SIG-CM2.0

dmolinari/SIG-CM2.0

Fork 0

Commit Graph

Author	SHA1	Message	Date
dmolinari	ff7d8986fd	feat(db): Medio + Seccion (temporal tables + seed) — ADM-001 B1 V011 crea dbo.Medio y dbo.Seccion con SYSTEM_VERSIONING ON (retention 10 anios) y PAGE compression en history; siembra el permiso 'administracion:secciones:gestionar' y lo asigna a rol admin. El permiso 'administracion:medios:gestionar' ya existia desde V005. V012 siembra Medios fundacionales ELDIA y ELPLATA (MERGE idempotente). Rollbacks V011/V012 validados estructuralmente; aplicacion y reaplicacion verificadas en SIGCM2_Test y SIGCM2. Fixture de tests actualizado: EnsureV011SchemaAsync, SeedMediosCanonicalAsync, ignora Medio_History y Seccion_History en Respawner.	2026-04-16 18:13:54 -03:00
dmolinari	1c79dfa0a4	feat(db): V010 audit infrastructure + temporal tables Applied to SIGCM2 (dev) and SIGCM2_Test. V010__audit_infrastructure.sql (idempotent, ~280 LoC): - Filegroups AUDIT_HOT + AUDIT_COLD with physical files (per-DB logical names via DB_NAME() prefix to avoid collision in dev/test). - pf/ps_AuditEvent_Monthly + pf/ps_SecurityEvent_Monthly (RANGE RIGHT, DATETIME2(3), 14 boundaries 2026-01..2027-02 → 15 partitions). Job extends forward monthly in B11. - dbo.AuditEvent (partitioned, clustered PK on OccurredAt+Id) + 4 indexes (Actor/Target/Action/Correlation) with PAGE compression. - dbo.SecurityEvent (partitioned) + 3 indexes (Actor/Action_Result/Ip_Failure). - CHECK constraints: Action LIKE '%.%', ISJSON(Metadata), Result IN (success\|failure). - SYSTEM_VERSIONING ON in Usuario/Rol/Permiso/RolPermiso with 10 YEARS retention + PAGE compression in history tables. - No hard FK on ActorUserId → Usuario.Id (soft FK — audit must survive user deletion). V010_ROLLBACK.sql: emergency reversal (WARNING: destroys all audit history). database/README.md: migration order + V010 prod-apply notes. tests/SIGCM2.TestSupport/SqlTestFixture.cs: - EnsureV010SchemaAsync() validates audit infra is applied (fails fast with clear message if not — migration itself requires ALTER DATABASE privileges and is applied manually via sqlcmd). - Respawn TablesToIgnore extended with *_History (engine rejects direct DELETE on system-versioned history tables). tests/SIGCM2.Api.Tests/Audit/V010MigrationTests.cs — 5 smoke tests: - AuditEvent insert+roundtrip with CorrelationId. - CK_AuditEvent_Action rejects Action without '.'. - CK_AuditEvent_Metadata rejects non-JSON. - CK_SecurityEvent_Result rejects invalid Result. - Usuario SYSTEM_VERSIONING: temporal query FOR SYSTEM_TIME AS OF returns pre-update state + Usuario_History populated. Suite: 130/130 passing (previous 124 + spike B0 + 5 new B1). No regressions. Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-AUD-1,2, #REQ-SEC-1, design#D-4, tasks}	2026-04-16 13:10:04 -03:00

Author

SHA1

Message

Date

dmolinari

ff7d8986fd

feat(db): Medio + Seccion (temporal tables + seed) — ADM-001 B1

V011 crea dbo.Medio y dbo.Seccion con SYSTEM_VERSIONING ON (retention 10
anios) y PAGE compression en history; siembra el permiso
'administracion:secciones:gestionar' y lo asigna a rol admin. El permiso
'administracion:medios:gestionar' ya existia desde V005.

V012 siembra Medios fundacionales ELDIA y ELPLATA (MERGE idempotente).

Rollbacks V011/V012 validados estructuralmente; aplicacion y
reaplicacion verificadas en SIGCM2_Test y SIGCM2. Fixture de tests
actualizado: EnsureV011SchemaAsync, SeedMediosCanonicalAsync, ignora
Medio_History y Seccion_History en Respawner.

2026-04-16 18:13:54 -03:00

dmolinari

1c79dfa0a4

feat(db): V010 audit infrastructure + temporal tables

Applied to SIGCM2 (dev) and SIGCM2_Test.

V010__audit_infrastructure.sql (idempotent, ~280 LoC):
- Filegroups AUDIT_HOT + AUDIT_COLD with physical files (per-DB logical names
  via DB_NAME() prefix to avoid collision in dev/test).
- pf/ps_AuditEvent_Monthly + pf/ps_SecurityEvent_Monthly (RANGE RIGHT,
  DATETIME2(3), 14 boundaries 2026-01..2027-02 → 15 partitions). Job extends
  forward monthly in B11.
- dbo.AuditEvent (partitioned, clustered PK on OccurredAt+Id) + 4 indexes
  (Actor/Target/Action/Correlation) with PAGE compression.
- dbo.SecurityEvent (partitioned) + 3 indexes (Actor/Action_Result/Ip_Failure).
- CHECK constraints: Action LIKE '%.%', ISJSON(Metadata), Result IN (success|failure).
- SYSTEM_VERSIONING ON in Usuario/Rol/Permiso/RolPermiso with 10 YEARS retention +
  PAGE compression in history tables.
- No hard FK on ActorUserId → Usuario.Id (soft FK — audit must survive user deletion).

V010_ROLLBACK.sql: emergency reversal (WARNING: destroys all audit history).

database/README.md: migration order + V010 prod-apply notes.

tests/SIGCM2.TestSupport/SqlTestFixture.cs:
- EnsureV010SchemaAsync() validates audit infra is applied (fails fast with
  clear message if not — migration itself requires ALTER DATABASE privileges
  and is applied manually via sqlcmd).
- Respawn TablesToIgnore extended with *_History (engine rejects direct DELETE
  on system-versioned history tables).

tests/SIGCM2.Api.Tests/Audit/V010MigrationTests.cs — 5 smoke tests:
- AuditEvent insert+roundtrip with CorrelationId.
- CK_AuditEvent_Action rejects Action without '.'.
- CK_AuditEvent_Metadata rejects non-JSON.
- CK_SecurityEvent_Result rejects invalid Result.
- Usuario SYSTEM_VERSIONING: temporal query FOR SYSTEM_TIME AS OF returns
  pre-update state + Usuario_History populated.

Suite: 130/130 passing (previous 124 + spike B0 + 5 new B1). No regressions.

Refs: sdd/udt-010-auditoria-trazabilidad/{spec#REQ-AUD-1,2, #REQ-SEC-1,
design#D-4, tasks}

2026-04-16 13:10:04 -03:00

2 Commits