Remove legacy migration file and alias API routes

README.md

@@ -83,4 +83,4 @@ curl http://127.0.0.1:8000/healthz
 - `GET /internal/members`
 - `POST /internal/users/upsert-by-sub`
 - `GET /internal/users/{user_sub}/roles`
-- `POST /internal/idp/users/ensure`
+- `POST /internal/provider/users/ensure`

app/api/admin_catalog.py

@@ -1005,7 +1005,6 @@ def list_api_clients(
 
 
 @router.post("/sync/from-provider")
-@router.post("/sync/from-keycloak", include_in_schema=False)
 def sync_catalog_from_provider(db: Session = Depends(get_db), force: bool = Query(default=True)) -> dict[str, int]:
     return sync_from_provider(db, force=force)
 

app/api/internal.py

@@ -103,8 +103,6 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
 
 
 @router.post("/provider/users/ensure", response_model=ProviderEnsureUserResponse)
-@router.post("/idp/users/ensure", response_model=ProviderEnsureUserResponse, include_in_schema=False)
-@router.post("/keycloak/users/ensure", response_model=ProviderEnsureUserResponse, include_in_schema=False)
 def ensure_idp_user(
     payload: ProviderEnsureUserRequest,
     db: Session = Depends(get_db),

scripts/migrate_provider_columns.sql

@@ -1,131 +0,0 @@
--- Rename legacy IdP column names to provider_* naming.
--- Safe to run multiple times.
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'idp_group_id'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'provider_group_id'
-  ) THEN
-    ALTER TABLE public.companies RENAME COLUMN idp_group_id TO provider_group_id;
-  END IF;
-END $$;
-
--- companies.display_name -> companies.name
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'display_name'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'name'
-  ) THEN
-    ALTER TABLE public.companies RENAME COLUMN display_name TO name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'companies' AND column_name = 'legal_name'
-  ) THEN
-    ALTER TABLE public.companies DROP COLUMN legal_name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'systems' AND column_name = 'provider_client_id'
-  ) THEN
-    ALTER TABLE public.systems DROP COLUMN provider_client_id;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'roles' AND column_name = 'provider_role_name'
-  ) THEN
-    ALTER TABLE public.roles DROP COLUMN provider_role_name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.table_constraints
-    WHERE table_schema='public' AND table_name='roles' AND constraint_name='uq_roles_system_provider_role_name'
-  ) THEN
-    ALTER TABLE public.roles DROP CONSTRAINT uq_roles_system_provider_role_name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF NOT EXISTS (
-    SELECT 1 FROM information_schema.table_constraints
-    WHERE table_schema='public' AND table_name='roles' AND constraint_name='uq_roles_system_name'
-  ) THEN
-    ALTER TABLE public.roles ADD CONSTRAINT uq_roles_system_name UNIQUE (system_id, name);
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'sites' AND column_name = 'idp_group_id'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'sites' AND column_name = 'provider_group_id'
-  ) THEN
-    ALTER TABLE public.sites RENAME COLUMN idp_group_id TO provider_group_id;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'systems' AND column_name = 'idp_client_id'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'systems' AND column_name = 'provider_client_id'
-  ) THEN
-    ALTER TABLE public.systems RENAME COLUMN idp_client_id TO provider_client_id;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'roles' AND column_name = 'idp_role_name'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'roles' AND column_name = 'provider_role_name'
-  ) THEN
-    ALTER TABLE public.roles RENAME COLUMN idp_role_name TO provider_role_name;
-  END IF;
-END $$;
-
-DO $$
-BEGIN
-  IF EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'users' AND column_name = 'idp_user_id'
-  ) AND NOT EXISTS (
-    SELECT 1 FROM information_schema.columns
-    WHERE table_schema = 'public' AND table_name = 'users' AND column_name = 'provider_user_id'
-  ) THEN
-    ALTER TABLE public.users RENAME COLUMN idp_user_id TO provider_user_id;
-  END IF;
-END $$;

tests/test_internal_idp_sync.py

@@ -9,7 +9,7 @@ def test_internal_idp_ensure_requires_config() -> None:
     client = TestClient(app)
     try:
         resp = client.post(
-            "/internal/idp/users/ensure",
+            "/internal/provider/users/ensure",
             json={
                 "sub": "idp-sub-1",
                 "email": "user@example.com",