start sqlite migrations

migrations/sqlite/V1.0__databases.sql

@@ -0,0 +1,36 @@
+ATTACH DATABASE '${GOPATH}/src/github.com/caos/zitadel/.local/management.db' AS 'management';
+ATTACH DATABASE '${GOPATH}/src/github.com/caos/zitadel/.local/auth.db' AS 'auth';
+ATTACH DATABASE '${GOPATH}/src/github.com/caos/zitadel/.local/notification.db' AS 'notification';
+ATTACH DATABASE '${GOPATH}/src/github.com/caos/zitadel/.local/adminapi.db' AS 'adminapi';
+ATTACH DATABASE '${GOPATH}/src/github.com/caos/zitadel/.local/authz.db' AS 'authz';
+ATTACH DATABASE '${GOPATH}/src/github.com/caos/zitadel/.local/eventstore.db' AS 'eventstore';
+
+
+
+-- CREATE USER eventstore;
+-- GRANT SELECT, INSERT ON DATABASE eventstore TO eventstore;
+
+-- CREATE USER management;
+-- GRANT SELECT, INSERT, UPDATE, DELETE ON DATABASE management TO management;
+-- GRANT SELECT, INSERT ON DATABASE eventstore TO management;
+
+-- CREATE USER adminapi;
+-- GRANT SELECT, INSERT, UPDATE, DELETE, DROP ON DATABASE adminapi TO adminapi;
+-- GRANT SELECT, INSERT ON DATABASE eventstore TO adminapi;
+-- GRANT SELECT, INSERT, UPDATE, DROP, DELETE  ON DATABASE auth TO adminapi;
+-- GRANT SELECT, INSERT, UPDATE, DROP, DELETE ON DATABASE authz TO adminapi;
+-- GRANT SELECT, INSERT, UPDATE, DROP, DELETE ON DATABASE management TO adminapi;
+-- GRANT SELECT, INSERT, UPDATE, DROP, DELETE ON DATABASE notification TO adminapi;
+
+-- CREATE USER auth;
+-- GRANT SELECT, INSERT, UPDATE, DELETE ON DATABASE auth TO auth;
+-- GRANT SELECT, INSERT ON DATABASE eventstore TO auth;
+
+-- CREATE USER notification;
+-- GRANT SELECT, INSERT, UPDATE, DELETE ON DATABASE notification TO notification;
+-- GRANT SELECT, INSERT ON DATABASE eventstore TO notification;
+
+-- CREATE USER authz;
+-- GRANT SELECT, INSERT, UPDATE, DELETE ON DATABASE authz TO authz;
+-- GRANT SELECT, INSERT ON DATABASE eventstore TO authz;
+-- GRANT SELECT, INSERT, UPDATE ON DATABASE auth TO authz;

migrations/sqlite/V1.10__user_machine.sql

@@ -0,0 +1,15 @@
+ALTER TABLE management.users ADD COLUMN machine_name STRING, ADD COLUMN machine_description STRING, ADD COLUMN user_type STRING;
+ALTER TABLE adminapi.users ADD COLUMN machine_name STRING, ADD COLUMN machine_description STRING, ADD COLUMN user_type STRING;
+ALTER TABLE auth.users ADD COLUMN machine_name STRING, ADD COLUMN machine_description STRING, ADD COLUMN user_type STRING;
+
+CREATE TABLE management.machine_keys (
+    id TEXT,
+    user_id TEXT,
+
+    machine_type SMALLINT,
+    expiration_date TIMESTAMPTZ,
+    sequence BIGINT,
+    creation_date TIMESTAMPTZ,
+
+    PRIMARY KEY (id, user_id)
+)

migrations/sqlite/V1.11__usermembership.sql

@@ -0,0 +1,18 @@
+CREATE TABLE auth.user_memberships (
+    user_id TEXT,
+    member_type SMALLINT,
+    aggregate_id TEXT,
+    object_id TEXT,
+
+    roles TEXT ARRAY,
+    display_name TEXT,
+    resource_owner TEXT,
+    resource_owner_name TEXT,
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+
+    PRIMARY KEY (user_id, member_type, aggregate_id, object_id)
+);
+
+ALTER TABLE management.user_memberships ADD COLUMN resource_owner_name TEXT;

