mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 20:41:30 +00:00
Shankar
188 lines
8.1 KiB
SQL
188 lines
8.1 KiB
SQL
-- =============================================================================
|
|
-- Comprehensive Referential Integrity Check for seed_demo.sql
|
|
-- Run AFTER migrations and seed data are loaded
|
|
-- =============================================================================
|
|
|
|
-- 1. Verify certificate_versions.certificate_id references valid managed_certificates.id
|
|
SELECT 'FK VIOLATION: certificate_versions.certificate_id' AS issue, cv.id, cv.certificate_id
|
|
FROM certificate_versions cv
|
|
WHERE cv.certificate_id NOT IN (SELECT id FROM managed_certificates)
|
|
ORDER BY cv.id;
|
|
|
|
-- 2. Verify certificate_target_mappings references valid IDs
|
|
SELECT 'FK VIOLATION: certificate_target_mappings.certificate_id' AS issue, ctm.certificate_id
|
|
FROM certificate_target_mappings ctm
|
|
WHERE ctm.certificate_id NOT IN (SELECT id FROM managed_certificates)
|
|
ORDER BY ctm.certificate_id;
|
|
|
|
SELECT 'FK VIOLATION: certificate_target_mappings.target_id' AS issue, ctm.target_id
|
|
FROM certificate_target_mappings ctm
|
|
WHERE ctm.target_id NOT IN (SELECT id FROM deployment_targets)
|
|
ORDER BY ctm.target_id;
|
|
|
|
-- 3. Verify jobs references valid IDs
|
|
SELECT 'FK VIOLATION: jobs.certificate_id' AS issue, j.id, j.certificate_id
|
|
FROM jobs j
|
|
WHERE j.certificate_id NOT IN (SELECT id FROM managed_certificates)
|
|
ORDER BY j.id;
|
|
|
|
SELECT 'FK VIOLATION: jobs.target_id' AS issue, j.id, j.target_id
|
|
FROM jobs j
|
|
WHERE j.target_id IS NOT NULL AND j.target_id NOT IN (SELECT id FROM deployment_targets)
|
|
ORDER BY j.id;
|
|
|
|
SELECT 'FK VIOLATION: jobs.agent_id' AS issue, j.id, j.agent_id
|
|
FROM jobs j
|
|
WHERE j.agent_id NOT IN (SELECT id FROM agents)
|
|
ORDER BY j.id;
|
|
|
|
-- 4. Verify discovered_certificates references valid IDs
|
|
SELECT 'FK VIOLATION: discovered_certificates.agent_id' AS issue, dc.id, dc.agent_id
|
|
FROM discovered_certificates dc
|
|
WHERE dc.agent_id NOT IN (SELECT id FROM agents)
|
|
ORDER BY dc.id;
|
|
|
|
SELECT 'FK VIOLATION: discovered_certificates.discovery_scan_id' AS issue, dc.id, dc.discovery_scan_id
|
|
FROM discovered_certificates dc
|
|
WHERE dc.discovery_scan_id IS NOT NULL AND dc.discovery_scan_id NOT IN (SELECT id FROM discovery_scans)
|
|
ORDER BY dc.id;
|
|
|
|
-- 5. Verify notification_events references valid certificate_id
|
|
SELECT 'FK VIOLATION: notification_events.certificate_id' AS issue, ne.id, ne.certificate_id
|
|
FROM notification_events ne
|
|
WHERE ne.certificate_id IS NOT NULL AND ne.certificate_id NOT IN (SELECT id FROM managed_certificates)
|
|
ORDER BY ne.id;
|
|
|
|
-- 6. Verify policy_violations references valid certificate_id
|
|
SELECT 'FK VIOLATION: policy_violations.certificate_id' AS issue, pv.id, pv.certificate_id
|
|
FROM policy_violations pv
|
|
WHERE pv.certificate_id NOT IN (SELECT id FROM managed_certificates)
|
|
ORDER BY pv.id;
|
|
|
|
