From ed7a0344e02aecd35e332eabb03889b64f9ea1fb Mon Sep 17 00:00:00 2001
From: Chris <wtc.justin82@gmail.com>
Date: Fri, 3 Apr 2026 03:54:48 +0800
Subject: [PATCH] Remove legacy migration file and alias API routes

---
 README.md                            |   2 +-
 app/api/admin_catalog.py             |   1 -
 app/api/internal.py                  |   2 -
 scripts/migrate_provider_columns.sql | 131 ---------------------------
 tests/test_internal_idp_sync.py      |   2 +-
 5 files changed, 2 insertions(+), 136 deletions(-)
 delete mode 100644 scripts/migrate_provider_columns.sql

diff --git a/README.md b/README.md
index b0a35b9..7078956 100644
--- a/README.md
+++ b/README.md
@@ -83,4 +83,4 @@ curl http://127.0.0.1:8000/healthz
 - `GET /internal/members`
 - `POST /internal/users/upsert-by-sub`
 - `GET /internal/users/{user_sub}/roles`
-- `POST /internal/idp/users/ensure`
+- `POST /internal/provider/users/ensure`
diff --git a/app/api/admin_catalog.py b/app/api/admin_catalog.py
index 5f70e9a..05476ae 100644
--- a/app/api/admin_catalog.py
+++ b/app/api/admin_catalog.py
@@ -1005,7 +1005,6 @@ def list_api_clients(
 
 
 @router.post("/sync/from-provider")
-@router.post("/sync/from-keycloak", include_in_schema=False)
 def sync_catalog_from_provider(db: Session = Depends(get_db), force: bool = Query(default=True)) -> dict[str, int]:
     return sync_from_provider(db, force=force)
 
diff --git a/app/api/internal.py b/app/api/internal.py
index f76f445..1715309 100644
--- a/app/api/internal.py
+++ b/app/api/internal.py
@@ -103,8 +103,6 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
 
 
 @router.post("/provider/users/ensure", response_model=ProviderEnsureUserResponse)
-@router.post("/idp/users/ensure", response_model=ProviderEnsureUserResponse, include_in_schema=False)
-@router.post("/keycloak/users/ensure", response_model=ProviderEnsureUserResponse, include_in_schema=False)
 def ensure_idp_user(
     payload: ProviderEnsureUserRequest,
     db: Session = Depends(get_db),
diff --git a/scripts/migrate_provider_columns.sql b/scripts/migrate_provider_columns.sql
deleted file mode 100644
index 149f3e2..0000000
--- a/scripts/migrate_provider_columns.sql
+++ /dev/null
@@ -1,131 +0,0 @@
--- Rename legacy IdP column names to provider_* naming.
--- Safe to run multiple times.
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'idp_group_id'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'provider_group_id'
-  ) THEN
-    ALTER TABLE public.companies RENAME COLUMN idp_group_id TO provider_group_id;
-  END IF;
-END $$;
-
--- companies.display_name -> companies.name
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'display_name'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'name'
-  ) THEN
-    ALTER TABLE public.companies RENAME COLUMN display_name TO name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'legal_name'
-  ) THEN
-    ALTER TABLE public.companies DROP COLUMN legal_name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'systems' AND column_name = 'provider_client_id'
-  ) THEN
-    ALTER TABLE public.systems DROP COLUMN provider_client_id;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'roles' AND column_name = 'provider_role_name'
-  ) THEN
-    ALTER TABLE public.roles DROP COLUMN provider_role_name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.table_constraints
-    WHERE table_schema='public' AND table_name='roles' AND constraint_name='uq_roles_system_provider_role_name'
-  ) THEN
-    ALTER TABLE public.roles DROP CONSTRAINT uq_roles_system_provider_role_name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF NOT EXISTS (
-    SELECT 1 FROM information_schema.table_constraints
-    WHERE table_schema='public' AND table_name='roles' AND constraint_name='uq_roles_system_name'
-  ) THEN
-    ALTER TABLE public.roles ADD CONSTRAINT uq_roles_system_name UNIQUE (system_id, name);
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'sites' AND column_name = 'idp_group_id'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'sites' AND column_name = 'provider_group_id'
-  ) THEN
-    ALTER TABLE public.sites RENAME COLUMN idp_group_id TO provider_group_id;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'systems' AND column_name = 'idp_client_id'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'systems' AND column_name = 'provider_client_id'
-  ) THEN
-    ALTER TABLE public.systems RENAME COLUMN idp_client_id TO provider_client_id;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'roles' AND column_name = 'idp_role_name'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'roles' AND column_name = 'provider_role_name'
-  ) THEN
-    ALTER TABLE public.roles RENAME COLUMN idp_role_name TO provider_role_name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'users' AND column_name = 'idp_user_id'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'users' AND column_name = 'provider_user_id'
-  ) THEN
-    ALTER TABLE public.users RENAME COLUMN idp_user_id TO provider_user_id;
-  END IF;
-END $$;
diff --git a/tests/test_internal_idp_sync.py b/tests/test_internal_idp_sync.py
index da1feee..9e1c0da 100644
--- a/tests/test_internal_idp_sync.py
+++ b/tests/test_internal_idp_sync.py
@@ -9,7 +9,7 @@ def test_internal_idp_ensure_requires_config() -> None:
     client = TestClient(app)
     try:
         resp = client.post(
-            "/internal/idp/users/ensure",
+            "/internal/provider/users/ensure",
             json={
                 "sub": "idp-sub-1",
                 "email": "user@example.com",