migrations/sqlite/V1.12__machine_keys.sql

@@ -0,0 +1,14 @@
+CREATE TABLE auth.machine_keys (
+    id TEXT,
+    user_id TEXT,
+
+    machine_type SMALLINT,
+    expiration_date TIMESTAMPTZ,
+    sequence BIGINT,
+    creation_date TIMESTAMPTZ,
+    public_key JSONB,
+
+    PRIMARY KEY (id, user_id)
+);
+
+ALTER TABLE management.machine_keys ADD COLUMN public_key JSONB;

migrations/sqlite/V1.13__machine_keys_public.sql

@@ -0,0 +1,5 @@
+ALTER TABLE management.machine_keys DROP COLUMN IF EXISTS public_key;
+ALTER TABLE management.machine_keys ADD COLUMN public_key BYTES;
+
+ALTER TABLE auth.machine_keys DROP COLUMN IF EXISTS public_key;
+ALTER TABLE auth.machine_keys ADD COLUMN public_key BYTES;

migrations/sqlite/V1.14__auth_loginpolicy.sql

@@ -0,0 +1,105 @@
+ALTER TABLE adminapi.idp_configs ADD COLUMN oidc_idp_display_name_mapping SMALLINT;
+ALTER TABLE adminapi.idp_configs ADD COLUMN oidc_idp_username_mapping SMALLINT;
+
+ALTER TABLE management.idp_configs ADD COLUMN oidc_idp_display_name_mapping SMALLINT;
+ALTER TABLE management.idp_configs ADD COLUMN oidc_idp_username_mapping SMALLINT;
+
+CREATE TABLE auth.idp_configs (
+    idp_config_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+    aggregate_id TEXT,
+    name TEXT,
+    logo_src BYTES,
+    idp_state SMALLINT,
+    idp_provider_type SMALLINT,
+
+    is_oidc BOOLEAN,
+    oidc_client_id TEXT,
+    oidc_client_secret JSONB,
+    oidc_issuer TEXT,
+    oidc_scopes TEXT ARRAY,
+    oidc_idp_display_name_mapping SMALLINT,
+    oidc_idp_username_mapping SMALLINT,
+
+    PRIMARY KEY (idp_config_id)
+);
+
+
+CREATE TABLE auth.login_policies (
+    aggregate_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    login_policy_state SMALLINT,
+    sequence BIGINT,
+
+    allow_register BOOLEAN,
+    allow_username_password BOOLEAN,
+    allow_external_idp BOOLEAN,
+
+    PRIMARY KEY (aggregate_id)
+);
+
+CREATE TABLE auth.idp_providers (
+    aggregate_id TEXT,
+    idp_config_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+
+    name string,
+    idp_config_type SMALLINT,
+    idp_provider_type SMALLINT,
+
+    PRIMARY KEY (aggregate_id, idp_config_id)
+);
+
+
+CREATE TABLE auth.user_external_idps (
+    external_user_id TEXT,
+    idp_config_id TEXT,
+    user_id TEXT,
+    idp_name TEXT,
+    user_display_name TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+    resource_owner TEXT,
+
+    PRIMARY KEY (external_user_id, idp_config_id)
+);
+
+CREATE TABLE management.user_external_idps (
+    idp_config_id TEXT,
+    external_user_id TEXT,
+    user_id TEXT,
+    idp_name TEXT,
+    user_display_name TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+    resource_owner TEXT,
+
+    PRIMARY KEY (external_user_id, idp_config_id)
+);
+
+CREATE TABLE adminapi.user_external_idps (
+    idp_config_id TEXT,
+    external_user_id TEXT,
+    user_id TEXT,
+    idp_name TEXT,
+    user_display_name TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+    resource_owner TEXT,
+
+    PRIMARY KEY (external_user_id, idp_config_id)
+);

migrations/sqlite/V1.15__idp_providers.sql

@@ -0,0 +1,3 @@
+ALTER TABLE adminapi.idp_providers ADD COLUMN idp_state SMALLINT;
+ALTER TABLE management.idp_providers ADD COLUMN idp_state SMALLINT;
+ALTER TABLE auth.idp_providers ADD COLUMN idp_state SMALLINT;

