steve
c20375eaf5
Adds pre_hook/post_hook BLOB columns to source_groups and pre_hook_default/post_hook_default to hosts. Bytes stored verbatim (AEAD encrypt/decrypt happens at the HTTP layer where the AEAD key lives). Round-trip tests cover set/clear semantics on both tables.
26 lines
986 B
SQL
26 lines
986 B
SQL
-- 0010_hooks.sql
|
|
--
|
|
-- P2R-10: pre/post hooks on source groups + host-wide defaults.
|
|
--
|
|
-- Hook bodies are stored as AEAD ciphertext (existing crypto.AEAD)
|
|
-- because operators do put credentials in shell snippets — even
|
|
-- though we tell them not to. NULL means "no hook configured".
|
|
--
|
|
-- Hooks fire only for kind=backup jobs. forget/prune/check/unlock
|
|
-- skip them per spec.md §14.3 (P2R-11 enforces this in the agent
|
|
-- dispatcher).
|
|
--
|
|
-- Resolution order at dispatch time:
|
|
-- source_group.<phase>_hook (per-group override, AEAD blob)
|
|
-- host.<phase>_hook_default (host default, AEAD blob)
|
|
-- none → no hook runs
|
|
--
|
|
-- All four columns are added in-place via ALTER TABLE ADD COLUMN.
|
|
-- Per CLAUDE.md the table-rebuild pattern is unsafe with FK cascades.
|
|
|
|
ALTER TABLE source_groups ADD COLUMN pre_hook BLOB;
|
|
ALTER TABLE source_groups ADD COLUMN post_hook BLOB;
|
|
|
|
ALTER TABLE hosts ADD COLUMN pre_hook_default BLOB;
|
|
ALTER TABLE hosts ADD COLUMN post_hook_default BLOB;
|