o "i1@s|dZddlmZddlmZddlZddlmZmZe e Z GdddZ ded e d efd d Zded e d efd dZdS)a Tenant Schema Management for PostgreSQL Multi-Tenancy Implements schema-per-tenant isolation pattern: - Each tenant gets a dedicated PostgreSQL schema - Shared tables (tenants, users) remain in public schema - Tenant-specific data isolated in tenant schemas )text)SessionN)OptionalListc @s"eZdZdZgdZgdZededefddZ ede d ede fd d Z ede dede fd d Z ed!de dede de fddZed"de deefddZeddZede dede fddZede dedede fddZede deefddZede dedeefdd ZdS)#TenantSchemaManagerz? Manages PostgreSQL schemas for multi-tenant isolation ) tenantsusersalembic_versionrolesmenus user_roles role_menusrole_permissions casbin_rule audit_logspermission_audit_logsmodel_providersmodels)agents chat_messagesknowledge_basesknowledge_categoriesknowledge_documentsknowledge_tags document_tagsdocument_vectorsdocument_versions knowledge_qaknowledge_metadata_fieldsdocument_metadata_values data_modelsdata_model_fieldstag_categoriestag_auto_rules tax_documents tenant_idreturncCs d|S)z Get schema name for a tenant Args: tenant_id: Tenant ID Returns: Schema name (e.g., 'tenant_1') tenant_)r%r(r(r,cascade_clauser4r(r(r) delete_schemas   z!TenantSchemaManager.delete_schemaNc Csz-|rt|}|td|dtd|dWdS|tdtdWdStyB}z td|d}~ww) z Set PostgreSQL search_path for tenant isolation Args: db: Database session tenant_id: Tenant ID (None for public schema only) zSET search_path TO "z ", publiczSet search_path to: z, publiczSET search_path TO publiczSet search_path to: publiczError setting search_path: N)rr*r.rr1debugr0r2r<r(r(r)set_search_paths  z#TenantSchemaManager.set_search_pathcCstddlm}ddl}ddl}ddl}dd|jjD}dd|D}tt t j |}|r8t dd ||S) a Return schema-less tenant table definitions from SQLAlchemy metadata. We explicitly target schema-less tables here and later translate them into the tenant schema. This avoids false positives from same-named tables already existing in `public`. rBaseNcSs&g|]}|jtjvr|jdur|qSN)namer TENANT_TABLESr-.0tabler(r(r) s zDTenantSchemaManager.get_tenant_table_definitions..cSsh|]}|jqSr()rIrKr(r(r) szCTenantSchemaManager.get_tenant_table_definitions..zISkipped tenant table definitions not registered as schema-less tables: %sz, ) app.db.baserGapp.models.agentapp.models.knowledge_baseapp.models.data_modelmetadatatablesvaluessortedsetrrJr1rDjoin)rGapp tenant_tablesregistered_table_namesmissing_table_namesr(r(r)get_tenant_table_definitionss  z0TenantSchemaManager.get_tenant_table_definitionsc Csddlm}t|}t}|stddSz#|jd|id}|j j ||dd| t d t ||WdSty]}ztd |d ||WYd}~dSd}~ww) zR Create all tenant-scoped tables inside the target tenant schema. rrFz9No tenant table definitions found for schema provisioningFN)schema_translate_mapT)bindrU checkfirstz+Ensured %s tenant tables exist in schema %sz'Error creating tenant tables in schema r8)rPrGrr*r^r1r2 connectionexecution_optionsrT create_allr:r9lenr0r;)r+r%rGr,r[ tenant_bindr4r(r(r)create_tenant_tabless8   z(TenantSchemaManager.create_tenant_tablessource_tenant_idtarget_tenant_idc Cst|}t|}zEt||sWdS|tdd|i}dd|D}|D]}|td|d|d|d|d q'|td |d |Wd Styn}zt d || WYd}~dSd}~ww)aQ Clone schema structure from one tenant to another (useful for creating new tenants based on a template) Args: db: Database session source_tenant_id: Source tenant ID target_tenant_id: Target tenant ID Returns: True if successful, False otherwise Fz SELECT table_name FROM information_schema.tables WHERE table_schema = :schema AND table_type = 'BASE TABLE' r-cSsg|]}|dqS)rr()rLrowr(r(r)rNsz>TenantSchemaManager.clone_schema_structure..z# CREATE TABLE "z"."z" (LIKE "z!" INCLUDING ALL) zCloned schema structure from z to Tz Error cloning schema structure: N) rr*r=r.rr:r1r9r0r2r;) r+rhri source_schema target_schemar3rUrMr4r(r(r)clone_schema_structures:    z*TenantSchemaManager.clone_schema_structurec Csz%|td}g}|D]}|d}t|dd}|||dq |WStyA}ztd|gWYd}~Sd}~ww)z List all tenant schemas Args: db: Database session Returns: List of schema info dicts z SELECT schema_name FROM information_schema.schemata WHERE schema_name LIKE 'tenant_%' ORDER BY schema_name rr')r%r,zError listing tenant schemas: N)r.rintreplaceappendr0r1r2)r+r3schemasrjr,r%r4r(r(r)list_tenant_schemas.s$   z'TenantSchemaManager.list_tenant_schemasc Csnt|}z|tdd|i}|}|r|WSdWSty6}ztd|WYd}~dSd}~ww)z Get the size of a tenant schema in bytes Args: db: Database session tenant_id: Tenant ID Returns: Size in bytes, or None if error z SELECT SUM(pg_total_relation_size(quote_ident(schemaname) || '.' || quote_ident(tablename))) FROM pg_tables WHERE schemaname = :schema r-rzError getting schema size: N)rr*r.rscalarr0r1r2)r+r%r,r3sizer4r(r(r)get_schema_sizeSs  z#TenantSchemaManager.get_schema_size)TrH)__name__ __module__ __qualname____doc__ PUBLIC_TABLESrJ staticmethodrostrr*rboolr5r=rCrrEr^rgrmrdictrsrvr(r(r(r)rs0 ! "2$ rr+r%r&c Cszzt||s WdSt||sWdStd|WdSty<}ztd||WYd}~dSd}~ww)a8 Provision a complete tenant schema with all tables This should be called when a new tenant is created. It creates the schema and runs migrations to create all tables. Args: db: Database session tenant_id: Tenant ID Returns: True if successful, False otherwise Fz(Provisioned tenant schema for tenant_id=Tz"Error provisioning tenant schema: N)rr=rgr1r9r0r2r;)r+r%r4r(r(r)provision_tenant_schemass  rcCstj||ddS)z Deprovision a tenant schema (delete all data) This should be called when a tenant is deleted. Args: db: Database session tenant_id: Tenant ID Returns: True if successful, False otherwise T)r>)rrC)r+r%r(r(r)deprovision_tenant_schemas r)rz sqlalchemyrsqlalchemy.ormrloggingtypingrr getLoggerrwr1rror~rrr(r(r(r)s   d