migrations/sqlite/V1.1__eventstore.sql

@@ -0,0 +1,18 @@
+CREATE TABLE eventstore.events (
+    event_type TEXT,
+    aggregate_type TEXT NOT NULL,
+    aggregate_id TEXT NOT NULL,
+    aggregate_version TEXT NOT NULL,
+    event_sequence INTEGER,
+    previous_sequence BIGINT,
+    creation_date TIMESTAMPT NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    event_data JSONB,
+    editor_user TEXT NOT NULL, 
+    editor_service TEXT NOT NULL,
+    resource_owner TEXT NOT NULL,
+
+    CONSTRAINT event_sequence_pk PRIMARY KEY (event_sequence DESC),
+    CONSTRAINT previous_sequence_unique UNIQUE (previous_sequence DESC)
+);
+
+CREATE INDEX eventstore.agg_type_agg_id ON events (aggregate_type, aggregate_id);

migrations/sqlite/V1.2__views.sql

@@ -0,0 +1,628 @@
+CREATE TABLE management.locks (
+    locker_id TEXT,
+    locked_until TIMESTAMP,
+    view_name TEXT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE management.current_sequences (
+    view_name TEXT,
+    current_sequence BIGINT,
+    timestamp TIMESTAMP,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE management.failed_events (
+    view_name TEXT,
+    failed_sequence BIGINT,
+    failure_count SMALLINT,
+    err_msg TEXT,
+
+    PRIMARY KEY (view_name, failed_sequence)
+);
+
+CREATE TABLE management.projects (
+    project_id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    project_name TEXT,
+    project_state SMALLINT,
+    resource_owner TEXT,
+    sequence BIGINT,
+
+    PRIMARY KEY (project_id)
+);
+
+CREATE TABLE management.project_grants (
+    grant_id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    project_id TEXT,
+    project_name TEXT,
+    org_name TEXT,
+    project_state SMALLINT,
+    resource_owner TEXT,
+    org_id TEXT,
+    granted_role_keys TEXT Array,
+    sequence BIGINT,
+    resource_owner_name TEXT,
+
+    PRIMARY KEY (grant_id)
+);
+
+CREATE TABLE management.project_roles (
+    project_id TEXT,
+    role_key TEXT,
+    display_name TEXT,
+    resource_owner TEXT,
+    org_id TEXT,
+    group_name TEXT,
+
+    creation_date TIMESTAMP,
+    sequence BIGINT,
+
+    PRIMARY KEY (org_id, project_id, role_key)
+);
+
+CREATE TABLE management.project_members (
+    user_id TEXT,
+    project_id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    user_name TEXT,
+    email_address TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    roles TEXT ARRAY,
+    display_name TEXT,
+    sequence BIGINT,
+
+    PRIMARY KEY (project_id, user_id)
+);
+
+CREATE TABLE management.project_grant_members (
+    user_id TEXT,
+    grant_id TEXT,
+    project_id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    user_name TEXT,
+    email_address TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    roles TEXT ARRAY,
+    display_name TEXT,
+    sequence BIGINT,
+
+    PRIMARY KEY (grant_id, user_id)
+);
+
+CREATE TABLE management.applications (
+    id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    sequence BIGINT,
+
+    app_state SMALLINT,
+    resource_owner TEXT,
+    app_name TEXT,
+    project_id TEXT,
+    app_type SMALLINT,
+    is_oidc BOOLEAN,
+    oidc_client_id TEXT,
+    oidc_redirect_uris TEXT ARRAY,
+    oidc_response_types SMALLINT ARRAY,
+    oidc_grant_types SMALLINT ARRAY,
+    oidc_application_type SMALLINT,
+    oidc_auth_method_type SMALLINT,
+    oidc_post_logout_redirect_uris TEXT ARRAY,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE management.users (
+    id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    resource_owner TEXT,
+    user_state SMALLINT,
+    last_login TIMESTAMP,
+    password_change TIMESTAMP,
+    user_name TEXT,
+    login_names TEXT ARRAY,
+    preferred_login_name TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    nick_Name TEXT,
+    display_name TEXT,
+    preferred_language TEXT,
+    gender SMALLINT,
+    email TEXT,
+    is_email_verified BOOLEAN,
+    phone TEXT,
+    is_phone_verified BOOLEAN,
+    country TEXT,
+    locality TEXT,
+    postal_code TEXT,
+    region TEXT,
+    street_address TEXT,
+    otp_state SMALLINT,
+    sequence BIGINT,
+    password_set BOOLEAN,
+    password_change_required BOOLEAN,
+    mfa_max_set_up SMALLINT,
+    mfa_init_skipped TIMESTAMP,
+    init_required BOOLEAN,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE management.user_grants (
+    id TEXT,
+    resource_owner TEXT,
+    project_id TEXT,
+    user_id TEXT,
+    org_name TEXT,
