Updated Kratos Client and Fixed SQL Migration issues (#403)

* created new migrations for null values Signed-off-by: zyncc <chandankrishna288@gmail.com> * fixed not null constraint for sentry_bootstrap_infra Signed-off-by: zyncc <chandankrishna288@gmail.com> * migrations not being applied Signed-off-by: zyncc <chandankrishna288@gmail.com> * added default values to all not null columns Signed-off-by: zyncc <chandankrishna288@gmail.com> * changes to kratos client api Signed-off-by: zyncc <chandankrishna288@gmail.com> * fixed casbin entries not showing in database Signed-off-by: zyncc <chandankrishna288@gmail.com> * . Signed-off-by: zyncc <chandankrishna288@gmail.com> * fixed create / upsert mismatch Signed-off-by: zyncc <chandankrishna288@gmail.com> * . Signed-off-by: zyncc <chandankrishna288@gmail.com> * . Signed-off-by: zyncc <chandankrishna288@gmail.com> * . Signed-off-by: zyncc <chandankrishna288@gmail.com> * . Signed-off-by: zyncc <chandankrishna288@gmail.com> * created one sql migration file Signed-off-by: zyncc <chandankrishna288@gmail.com> * . Signed-off-by: zyncc <chandankrishna288@gmail.com> * fixed CVE Vulnerability for golang and golang.org/x/oauth2 Signed-off-by: zyncc <chandankrishna288@gmail.com> * changed go version to 1.25.5 Signed-off-by: zyncc <chandankrishna288@gmail.com> * updated golangct-lint version to v2.6 Signed-off-by: zyncc <chandankrishna288@gmail.com> * golang-ci version Signed-off-by: zyncc <chandankrishna288@gmail.com> * added version to golang-ci.yaml Signed-off-by: zyncc <chandankrishna288@gmail.com> * fixed golangci config Signed-off-by: zyncc <chandankrishna288@gmail.com> --------- Signed-off-by: zyncc <chandankrishna288@gmail.com>
2026-02-14 17:49:51 +00:00 · 2026-01-16 11:24:33 +05:30
parent 27577124f1
commit f56c5a9fd8
19 changed files with 343 additions and 91 deletions
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -2,12 +2,11 @@ name: Go

 on:
  push:
-    branches: [ main ]
+    branches: [main]
  pull_request:
-    branches: [ main ]
+    branches: [main]

 jobs:
-
  test:
    strategy:
      matrix:
@@ -20,7 +19,7 @@ jobs:
        uses: actions/setup-go@v5
        with:
          # Getting go version from the go.mod file
-          go-version-file: 'go.mod'
+          go-version-file: "go.mod"

      - name: Format
        run: if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then exit 1; fi
@@ -33,7 +32,7 @@ jobs:

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v4
-  
+
  golangci-lint:
    strategy:
      matrix:
@@ -47,9 +46,9 @@ jobs:
        uses: actions/setup-go@v5
        with:
          # Getting go version from the go.mod file
-          go-version-file: 'go.mod'
+          go-version-file: "go.mod"

      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v9.2.0
        with:
          version: latest
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,12 +1,10 @@
+version: "2"
 linters:
-  # Disable all linters untill all errors are fixed.
-  disable-all: true
-  # uncomment as we fix the linting issues
  enable:
-    # - errcheck
-    # - gosimple
-    # - govet
-    # - staticcheck
    - unused
-    # - ineffassign
    - misspell
+  disable:
+    - errcheck
+    - govet
+    - ineffassign
+    - staticcheck
--- a/6
+++ b/6
@@ -1,4 +1,4 @@
-FROM golang:1.23.1 as build
+FROM golang:1.25.5 AS build
 LABEL description="Build container"

 ENV CGO_ENABLED 0
@@ -9,7 +9,7 @@ RUN go mod download
 COPY . .
 RUN make build

-FROM alpine:latest as runtime
+FROM alpine:latest AS runtime
 LABEL description="Run container"

 WORKDIR /usr/bin
@@ -20,4 +20,4 @@ EXPOSE 10000
 # RPC relay peering port
 EXPOSE 10001
 # HTTP port
-EXPOSE 11000
+EXPOSE 11000
--- a/Dockerfile.initialize
+++ b/Dockerfile.initialize
@@ -1,4 +1,4 @@
-FROM golang:1.23.1 as build
+FROM golang:1.25.5 AS build
 LABEL description="Build container"
 ENV CGO_ENABLED 0
 WORKDIR /build
@@ -16,11 +16,11 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then \
 COPY . /build
 RUN go build -ldflags "-s" -o paralus-init scripts/initialize/main.go

