chore(rls): 套用 outbound message canary
All checks were successful
Code Review / ai-code-review (push) Successful in 11s
All checks were successful
Code Review / ai-code-review (push) Successful in 11s
This commit is contained in:
@@ -0,0 +1,14 @@
|
||||
-- Rollback for AwoooP RLS Canary Wave 1.3.
|
||||
-- This only removes the wave1.3 policy and disables RLS on outbound messages.
|
||||
-- It intentionally does not touch data.
|
||||
|
||||
BEGIN;
|
||||
|
||||
SET LOCAL lock_timeout = '5s';
|
||||
SET LOCAL statement_timeout = '30s';
|
||||
|
||||
DROP POLICY IF EXISTS awooop_outbound_message_tenant ON awooop_outbound_message;
|
||||
ALTER TABLE awooop_outbound_message NO FORCE ROW LEVEL SECURITY;
|
||||
ALTER TABLE awooop_outbound_message DISABLE ROW LEVEL SECURITY;
|
||||
|
||||
COMMIT;
|
||||
69
scripts/ops/awooop-rls-canary-wave1-3-outbound-message.sql
Normal file
69
scripts/ops/awooop-rls-canary-wave1-3-outbound-message.sql
Normal file
@@ -0,0 +1,69 @@
|
||||
-- AwoooP RLS Canary Wave 1.3: outbound message evidence table
|
||||
-- Date: 2026-05-12
|
||||
--
|
||||
-- Scope:
|
||||
-- - awooop_outbound_message
|
||||
--
|
||||
-- Why this table:
|
||||
-- Latest production evidence before staging: all rows are project_id='awoooi'
|
||||
-- and all rows have send_status='sent'. Runtime write paths call
|
||||
-- get_db_context(project_id) before inserting outbound messages.
|
||||
--
|
||||
-- Safety:
|
||||
-- - fail-closed policy only; no NULL/empty-string app.project_id bypass.
|
||||
-- - aborts if target is missing project_id, has NULL project_id, or has
|
||||
-- more rows than the reviewed canary cap.
|
||||
-- - run with a migration/operator role, not through the production app role.
|
||||
|
||||
BEGIN;
|
||||
|
||||
SET LOCAL lock_timeout = '5s';
|
||||
SET LOCAL statement_timeout = '30s';
|
||||
|
||||
DO $$
|
||||
DECLARE
|
||||
total_rows bigint;
|
||||
null_project_rows bigint;
|
||||
BEGIN
|
||||
IF to_regclass('public.awooop_outbound_message') IS NULL THEN
|
||||
RAISE EXCEPTION 'RLS canary target table does not exist: awooop_outbound_message';
|
||||
END IF;
|
||||
|
||||
IF NOT EXISTS (
|
||||
SELECT 1
|
||||
FROM information_schema.columns
|
||||
WHERE table_schema = 'public'
|
||||
AND table_name = 'awooop_outbound_message'
|
||||
AND column_name = 'project_id'
|
||||
) THEN
|
||||
RAISE EXCEPTION 'RLS canary target missing project_id: awooop_outbound_message';
|
||||
END IF;
|
||||
|
||||
SELECT COUNT(*), COUNT(*) FILTER (WHERE project_id IS NULL)
|
||||
INTO total_rows, null_project_rows
|
||||
FROM awooop_outbound_message;
|
||||
|
||||
IF null_project_rows <> 0 THEN
|
||||
RAISE EXCEPTION 'RLS canary target has NULL project_id rows: %, nulls=%',
|
||||
'awooop_outbound_message', null_project_rows;
|
||||
END IF;
|
||||
|
||||
IF total_rows > 1000 THEN
|
||||
RAISE EXCEPTION 'RLS canary wave1.3 reviewed cap exceeded: %, rows=%',
|
||||
'awooop_outbound_message', total_rows;
|
||||
END IF;
|
||||
END
|
||||
$$;
|
||||
|
||||
ALTER TABLE awooop_outbound_message ENABLE ROW LEVEL SECURITY;
|
||||
ALTER TABLE awooop_outbound_message FORCE ROW LEVEL SECURITY;
|
||||
|
||||
DROP POLICY IF EXISTS outbound_msg_tenant_isolation ON awooop_outbound_message;
|
||||
DROP POLICY IF EXISTS awooop_outbound_message_tenant ON awooop_outbound_message;
|
||||
|
||||
CREATE POLICY awooop_outbound_message_tenant ON awooop_outbound_message
|
||||
FOR ALL TO awooop_app
|
||||
USING (project_id = current_setting('app.project_id', TRUE))
|
||||
WITH CHECK (project_id = current_setting('app.project_id', TRUE));
|
||||
|
||||
COMMIT;
|
||||
Reference in New Issue
Block a user