-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
83215 - Create sign_in_certificates table #16791
Conversation
889755e
to
a45f83d
Compare
a45f83d
to
1a58547
Compare
1a58547
to
5017f6a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some comments on the schema, I'm really gonna have to do some research on successful polymorphic models cause I'm still not convinced they're ever a good idea
@@ -0,0 +1,15 @@ | |||
class CreateSignInCertificates < ActiveRecord::Migration[7.1] | |||
def change | |||
create_table :sign_in_certificates do |t| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it valuable to have any of the attribute fields other than the certificate itself? I feel like the schema shouldn't have any fields that are already available on the cert itself, otherwise there could be user error in the stored attributes versus what's actually on the cert
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having the fields stored in columns on the table allows us to leverage the ORM to query for expired, expiring, and self-signed certificates more efficiently.
The alternative would be to instantiate a 509 certificate object for every certificate stored in the table and then iterate through them to find all the certificates that match whatever criteria there are (expired, expiring, self-signed, etc.) This is the approach I used in my original PR.
I'd go so far as to say if we don't store the fields in columns, then this refactor is probably unnecessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤔 I could add a validation that ensures the attributes for the certificate stored in the plaintext column matches the values in the corresponding columns for the record.
5017f6a
to
e8832c2
Compare
Closing this PR. May revisit this idea when we tackle the certificate management epic. |
Summary
This PR creates the
sign_in_certificates
table. Currently, certificates for SiS configurations are stored in directly within the configuration as an array.The draft PR to create the model can be found here: #16797
Related issue(s)
https://app.zenhub.com/workspaces/identity-5f5bab705a94c9001ba33734/issues/gh/department-of-veterans-affairs/va.gov-team/83215
Testing done
Migration succeeds and creates table with specified columns.
Screenshots
Not relevant.
What areas of the site does it impact?
Sign-in Service
Acceptance criteria
Requested Feedback
Any other fields needed?