RHINENG-21214: split system_platform table to reflect cyndi changes

[Dugowitch]

Secure Coding Practices Checklist GitHub Link

• https://github.com/RedHatInsights/secure-coding-checklist

Secure Coding Checklist

• Input Validation
• Output Encoding
• Authentication and Password Management
• Session Management
• Access Control
• Cryptographic Practices
• Error Handling and Logging
• Data Protection
• Communication Security
• System Configuration
• Database Security
• File Management
• Memory Management
• General Coding Practices

Summary by Sourcery

Split the existing system_platform responsibilities into separate system_inventory and system_patch tables, introduce corresponding views and migration functions, and update references and data generation scripts to align with the new schema and cyndi-driven inventory.hosts view.

Enhancements:

• Adjust test data generation constants and inventory.hosts target table to better reflect current production-like scales and schemas.
• Create partitioned system_inventory and system_patch tables with appropriate constraints, privileges, indexes, and triggers to separate inventory metadata from patch/advisory state.
• Refactor functions and foreign key relationships to operate on the new system_inventory and system_patch tables while exposing a backward-compatible system_platform view.
• Redefine inventory.hosts as a view over system_inventory to align with cyndi data while preserving expected host fields.
• Provide a down migration that reconstructs the original system_platform table, its dependent functions, and the legacy inventory.hosts view from the split schema.

[jira-linking]

Commits missing Jira IDs:
9285c49
Referenced Jiras:
https://issues.redhat.com/browse/RHINENG-21214

[sourcery-ai]

Reviewer's Guide

Splits the monolithic system_platform table into two partitioned tables (system_inventory and system_patch), re‑wires all foreign keys and cache/maintenance functions to use them, and exposes compatibility views for system_platform and inventory.hosts while updating test data generation to reflect newer Cyndi-scale datasets.

ER diagram for split of system_platform into system_inventory and system_patch

erDiagram
    rh_account {
        INT id PK
        VARCHAR name
    }

    reporter {
        INT id PK
    }

    template {
        INT rh_account_id PK
        BIGINT id PK
    }

    system_inventory {
        BIGINT id PK
        UUID inventory_id
        INT rh_account_id FK
        TEXT vmaas_json
        TEXT json_checksum
        TIMESTAMPTZ last_updated
        TIMESTAMPTZ unchanged_since
        TIMESTAMPTZ last_upload
        BOOLEAN stale
        TEXT display_name
        INT reporter_id FK
        JSONB yum_updates
        TEXT yum_checksum
        BOOLEAN satellite_managed
        BOOLEAN built_pkgcache
        BIGINT template_id FK
        TEXT arch
        BOOLEAN bootc
        JSONB tags
        TIMESTAMPTZ created
        UUID insights_id
        VARCHAR org_id
        TEXT[] workspaces
        TIMESTAMPTZ stale_timestamp
        TIMESTAMPTZ stale_warning_timestamp
        TIMESTAMPTZ culled_timestamp
        TEXT os_name
        SMALLINT os_major
        SMALLINT os_minor
        TEXT rhsm_version
        UUID owner_id
        BOOLEAN sap_workload
        TEXT[] sap_workload_sids
        BOOLEAN ansible_workload
        TEXT ansible_workload_controller_version
        BOOLEAN mssql_workload
        TEXT mssql_workload_version
    }

    system_patch {
        BIGINT system_id PK
        UUID inventory_id
        INT rh_account_id PK
        TIMESTAMPTZ last_evaluation
        INT installable_advisory_count_cache
        INT installable_advisory_enh_count_cache
        INT installable_advisory_bug_count_cache
        INT installable_advisory_sec_count_cache
        INT packages_installed
        INT packages_installable
        INT packages_applicable
        BOOLEAN third_party
        INT applicable_advisory_count_cache
        INT applicable_advisory_enh_count_cache
        INT applicable_advisory_bug_count_cache
        INT applicable_advisory_sec_count_cache
    }

    system_advisories {
        INT rh_account_id FK
        BIGINT system_id FK
        INT advisory_id FK
        INT status_id
    }

    advisory_metadata {
        INT id PK
        INT advisory_type_id
    }

    advisory_account_data {
        INT advisory_id PK
        INT rh_account_id PK
        INT systems_installable
        INT systems_applicable
    }

    system_repo {
        INT rh_account_id FK
        BIGINT system_id FK
    }

    system_package2 {
        INT rh_account_id FK
        BIGINT system_id FK
    }

    inventory_hosts_view {
        UUID id
        VARCHAR display_name
        TIMESTAMPTZ created
        TIMESTAMPTZ stale_timestamp
        TIMESTAMPTZ stale_warning_timestamp
        TIMESTAMPTZ culled_timestamp
        JSONB tags
        JSONB system_profile
        UUID insights_id
        VARCHAR org_id
        JSONB groups
    }

    system_platform_view {
        BIGINT id
        UUID inventory_id
        INT rh_account_id
        TEXT vmaas_json
        TEXT json_checksum
        TIMESTAMPTZ last_updated
        TIMESTAMPTZ unchanged_since
        TIMESTAMPTZ last_evaluation
        INT installable_advisory_count_cache
        INT installable_advisory_enh_count_cache
        INT installable_advisory_bug_count_cache
        INT installable_advisory_sec_count_cache
        TIMESTAMPTZ last_upload
        TIMESTAMPTZ stale_timestamp
        TIMESTAMPTZ stale_warning_timestamp
        TIMESTAMPTZ culled_timestamp
        BOOLEAN stale
        TEXT display_name
        INT packages_installed
        INT packages_installable
        INT reporter_id
        BOOLEAN third_party
        JSONB yum_updates
        INT applicable_advisory_count_cache
        INT applicable_advisory_enh_count_cache
        INT applicable_advisory_bug_count_cache
        INT applicable_advisory_sec_count_cache
        BOOLEAN satellite_managed
        BOOLEAN built_pkgcache
        INT packages_applicable
        BIGINT template_id
        TEXT yum_checksum
        TEXT arch
        BOOLEAN bootc
    }

