new repo audit: ID is always generated and MUST NOT be provided by app

Evolveum · Dec 6, 2021 · 2e99dc7 · 2e99dc7
1 parent 3a8baaf
commit 2e99dc7
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/config/sql/native-new/postgres-new-audit.sql b/config/sql/native-new/postgres-new-audit.sql
@@ -86,7 +86,7 @@ CREATE TABLE IF NOT EXISTS m_global_metadata (
 
 -- region AUDIT
 CREATE TABLE ma_audit_event (
-    id BIGSERIAL NOT NULL,
+    id BIGINT NOT NULL GENERATED ALWAYS AS IDENTITY, -- ID must NOT be provided by the application
     timestamp TIMESTAMPTZ NOT NULL,
     eventIdentifier TEXT,
     eventType AuditEventTypeType,

diff --git a/config/sql/native-new/postgres-new-upgrade-audit.sql b/config/sql/native-new/postgres-new-upgrade-audit.sql
@@ -78,3 +78,14 @@ BEGIN
     END loop;
 END $$;
 $aac$, false);
+
+-- enforcing DB sequence IDs, ignoring provided ones
+call apply_audit_change(2, $aac$
+ALTER TABLE ma_audit_event ALTER COLUMN id DROP DEFAULT;
+-- We don't want just to fill it in, we want to enforce it for uniqueness reasons.
+ALTER TABLE ma_audit_event ALTER COLUMN id ADD GENERATED ALWAYS AS IDENTITY;
+
+-- false flag means that first value returned by nextval() will be the set one, not +1
+SELECT setval(pg_get_serial_sequence('ma_audit_event', 'id'),
+    coalesce((SELECT MAX(id) + 1 FROM ma_audit_event), 1), false);
+$aac$, false);