+    project_name TEXT,
+    user_name TEXT,
+    display_name TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    email TEXT,
+    role_keys TEXT Array,
+    grant_id TEXT,
+
+    grant_state SMALLINT,
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    sequence BIGINT,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE management.org_domains (
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    sequence BIGINT,
+
+    domain TEXT,
+    org_id TEXT,
+    verified BOOLEAN,
+    primary_domain BOOLEAN,
+
+    PRIMARY KEY (org_id, domain)
+);
+
+CREATE TABLE auth.locks (
+    locker_id TEXT,
+    locked_until TIMESTAMP,
+    view_name TEXT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE auth.current_sequences (
+    view_name TEXT,
+    timestamp TIMESTAMP,
+
+    current_sequence BIGINT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE auth.failed_events (
+    view_name TEXT,
+    failed_sequence BIGINT,
+    failure_count SMALLINT,
+    err_msg TEXT,
+
+    PRIMARY KEY (view_name, failed_sequence)
+);
+
+CREATE TABLE auth.auth_requests (
+    id TEXT,
+    request JSONB,
+    code TEXT,
+    request_type smallint,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE auth.users (
+    id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    resource_owner TEXT,
+    user_state SMALLINT,
+    password_set BOOLEAN,
+    password_change_required BOOLEAN,
+    password_change TIMESTAMP,
+    last_login TIMESTAMP,
+    user_name TEXT,
+    login_names TEXT ARRAY,
+    preferred_login_name TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    nick_name TEXT,
+    display_name TEXT,
+    preferred_language TEXT,
+    gender SMALLINT,
+    email TEXT,
+    is_email_verified BOOLEAN,
+    phone TEXT,
+    is_phone_verified BOOLEAN,
+    country TEXT,
+    locality TEXT,
+    postal_code TEXT,
+    region TEXT,
+    street_address TEXT,
+    otp_state SMALLINT,
+    mfa_max_set_up SMALLINT,
+    mfa_init_skipped TIMESTAMP,
+    sequence BIGINT,
+    init_required BOOLEAN,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE auth.user_sessions (
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    resource_owner TEXT,
+    state SMALLINT,
+    user_agent_id TEXT,
+    user_id TEXT,
+    user_name TEXT,
+    password_verification TIMESTAMP,
+    mfa_software_verification TIMESTAMP,
+    mfa_hardware_verification TIMESTAMP,
+    sequence BIGINT,
+    mfa_software_verification_type SMALLINT,
+    mfa_hardware_verification_type SMALLINT,
+    user_display_name TEXT,
+    login_name TEXT,
+
+    PRIMARY KEY (user_agent_id, user_id)
+);
+
+CREATE TABLE auth.tokens (
+    id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    resource_owner TEXT,
+    application_id TEXT,
+    user_agent_id TEXT,
+    user_id TEXT,
+    expiration TIMESTAMP,
+    sequence BIGINT,
+    scopes TEXT ARRAY,
+    audience TEXT ARRAY,
+
+    PRIMARY KEY (id)
+);
+
+
+CREATE TABLE notification.locks (
+    locker_id TEXT,
+    locked_until TIMESTAMP,
+    view_name TEXT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE notification.current_sequences (
+    view_name TEXT,
+    timestamp TIMESTAMP,
+
+    current_sequence BIGINT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE notification.failed_events (
+    view_name TEXT,
+    failed_sequence BIGINT,
+    failure_count SMALLINT,
+    err_msg TEXT,
+
+    PRIMARY KEY (view_name, failed_sequence)
+);
+
+CREATE TABLE notification.notify_users (
+    id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    resource_owner TEXT,
+    user_name TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    nick_Name TEXT,
+    display_name TEXT,
+    preferred_language TEXT,
+    gender SMALLINT,
+    last_email TEXT,
+    verified_email TEXT,
+    last_phone TEXT,
+    verified_phone TEXT,
+    sequence BIGINT,
+    password_set BOOLEAN,
+    login_names TEXT,
+    preferred_login_name TEXT,
+
+    PRIMARY KEY (id)
+);
+
+
+CREATE TABLE adminapi.orgs (
+    id TEXT,
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    resource_owner TEXT,
+    org_state SMALLINT,
+    sequence BIGINT,
+
+    domain TEXT,
+    name TEXT,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE adminapi.failed_events (
+    view_name TEXT,
+    failed_sequence BIGINT,
+    failure_count SMALLINT,
+    err_msg TEXT,
+
+    PRIMARY KEY (view_name, failed_sequence)
+);
+
+CREATE TABLE adminapi.locks (
+    locker_id TEXT,