-- 7. Verify certificate_revocations references valid IDs
|
|
SELECT 'FK VIOLATION: certificate_revocations.certificate_id' AS issue, cr.id, cr.certificate_id
|
|
FROM certificate_revocations cr
|
|
WHERE cr.certificate_id NOT IN (SELECT id FROM managed_certificates)
|
|
ORDER BY cr.id;
|
|
|
|
SELECT 'FK VIOLATION: certificate_revocations.issuer_id' AS issue, cr.id, cr.issuer_id
|
|
FROM certificate_revocations cr
|
|
WHERE cr.issuer_id NOT IN (SELECT id FROM issuers)
|
|
ORDER BY cr.id;
|
|
|
|
-- 8. Verify agent_group_members references valid IDs
|
|
SELECT 'FK VIOLATION: agent_group_members.agent_group_id' AS issue, agm.agent_group_id
|
|
FROM agent_group_members agm
|
|
WHERE agm.agent_group_id NOT IN (SELECT id FROM agent_groups)
|
|
ORDER BY agm.agent_group_id;
|
|
|
|
SELECT 'FK VIOLATION: agent_group_members.agent_id' AS issue, agm.agent_id
|
|
FROM agent_group_members agm
|
|
WHERE agm.agent_id NOT IN (SELECT id FROM agents)
|
|
ORDER BY agm.agent_id;
|
|
|
|
-- 9. Verify owners.team_id references valid teams.id
|
|
SELECT 'FK VIOLATION: owners.team_id' AS issue, o.id, o.team_id
|
|
FROM owners o
|
|
WHERE o.team_id IS NOT NULL AND o.team_id NOT IN (SELECT id FROM teams)
|
|
ORDER BY o.id;
|
|
|
|
-- 10. Verify deployment_targets.agent_id references valid agents.id
|
|
SELECT 'FK VIOLATION: deployment_targets.agent_id' AS issue, dt.id, dt.agent_id
|
|
FROM deployment_targets dt
|
|
WHERE dt.agent_id NOT IN (SELECT id FROM agents)
|
|
ORDER BY dt.id;
|
|
|
|
-- 11. Verify managed_certificates FK columns
|
|
SELECT 'FK VIOLATION: managed_certificates.owner_id' AS issue, mc.id, mc.owner_id
|
|
FROM managed_certificates mc
|
|
WHERE mc.owner_id IS NOT NULL AND mc.owner_id NOT IN (SELECT id FROM owners)
|
|
ORDER BY mc.id;
|
|
|
|
SELECT 'FK VIOLATION: managed_certificates.team_id' AS issue, mc.id, mc.team_id
|
|
FROM managed_certificates mc
|
|
WHERE mc.team_id IS NOT NULL AND mc.team_id NOT IN (SELECT id FROM teams)
|
|
ORDER BY mc.id;
|
|
|
|
SELECT 'FK VIOLATION: managed_certificates.issuer_id' AS issue, mc.id, mc.issuer_id
|
|
FROM managed_certificates mc
|
|
WHERE mc.issuer_id NOT IN (SELECT id FROM issuers)
|
|
ORDER BY mc.id;
|
|
|
|
SELECT 'FK VIOLATION: managed_certificates.renewal_policy_id' AS issue, mc.id, mc.renewal_policy_id
|
|
FROM managed_certificates mc
|
|
WHERE mc.renewal_policy_id IS NOT NULL AND mc.renewal_policy_id NOT IN (SELECT id FROM renewal_policies)
|
|
ORDER BY mc.id;
|
|
|
|
-- 12. Check for duplicate primary keys
|
|
SELECT 'DUPLICATE PK: teams' AS issue, id, COUNT(*) as count
|
|
FROM teams GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: owners' AS issue, id, COUNT(*) as count
|
|
FROM owners GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: agents' AS issue, id, COUNT(*) as count
|
|
FROM agents GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: deployment_targets' AS issue, id, COUNT(*) as count
|
|
FROM deployment_targets GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: managed_certificates' AS issue, id, COUNT(*) as count