    rh_account ||--o{ system_inventory : has
    rh_account ||--o{ system_patch : has

    reporter ||--o{ system_inventory : reports
    template ||--o{ system_inventory : templated_by

    system_inventory ||--|| system_patch : inventory_id_sync

    system_inventory ||--o{ system_advisories : has
    system_patch ||--o{ system_advisories : cache_for

    advisory_metadata ||--o{ system_advisories : typed_by
    advisory_account_data }o--o{ advisory_metadata : aggregates

    system_inventory ||--o{ system_repo : repo_of
    system_inventory ||--o{ system_package2 : packages_of

    system_inventory ||--o{ inventory_hosts_view : exposes
    system_inventory ||--o{ system_platform_view : joined_in
    system_patch ||--o{ system_platform_view : joined_in

Loading

Flow diagram for system deletion and culling using new system_inventory and system_patch tables

flowchart TD
    A[delete_culled_systems]
    B[delete_systems]
    C[delete_system]
    D[(system_inventory)]
    E[(system_advisories)]
    F[(system_repo)]
    G[(system_package2)]
    H[(system_patch)]

    A -->|select inventory_id where culled_timestamp < now limit delete_limit| D
    D -->|inventory_ids array| B

    B -->|lock rows by rh_account_id,id| D
    B -->|set stale = true for selected systems| D
    B -->|delete related rows| E
    B -->|delete related rows| F
    B -->|delete related rows| G
    B -->|delete patch rows by inventory_id| H
    B -->|delete systems and return count| D

    C -->|select id,rh_account_id by inventory_id for update| D
    C -->|mark system stale| D
    C -->|delete advisories| E
    C -->|delete repos| F
    C -->|delete packages| G
    C -->|delete patch row by rh_account_id,system_id| H
    C -->|delete from system_inventory and return inventory_id| D

Loading

File-Level Changes

Change	Details	Files
Introduce partitioned system_inventory table capturing inventory/metadata fields and migrate data and references from system_platform.	Create system_inventory table partitioned by rh_account_id with inventory, lifecycle, tag, OS, workload, and ownership columns and appropriate constraints, indexes, and grants. Populate system_inventory from existing system_platform and inventory.hosts data, deriving workspaces and OS/workload details from system_profile JSON and syncing timestamps and stale flags. Add partition triggers for set_last_updated and check_unchanged on system_inventory and adjust foreign keys in system_repo, system_advisories, and system_package2 to reference system_inventory instead of system_platform. Reimplement delete/mark-stale/cull functions (delete_system, delete_systems, delete_culled_systems, mark_stale_systems) to operate on system_inventory and its dependents.	database_admin/migrations/139_split_system_platform.up.sql
Introduce partitioned system_patch table for evaluation and advisory/package cache data and wire cache-refresh functions to it.	Create system_patch table partitioned by rh_account_id to hold last_evaluation and all advisory/package cache columns with indexes, constraints, and grants for evaluator/manager/vmaas_sync. Bulk-load system_patch from non-stale rows of system_platform, preserving cache and package counts. Create partition trigger on system_patch to invoke on_system_update after updates. Refactor refresh_advisory_caches_multi, refresh_system_caches, update_system_caches, and related wrapper functions to join via system_inventory/system_patch, keeping cache semantics but using new tables and inventory_id mapping.	database_admin/migrations/139_split_system_platform.up.sql
Replace physical system_platform table with a compatibility view backed by system_inventory and system_patch, and redefine inventory.hosts as a view over system_inventory.	Drop legacy system_platform table and create a view that joins system_inventory and system_patch on rh_account_id and inventory_id and exposes the previous column set for existing consumers. Grant SELECT/INSERT/UPDATE/DELETE on the system_platform view to listener, manager, evaluator, and vmaas_sync to preserve behavior. Redefine inventory.hosts as a view projecting system_inventory into the inventory schema, reconstructing system_profile JSON and group structures from system_inventory fields. Ensure groups/workspaces are bidirectionally mapped between inventory.hosts JSON and system_inventory.workspaces array.	database_admin/migrations/139_split_system_platform.up.sql
Provide full down migration to restore original system_platform table, functions, and inventory.hosts view if the split is rolled back.	Recreate system_platform as a partitioned table with the original schema, grants, triggers, constraints, and indexes. Copy data back from system_inventory/system_patch into system_platform and reset the sequence to max(id). Restore legacy implementations of refresh_* cache functions and deletion/culling functions to work directly against system_platform. Recreate inventory.hosts view pointing to inventory.hosts_v1_0 and re-grant cyndi_reader access.	database_admin/migrations/139_split_system_platform.down.sql
Update data generation script to work with new inventory.hosts_v1_0 table and document large-scale dataset timings.	Adjust truncate/insert to use inventory.hosts_v1_0 in test_generate_data.sql instead of inventory.hosts, matching the new view structure. Reduce packages_per_system constant to significantly lower test data volume for packages. Add commented-out constants and timing comments for 2025/12 production-scale datasets for accounts, systems, advisories, repos, packages, and related entities. Add or update timing comments on data generation sections to reflect observed runtimes at new scales.	dev/test_generate_data.sql

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.