-- Migration 035: VVT Tenant Isolation + DSFA/Vendor "default" → UUID Fix -- Adds tenant_id to VVT tables, backfills existing data, fixes "default" tenant IDs BEGIN; -- ============================================================================ -- 1. VVT Tables: Add tenant_id column -- ============================================================================ ALTER TABLE compliance_vvt_organization ADD COLUMN IF NOT EXISTS tenant_id VARCHAR(255); ALTER TABLE compliance_vvt_activities ADD COLUMN IF NOT EXISTS tenant_id VARCHAR(255); ALTER TABLE compliance_vvt_audit_log ADD COLUMN IF NOT EXISTS tenant_id VARCHAR(255); -- ============================================================================ -- 2. Backfill existing VVT data to default tenant UUID -- ============================================================================ UPDATE compliance_vvt_organization SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id IS NULL; UPDATE compliance_vvt_activities SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id IS NULL; UPDATE compliance_vvt_audit_log SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id IS NULL; -- ============================================================================ -- 3. Make tenant_id NOT NULL after backfill -- ============================================================================ ALTER TABLE compliance_vvt_organization ALTER COLUMN tenant_id SET NOT NULL; ALTER TABLE compliance_vvt_activities ALTER COLUMN tenant_id SET NOT NULL; ALTER TABLE compliance_vvt_audit_log ALTER COLUMN tenant_id SET NOT NULL; -- ============================================================================ -- 4. Replace global UNIQUE(vvt_id) with tenant-scoped UNIQUE(tenant_id, vvt_id) -- ============================================================================ -- Drop old unique constraint (may be index or constraint) DROP INDEX IF EXISTS idx_vvt_activities_vvt_id; ALTER TABLE compliance_vvt_activities DROP CONSTRAINT IF EXISTS compliance_vvt_activities_vvt_id_key; -- Create tenant-scoped unique constraint ALTER TABLE compliance_vvt_activities ADD CONSTRAINT uq_vvt_activities_tenant_vvt_id UNIQUE (tenant_id, vvt_id); -- ============================================================================ -- 5. Add tenant_id indexes for performance -- ============================================================================ CREATE INDEX IF NOT EXISTS idx_vvt_org_tenant ON compliance_vvt_organization(tenant_id); CREATE INDEX IF NOT EXISTS idx_vvt_activities_tenant ON compliance_vvt_activities(tenant_id); CREATE INDEX IF NOT EXISTS idx_vvt_activities_tenant_status ON compliance_vvt_activities(tenant_id, status); CREATE INDEX IF NOT EXISTS idx_vvt_audit_tenant ON compliance_vvt_audit_log(tenant_id); -- ============================================================================ -- 6. Fix DSFA tables: "default" → UUID -- ============================================================================ UPDATE compliance_dsfas SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id = 'default'; UPDATE compliance_dsfa_audit_log SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id = 'default'; -- ============================================================================ -- 7. Fix Vendor tables: "default" → UUID -- ============================================================================ UPDATE vendor_vendors SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id = 'default'; UPDATE vendor_contracts SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id = 'default'; UPDATE vendor_findings SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id = 'default'; UPDATE vendor_control_instances SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id = 'default'; UPDATE vendor_controls SET tenant_id = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e' WHERE tenant_id = 'default'; COMMIT;