테넌트 목록 조회 cursor기반으로 재구성. 사용자 metadata 미사용 필드 제거

scripts/clear_orphan_tenant_memberships.sh

@@ -0,0 +1,87 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+BARON_CONTAINER="${BARON_CONTAINER:-baron_postgres}"
+BARON_DB_USER="${BARON_DB_USER:-baron}"
+BARON_DB_NAME="${BARON_DB_NAME:-baron_sso}"
+KRATOS_CONTAINER="${KRATOS_CONTAINER:-ory_postgres}"
+KRATOS_DB_USER="${KRATOS_DB_USER:-ory}"
+KRATOS_DB_NAME="${KRATOS_DB_NAME:-ory_kratos}"
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+docker exec -i "${BARON_CONTAINER}" \
+	psql -U "${BARON_DB_USER}" -d "${BARON_DB_NAME}" \
+	< "${script_dir}/clear_orphan_user_tenant_memberships.sql"
+
+active_tenant_refs="$(
+	docker exec "${BARON_CONTAINER}" psql -U "${BARON_DB_USER}" -d "${BARON_DB_NAME}" -At -F $'\t' \
+		-c "SELECT id, LOWER(slug) FROM tenants WHERE deleted_at IS NULL ORDER BY id"
+)"
+
+docker exec -i "${KRATOS_CONTAINER}" psql -U "${KRATOS_DB_USER}" -d "${KRATOS_DB_NAME}" <<SQL
+BEGIN;
+
+CREATE TEMP TABLE active_tenant_refs (
+	id text NOT NULL,
+	slug text NOT NULL
+) ON COMMIT DROP;
+
+COPY active_tenant_refs (id, slug) FROM STDIN WITH (FORMAT text, DELIMITER E'\t');
+${active_tenant_refs}
+\.
+
+WITH orphan_identities AS (
+	SELECT
+		i.id,
+		i.traits->>'email' AS email,
+		i.traits->>'tenant_id' AS tenant_id,
+		i.traits->>'companyCode' AS company_code,
+		i.traits->'companyCodes' AS company_codes
+	FROM identities AS i
+	WHERE (
+		COALESCE(i.traits->>'tenant_id', '') <> ''
+		AND NOT EXISTS (
+			SELECT 1
+			FROM active_tenant_refs AS refs
+			WHERE refs.id = i.traits->>'tenant_id'
+		)
+	)
+	OR (
+		COALESCE(i.traits->>'companyCode', '') <> ''
+		AND NOT EXISTS (
+			SELECT 1
+			FROM active_tenant_refs AS refs
+			WHERE refs.slug = LOWER(BTRIM(i.traits->>'companyCode'))
+		)
+	)
+	OR EXISTS (
+		SELECT 1
+		FROM JSONB_ARRAY_ELEMENTS_TEXT(COALESCE(i.traits->'companyCodes', '[]'::jsonb)) AS code(value)
+		WHERE NULLIF(BTRIM(code.value), '') IS NOT NULL
+		  AND NOT EXISTS (
+			SELECT 1
+			FROM active_tenant_refs AS refs
+			WHERE refs.slug = LOWER(BTRIM(code.value))
+		)
+	)
+),
+updated_identities AS (
+	UPDATE identities AS i
+	SET traits = i.traits - 'tenant_id' - 'companyCode' - 'companyCodes',
+		updated_at = NOW()
+	FROM orphan_identities AS oi
+	WHERE i.id = oi.id
+	RETURNING
+		i.id,
+		oi.email,
+		oi.tenant_id AS cleared_tenant_id,
+		oi.company_code AS cleared_company_code,
+		oi.company_codes AS cleared_company_codes
+)
+SELECT *
+FROM updated_identities
+ORDER BY email;
+
+COMMIT;
+SQL

scripts/clear_orphan_user_tenant_memberships.sql

@@ -0,0 +1,67 @@
+-- 삭제되었거나 존재하지 않는 tenant를 가리키는 사용자 소속정보를 정리한다.
+-- 실행 예:
+--   docker exec -i baron_postgres psql -U baron -d baron_sso < scripts/clear_orphan_user_tenant_memberships.sql
+
+BEGIN;
+
+WITH orphan_users AS (
+	SELECT
+		u.id,
+		u.email,
+		u.tenant_id,
+		u.company_code,
+		u.company_codes
+	FROM users AS u
+	WHERE u.deleted_at IS NULL
+	  AND (
+		(
+			u.tenant_id IS NOT NULL
+			AND NOT EXISTS (
+				SELECT 1
+				FROM tenants AS t
+				WHERE t.id = u.tenant_id
+				  AND t.deleted_at IS NULL
+			)
+		)
+		OR (
+			NULLIF(BTRIM(u.company_code), '') IS NOT NULL
+			AND NOT EXISTS (
+				SELECT 1
+				FROM tenants AS t
+				WHERE LOWER(t.slug) = LOWER(BTRIM(u.company_code))
+				  AND t.deleted_at IS NULL
+			)
+		)
+		OR EXISTS (
+			SELECT 1
+			FROM UNNEST(COALESCE(u.company_codes, ARRAY[]::text[])) AS code(value)
+			WHERE NULLIF(BTRIM(code.value), '') IS NOT NULL
+			  AND NOT EXISTS (
+				SELECT 1
+				FROM tenants AS t
+				WHERE LOWER(t.slug) = LOWER(BTRIM(code.value))
+				  AND t.deleted_at IS NULL
+			  )
+		)
+	  )
+),
+updated_users AS (
+	UPDATE users AS u
+	SET tenant_id = NULL,
+		company_code = '',
+		company_codes = NULL,
+		updated_at = NOW()
+	FROM orphan_users AS ou
+	WHERE u.id = ou.id
+	RETURNING
+		u.id,
+		u.email,
+		ou.tenant_id AS cleared_tenant_id,
+		ou.company_code AS cleared_company_code,
+		ou.company_codes AS cleared_company_codes
+)
+SELECT *
+FROM updated_users
+ORDER BY email;
+
+COMMIT;

scripts/sanitize_baron_user_metadata.sql

@@ -0,0 +1,8 @@
+-- Baron user metadata staging normalization.
+-- Idempotently removes legacy classification flags that are no longer SoT.
+
+update users
+set metadata = metadata - 'hanmacFamily' - 'userType',
+    updated_at = now()
+where metadata ? 'hanmacFamily'
+   or metadata ? 'userType';