaustive_search_repo_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_dependency_indexing_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY exhaustive_search_repo_jobs_isolation_policy ON exhaustive_search_repo_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_dependency_repos ENABLE ROW LEVEL SECURITY; -ALTER TABLE exhaustive_search_repo_revision_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_dependency_syncing_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY exhaustive_search_repo_revision_jobs_isolation_policy ON exhaustive_search_repo_revision_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_dirty_repositories ENABLE ROW LEVEL SECURITY; -ALTER TABLE explicit_permissions_bitbucket_projects_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_index_configuration ENABLE ROW LEVEL SECURITY; -CREATE POLICY explicit_permissions_bitbucket_projects_jobs_isolation_policy ON explicit_permissions_bitbucket_projects_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_indexes ENABLE ROW LEVEL SECURITY; -ALTER TABLE external_service_repos ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_last_index_scan ENABLE ROW LEVEL SECURITY; -CREATE POLICY external_service_repos_isolation_policy ON external_service_repos USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_last_retention_scan ENABLE ROW LEVEL SECURITY; -ALTER TABLE external_service_sync_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_nearest_uploads ENABLE ROW LEVEL SECURITY; -CREATE POLICY external_service_sync_jobs_isolation_policy ON external_service_sync_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_nearest_uploads_links ENABLE ROW LEVEL SECURITY; -ALTER TABLE external_services ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_packages ENABLE ROW LEVEL SECURITY; -CREATE POLICY external_services_isolation_policy ON external_services USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_references ENABLE ROW LEVEL SECURITY; -ALTER TABLE feature_flag_overrides ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_retention_configuration ENABLE ROW LEVEL SECURITY; -CREATE POLICY feature_flag_overrides_isolation_policy ON feature_flag_overrides USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_uploads ENABLE ROW LEVEL SECURITY; -ALTER TABLE feature_flags ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_uploads_audit_logs ENABLE ROW LEVEL SECURITY; -CREATE POLICY feature_flags_isolation_policy ON feature_flags USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_uploads_reference_counts ENABLE ROW LEVEL SECURITY; -ALTER TABLE github_app_installs ENABLE ROW LEVEL SECURITY; +ALTER TABLE lsif_uploads_visible_at_tip ENABLE ROW LEVEL SECURITY; -CREATE POLICY github_app_installs_isolation_policy ON github_app_installs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE lsif_uploads_vulnerability_scan ENABLE ROW LEVEL SECURITY; -ALTER TABLE github_apps ENABLE ROW LEVEL SECURITY; +ALTER TABLE names ENABLE ROW LEVEL SECURITY; -CREATE POLICY github_apps_isolation_policy ON github_apps USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE namespace_permissions ENABLE ROW LEVEL SECURITY; -ALTER TABLE gitserver_relocator_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE notebook_stars ENABLE ROW LEVEL SECURITY; -CREATE POLICY gitserver_relocator_jobs_isolation_policy ON gitserver_relocator_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE notebooks ENABLE ROW LEVEL SECURITY; -ALTER TABLE gitserver_repos ENABLE ROW LEVEL SECURITY; +ALTER TABLE org_invitations ENABLE ROW LEVEL SECURITY; -CREATE POLICY gitserver_repos_isolation_policy ON gitserver_repos USING (((current_setting('app.current_tenant'::text) = 'zoekttenant'::text) OR (tenant_id = (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant'::text))::integer))); +ALTER TABLE org_members ENABLE ROW LEVEL SECURITY; -ALTER TABLE gitserver_repos_statistics ENABLE ROW LEVEL SECURITY; +ALTER TABLE org_stats ENABLE ROW LEVEL SECURITY; -CREATE POLICY gitserver_repos_statistics_isolation_policy ON gitserver_repos_statistics USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE orgs ENABLE ROW LEVEL SECURITY; -ALTER TABLE gitserver_repos_sync_output ENABLE ROW LEVEL SECURITY; +ALTER TABLE out_of_band_migrations_errors ENABLE ROW LEVEL SECURITY; -CREATE POLICY gitserver_repos_sync_output_isolation_policy ON gitserver_repos_sync_output USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE outbound_webhook_event_types ENABLE ROW LEVEL SECURITY; -ALTER TABLE global_state ENABLE ROW LEVEL SECURITY; +ALTER TABLE outbound_webhook_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY global_state_isolation_policy ON global_state USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE outbound_webhook_logs ENABLE ROW LEVEL SECURITY; -ALTER TABLE insights_query_runner_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE outbound_webhooks ENABLE ROW LEVEL SECURITY; -ALTER TABLE insights_query_runner_jobs_dependencies ENABLE ROW LEVEL SECURITY; +ALTER TABLE own_aggregate_recent_contribution ENABLE ROW LEVEL SECURITY; -CREATE POLICY insights_query_runner_jobs_dependencies_isolation_policy ON insights_query_runner_jobs_dependencies USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE own_aggregate_recent_view ENABLE ROW LEVEL SECURITY; -CREATE POLICY insights_query_runner_jobs_isolation_policy ON insights_query_runner_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE own_background_jobs ENABLE ROW LEVEL SECURITY; -ALTER TABLE insights_settings_migration_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE own_signal_configurations ENABLE ROW LEVEL SECURITY; -CREATE POLICY insights_settings_migration_jobs_isolation_policy ON insights_settings_migration_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE own_signal_recent_contribution ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_configuration_policies ENABLE ROW LEVEL SECURITY; +ALTER TABLE ownership_path_stats ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_configuration_policies_isolation_policy ON lsif_configuration_policies USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE package_repo_filters ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_configuration_policies_repository_pattern_lookup ENABLE ROW LEVEL SECURITY; +ALTER TABLE package_repo_versions ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_configuration_policies_repository_pattern_lookup_isolation ON lsif_configuration_policies_repository_pattern_lookup USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE permission_sync_jobs ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_dependency_indexing_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE permissions ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_dependency_indexing_jobs_isolation_policy ON lsif_dependency_indexing_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE phabricator_repos ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_dependency_repos ENABLE ROW LEVEL SECURITY; +ALTER TABLE prompt_tags ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_dependency_repos_isolation_policy ON lsif_dependency_repos USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE prompts ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_dependency_syncing_jobs ENABLE ROW LEVEL SECURITY; +ALTER TABLE prompts_tags_mappings ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_dependency_syncing_jobs_isolation_policy ON lsif_dependency_syncing_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE registry_extension_releases ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_dirty_repositories ENABLE ROW LEVEL SECURITY; +ALTER TABLE registry_extensions ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_dirty_repositories_isolation_policy ON lsif_dirty_repositories USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE repo ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_index_configuration ENABLE ROW LEVEL SECURITY; +ALTER TABLE repo_commits_changelists ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_index_configuration_isolation_policy ON lsif_index_configuration USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE repo_context_stats ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_indexes ENABLE ROW LEVEL SECURITY; +ALTER TABLE repo_context_stats_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_indexes_isolation_policy ON lsif_indexes USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE repo_embedding_job_stats ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_last_index_scan ENABLE ROW LEVEL SECURITY; +ALTER TABLE repo_embedding_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_last_index_scan_isolation_policy ON lsif_last_index_scan USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE repo_kvps ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_last_retention_scan ENABLE ROW LEVEL SECURITY; +ALTER TABLE repo_paths ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_last_retention_scan_isolation_policy ON lsif_last_retention_scan USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE repo_pending_permissions ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_nearest_uploads ENABLE ROW LEVEL SECURITY; +ALTER TABLE repo_permissions ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_nearest_uploads_isolation_policy ON lsif_nearest_uploads USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE repo_statistics ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_nearest_uploads_links ENABLE ROW LEVEL SECURITY; +ALTER TABLE repo_update_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_nearest_uploads_links_isolation_policy ON lsif_nearest_uploads_links USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE role_permissions ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_packages ENABLE ROW LEVEL SECURITY; +ALTER TABLE roles ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_packages_isolation_policy ON lsif_packages USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE saved_searches ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_references ENABLE ROW LEVEL SECURITY; +ALTER TABLE search_context_default ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_references_isolation_policy ON lsif_references USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE search_context_repos ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_retention_configuration ENABLE ROW LEVEL SECURITY; +ALTER TABLE search_context_stars ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_retention_configuration_isolation_policy ON lsif_retention_configuration USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE search_contexts ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_uploads ENABLE ROW LEVEL SECURITY; +ALTER TABLE security_event_logs ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_uploads_audit_logs ENABLE ROW LEVEL SECURITY; +ALTER TABLE settings ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_uploads_audit_logs_isolation_policy ON lsif_uploads_audit_logs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE sub_repo_permissions ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_uploads_isolation_policy ON lsif_uploads USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE survey_responses ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_uploads_reference_counts ENABLE ROW LEVEL SECURITY; +ALTER TABLE syntactic_scip_indexing_jobs ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_uploads_reference_counts_isolation_policy ON lsif_uploads_reference_counts USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE syntactic_scip_last_index_scan ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_uploads_visible_at_tip ENABLE ROW LEVEL SECURITY; +ALTER TABLE team_members ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_uploads_visible_at_tip_isolation_policy ON lsif_uploads_visible_at_tip USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE teams ENABLE ROW LEVEL SECURITY; -ALTER TABLE lsif_uploads_vulnerability_scan ENABLE ROW LEVEL SECURITY; +ALTER TABLE telemetry_events_export_queue ENABLE ROW LEVEL SECURITY; -CREATE POLICY lsif_uploads_vulnerability_scan_isolation_policy ON lsif_uploads_vulnerability_scan USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +ALTER TABLE temporary_settings ENABLE ROW LEVEL SECURITY; -ALTER TABLE names ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON access_requests USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY names_isolation_policy ON names USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON access_tokens USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE namespace_permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON aggregated_user_statistics USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY namespace_permissions_isolation_policy ON namespace_permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON assigned_owners USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE notebook_stars ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON assigned_teams USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY notebook_stars_isolation_policy ON notebook_stars USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON batch_changes USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE notebooks ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON batch_changes_site_credentials USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY notebooks_isolation_policy ON notebooks USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON batch_spec_execution_cache_entries USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE org_invitations ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON batch_spec_resolution_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY org_invitations_isolation_policy ON org_invitations USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON batch_spec_workspace_execution_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE org_members ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON batch_spec_workspace_execution_last_dequeues USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY org_members_isolation_policy ON org_members USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON batch_spec_workspace_files USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE org_stats ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON batch_spec_workspaces USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY org_stats_isolation_policy ON org_stats USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON batch_specs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE orgs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON cached_available_indexers USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY orgs_isolation_policy ON orgs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON changeset_events USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE out_of_band_migrations_errors ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON changeset_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY out_of_band_migrations_errors_isolation_policy ON out_of_band_migrations_errors USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON changeset_specs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE outbound_webhook_event_types ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON changesets USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY outbound_webhook_event_types_isolation_policy ON outbound_webhook_event_types USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON cm_action_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE outbound_webhook_jobs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON cm_emails USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY outbound_webhook_jobs_isolation_policy ON outbound_webhook_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON cm_last_searched USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE outbound_webhook_logs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON cm_monitors USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY outbound_webhook_logs_isolation_policy ON outbound_webhook_logs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON cm_queries USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE outbound_webhooks ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON cm_recipients USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY outbound_webhooks_isolation_policy ON outbound_webhooks USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON cm_slack_webhooks USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE own_aggregate_recent_contribution ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON cm_trigger_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY own_aggregate_recent_contribution_isolation_policy ON own_aggregate_recent_contribution USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON cm_webhooks USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE own_aggregate_recent_view ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON code_hosts USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY own_aggregate_recent_view_isolation_policy ON own_aggregate_recent_view USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON codeintel_autoindex_queue USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE own_background_jobs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON codeintel_autoindexing_exceptions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY own_background_jobs_isolation_policy ON own_background_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON codeintel_commit_dates USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE own_signal_configurations ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON codeintel_inference_scripts USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY own_signal_configurations_isolation_policy ON own_signal_configurations USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON codeintel_langugage_support_requests USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE own_signal_recent_contribution ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON codeowners USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY own_signal_recent_contribution_isolation_policy ON own_signal_recent_contribution USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON codeowners_individual_stats USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE ownership_path_stats ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON codeowners_owners USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY ownership_path_stats_isolation_policy ON ownership_path_stats USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON cody_audit_log USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE package_repo_filters ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON commit_authors USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY package_repo_filters_isolation_policy ON package_repo_filters USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON configuration_policies_audit_logs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE package_repo_versions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON context_detection_embedding_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY package_repo_versions_isolation_policy ON package_repo_versions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON contributor_data USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE permission_sync_jobs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON contributor_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY permission_sync_jobs_isolation_policy ON permission_sync_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON contributor_repos USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON event_logs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY permissions_isolation_policy ON permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON event_logs_scrape_state USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE phabricator_repos ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON event_logs_scrape_state_own USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY phabricator_repos_isolation_policy ON phabricator_repos USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON executor_heartbeats USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE prompts ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON executor_job_tokens USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY prompts_isolation_policy ON prompts USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON executor_secret_access_logs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE query_runner_state ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON executor_secrets USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY query_runner_state_isolation_policy ON query_runner_state USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON exhaustive_search_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE registry_extension_releases ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON exhaustive_search_repo_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY registry_extension_releases_isolation_policy ON registry_extension_releases USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON exhaustive_search_repo_revision_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE registry_extensions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON explicit_permissions_bitbucket_projects_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY registry_extensions_isolation_policy ON registry_extensions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON external_service_repos USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE repo ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON external_service_sync_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE repo_commits_changelists ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON external_services USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_commits_changelists_isolation_policy ON repo_commits_changelists USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON feature_flag_overrides USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE repo_context_stats ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON feature_flags USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_context_stats_isolation_policy ON repo_context_stats USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON github_app_installs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE repo_context_stats_jobs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON github_apps USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_context_stats_jobs_isolation_policy ON repo_context_stats_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON gitserver_relocator_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE repo_embedding_job_stats ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON gitserver_repos USING ((( SELECT (current_setting('app.current_tenant'::text) = 'zoekttenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant'::text))::integer AS current_tenant)))); -CREATE POLICY repo_embedding_job_stats_isolation_policy ON repo_embedding_job_stats USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON gitserver_repos_statistics USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE repo_embedding_jobs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON gitserver_repos_sync_output USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_embedding_jobs_isolation_policy ON repo_embedding_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON global_state USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_isolation_policy ON repo USING (((current_setting('app.current_tenant'::text) = 'zoekttenant'::text) OR (tenant_id = (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant'::text))::integer))); +CREATE POLICY tenant_isolation_policy ON insights_query_runner_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE repo_kvps ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON insights_query_runner_jobs_dependencies USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_kvps_isolation_policy ON repo_kvps USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON insights_settings_migration_jobs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE repo_paths ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_configuration_policies USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_paths_isolation_policy ON repo_paths USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_configuration_policies_repository_pattern_lookup USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE repo_pending_permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_dependency_indexing_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY repo_pending_permissions_isolation_policy ON repo_pending_permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_dependency_repos USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE repo_permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_dependency_syncing_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY repo_permissions_isolation_policy ON repo_permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_dirty_repositories USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE repo_statistics ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_index_configuration USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_statistics_isolation_policy ON repo_statistics USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_indexes USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE repo_update_jobs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_last_index_scan USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY repo_update_jobs_isolation_policy ON repo_update_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_last_retention_scan USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE role_permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_nearest_uploads USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY role_permissions_isolation_policy ON role_permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_nearest_uploads_links USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE roles ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_packages USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY roles_isolation_policy ON roles USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_references USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE saved_searches ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_retention_configuration USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY saved_searches_isolation_policy ON saved_searches USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_uploads USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE search_context_default ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_uploads_audit_logs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY search_context_default_isolation_policy ON search_context_default USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_uploads_reference_counts USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE search_context_repos ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON lsif_uploads_visible_at_tip USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY search_context_repos_isolation_policy ON search_context_repos USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON lsif_uploads_vulnerability_scan USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE search_context_stars ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON names USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY search_context_stars_isolation_policy ON search_context_stars USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON namespace_permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE search_contexts ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON notebook_stars USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY search_contexts_isolation_policy ON search_contexts USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON notebooks USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE security_event_logs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON org_invitations USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY security_event_logs_isolation_policy ON security_event_logs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON org_members USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE settings ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON org_stats USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY settings_isolation_policy ON settings USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON orgs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE sub_repo_permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON out_of_band_migrations_errors USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY sub_repo_permissions_isolation_policy ON sub_repo_permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON outbound_webhook_event_types USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE survey_responses ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON outbound_webhook_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY survey_responses_isolation_policy ON survey_responses USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON outbound_webhook_logs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE syntactic_scip_indexing_jobs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON outbound_webhooks USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY syntactic_scip_indexing_jobs_isolation_policy ON syntactic_scip_indexing_jobs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON own_aggregate_recent_contribution USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE syntactic_scip_last_index_scan ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON own_aggregate_recent_view USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY syntactic_scip_last_index_scan_isolation_policy ON syntactic_scip_last_index_scan USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON own_background_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE team_members ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON own_signal_configurations USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY team_members_isolation_policy ON team_members USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON own_signal_recent_contribution USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE teams ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON ownership_path_stats USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY teams_isolation_policy ON teams USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON package_repo_filters USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE telemetry_events_export_queue ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON package_repo_versions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY telemetry_events_export_queue_isolation_policy ON telemetry_events_export_queue USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON permission_sync_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -ALTER TABLE temporary_settings ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY temporary_settings_isolation_policy ON temporary_settings USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON phabricator_repos USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE user_credentials ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON prompt_tags USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY user_credentials_isolation_policy ON user_credentials USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON prompts USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE user_emails ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON prompts_tags_mappings USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY user_emails_isolation_policy ON user_emails USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON registry_extension_releases USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE user_external_accounts ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON registry_extensions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY user_external_accounts_isolation_policy ON user_external_accounts USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON repo USING ((( SELECT (current_setting('app.current_tenant'::text) = 'zoekttenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant'::text))::integer AS current_tenant)))); -ALTER TABLE user_onboarding_tour ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON repo_commits_changelists USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY user_onboarding_tour_isolation_policy ON user_onboarding_tour USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON repo_context_stats USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE user_pending_permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON repo_context_stats_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY user_pending_permissions_isolation_policy ON user_pending_permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON repo_embedding_job_stats USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE user_permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON repo_embedding_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY user_permissions_isolation_policy ON user_permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON repo_kvps USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE user_repo_permissions ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON repo_paths USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY user_repo_permissions_isolation_policy ON user_repo_permissions USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON repo_pending_permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE user_roles ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON repo_permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY user_roles_isolation_policy ON user_roles USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON repo_statistics USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE users ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON repo_update_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY users_isolation_policy ON users USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON role_permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE vulnerabilities ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON roles USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY vulnerabilities_isolation_policy ON vulnerabilities USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON saved_searches USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE vulnerability_affected_packages ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON search_context_default USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY vulnerability_affected_packages_isolation_policy ON vulnerability_affected_packages USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON search_context_repos USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE vulnerability_affected_symbols ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON search_context_stars USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY vulnerability_affected_symbols_isolation_policy ON vulnerability_affected_symbols USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON search_contexts USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE vulnerability_matches ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON security_event_logs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY vulnerability_matches_isolation_policy ON vulnerability_matches USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON settings USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE webhook_logs ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON sub_repo_permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY webhook_logs_isolation_policy ON webhook_logs USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON survey_responses USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE webhooks ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON syntactic_scip_indexing_jobs USING ((( SELECT (current_setting('app.current_tenant'::text) = 'workertenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'workertenant'::text))::integer AS current_tenant)))); -CREATE POLICY webhooks_isolation_policy ON webhooks USING ((tenant_id = (current_setting('app.current_tenant'::text))::integer)); +CREATE POLICY tenant_isolation_policy ON syntactic_scip_last_index_scan USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -ALTER TABLE zoekt_repos ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_policy ON team_members USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON teams USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON telemetry_events_export_queue USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON temporary_settings USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON tenants USING ((( SELECT (current_setting('app.current_tenant'::text) = ANY (ARRAY['servicetenant'::text, 'workertenant'::text]))) OR (id = ( SELECT (NULLIF(NULLIF(current_setting('app.current_tenant'::text), 'servicetenant'::text), 'workertenant'::text))::integer AS current_tenant)))); + +CREATE POLICY tenant_isolation_policy ON user_credentials USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON user_emails USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON user_external_accounts USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON user_onboarding_tour USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON user_pending_permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); -CREATE POLICY zoekt_repos_isolation_policy ON zoekt_repos USING (((current_setting('app.current_tenant'::text) = 'zoekttenant'::text) OR (tenant_id = (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant'::text))::integer))); +CREATE POLICY tenant_isolation_policy ON user_permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON user_repo_permissions USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON user_roles USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON users USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON vulnerabilities USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON vulnerability_affected_packages USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON vulnerability_affected_symbols USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON vulnerability_matches USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON webhook_logs USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON webhooks USING ((tenant_id = ( SELECT (current_setting('app.current_tenant'::text))::integer AS current_tenant))); + +CREATE POLICY tenant_isolation_policy ON zoekt_repos USING ((( SELECT (current_setting('app.current_tenant'::text) = 'zoekttenant'::text)) OR (tenant_id = ( SELECT (NULLIF(current_setting('app.current_tenant'::text), 'zoekttenant'::text))::integer AS current_tenant)))); + +ALTER TABLE tenants ENABLE ROW LEVEL SECURITY; + +ALTER TABLE user_credentials ENABLE ROW LEVEL SECURITY; + +ALTER TABLE user_emails ENABLE ROW LEVEL SECURITY; + +ALTER TABLE user_external_accounts ENABLE ROW LEVEL SECURITY; + +ALTER TABLE user_onboarding_tour ENABLE ROW LEVEL SECURITY; + +ALTER TABLE user_pending_permissions ENABLE ROW LEVEL SECURITY; + +ALTER TABLE user_permissions ENABLE ROW LEVEL SECURITY; + +ALTER TABLE user_repo_permissions ENABLE ROW LEVEL SECURITY; + +ALTER TABLE user_roles ENABLE ROW LEVEL SECURITY; + +ALTER TABLE users ENABLE ROW LEVEL SECURITY; + +ALTER TABLE vulnerabilities ENABLE ROW LEVEL SECURITY; + +ALTER TABLE vulnerability_affected_packages ENABLE ROW LEVEL SECURITY; + +ALTER TABLE vulnerability_affected_symbols ENABLE ROW LEVEL SECURITY; + +ALTER TABLE vulnerability_matches ENABLE ROW LEVEL SECURITY; + +ALTER TABLE webhook_logs ENABLE ROW LEVEL SECURITY; + +ALTER TABLE webhooks ENABLE ROW LEVEL SECURITY; + +ALTER TABLE zoekt_repos ENABLE ROW LEVEL SECURITY; INSERT INTO lsif_configuration_policies (id, repository_id, name, type, pattern, retention_enabled, retention_duration_hours, retain_intermediate_commits, indexing_enabled, index_commit_max_age_hours, index_intermediate_commits, protected, repository_patterns, last_resolved_at, embeddings_enabled, syntactic_indexing_enabled, tenant_id) VALUES (1, NULL, 'Default tip-of-branch retention policy', 'GIT_TREE', '*', true, 2016, false, false, 0, false, true, NULL, NULL, false, false, 1); INSERT INTO lsif_configuration_policies (id, repository_id, name, type, pattern, retention_enabled, retention_duration_hours, retain_intermediate_commits, indexing_enabled, index_commit_max_age_hours, index_intermediate_commits, protected, repository_patterns, last_resolved_at, embeddings_enabled, syntactic_indexing_enabled, tenant_id) VALUES (2, NULL, 'Default tag retention policy', 'GIT_TAG', '*', true, 8064, false, false, 0, false, true, NULL, NULL, false, false, 1); @@ -7786,7 +7790,9 @@ INSERT INTO roles (id, created_at, system, name, tenant_id) VALUES (4, '2024-10- SELECT pg_catalog.setval('roles_id_seq', 4, true); -INSERT INTO tenants (id, name, created_at, updated_at, workspace_id, display_name, state) VALUES (1, 'default', '2024-09-28 09:41:00+00', '2024-09-28 09:41:00+00', '6a6b043c-ffed-42ec-b1f4-abc231cd7222', NULL, 'active'); +INSERT INTO tenants (id, name, created_at, updated_at, workspace_id, display_name, state, external_url) VALUES (1, 'default', '2024-09-28 09:41:00+00', '2024-09-28 09:41:00+00', '6a6b043c-ffed-42ec-b1f4-abc231cd7222', NULL, 'active', ''); + +SELECT pg_catalog.setval('tenants_id_seq', 1, true); INSERT INTO prompts (id, name, description, definition_text, draft, visibility_secret, owner_user_id, owner_org_id, created_by, created_at, updated_by, updated_at, tenant_id, auto_submit, mode, recommended, deleted_at, builtin) VALUES (1, 'document-code', 'Document the code in a file', 'Write a brief documentation comment for cody://selection. If documentation comments exist in cody://current-file, or other files with the same file extension, use them as examples. Pay attention to the scope of the selected code (e.g. exported function/API vs implementation detail in a function), and use the idiomatic style for that type of code scope. Only generate the documentation for the selected code, do not generate the code. Do not enclose any other code or comments besides the documentation. Enclose only the documentation for cody://current-selection and nothing else. ', false, false, NULL, NULL, NULL, '2024-11-20 10:51:36.752627+00', NULL, '2024-11-20 10:51:36.752627+00', 1, true, 'INSERT', false, NULL, true); INSERT INTO prompts (id, name, description, definition_text, draft, visibility_secret, owner_user_id, owner_org_id, created_by, created_at, updated_by, updated_at, tenant_id, auto_submit, mode, recommended, deleted_at, builtin) VALUES (2, 'explain-code', 'Explain the code in a file', 'Explain what cody://selection code does in simple terms. Assume the audience is a beginner programmer who has just learned the language features and basic syntax. Focus on explaining: 1) The purpose of the code 2) What input(s) it takes 3) What output(s) it produces 4) How it achieves its purpose through the logic and algorithm. 5) Any important logic flows or data transformations happening. Use simple language a beginner could understand. Include enough detail to give a full picture of what the code aims to accomplish without getting too technical. Format the explanation in coherent paragraphs, using proper punctuation and grammar. Write the explanation assuming no prior context about the code is known. Do not make assumptions about variables or functions not shown in the shared code. Start the answer with the name of the code that is being explained.', false, false, NULL, NULL, NULL, '2024-11-20 10:51:36.752627+00', NULL, '2024-11-20 10:51:36.752627+00', 1, true, 'CHAT', false, NULL, true);