[SM-678] ClientSecret migration (#2943)

* Init ClientSecret migration * Fix unit tests * Move to src/Sql/dbo_future * Formatting changes * Update migration date for next release * Swap to just executing sp_refreshview * Fix formatting * Add EF Migrations * Rename to ClientSecretHash * Fix unit test * EF column rename * Batch the migration * Fix formatting * Add deprecation notice to property * Move data migration * Swap to CREATE OR ALTER
2025-07-11 21:03:47 -05:00 · 2023-06-21 13:16:06 -05:00
parent 7f8b6c0bce
commit bb3a9daf98
24 changed files with 7011 additions and 41 deletions
--- a/Procedures/ApiKey/ApiKey_Create.sql
+++ b/Procedures/ApiKey/ApiKey_Create.sql
@ -2,7 +2,8 @@ CREATE PROCEDURE [dbo].[ApiKey_Create]
    @Id UNIQUEIDENTIFIER OUTPUT,
    @ServiceAccountId UNIQUEIDENTIFIER,
    @Name VARCHAR(200),
-    @ClientSecret VARCHAR(30),
+    @ClientSecret VARCHAR(30) = 'migrated', -- Deprecated as of 2023-05-17
+    @ClientSecretHash VARCHAR(128) = NULL,
    @Scope NVARCHAR(4000),
    @EncryptedPayload NVARCHAR(4000),
    @Key VARCHAR(MAX),
@ -13,12 +14,19 @@ AS
 BEGIN
    SET NOCOUNT ON

+    IF (@ClientSecretHash IS NULL)
+    BEGIN
+      DECLARE @hb VARBINARY(128) = HASHBYTES('SHA2_256', @ClientSecret);
+      SET @ClientSecretHash = CAST(N'' as xml).value('xs:base64Binary(sql:variable("@hb"))', 'VARCHAR(128)');
+    END
+
    INSERT INTO [dbo].[ApiKey] 
    (
        [Id],
        [ServiceAccountId],
        [Name],
        [ClientSecret],
+        [ClientSecretHash],
        [Scope],
        [EncryptedPayload],
        [Key],
@ -32,6 +40,7 @@ BEGIN
        @ServiceAccountId,
        @Name,
        @ClientSecret,
+        @ClientSecretHash,
        @Scope,
        @EncryptedPayload,
        @Key,
--- a/src/Sql/SecretsManager/dbo/Tables/ApiKey.sql
+++ b/src/Sql/SecretsManager/dbo/Tables/ApiKey.sql
@ -1,14 +1,15 @@
 CREATE TABLE [dbo].[ApiKey] (
-    [Id]               UNIQUEIDENTIFIER,
-    [ServiceAccountId] UNIQUEIDENTIFIER NULL,
-    [Name]             VARCHAR(200) NOT NULL,
-    [ClientSecret]     VARCHAR(30) NOT NULL,
-    [Scope]            NVARCHAR (4000) NOT NULL,
-    [EncryptedPayload] NVARCHAR (4000) NOT NULL,
-    [Key]              VARCHAR (MAX) NOT NULL,
-    [ExpireAt]         DATETIME2(7) NULL,
-    [CreationDate]     DATETIME2(7) NOT NULL,
-    [RevisionDate]     DATETIME2(7) NOT NULL,
+    [Id]                    UNIQUEIDENTIFIER,
+    [ServiceAccountId]      UNIQUEIDENTIFIER NULL,
+    [Name]                  VARCHAR(200) NOT NULL,
+    [ClientSecret]          VARCHAR(30) NOT NULL,
+    [ClientSecretHash]      VARCHAR(128) NULL,
+    [Scope]                 NVARCHAR (4000) NOT NULL,
+    [EncryptedPayload]      NVARCHAR (4000) NOT NULL,
+    [Key]                   VARCHAR (MAX) NOT NULL,
+    [ExpireAt]              DATETIME2(7) NULL,
+    [CreationDate]          DATETIME2(7) NOT NULL,
+    [RevisionDate]          DATETIME2(7) NOT NULL,
    CONSTRAINT [PK_ApiKey] PRIMARY KEY CLUSTERED ([Id] ASC),
    CONSTRAINT [FK_ApiKey_ServiceAccountId] FOREIGN KEY ([ServiceAccountId]) REFERENCES [dbo].[ServiceAccount] ([Id])
 );
--- a/Procedures/ApiKey_Create.sql
+++ b/Procedures/ApiKey_Create.sql
@ -0,0 +1,42 @@
+CREATE PROCEDURE [dbo].[ApiKey_Create]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @ServiceAccountId UNIQUEIDENTIFIER,
+    @Name VARCHAR(200),
+    @ClientSecretHash VARCHAR(128),
+    @Scope NVARCHAR(4000),
+    @EncryptedPayload NVARCHAR(4000),
+    @Key VARCHAR(MAX),
+    @ExpireAt DATETIME2(7),
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[ApiKey] 
+    (
+        [Id],
+        [ServiceAccountId],
+        [Name],
+        [ClientSecretHash],
+        [Scope],
+        [EncryptedPayload],
+        [Key],
+        [ExpireAt],
+        [CreationDate],
+        [RevisionDate]
+    )
+    VALUES 
+    (
+        @Id,
+        @ServiceAccountId,
+        @Name,
+        @ClientSecretHash,
+        @Scope,
+        @EncryptedPayload,
+        @Key,
+        @ExpireAt,
+        @CreationDate,
+        @RevisionDate
+    )
+END
--- a/src/Sql/dbo_future/Tables/ApiKey.sql
+++ b/src/Sql/dbo_future/Tables/ApiKey.sql
@ -0,0 +1,18 @@
+CREATE TABLE [dbo].[ApiKey] (
+    [Id]               UNIQUEIDENTIFIER,
+    [ServiceAccountId] UNIQUEIDENTIFIER NULL,
+    [Name]             VARCHAR(200) NOT NULL,
+    [ClientSecretHash] VARCHAR(128) NULL,
+    [Scope]            NVARCHAR (4000) NOT NULL,
+    [EncryptedPayload] NVARCHAR (4000) NOT NULL,
+    [Key]              VARCHAR (MAX) NOT NULL,
+    [ExpireAt]         DATETIME2(7) NULL,
+    [CreationDate]     DATETIME2(7) NOT NULL,
+    [RevisionDate]     DATETIME2(7) NOT NULL,
+    CONSTRAINT [PK_ApiKey] PRIMARY KEY CLUSTERED ([Id] ASC),
+    CONSTRAINT [FK_ApiKey_ServiceAccountId] FOREIGN KEY ([ServiceAccountId]) REFERENCES [dbo].[ServiceAccount] ([Id])
+);
+
+GO
+CREATE NONCLUSTERED INDEX [IX_ApiKey_ServiceAccountId]
+    ON [dbo].[ApiKey]([ServiceAccountId] ASC);