stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

T5: Add 009_exception_applications.sql migration

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-21 09:36:27 +02:00
parent 14746936a9
commit 2e98f6f3b2
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Policy/__Libraries/StellaOps.Policy.Storage.Postgres/Migrations/009_exception_applications.sql Normal file
View File

@@ -0,0 +1,22 @@
DO $$ BEGIN
IF NOT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_schema = 'policy' AND table_name = 'exception_applications') THEN
CREATE TABLE policy.exception_applications (
id UUID NOT NULL, tenant_id UUID NOT NULL, exception_id TEXT NOT NULL, finding_id TEXT NOT NULL,
vulnerability_id TEXT, original_status TEXT NOT NULL, applied_status TEXT NOT NULL,
effect_name TEXT NOT NULL, effect_type TEXT NOT NULL, evaluation_run_id UUID,
policy_bundle_digest TEXT, applied_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), metadata JSONB NOT NULL DEFAULT '{}',
CONSTRAINT pk_exception_applications PRIMARY KEY (id));
CREATE INDEX ix_exception_applications_exception_id ON policy.exception_applications (tenant_id, exception_id);
CREATE INDEX ix_exception_applications_finding_id ON policy.exception_applications (tenant_id, finding_id);
CREATE INDEX ix_exception_applications_vulnerability_id ON policy.exception_applications (tenant_id, vulnerability_id) WHERE vulnerability_id IS NOT NULL;
CREATE INDEX ix_exception_applications_evaluation_run_id ON policy.exception_applications (tenant_id, evaluation_run_id) WHERE evaluation_run_id IS NOT NULL;
CREATE INDEX ix_exception_applications_applied_at ON policy.exception_applications (tenant_id, applied_at DESC);
CREATE INDEX ix_exception_applications_stats ON policy.exception_applications (tenant_id, effect_type, applied_status);
END IF; END $$;
ALTER TABLE policy.exception_applications ENABLE ROW LEVEL SECURITY;
DO $$ BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_policies WHERE tablename = 'exception_applications' AND policyname = 'exception_applications_tenant_isolation') THEN
CREATE POLICY exception_applications_tenant_isolation ON policy.exception_applications
USING (tenant_id = current_setting('app.tenant_id', true)::uuid)
WITH CHECK (tenant_id = current_setting('app.tenant_id', true)::uuid);
END IF; END $$;