chore: update schema snapshots

Author: soedirgo

migrations/schema-15.sql

@@ -44,27 +44,6 @@ CREATE SCHEMA graphql_public;
 CREATE SCHEMA pgbouncer;
 
 
---
--- Name: pgsodium; Type: SCHEMA; Schema: -; Owner: -
---
-
-CREATE SCHEMA pgsodium;
-
-
---
--- Name: pgsodium; Type: EXTENSION; Schema: -; Owner: -
---
-
-CREATE EXTENSION IF NOT EXISTS pgsodium WITH SCHEMA pgsodium;
-
-
---
--- Name: EXTENSION pgsodium; Type: COMMENT; Schema: -; Owner: -
---
-
-COMMENT ON EXTENSION pgsodium IS 'Pgsodium is a modern cryptography library for Postgres.';
-
-
 --
 -- Name: realtime; Type: SCHEMA; Schema: -; Owner: -
 --
@@ -582,28 +561,6 @@ END
 $$;
 
 
---
--- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
---
-
-CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
-    LANGUAGE plpgsql
-    AS $$
-		BEGIN
-		        new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
-			CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
-			  pgsodium.crypto_aead_det_encrypt(
-				pg_catalog.convert_to(new.secret, 'utf8'),
-				pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
-				new.key_id::uuid,
-				new.nonce
-			  ),
-				'base64') END END;
-		RETURN new;
-		END;
-		$$;
-
-
 SET default_tablespace = '';
 
 SET default_table_access_method = heap;
@@ -790,30 +747,6 @@ CREATE TABLE storage.objects (
 );
 
 
---
--- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: -
---
-
-CREATE VIEW vault.decrypted_secrets AS
- SELECT secrets.id,
-    secrets.name,
-    secrets.description,
-    secrets.secret,
-        CASE
-            WHEN (secrets.secret IS NULL) THEN NULL::text
-            ELSE
-            CASE
-                WHEN (secrets.key_id IS NULL) THEN NULL::text
-                ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secrets.secret, 'base64'::text), convert_to(((((secrets.id)::text || secrets.description) || (secrets.created_at)::text) || (secrets.updated_at)::text), 'utf8'::name), secrets.key_id, secrets.nonce), 'utf8'::name)
-            END
-        END AS decrypted_secret,
-    secrets.key_id,
-    secrets.nonce,
-    secrets.created_at,
-    secrets.updated_at
-   FROM vault.secrets;
-
-
 --
 -- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
 --

migrations/schema-orioledb-17.sql

@@ -45,27 +45,6 @@ CREATE SCHEMA graphql_public;
 CREATE SCHEMA pgbouncer;
 
 
---
--- Name: pgsodium; Type: SCHEMA; Schema: -; Owner: -
---
-
-CREATE SCHEMA pgsodium;
-
-
---
--- Name: pgsodium; Type: EXTENSION; Schema: -; Owner: -
---
-
-CREATE EXTENSION IF NOT EXISTS pgsodium WITH SCHEMA pgsodium;
-
-
---
--- Name: EXTENSION pgsodium; Type: COMMENT; Schema: -; Owner: -
---
-
-COMMENT ON EXTENSION pgsodium IS 'Pgsodium is a modern cryptography library for Postgres.';
-
-
 --
 -- Name: realtime; Type: SCHEMA; Schema: -; Owner: -
 --
@@ -597,28 +576,6 @@ END
 $$;
 
 
---
--- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
---
-
-CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
-    LANGUAGE plpgsql
-    AS $$
-		BEGIN
-		        new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
-			CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
-			  pgsodium.crypto_aead_det_encrypt(
-				pg_catalog.convert_to(new.secret, 'utf8'),
-				pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
-				new.key_id::uuid,
-				new.nonce
-			  ),
-				'base64') END END;
-		RETURN new;
-		END;
-		$$;
-
-
 SET default_tablespace = '';
 
 SET default_table_access_method = orioledb;
@@ -805,30 +762,6 @@ CREATE TABLE storage.objects (
 );
 