-FROM alpine:latest as runtime
+FROM alpine:latest AS runtime
 LABEL description="Run container"
 WORKDIR /usr/bin
 COPY --from=build /build/paralus-init /usr/bin/paralus-init
 COPY --from=build /build/scripts/initialize/ /usr/bin/scripts/initialize/
 COPY --from=build /build/kratos /usr/bin/kratos
 COPY --from=build /build/migrate /usr/bin/migrate
-COPY ./persistence/migrations/admindb /data/migrations/admindb
+COPY ./persistence/migrations/admindb /data/migrations/admindb
--- a/Dockerfile.synchronizer
+++ b/Dockerfile.synchronizer
@@ -1,4 +1,4 @@
-FROM golang:1.23.1 as build
+FROM golang:1.25.5 AS build
 LABEL description="Build container"

 ENV CGO_ENABLED 0
@@ -6,7 +6,7 @@ COPY . /build
 WORKDIR /build
 RUN go build -ldflags "-s" -o start-sync scripts/kratos/providers_sync.go

-FROM alpine:latest as runtime
+FROM alpine:latest AS runtime
 LABEL description="Run container"

 WORKDIR /usr/bin
--- a/_kratos/development/pkg/resources.go
+++ b/_kratos/development/pkg/resources.go
@@ -29,21 +29,21 @@ func CreateIdentityWithSession(c *ory.APIClient, email, password string) (*ory.S
 	}

 	// Initialize a registration flow
-	flow, _, err := c.V0alpha2Api.InitializeSelfServiceRegistrationFlowWithoutBrowser(ctx).Execute()
-	ExitOnError(err)
+	flow, _, err := c.FrontendAPI.CreateNativeRegistrationFlow(ctx).Execute()

-	// Submit the registration flow
-	result, res, err := c.V0alpha2Api.SubmitSelfServiceRegistrationFlow(ctx).Flow(flow.Id).SubmitSelfServiceRegistrationFlowBody(
-		ory.SubmitSelfServiceRegistrationFlowWithPasswordMethodBodyAsSubmitSelfServiceRegistrationFlowBody(&ory.SubmitSelfServiceRegistrationFlowWithPasswordMethodBody{
-			Method:   "password",
-			Password: password,
-			Traits: map[string]interface{}{
-				"email":       email,
-				"first_name":  "Jon",
-				"last_name":   "Doe",
-				"description": "nothing",
+	result, res, err := c.FrontendAPI.UpdateRegistrationFlow(ctx).Flow(flow.Id).UpdateRegistrationFlowBody(
+		ory.UpdateRegistrationFlowWithPasswordMethodAsUpdateRegistrationFlowBody(
+			&ory.UpdateRegistrationFlowWithPasswordMethod{
+				Method:   "password",
+				Password: password,
+				Traits: map[string]interface{}{
+					"email":       email,
+					"first_name":  "Jon",
+					"last_name":   "Doe",
+					"description": "nothing",
+				},
 			},
-		}),
+		),
 	).Execute()
 	SDKExitOnError(err, res)

@@ -58,11 +58,9 @@ func CreateIdentity(c *ory.APIClient) *ory.Identity {
 	ctx := context.Background()

 	email, _ := RandomCredentials()
-	identity, _, err := c.V0alpha2Api.AdminCreateIdentity(ctx).AdminCreateIdentityBody(ory.AdminCreateIdentityBody{
-		SchemaId: "default",
-		Traits: map[string]interface{}{
-			"email": email,
-		}}).Execute()
+
+	identity, _, err := c.IdentityAPI.CreateIdentity(ctx).CreateIdentityBody(*ory.NewCreateIdentityBody("default", map[string]interface{}{"email": email,}})).Execute()
 	ExitOnError(err)
+	
 	return identity
 }
--- a/_kratos/development/session_main.go
+++ b/_kratos/development/session_main.go
@@ -15,11 +15,9 @@ func toSession() *ory.Session {
 	email, password := pkg.RandomCredentials()
 	_, sessionToken := pkg.CreateIdentityWithSession(client, email, password)

