fix migration (supabase#446)

soedirgo · web-flow · commit d27444af19e1 · 2022-12-15T17:37:37.000+02:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
 
     strategy:
       matrix:
-        supabase-version: ["15.1.0.10-rc1"]
+        supabase-version: ["15.1.0.11"]
     timeout-minutes: 10
 
     services:
diff --git a/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql b/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql
@@ -6,19 +6,6 @@ grant pgsodium_keyiduser to postgres with admin option;
 grant pgsodium_keyholder to postgres with admin option;
 grant pgsodium_keymaker  to postgres with admin option;
 
-do $$
-begin
-  if not exists (select from pg_extension where extname = 'supabase_vault') then
-    create extension supabase_vault;
-    -- Creating the extension creates a table and creates a security label on the table.
-    -- Creating the security label triggers a function that recreates these objects.
-    -- Since the recreation happens in an extension script, these objects become owned by the `supabase_vault` extension.
-    -- This is an issue because then we can't recreate these objects without also dropping the extension.
-    -- Thus we drop the dependency on the `supabase_vault` extension for these objects.
-    alter extension supabase_vault drop view pgsodium.decrypted_key;
-    alter extension supabase_vault drop function pgsodium.key_encrypt_secret;
-  end if;
-end;
-$$;
+create extension if not exists supabase_vault;
 
 -- migrate:down
diff --git a/migrations/docker-compose.yaml b/migrations/docker-compose.yaml
@@ -6,7 +6,7 @@ version: "3.8"
 
 services:
   db:
-    image: supabase/postgres:15.1.0.10-rc1
+    image: supabase/postgres:15.1.0.11
     restart: "no"
     ports:
       - 5478:5432
diff --git a/migrations/schema.sql b/migrations/schema.sql
@@ -510,25 +510,6 @@ END;
 $$;
 
 
---
--- Name: key_encrypt_secret(); Type: FUNCTION; Schema: pgsodium; Owner: -
---
-
-CREATE FUNCTION pgsodium.key_encrypt_secret() RETURNS trigger
-    LANGUAGE plpgsql
-    AS $$
-    BEGIN
-            new.raw_key = CASE WHEN new.raw_key IS NULL THEN NULL ELSE
-                CASE WHEN new.parent_key IS NULL THEN NULL ELSE
-                        pgsodium.crypto_aead_det_encrypt(new.raw_key::bytea, pg_catalog.convert_to((new.id::text || new.associated_data::text)::text, 'utf8'),
-                new.parent_key::uuid,
-                new.raw_key_nonce
-              ) END END;
-    RETURN new;
-    END;
-    $$;
-
-
 --
 -- Name: extension(text); Type: FUNCTION; Schema: storage; Owner: -
 --
@@ -597,25 +578,25 @@ $$;
 
 
 --
--- Name: secrets_encrypt_secret(); Type: FUNCTION; Schema: vault; Owner: -
+-- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
 --
 
-CREATE FUNCTION vault.secrets_encrypt_secret() RETURNS trigger
+CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
     LANGUAGE plpgsql
     AS $$
-    BEGIN
-            new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
-                CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
-                  pgsodium.crypto_aead_det_encrypt(
-                    pg_catalog.convert_to(new.secret, 'utf8'),
-                    pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
-                    new.key_id::uuid,
-                    new.nonce
-                  ),
-                    'base64') END END;
-    RETURN new;
-    END;
-    $$;
+		BEGIN
+		        new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
+			CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
+			  pgsodium.crypto_aead_det_encrypt(
+				pg_catalog.convert_to(new.secret, 'utf8'),
+				pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
+				new.key_id::uuid,
+				new.nonce
+			  ),
+				'base64') END END;
+		RETURN new;
+		END;
+		$$;
 
 
 SET default_tablespace = '';
@@ -754,35 +735,6 @@ CREATE TABLE auth.users (
 COMMENT ON TABLE auth.users IS 'Auth: Stores user login data within a secure schema.';
 
 
---
--- Name: decrypted_key; Type: VIEW; Schema: pgsodium; Owner: -
---
-
-CREATE VIEW pgsodium.decrypted_key AS
- SELECT key.id,
-    key.status,
-    key.created,
-    key.expires,
-    key.key_type,
-    key.key_id,
-    key.key_context,
-    key.name,
-    key.associated_data,
-    key.raw_key,
-        CASE
-            WHEN (key.raw_key IS NULL) THEN NULL::bytea
-            ELSE
-            CASE
-                WHEN (key.parent_key IS NULL) THEN NULL::bytea
-                ELSE pgsodium.crypto_aead_det_decrypt(key.raw_key, convert_to(((key.id)::text || key.associated_data), 'utf8'::name), key.parent_key, key.raw_key_nonce)
-            END
-        END AS decrypted_raw_key,
-    key.raw_key_nonce,
-    key.parent_key,
-    key.comment
-   FROM pgsodium.key;
-
-
 --
 -- Name: schema_migrations; Type: TABLE; Schema: public; Owner: -
 --