 
---
--- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: -
---
-
-CREATE VIEW vault.decrypted_secrets AS
- SELECT id,
-    name,
-    description,
-    secret,
-        CASE
-            WHEN (secret IS NULL) THEN NULL::text
-            ELSE
-            CASE
-                WHEN (key_id IS NULL) THEN NULL::text
-                ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secret, 'base64'::text), convert_to(((((id)::text || description) || (created_at)::text) || (updated_at)::text), 'utf8'::name), key_id, nonce), 'utf8'::name)
-            END
-        END AS decrypted_secret,
-    key_id,
-    nonce,
-    created_at,
-    updated_at
-   FROM vault.secrets;
-
-
 --
 -- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
 --

migrations/schema.sql

@@ -44,27 +44,6 @@ CREATE SCHEMA graphql_public;
 CREATE SCHEMA pgbouncer;
 
 
---
--- Name: pgsodium; Type: SCHEMA; Schema: -; Owner: -
---
-
-CREATE SCHEMA pgsodium;
-
-
---
--- Name: pgsodium; Type: EXTENSION; Schema: -; Owner: -
---
-
-CREATE EXTENSION IF NOT EXISTS pgsodium WITH SCHEMA pgsodium;
-
-
---
--- Name: EXTENSION pgsodium; Type: COMMENT; Schema: -; Owner: -
---
-
-COMMENT ON EXTENSION pgsodium IS 'Pgsodium is a modern cryptography library for Postgres.';
-
-
 --
 -- Name: realtime; Type: SCHEMA; Schema: -; Owner: -
 --
@@ -574,28 +553,6 @@ END
 $$;
 
 
---
--- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
---
-
-CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
-    LANGUAGE plpgsql
-    AS $$
-		BEGIN
-		        new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
-			CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
-			  pgsodium.crypto_aead_det_encrypt(
-				pg_catalog.convert_to(new.secret, 'utf8'),
-				pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
-				new.key_id::uuid,
-				new.nonce
-			  ),
-				'base64') END END;
-		RETURN new;
-		END;
-		$$;
-
-
 SET default_tablespace = '';
 
 SET default_table_access_method = heap;
@@ -782,30 +739,6 @@ CREATE TABLE storage.objects (
 );
 
 
---
--- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: -
---
-
-CREATE VIEW vault.decrypted_secrets AS
- SELECT secrets.id,
-    secrets.name,
-    secrets.description,
-    secrets.secret,
-        CASE
-            WHEN (secrets.secret IS NULL) THEN NULL::text
-            ELSE
-            CASE
-                WHEN (secrets.key_id IS NULL) THEN NULL::text
-                ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secrets.secret, 'base64'::text), convert_to(((((secrets.id)::text || secrets.description) || (secrets.created_at)::text) || (secrets.updated_at)::text), 'utf8'::name), secrets.key_id, secrets.nonce), 'utf8'::name)
-            END
-        END AS decrypted_secret,
-    secrets.key_id,
-    secrets.nonce,
-    secrets.created_at,
-    secrets.updated_at
-   FROM vault.secrets;
-
-
 --
 -- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
 --

migrations/tests/database/privs.sql

@@ -2,10 +2,6 @@ SELECT database_privs_are(
     'postgres', 'postgres', ARRAY['CONNECT', 'TEMPORARY', 'CREATE']
 );
 
-SELECT function_privs_are('pgsodium', 'crypto_aead_det_decrypt', array['bytea', 'bytea', 'uuid', 'bytea'], 'service_role', array['EXECUTE']);
-SELECT function_privs_are('pgsodium', 'crypto_aead_det_encrypt', array['bytea', 'bytea', 'uuid', 'bytea'], 'service_role', array['EXECUTE']);
-SELECT function_privs_are('pgsodium', 'crypto_aead_det_keygen', array[]::text[], 'service_role', array['EXECUTE']);
-
 -- Verify public schema privileges
 SELECT schema_privs_are('public', 'postgres', array['CREATE', 'USAGE']);
 SELECT schema_privs_are('public', 'anon', array['USAGE']);

nix/tests/expected/security.out

@@ -11,13 +11,6 @@ order by 1,2;
 ----------+--------------------------------
  graphql  | get_schema_version
  graphql  | increment_schema_version
- pgsodium | disable_security_label_trigger
- pgsodium | enable_security_label_trigger
- pgsodium | get_key_by_id
- pgsodium | get_key_by_name
- pgsodium | get_named_keys
- pgsodium | mask_role
- pgsodium | update_mask
  public   | dblink_connect_u
  public   | dblink_connect_u
  public   | pgaudit_ddl_command_end