-	session, res, err := client.V0alpha2Api.
-		ToSessionExecute(ory.
-			V0alpha2ApiApiToSessionRequest{}.
-			XSessionToken(sessionToken))
+	session, res, err := client.FrontendAPI.ToSessionExecute(ory.FrontendApiToSessionRequest{}.XSessionToken(sessionToken))
 	pkg.SDKExitOnError(err, res)
+
 	return session
 }

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,3 @@
-version: '3.7'
-
 services:
  postgresd:
    image: postgres:14.2
@@ -15,6 +13,8 @@ services:

  kratos-migrate:
    image: oryd/kratos:v0.11.0
+    depends_on:
+      - postgresd
    environment:
      - DSN=postgres://$DB_USER:$DB_PASSWORD@postgresd:$DB_PORT/$DB_NAME?sslmode=disable&max_conns=20&max_idle_conns=4
    volumes:
@@ -41,8 +41,8 @@ services:
      - kratos-migrate
    image: oryd/kratos:v0.11.0
    ports:
-      - '4433:4433' # public
-      - '4434:4434' # admin
+      - "4433:4433" # public
+      - "4434:4434" # admin
    environment:
      - DSN=postgres://$DB_USER:$DB_PASSWORD@postgresd:$DB_PORT/$DB_NAME?sslmode=disable&max_conns=20&max_idle_conns=4
      - LOG_LEVEL=trace
@@ -55,8 +55,8 @@ services:
  mailslurper:
    image: oryd/mailslurper:latest-smtps
    ports:
-      - '4436:4436'
-      - '4437:4437'
+      - "4436:4436"
+      - "4437:4437"

 volumes:
  paralus_db_data:
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/paralus/paralus

-go 1.23.1
+go 1.25.5

 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.0
@@ -20,7 +20,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0
 	github.com/json-iterator/go v1.1.12
-	github.com/ory/kratos-client-go v0.11.0
+	github.com/ory/kratos-client-go v1.3.8
 	github.com/pkg/errors v0.9.1
 	github.com/processout/grpc-go-pool v1.2.1
 	github.com/rs/xid v1.3.0
@@ -131,7 +131,7 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	golang.org/x/crypto v0.35.0 // indirect
 	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/oauth2 v0.20.0 // indirect
+	golang.org/x/oauth2 v0.27.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/term v0.29.0 // indirect
 	golang.org/x/text v0.22.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -600,8 +600,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
-github.com/ory/kratos-client-go v0.11.0 h1:8FF2GiLjvDEPiN4fVLiHgnKZspQdd7kXDlBbeJJq+aw=
-github.com/ory/kratos-client-go v0.11.0/go.mod h1:8gqPMa6bB+NHbDurRY6D2dOTLrjYEdg/Dx+JvwXsZ0Q=
+github.com/ory/kratos-client-go v1.3.8 h1:S4D5dAURq5C6LbOUU+DgE4ZXxp37IlJG2GngemdF9h0=
+github.com/ory/kratos-client-go v1.3.8/go.mod h1:Dc+ANapsPxu+CfdC0yk8TxmvceCmrvNozW+ZGS/xq5o=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
@@ -952,8 +952,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
-golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
+golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--- a/internal/provider/kratos/kratos.go
+++ b/internal/provider/kratos/kratos.go
@@ -54,7 +54,7 @@ func (k *kratosAuthProvider) Create(ctx context.Context, password string, traits
 		},
 	})
 	cib.SetMetadataPublic(metadata)
-	ir, hr, err := k.kc.IdentityApi.CreateIdentity(ctx).CreateIdentityBody(*cib).Execute()
+	ir, hr, err := k.kc.IdentityAPI.CreateIdentity(ctx).CreateIdentityBody(*cib).Execute()
 	if err != nil {
 		_log.Error("failed to create identity ", hr)
 		return "", err
@@ -73,7 +73,7 @@ func (k *kratosAuthProvider) Update(ctx context.Context, id string, traits map[s
 	ipm.ForceReset = metadata.ForceReset
 	uib.SetMetadataPublic(ipm)

