284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
49 lines
1.8 KiB
JavaScript
49 lines
1.8 KiB
JavaScript
|
|
exports.up = async function(knex) {
|
|
// Remove all RLS policies since CitusDB provides tenant-level restrictions automatically
|
|
console.log('Removing all RLS policies and disabling RLS for CitusDB compatibility...');
|
|
|
|
// Get all tables with RLS enabled
|
|
const tablesWithRLS = await knex.raw(`
|
|
SELECT tablename
|
|
FROM pg_tables
|
|
WHERE schemaname = 'public' AND rowsecurity = true
|
|
ORDER BY tablename
|
|
`);
|
|
|
|
const tables = tablesWithRLS.rows.map(row => row.tablename);
|
|
|
|
for (const tableName of tables) {
|
|
console.log(`Processing table: ${tableName}`);
|
|
|
|
// Get all policies for this table
|
|
const policies = await knex.raw(`
|
|
SELECT policyname
|
|
FROM pg_policies
|
|
WHERE schemaname = 'public' AND tablename = ?
|
|
`, [tableName]);
|
|
|
|
// Drop all policies for this table
|
|
for (const policy of policies.rows) {
|
|
await knex.raw(`DROP POLICY IF EXISTS "${policy.policyname}" ON "${tableName}"`);
|
|
}
|
|
|
|
// Disable RLS for this table
|
|
await knex.raw(`ALTER TABLE "${tableName}" DISABLE ROW LEVEL SECURITY`);
|
|
}
|
|
|
|
console.log(`Removed RLS from ${tables.length} tables`);
|
|
|
|
// Note: Skipping function drop due to CitusDB distributed table operation restrictions
|
|
// The get_current_tenant_id() function will be left in place but unused
|
|
console.log('Note: get_current_tenant_id() function left in place due to CitusDB restrictions');
|
|
|
|
console.log('CitusDB migration completed - RLS removed, tenant isolation now handled at shard level');
|
|
};
|
|
|
|
exports.down = function(knex) {
|
|
// This migration is intended to be irreversible for CitusDB compatibility
|
|
// RLS policies would need to be recreated manually if needed
|
|
throw new Error('This migration cannot be rolled back - RLS policies have been permanently removed for CitusDB compatibility');
|
|
};
|