+    locked_until TIMESTAMP,
+    view_name TEXT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE adminapi.current_sequences (
+    view_name TEXT,
+    timestamp TIMESTAMP,
+
+    current_sequence BIGINT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE adminapi.iam_members (
+    user_id TEXT,
+
+    iam_id TEXT,
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    user_name TEXT,
+    email_address TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    roles TEXT ARRAY,
+    display_name TEXT,
+    sequence BIGINT,
+
+    PRIMARY KEY (user_id)
+);
+
+CREATE TABLE management.orgs (
+    id TEXT,
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    resource_owner TEXT,
+    org_state SMALLINT,
+    sequence BIGINT,
+
+    domain TEXT,
+    name TEXT,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE management.org_members (
+    user_id TEXT,
+    org_id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    user_name TEXT,
+    email_address TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    roles TEXT ARRAY,
+    display_name TEXT,
+    sequence BIGINT,
+
+    PRIMARY KEY (org_id, user_id)
+);
+
+
+CREATE TABLE auth.keys (
+    id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+
+    resource_owner TEXT,
+    private BOOLEAN,
+    expiry TIMESTAMP,
+    algorithm TEXT,
+    usage SMALLINT,
+    key JSONB,
+    sequence BIGINT,
+
+    PRIMARY KEY (id, private)
+);
+
+CREATE TABLE auth.applications (
+     id TEXT,
+
+     creation_date TIMESTAMP,
+     change_date TIMESTAMP,
+     sequence BIGINT,
+
+     app_state SMALLINT,
+     resource_owner TEXT,
+     app_name TEXT,
+     project_id TEXT,
+     app_type SMALLINT,
+     is_oidc BOOLEAN,
+     oidc_client_id TEXT,
+     oidc_redirect_uris TEXT ARRAY,
+     oidc_response_types SMALLINT ARRAY,
+     oidc_grant_types SMALLINT ARRAY,
+     oidc_application_type SMALLINT,
+     oidc_auth_method_type SMALLINT,
+     oidc_post_logout_redirect_uris TEXT ARRAY,
+
+     PRIMARY KEY (id)
+);
+
+CREATE TABLE auth.user_grants (
+    id TEXT,
+    resource_owner TEXT,
+    project_id TEXT,
+    user_id TEXT,
+    org_name TEXT,
+    project_name TEXT,
+    user_name TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    display_name TEXT,
+    email TEXT,
+    role_keys TEXT Array,
+    grant_id TEXT,
+
+    grant_state SMALLINT,
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    sequence BIGINT,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE auth.orgs (
+    id TEXT,
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    resource_owner TEXT,
+    org_state SMALLINT,
+    sequence BIGINT,
+
+    domain TEXT,
+    name TEXT,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE authz.locks (
+    locker_id TEXT,
+    locked_until TIMESTAMP,
+    view_name TEXT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE authz.current_sequences (
+    view_name TEXT,
+    timestamp TIMESTAMP,
+
+    current_sequence BIGINT,
+
+    PRIMARY KEY (view_name)
+);
+
+CREATE TABLE authz.failed_events (
+    view_name TEXT,
+    failed_sequence BIGINT,
+    failure_count SMALLINT,
+    err_msg TEXT,
+
+    PRIMARY KEY (view_name, failed_sequence)
+);
+
+CREATE TABLE authz.user_grants (
+    id TEXT,
+    resource_owner TEXT,
+    project_id TEXT,
+    user_id TEXT,
+    org_name TEXT,
+    project_name TEXT,
+    user_name TEXT,
+    first_name TEXT,
+    last_name TEXT,
+    display_name TEXT,
+    email TEXT,
+    role_keys TEXT Array,
+    grant_id TEXT,
+
+    grant_state SMALLINT,
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    sequence BIGINT,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE authz.applications (
+    id TEXT,
+
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    sequence BIGINT,
+
+    app_state SMALLINT,
+    resource_owner TEXT,
+    app_name TEXT,
+    project_id TEXT,
+    app_type SMALLINT,
+    is_oidc BOOLEAN,
+    oidc_client_id TEXT,
+    oidc_redirect_uris TEXT ARRAY,
+    oidc_response_types SMALLINT ARRAY,
+    oidc_grant_types SMALLINT ARRAY,
+    oidc_application_type SMALLINT,
+    oidc_auth_method_type SMALLINT,
+    oidc_post_logout_redirect_uris TEXT ARRAY,
+
+    PRIMARY KEY (id)
+);
+
+CREATE TABLE authz.orgs (
+    id TEXT,
+    creation_date TIMESTAMP,
+    change_date TIMESTAMP,
+    resource_owner TEXT,
+    org_state SMALLINT,
+    sequence BIGINT,
+
+    domain TEXT,
+    name TEXT,
+
+    PRIMARY KEY (id)
+);