-	_, hr, err := k.kc.IdentityApi.UpdateIdentity(ctx, id).UpdateIdentityBody(*uib).Execute()
+	_, hr, err := k.kc.IdentityAPI.UpdateIdentity(ctx, id).UpdateIdentityBody(*uib).Execute()
 	if err != nil {
 		_log.Error("failed to update identity ", hr)
 	}
@@ -82,7 +82,7 @@ func (k *kratosAuthProvider) Update(ctx context.Context, id string, traits map[s

 func (k *kratosAuthProvider) GetRecoveryLink(ctx context.Context, id string) (string, error) {
 	rlb := kclient.NewCreateRecoveryLinkForIdentityBody(id)
-	rl, _, err := k.kc.IdentityApi.CreateRecoveryLinkForIdentity(ctx).CreateRecoveryLinkForIdentityBody(*rlb).Execute()
+	rl, _, err := k.kc.IdentityAPI.CreateRecoveryLinkForIdentity(ctx).CreateRecoveryLinkForIdentityBody(*rlb).Execute()
 	if err != nil {
 		return "", err
 	}
@@ -90,7 +90,7 @@ func (k *kratosAuthProvider) GetRecoveryLink(ctx context.Context, id string) (st
 }

 func (k *kratosAuthProvider) Delete(ctx context.Context, id string) error {
-	hr, err := k.kc.IdentityApi.DeleteIdentity(ctx, id).Execute()
+	hr, err := k.kc.IdentityAPI.DeleteIdentity(ctx, id).Execute()
 	if err != nil {
 		fmt.Println(hr)
 	}
@@ -98,7 +98,7 @@ func (k *kratosAuthProvider) Delete(ctx context.Context, id string) error {
 }

 func (k *kratosAuthProvider) GetPublicMetadata(ctx context.Context, id string) (*IdentityPublicMetadata, error) {
-	identity, res, err := k.kc.IdentityApi.GetIdentity(ctx, id).Execute()
+	identity, res, err := k.kc.IdentityAPI.GetIdentity(ctx, id).Execute()
 	if err != nil {
 		return nil, err
 	}
--- a/persistence/migrations/admindb/000040_fixing_not_null_constraints.down.sql
+++ b/persistence/migrations/admindb/000040_fixing_not_null_constraints.down.sql
@@ -0,0 +1,126 @@
+ALTER TABLE authsrv_partner
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_organization
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_project
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_ssoaccount
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_group
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_resourcerole
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_resourcepermission
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_resourcerolepermission
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_projectaccountresourcerole
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_projectaccountnamespacerole
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_projectgroupnamespacerole
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_projectgrouprole
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_groupaccount
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_grouprole
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_accountresourcerole
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_template
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE sentry_bootstrap_infra
+    ALTER COLUMN created_at DROP DEFAULT;
+
+ALTER TABLE sentry_bootstrap_agent_template
+    ALTER COLUMN created_at DROP DEFAULT;
+
+ALTER TABLE sentry_bootstrap_agent
+    ALTER COLUMN created_at DROP DEFAULT;
+
+ALTER TABLE sentry_kubeconfig_revocation
+    ALTER COLUMN created_at DROP DEFAULT;
+
+ALTER TABLE sentry_kubeconfig_setting
+    ALTER COLUMN created_at DROP DEFAULT;
+
+ALTER TABLE sentry_kubectl_cluster_settings
+    ALTER COLUMN created_at DROP DEFAULT;
+
+ALTER TABLE authsrv_idp
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE authsrv_oidc_provider
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE cluster_metro
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE cluster_operator_bootstrap
+    ALTER COLUMN created_at DROP DEFAULT,
+    ALTER COLUMN modified_at DROP DEFAULT,
+    ALTER COLUMN trash DROP DEFAULT;
+
+ALTER TABLE cluster_tokens
+    ALTER COLUMN created_at DROP DEFAULT;
+
+ALTER TABLE cluster_clusters
+    ALTER COLUMN created_at DROP DEFAULT;
+
+ALTER TABLE authsrv_apikey
+    ALTER COLUMN created_at DROP DEFAULT;
--- a/persistence/migrations/admindb/000040_fixing_not_null_constraints.up.sql
+++ b/persistence/migrations/admindb/000040_fixing_not_null_constraints.up.sql
@@ -0,0 +1,126 @@
+ALTER TABLE authsrv_partner
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_organization
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_project
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_ssoaccount
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_group
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_resourcerole
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_resourcepermission
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_resourcerolepermission
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_projectaccountresourcerole
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_projectaccountnamespacerole
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_projectgroupnamespacerole
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_projectgrouprole
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_groupaccount
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_grouprole
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_accountresourcerole
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_template
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE sentry_bootstrap_infra
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
+
+ALTER TABLE sentry_bootstrap_agent_template
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
+
+ALTER TABLE sentry_bootstrap_agent
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
+
+ALTER TABLE sentry_kubeconfig_revocation
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
+
+ALTER TABLE sentry_kubeconfig_setting
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
+
+ALTER TABLE sentry_kubectl_cluster_settings
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
+
+ALTER TABLE authsrv_idp
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE authsrv_oidc_provider
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE cluster_metro
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE cluster_operator_bootstrap
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN modified_at SET DEFAULT CURRENT_TIMESTAMP,
+    ALTER COLUMN trash SET DEFAULT FALSE;
+
+ALTER TABLE cluster_tokens
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
+
+ALTER TABLE cluster_clusters
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
+
+ALTER TABLE authsrv_apikey
+    ALTER COLUMN created_at SET DEFAULT CURRENT_TIMESTAMP;
--- a/pkg/auth/v3/core.go
+++ b/pkg/auth/v3/core.go
@@ -77,9 +77,8 @@ func (ac *authContext) authenticate(ctx context.Context, req *commonv3.IsRequest
 		res.SessionData.Organization = resp.OrganizationID.String()
 		res.SessionData.Partner = resp.PartnerID.String()
 	} else {
-
-		tsr := ac.kc.FrontendApi.ToSession(ctx).XSessionToken(req.GetXSessionToken()).Cookie(req.GetCookie())
-		session, _, err := ac.kc.FrontendApi.ToSessionExecute(tsr)
+		tsr := ac.kc.FrontendAPI.ToSession(ctx).XSessionToken(req.GetXSessionToken()).Cookie(req.GetCookie())
+		session, _, err := ac.kc.FrontendAPI.ToSessionExecute(tsr)
 		if err != nil {
 			// '401 Unauthorized' if the credentials are invalid or no credentials were sent.
 			if strings.Contains(err.Error(), "401 Unauthorized") {
--- a/pkg/sentry/authz/authz.go
+++ b/pkg/sentry/authz/authz.go
@@ -2,6 +2,7 @@ package authz

