hs.hsadmin.ng/src/main/resources/db/changelog/020-audit-log.sql

--liquibase formatted sql

-- ============================================================================
--changeset audit-OPERATION-TYPE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
    A type representing a DML operation.
 */
do $$
    begin
        if not exists(select 1 from pg_type where typname = 'operation') then
            create type "operation" as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE');
        end if;
        --more types here...
    end $$;
--//

-- ============================================================================
--changeset audit-TABLE-TX-AUDIT-LOG:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
    A table storing the transaction audit log for all target tables.
 */
create table "tx_audit_log"
(
    txId         bigint    not null,
    txTimestamp  timestamp not null,
    currentUser  varchar(63) not null,  -- TODO.SPEC: Keep user name or uuid in audit-log?
    assumedRoles varchar   not null,    -- TODO.SPEC: Store role names or uuids in audit-log?
    currentTask  varchar   not null,
    targetTable  text      not null,
    targetUuid   uuid      not null,    -- TODO.SPEC: All audited tables have a uuid column.
    targetOp     operation not null,
    targetDelta  jsonb
);

create index on tx_audit_log using brin (txTimestamp);
create index on tx_audit_log (targetTable, targetUuid);
--//

-- ============================================================================
--changeset audit-TX-AUDIT-TRIGGER:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
    Trigger function for transaction audit log.
 */
create or replace function tx_audit_log_trigger()
    returns trigger
    language plpgsql as $$
begin
    case tg_op
        when 'INSERT' then
            insert
                into tx_audit_log
                values (txid_current(), now(),
                        currentUser(), assumedRoles(), currentTask(),
                        tg_table_name, new.uuid, tg_op::operation,
                        to_jsonb(new));
        when 'UPDATE' then
            insert
                into tx_audit_log
                values (txid_current(), now(),
                        currentUser(), assumedRoles(), currentTask(),
                        tg_table_name, old.uuid, tg_op::operation,
                        jsonb_changes_delta(to_jsonb(old), to_jsonb(new)));
        when 'DELETE' then
            insert
                into tx_audit_log
                values (txid_current(), now(),
                        currentUser(), assumedRoles(), currentTask(),
                        tg_table_name, old.uuid, 'DELETE'::operation,
                        null::jsonb);
        else
            raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name;
    end case;
    return null;
end; $$;
--//

-- ============================================================================
--changeset audit-CREATE-AUDIT-LOG:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
    Trigger function for transaction audit log.
 */

create or replace procedure create_audit_log(targetTable varchar)
    language plpgsql as $$
declare
    createTriggerSQL   varchar;
begin
    createTriggerSQL = 'CREATE TRIGGER ' || targetTable || '_audit_log' ||
                       ' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable ||
                       '   FOR EACH ROW EXECUTE PROCEDURE tx_audit_log_trigger()';
    raise notice 'sql: %', createTriggerSQL;
    execute createTriggerSQL;
end; $$;
--//
initial audit-log implementation 2022-08-24 12:01:54 +02:00			`--liquibase formatted sql`

			`-- ============================================================================`
			`--changeset audit-OPERATION-TYPE:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`
			`/*`
			`A type representing a DML operation.`
			`*/`
			`do $$`
			`begin`
			`if not exists(select 1 from pg_type where typname = 'operation') then`
			`create type "operation" as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE');`
			`end if;`
			`--more types here...`
			`end $$;`
			`--//`

			`-- ============================================================================`
			`--changeset audit-TABLE-TX-AUDIT-LOG:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`
			`/*`
			`A table storing the transaction audit log for all target tables.`
			`*/`
			`create table "tx_audit_log"`
			`(`
			`txId bigint not null,`
			`txTimestamp timestamp not null,`
			`currentUser varchar(63) not null, -- TODO.SPEC: Keep user name or uuid in audit-log?`
			`assumedRoles varchar not null, -- TODO.SPEC: Store role names or uuids in audit-log?`
			`currentTask varchar not null,`
			`targetTable text not null,`
			`targetUuid uuid not null, -- TODO.SPEC: All audited tables have a uuid column.`
			`targetOp operation not null,`
			`targetDelta jsonb`
			`);`

			`create index on tx_audit_log using brin (txTimestamp);`
			`create index on tx_audit_log (targetTable, targetUuid);`
			`--//`

			`-- ============================================================================`
			`--changeset audit-TX-AUDIT-TRIGGER:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`
			`/*`
			`Trigger function for transaction audit log.`
			`*/`
			`create or replace function tx_audit_log_trigger()`
			`returns trigger`
			`language plpgsql as $$`
			`begin`
			`case tg_op`
			`when 'INSERT' then`
			`insert`
			`into tx_audit_log`
			`values (txid_current(), now(),`
			`currentUser(), assumedRoles(), currentTask(),`
			`tg_table_name, new.uuid, tg_op::operation,`
			`to_jsonb(new));`
			`when 'UPDATE' then`
			`insert`
			`into tx_audit_log`
			`values (txid_current(), now(),`
			`currentUser(), assumedRoles(), currentTask(),`
			`tg_table_name, old.uuid, tg_op::operation,`
			`jsonb_changes_delta(to_jsonb(old), to_jsonb(new)));`
			`when 'DELETE' then`
			`insert`
			`into tx_audit_log`
			`values (txid_current(), now(),`
			`currentUser(), assumedRoles(), currentTask(),`
			`tg_table_name, old.uuid, 'DELETE'::operation,`
			`null::jsonb);`
			`else`
			`raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name;`
			`end case;`
			`return null;`
			`end; $$;`
			`--//`

			`-- ============================================================================`
			`--changeset audit-CREATE-AUDIT-LOG:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`
			`/*`
			`Trigger function for transaction audit log.`
			`*/`

			`create or replace procedure create_audit_log(targetTable varchar)`
			`language plpgsql as $$`
			`declare`
			`createTriggerSQL varchar;`
			`begin`
			`createTriggerSQL = 'CREATE TRIGGER ' \|\| targetTable \|\| '_audit_log' \|\|`
			`' AFTER INSERT OR UPDATE OR DELETE ON ' \|\| targetTable \|\|`
			`' FOR EACH ROW EXECUTE PROCEDURE tx_audit_log_trigger()';`
			`raise notice 'sql: %', createTriggerSQL;`
			`execute createTriggerSQL;`
			`end; $$;`
			`--//`