migrations/sqlite/V1.3__usermembership.sql

@@ -0,0 +1,15 @@
+CREATE TABLE management.user_memberships (
+    user_id TEXT,
+    member_type SMALLINT,
+    aggregate_id TEXT,
+    object_id TEXT,
+
+    roles TEXT ARRAY,
+    display_name TEXT,
+    resource_owner TEXT,
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+
+    PRIMARY KEY (user_id, member_type, aggregate_id, object_id)
+);

migrations/sqlite/V1.4__compliance.sql

@@ -0,0 +1,14 @@
+ALTER TABLE management.applications ADD COLUMN oidc_version SMALLINT;
+ALTER TABLE management.applications ADD COLUMN none_compliant BOOLEAN;
+ALTER TABLE management.applications ADD COLUMN compliance_problems TEXT ARRAY;
+ALTER TABLE management.applications ADD COLUMN dev_mode BOOLEAN;
+
+ALTER TABLE auth.applications ADD COLUMN oidc_version SMALLINT;
+ALTER TABLE auth.applications ADD COLUMN none_compliant BOOLEAN;
+ALTER TABLE auth.applications ADD COLUMN compliance_problems TEXT ARRAY;
+ALTER TABLE auth.applications ADD COLUMN dev_mode BOOLEAN;
+
+ALTER TABLE authz.applications ADD COLUMN oidc_version SMALLINT;
+ALTER TABLE authz.applications ADD COLUMN none_compliant BOOLEAN;
+ALTER TABLE authz.applications ADD COLUMN compliance_problems TEXT ARRAY;
+ALTER TABLE authz.applications ADD COLUMN dev_mode BOOLEAN;

migrations/sqlite/V1.5__orgdomain_validationtype.sql

@@ -0,0 +1,44 @@
+BEGIN;
+
+ALTER TABLE management.org_domains ADD COLUMN validation_type SMALLINT;
+
+CREATE TABLE adminapi.users (
+  id TEXT,
+
+  creation_date TIMESTAMPTZ,
+  change_date TIMESTAMPTZ,
+
+  resource_owner TEXT,
+  user_state SMALLINT,
+  last_login TIMESTAMPTZ,
+  password_change TIMESTAMPTZ,
+  user_name TEXT,
+  login_names TEXT ARRAY,
+  preferred_login_name TEXT,
+  first_name TEXT,
+  last_name TEXT,
+  nick_Name TEXT,
+  display_name TEXT,
+  preferred_language TEXT,
+  gender SMALLINT,
+  email TEXT,
+  is_email_verified BOOLEAN,
+  phone TEXT,
+  is_phone_verified BOOLEAN,
+  country TEXT,
+  locality TEXT,
+  postal_code TEXT,
+  region TEXT,
+  street_address TEXT,
+  otp_state SMALLINT,
+  sequence BIGINT,
+  password_set BOOLEAN,
+  password_change_required BOOLEAN,
+  mfa_max_set_up SMALLINT,
+  mfa_init_skipped TIMESTAMPTZ,
+  init_required BOOLEAN,
+
+  PRIMARY KEY (id)
+);
+
+COMMIT;