 import (
 	"context"
+	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@@ -818,7 +819,7 @@ func verifyKubectlSettings(cnAttr kubeconfig.CNAttributes, ks *sentry.Kubeconfig
 		// backward compatibility treat "" as terminal session for old kubeconfigs
 		if ks.DisableCLIKubectl {
 			_log.Infow("kubectl cli is not authorized for ", "cnAttr", cnAttr, " by ", level, "config")
-			return fmt.Errorf("kubectl cli is not authorized" + " by " + level + "config") //deny
+			return errors.New("kubectl cli is not authorized" + " by " + level + "config") //deny
 		}
 		return nil // allow
 	}
@@ -826,7 +827,7 @@ func verifyKubectlSettings(cnAttr kubeconfig.CNAttributes, ks *sentry.Kubeconfig
 	if cnAttr.SessionType == kubeconfig.WebShell {
 		if ks.DisableWebKubectl {
 			_log.Infow("browser based kubectl is not authorized for ", "cnAttr", cnAttr, " by ", level, "config")
-			return fmt.Errorf("browser based kubectl is not authorized" + " by " + level + "config") //deny
+			return errors.New("browser based kubectl is not authorized" + " by " + level + "config") //deny
 		}
 		return nil // allow
 	}
--- a/pkg/service/authz.go
+++ b/pkg/service/authz.go
@@ -133,7 +133,7 @@ func (s *authzService) fromPolicies(policies *authzpbv1.Policies) ([][]string, e
 		rule := []string{p.GetSub(), p.GetNs(), p.GetProj(), p.GetOrg(), p.GetObj()}
 		for _, field := range rule {
 			if field == "" {
-				return res, fmt.Errorf(fmt.Sprintf("index %d: policy elements do not meet definition", i))
+				return res, fmt.Errorf("index %d: policy elements do not meet definition", i)
 			}
 		}
 		res = append(res, rule)
@@ -165,7 +165,7 @@ func (s *authzService) fromUserGroups(ugs *authzpbv1.UserGroups) ([][]string, er
 		rule := []string{p.GetUser(), p.GetGrp()}
 		for _, field := range rule {
 			if field == "" {
-				return res, fmt.Errorf(fmt.Sprintf("index %d: request elements do not meet definition", i))
+				return res, fmt.Errorf("index %d: request elements do not meet definition", i)
 			}
 		}
 		res = append(res, rule)
@@ -212,7 +212,7 @@ func (s *authzService) fromRolePermissionMappingList(ctx context.Context, r *aut
 					rule := []string{rpm.url, mapping.GetRole(), method}
 					for _, field := range rule {
 						if field == "" {
-							return res, fmt.Errorf(fmt.Sprintf("index %d: mapping elements do not meet definition", i))
+							return res, fmt.Errorf("index %d: mapping elements do not meet definition", i)
 						}
 					}
 					rules = append(rules, rule)
@@ -231,10 +231,9 @@ func (s *authzService) Enforce(ctx context.Context, req *authzpbv1.EnforceReques
 		param = req.Params[index]
 		params = append(params, param)
 	}
-
 	res, err := s.enforcer.Enforce(params...)
 	if err != nil {
-		return nil, status.Errorf(codes.InvalidArgument, err.Error())
+		return nil, status.Error(codes.InvalidArgument, err.Error())
 	}

