Skip to content

fix(authserver): sync prod + H2 profile defects discovered after PR #125#126

Merged
dfcoffin merged 1 commit into
mainfrom
feature/issue-122-profile-sync
May 25, 2026
Merged

fix(authserver): sync prod + H2 profile defects discovered after PR #125#126
dfcoffin merged 1 commit into
mainfrom
feature/issue-122-profile-sync

Conversation

@dfcoffin
Copy link
Copy Markdown
Contributor

@dfcoffin dfcoffin commented May 25, 2026

Summary

Follow-up to #125. Propagates two patches from that PR to the profiles where the same defects exist but weren't directly observed during the dev-mysql boot session. Cross-profile audit summarized at #122 comment.

Changes

1. application-prod.yml — add flyway.target: "2.0.0" workaround for #123

Prod uses MySQL vendor migrations (classpath:db/vendor/mysql). A first deploy against a clean prod DB would die at V3 with Unknown column 'client_description' — identical to the dev-mysql failure that #125 patched. Without this fix, prod is a latent landmine waiting for someone to migrate a fresh database.

This is a temporary workaround — removed once #123 (ESPI 4.0 XSD-aligned schema repair) lands.

2. H2 V1 — add UNIQUE constraint on oauth2_registered_client.client_id

H2 V1 schema had only PRIMARY KEY (id) on oauth2_registered_client and a non-unique CREATE INDEX on client_id, while MySQL V1 (after #125) and PostgreSQL V1 (already correct) both enforce uniqueness on that column. client_id is unique by OAuth2 semantics; the inconsistency invites future bugs (e.g., if anyone adds an FK referencing this column in H2 later, they'd hit the same MySQL bug #125 fixed).

Not blocking H2 boot today — H2's espi_application_info table doesn't declare an FK against oauth2_registered_client.client_id, so the absence of UNIQUE isn't a CREATE TABLE error. This change closes the consistency gap. Also removed the now-redundant non-unique CREATE INDEX, mirroring the MySQL cleanup from #125.

Audited and no change needed

Item Verdict
Patch #6 from #125 (HikariCP auto-commit: true) dev-postgresql, local, prod, docker-compose all rely on the HikariCP default (true). The dev-mysql auto-commit: false was an outlier bug, not a shared default.
PostgreSQL V3 INSERT drift PostgreSQL V1 (db/vendor/postgresql/V1_0_0:79-119) already declares client_description, contact_*, scope, grant_types, response_types — different drift pattern from MySQL. dev-postgresql doesn't need target=2.0.0 at this time. V4-V6 drift is part of #123's audit scope.
Patches #2 (Flyway location), #4 (filter chain), #5 (HttpsEnforcement chains) Already cross-profile or code-level — #125 covered them.

Diff

2 files changed, 6 insertions(+), 2 deletions(-)
 openespi-authserver/src/main/resources/application-prod.yml
 openespi-authserver/src/main/resources/db/vendor/h2/V1_0_0__create_oauth2_schema.sql

Test plan

  • Manual: git diff reviewed for both files
  • CI: full suite passes (will verify)
  • H2 boot: not exercised in this PR (local profile boot is its own work item); the H2 change is architectural-consistency only
  • Prod boot: not exercised in this PR; the change is a forward-looking landmine fix

Related

  • #122 Phase 2.0 auth-server bring-up
  • #123 ESPI 4.0 XSD-aligned schema repair (removes the target: "2.0.0" workaround when it lands)
  • #125 Six pre-existing defects blocking dev-mysql boot (this PR's parent)

🤖 Generated with Claude Code

@dfcoffin @claude
fix(authserver): sync profile defects discovered after PR #125
fa79c73 
PR #125 patched defects discovered while booting dev-mysql, but two of
those patches needed to be propagated to other profiles to prevent the
same bugs from biting elsewhere. Audit summarized at
#122

Patch 1 — prod profile flyway.target=2.0.0
  application-prod.yml uses MySQL vendor migrations, which means a first
  deploy against a clean prod DB would hit the same V3 schema drift
  that #125 patched on dev-mysql ("Unknown column 'client_description'").
  Added the same target=2.0.0 workaround with a pointer to #123. Will
  be removed once #123 lands.

Patch 2 — H2 V1 UNIQUE on oauth2_registered_client.client_id
  H2 V1 schema had only PRIMARY KEY (id) on oauth2_registered_client, no
  unique constraint on client_id. Not blocking H2 boot today (H2's
  espi_application_info table doesn't declare an FK referencing it), but
  client_id is unique by OAuth2 semantics and MySQL/PostgreSQL V1 both
  enforce uniqueness. Added UNIQUE constraint and removed the now-redundant
  non-unique CREATE INDEX, mirroring the MySQL cleanup from #125.

Audited but no change needed
  - HikariCP auto-commit (patch #6 from #125): dev-postgresql, local, prod,
    and docker all rely on the HikariCP default (true). The dev-mysql
    auto-commit: false was an outlier bug, not a shared default.
  - PostgreSQL V3 INSERT: PostgreSQL V1 already has the columns V3 targets
    (client_description, contact_*, scope, grant_types, response_types).
    Different drift pattern from MySQL — no target=2.0.0 workaround needed
    on dev-postgresql at this time. (V4-V6 drift TBD as part of #123.)

Refs: #122 #123 #125

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@dfcoffin dfcoffin added bug Something isn't working ESPI 4.0 Touches the NAESB ESPI 4.0 implementation labels May 25, 2026
@dfcoffin dfcoffin merged commit a7e66a5 into main May 25, 2026
4 checks passed
@dfcoffin dfcoffin deleted the feature/issue-122-profile-sync branch May 25, 2026 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working ESPI 4.0 Touches the NAESB ESPI 4.0 implementation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dfcoffin