Revert "chore: enable Vault (#598)" (#607)

darora · web-flow · commit c96f2340211b · 2023-04-05T10:17:48.000+08:00
This reverts commit a157038.
diff --git a/ansible/tasks/setup-extensions.yml b/ansible/tasks/setup-extensions.yml
@@ -64,8 +64,8 @@
 - name: Install auto_explain
   import_tasks: tasks/postgres-extensions/21-auto_explain.yml
 
-- name: Install vault
-  import_tasks: tasks/postgres-extensions/23-vault.yml
+# - name: Install vault
+#   import_tasks: tasks/postgres-extensions/23-vault.yml
 
 - name: Install PGroonga
   import_tasks: tasks/postgres-extensions/24-pgroonga.yml
diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl
@@ -1 +1 @@
-postgres-version = "15.1.0.65"
+postgres-version = "15.1.0.65-disable.vault"
diff --git a/ebssurrogate/files/unit-tests/unit-test-01.sql b/ebssurrogate/files/unit-tests/unit-test-01.sql
@@ -12,8 +12,7 @@ SELECT extensions_are(
     'pg_graphql',
     'pgcrypto',
     'pgjwt',
-    'uuid-ossp',
-    'supabase_vault'
+    'uuid-ossp'
      ]
 );
 
diff --git a/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql b/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql
@@ -10,6 +10,6 @@ grant execute on function pgsodium.crypto_aead_det_decrypt(bytea, bytea, uuid, b
 grant execute on function pgsodium.crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) to service_role;
 grant execute on function pgsodium.crypto_aead_det_keygen to service_role;
 
-create extension if not exists supabase_vault;
+-- create extension if not exists supabase_vault;
 
 -- migrate:down
diff --git a/migrations/schema.sql b/migrations/schema.sql
@@ -79,13 +79,6 @@ CREATE SCHEMA realtime;
 CREATE SCHEMA storage;
 
 
---
--- Name: vault; Type: SCHEMA; Schema: -; Owner: -
---
-
-CREATE SCHEMA vault;
-
-
 --
 -- Name: pg_graphql; Type: EXTENSION; Schema: -; Owner: -
 --
@@ -142,20 +135,6 @@ CREATE EXTENSION IF NOT EXISTS pgjwt WITH SCHEMA extensions;
 COMMENT ON EXTENSION pgjwt IS 'JSON Web Token API for Postgresql';
 
 
---
--- Name: supabase_vault; Type: EXTENSION; Schema: -; Owner: -
---
-
-CREATE EXTENSION IF NOT EXISTS supabase_vault WITH SCHEMA vault;
-
-
---
--- Name: EXTENSION supabase_vault; Type: COMMENT; Schema: -; Owner: -
---
-
-COMMENT ON EXTENSION supabase_vault IS 'Supabase Vault Extension';
-
-
 --
 -- Name: uuid-ossp; Type: EXTENSION; Schema: -; Owner: -
 --
@@ -573,28 +552,6 @@ END
 $$;
 
 
---
--- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
---
-
-CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
-    LANGUAGE plpgsql
-    AS $$
-		BEGIN
-		        new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
-			CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
-			  pgsodium.crypto_aead_det_encrypt(
-				pg_catalog.convert_to(new.secret, 'utf8'),
-				pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
-				new.key_id::uuid,
-				new.nonce
-			  ),
-				'base64') END END;
-		RETURN new;
-		END;
-		$$;
-
-
 SET default_tablespace = '';
 
 SET default_table_access_method = heap;
@@ -781,30 +738,6 @@ CREATE TABLE storage.objects (
 );
 
 
---
--- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: -
---
-
-CREATE VIEW vault.decrypted_secrets AS
- SELECT secrets.id,
-    secrets.name,
-    secrets.description,
-    secrets.secret,
-        CASE
-            WHEN (secrets.secret IS NULL) THEN NULL::text
-            ELSE
-            CASE
-                WHEN (secrets.key_id IS NULL) THEN NULL::text
-                ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secrets.secret, 'base64'::text), convert_to(((((secrets.id)::text || secrets.description) || (secrets.created_at)::text) || (secrets.updated_at)::text), 'utf8'::name), secrets.key_id, secrets.nonce), 'utf8'::name)
-            END
-        END AS decrypted_secret,
-    secrets.key_id,
-    secrets.nonce,
-    secrets.created_at,
-    secrets.updated_at
-   FROM vault.secrets;
-
-
 --
 -- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
 --
diff --git a/migrations/tests/extensions/test.sql b/migrations/tests/extensions/test.sql
@@ -21,7 +21,7 @@
 \ir 20-pg_stat_monitor.sql
 \ir 21-auto_explain.sql
 \ir 22-pg_jsonschema.sql
-\ir 23-vault.sql
+-- \ir 23-vault.sql
 \ir 24-pgroonga.sql
 \ir 25-wrappers.sql
 \ir 26-hypopg.sql

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-postgres-version = "15.1.0.65"`
	`1`	`+postgres-version = "15.1.0.65-disable.vault"`
Original file line number	Diff line number	Diff line change
`@@ -12,8 +12,7 @@ SELECT extensions_are(`
`12`	`12`	`'pg_graphql',`
`13`	`13`	`'pgcrypto',`
`14`	`14`	`'pgjwt',`
`15`		`- 'uuid-ossp',`
`16`		`- 'supabase_vault'`
	`15`	`+ 'uuid-ossp'`
`17`	`16`	`]`
`18`	`17`	`);`
`19`	`18`