Skip to content

feat: hard-delete instead of soft-delete; rename app/account secret tables#8

Merged
BK1031 merged 1 commit into
mainfrom
bk1031/hard-delete
Jun 26, 2026
Merged

feat: hard-delete instead of soft-delete; rename app/account secret tables#8
BK1031 merged 1 commit into
mainfrom
bk1031/hard-delete

Conversation

@BK1031

@BK1031 BK1031 commented Jun 26, 2026

Copy link
Copy Markdown
Contributor
  • Drop DeletedAt from Account, Application, AppSecret, Secret
  • Switch every soft-delete (Updates({deleted_at: now})) to actual gorm.Delete
  • Strip every AND deleted_at IS NULL filter (no longer meaningful)
  • Cascade Account → child Secret rows in a transaction (mirrors the existing ApplicationAppSecret cascade)
  • Drop entityID args from DeleteAccount(WithAudit) / DeleteApplication / DeleteAppSecret / DeleteSecret (the audit-log struct already carries actor info)
  • Switch the partial unique indexes (idx_application_name_live, idx_app_secret_application_key_live — only enforced where deleted_at IS NULL) to plain uniqueIndex — this is what unblocks re-creating something with the same name
  • Rename vault_secretvault_account_secret, vault_app_secretvault_application_secret. vault_account + vault_application already match the convention

Pre-deploy SQL migration

Run against gr-postgres.gauchoracing.com / db vault BEFORE rolling out the new image, otherwise AutoMigrate will create empty vault_account_secret / vault_application_secret tables and leave the live data orphaned in the old names.

BEGIN;

-- 1. Drop any rows we had previously soft-deleted (they would otherwise reappear as live rows).
DELETE FROM vault_app_secret    WHERE deleted_at IS NOT NULL;
DELETE FROM vault_application   WHERE deleted_at IS NOT NULL;
DELETE FROM vault_secret        WHERE deleted_at IS NOT NULL;
DELETE FROM vault_account       WHERE deleted_at IS NOT NULL;

-- 2. Drop the partial unique indexes — AutoMigrate will replace with full uniqueIndex.
DROP INDEX IF EXISTS idx_application_name_live;
DROP INDEX IF EXISTS idx_app_secret_application_key_live;

-- 3. Rename the secret tables.
ALTER TABLE vault_secret     RENAME TO vault_account_secret;
ALTER TABLE vault_app_secret RENAME TO vault_application_secret;

-- 4. Drop the now-dead deleted_at columns (AutoMigrate would otherwise leave them as unused dead columns).
ALTER TABLE vault_account            DROP COLUMN IF EXISTS deleted_at;
ALTER TABLE vault_account_secret     DROP COLUMN IF EXISTS deleted_at;
ALTER TABLE vault_application        DROP COLUMN IF EXISTS deleted_at;
ALTER TABLE vault_application_secret DROP COLUMN IF EXISTS deleted_at;

COMMIT;

After this, AutoMigrate on the next deploy adds the new uniqueIndex on vault_application(name) and vault_application_secret(application_id, key).

@BK1031
feat: hard-delete instead of soft-delete; rename app/account secret t…
ed17120 
…ables

Drop DeletedAt from Account/Application/AppSecret/Secret and switch all
deletes to actual row removals (gorm `Delete`). Cascade Account->Secret
deletes in a transaction the same way Application->AppSecret already does.

Rename the secret tables for consistency with their owner: vault_secret ->
vault_account_secret, vault_app_secret -> vault_application_secret. Tables
that already match the convention (vault_account, vault_application) are
unchanged.

Pre-deploy SQL migration is in the PR body.
@BK1031 BK1031 merged commit 95591c1 into main Jun 26, 2026
6 checks passed
@BK1031 BK1031 deleted the bk1031/hard-delete branch June 26, 2026 07:23
@gauchoracing gauchoracing mentioned this pull request Jun 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BK1031