migrations/sqlite/V1.6__origin_allow_list.sql

@@ -0,0 +1,15 @@
+BEGIN;
+
+ALTER TABLE management.applications ADD COLUMN origin_allow_list TEXT ARRAY;
+ALTER TABLE auth.applications ADD COLUMN origin_allow_list TEXT ARRAY;
+ALTER TABLE authz.applications ADD COLUMN origin_allow_list TEXT ARRAY;
+
+TRUNCATE TABLE management.applications;
+TRUNCATE TABLE auth.applications;
+TRUNCATE TABLE authz.applications;
+
+UPDATE management.current_sequences set current_sequence = 0 where view_name = 'management.applications';
+UPDATE auth.current_sequences set current_sequence = 0 where view_name = 'auth.applications';
+UPDATE authz.current_sequences set current_sequence = 0 where view_name = 'authz.applications';
+
+COMMIT;

migrations/sqlite/V1.7__idps.sql

@@ -0,0 +1,105 @@
+
+CREATE TABLE adminapi.idp_configs (
+    idp_config_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+    aggregate_id TEXT,
+    name TEXT,
+    logo_src BYTES,
+    idp_state SMALLINT,
+    idp_provider_type SMALLINT,
+
+    is_oidc BOOLEAN,
+    oidc_client_id TEXT,
+    oidc_client_secret JSONB,
+    oidc_issuer TEXT,
+    oidc_scopes TEXT ARRAY,
+
+    PRIMARY KEY (idp_config_id)
+);
+
+
+CREATE TABLE management.idp_configs (
+    idp_config_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+    aggregate_id TEXT,
+    name TEXT,
+    logo_src BYTES,
+    idp_state SMALLINT,
+    idp_provider_type SMALLINT,
+
+    is_oidc BOOLEAN,
+    oidc_client_id TEXT,
+    oidc_client_secret JSONB,
+    oidc_issuer TEXT,
+    oidc_scopes TEXT ARRAY,
+
+    PRIMARY KEY (idp_config_id)
+);
+
+
+CREATE TABLE adminapi.login_policies (
+    aggregate_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    login_policy_state SMALLINT,
+    sequence BIGINT,
+
+    allow_register BOOLEAN,
+    allow_username_password BOOLEAN,
+    allow_external_idp BOOLEAN,
+
+    PRIMARY KEY (aggregate_id)
+);
+
+
+CREATE TABLE management.login_policies (
+      aggregate_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    login_policy_state SMALLINT,
+    sequence BIGINT,
+
+    allow_register BOOLEAN,
+    allow_username_password BOOLEAN,
+    allow_external_idp BOOLEAN,
+
+    PRIMARY KEY (aggregate_id)
+);
+
+CREATE TABLE adminapi.idp_providers (
+    aggregate_id TEXT,
+    idp_config_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+
+    name string,
+    idp_config_type SMALLINT,
+    idp_provider_type SMALLINT,
+
+    PRIMARY KEY (aggregate_id, idp_config_id)
+);
+
+CREATE TABLE management.idp_providers (
+    aggregate_id TEXT,
+    idp_config_id TEXT,
+
+    creation_date TIMESTAMPTZ,
+    change_date TIMESTAMPTZ,
+    sequence BIGINT,
+
+    name string,
+    idp_config_type SMALLINT,
+    idp_provider_type SMALLINT,
+
+    PRIMARY KEY (aggregate_id, idp_config_id)
+);

migrations/sqlite/V1.8__username_change.sql

@@ -0,0 +1,7 @@
+BEGIN;
+
+ALTER TABLE management.users ADD COLUMN username_change_required BOOLEAN;
+ALTER TABLE auth.users ADD COLUMN username_change_required BOOLEAN;
+ALTER TABLE adminapi.users ADD COLUMN username_change_required BOOLEAN;
+
+COMMIT;

migrations/sqlite/V1.9__token.sql

@@ -0,0 +1,2 @@
+
+ALTER TABLE auth.tokens ADD COLUMN preferred_language TEXT;

migrations/sqlite/clean_local.go

@@ -0,0 +1,5 @@
+//+build ignore
+
+package migrations
+
+//go:generate flyway -url=jdbc:postgresql://localhost:26257/defaultdb -user=root -password= -locations=filesystem:./ clean

migrations/sqlite/migrate_local.go

@@ -0,0 +1,5 @@
+//+build ignore
+
+package migrations
+
+//go:generate flyway -url=jdbc:sqlite:/Users/silvanreusser/go/src/github.com/caos/zitadel/.local/zitadel.db -user=admin -password= -schemas=eventstore, -locations=filesystem:./ migrate