|
|
FROM managed_certificates GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: certificate_versions' AS issue, id, COUNT(*) as count
|
|
FROM certificate_versions GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: issuers' AS issue, id, COUNT(*) as count
|
|
FROM issuers GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: renewal_policies' AS issue, id, COUNT(*) as count
|
|
FROM renewal_policies GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: jobs' AS issue, id, COUNT(*) as count
|
|
FROM jobs GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: certificate_profiles' AS issue, id, COUNT(*) as count
|
|
FROM certificate_profiles GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
SELECT 'DUPLICATE PK: certificate_revocations' AS issue, id, COUNT(*) as count
|
|
FROM certificate_revocations GROUP BY id HAVING COUNT(*) > 1;
|
|
|
|
-- 13. Check fingerprint_sha256 uniqueness in certificate_versions
|
|
SELECT 'DUPLICATE FINGERPRINT: certificate_versions' AS issue, fingerprint_sha256, COUNT(*) as count
|
|
FROM certificate_versions
|
|
WHERE fingerprint_sha256 IS NOT NULL
|
|
GROUP BY fingerprint_sha256
|
|
HAVING COUNT(*) > 1;
|
|
|
|
-- 14. Check serial number uniqueness in certificate_versions
|
|
SELECT 'DUPLICATE SERIAL: certificate_versions' AS issue, serial_number, COUNT(*) as count
|
|
FROM certificate_versions
|
|
WHERE serial_number IS NOT NULL
|
|
GROUP BY serial_number
|
|
HAVING COUNT(*) > 1;
|
|
|
|
-- 15. Verify discovery_scan_id references are valid
|
|
SELECT 'FK VIOLATION: discovered_certificates.discovery_scan_id references' AS issue,
|
|
dc.id, dc.discovery_scan_id, ds.id
|
|
FROM discovered_certificates dc
|
|
LEFT JOIN discovery_scans ds ON dc.discovery_scan_id = ds.id
|
|
WHERE dc.discovery_scan_id IS NOT NULL AND ds.id IS NULL;
|
|
|
|
-- Summary: Count total records
|
|
SELECT 'SUMMARY: teams' AS table_name, COUNT(*) as count FROM teams UNION ALL
|
|
SELECT 'SUMMARY: owners', COUNT(*) FROM owners UNION ALL
|
|
SELECT 'SUMMARY: agents', COUNT(*) FROM agents UNION ALL
|
|
SELECT 'SUMMARY: deployment_targets', COUNT(*) FROM deployment_targets UNION ALL
|
|
SELECT 'SUMMARY: managed_certificates', COUNT(*) FROM managed_certificates UNION ALL
|
|
SELECT 'SUMMARY: certificate_versions', COUNT(*) FROM certificate_versions UNION ALL
|
|
SELECT 'SUMMARY: certificate_target_mappings', COUNT(*) FROM certificate_target_mappings UNION ALL
|
|
SELECT 'SUMMARY: issuers', COUNT(*) FROM issuers UNION ALL
|
|
SELECT 'SUMMARY: renewal_policies', COUNT(*) FROM renewal_policies UNION ALL
|
|
SELECT 'SUMMARY: jobs', COUNT(*) FROM jobs UNION ALL
|
|
SELECT 'SUMMARY: certificate_profiles', COUNT(*) FROM certificate_profiles UNION ALL
|
|
SELECT 'SUMMARY: certificate_revocations', COUNT(*) FROM certificate_revocations UNION ALL
|
|
SELECT 'SUMMARY: audit_events', COUNT(*) FROM audit_events UNION ALL
|
|
SELECT 'SUMMARY: discovery_scans', COUNT(*) FROM discovery_scans UNION ALL
|
|
SELECT 'SUMMARY: discovered_certificates', COUNT(*) FROM discovered_certificates;
|