 	return &authzpbv1.BoolReply{Res: res}, nil
@@ -250,13 +249,13 @@ func (s *authzService) CreatePolicies(ctx context.Context, p *authzpbv1.Policies
 	}
 	policies, err := s.fromPolicies(p)
 	if err != nil {
-		return nil, status.Errorf(codes.InvalidArgument, err.Error())
+		return nil, status.Error(codes.InvalidArgument, err.Error())
 	}

 	// err could be from db, policy assertions; dispatcher, watcher updates (not pertinent)
 	res, err := s.enforcer.AddPolicies(policies)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Error(codes.Internal, err.Error())
 	}
 	// s.enforcer.InvalidateCache()
 	return &authzpbv1.BoolReply{Res: res}, nil
@@ -266,7 +265,7 @@ func (s *authzService) DeletePolicies(ctx context.Context, p *authzpbv1.Policy)
 	// err could be from db, policy assertions, cache; dispatcher, watcher updates (not pertinent)
 	res, err := s.enforcer.RemoveFilteredPolicy(0, p.GetSub(), p.GetNs(), p.GetProj(), p.GetOrg(), p.GetObj())
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Error(codes.Internal, err.Error())
 	}
 	// s.enforcer.InvalidateCache()
 	return &authzpbv1.BoolReply{Res: res}, nil
@@ -283,13 +282,13 @@ func (s *authzService) CreateUserGroups(ctx context.Context, p *authzpbv1.UserGr

 	ugs, err := s.fromUserGroups(p)
 	if err != nil {
-		return nil, status.Errorf(codes.InvalidArgument, err.Error())
+		return nil, status.Error(codes.InvalidArgument, err.Error())
 	}

 	// err could be from db, policy assertions; dispatcher, watcher updates (not pertinent)
 	res, err := s.enforcer.AddNamedGroupingPolicies(groupGtype, ugs)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Error(codes.Internal, err.Error())
 	}

 	// s.enforcer.InvalidateCache()
@@ -300,7 +299,7 @@ func (s *authzService) DeleteUserGroups(ctx context.Context, p *authzpbv1.UserGr
 	// err could be from db, policy assertions, cache; dispatcher, watcher updates (not pertinent)
 	res, err := s.enforcer.RemoveFilteredNamedGroupingPolicy(groupGtype, 0, p.GetUser(), p.GetGrp())
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Error(codes.Internal, err.Error())
 	}

 	// s.enforcer.InvalidateCache()
@@ -320,12 +319,12 @@ func (s *authzService) CreateRolePermissionMappings(ctx context.Context, p *auth

 	rpms, err := s.fromRolePermissionMappingList(ctx, p)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Error(codes.Internal, err.Error())
 	}

 	res, err := s.enforcer.AddNamedGroupingPolicies(roleGtype, rpms)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Error(codes.Internal, err.Error())
 	}

 	// s.enforcer.InvalidateCache()
@@ -335,7 +334,7 @@ func (s *authzService) CreateRolePermissionMappings(ctx context.Context, p *auth
 func (s *authzService) DeleteRolePermissionMappings(ctx context.Context, p *authzpbv1.FilteredRolePermissionMapping) (*authzpbv1.BoolReply, error) {
 	res, err := s.enforcer.RemoveFilteredNamedGroupingPolicy(roleGtype, 1, p.GetRole())
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Error(codes.Internal, err.Error())
 	}

 	// s.enforcer.InvalidateCache()
--- a/pkg/service/cluster.go
+++ b/pkg/service/cluster.go
@@ -126,7 +126,7 @@ func (s *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster) (
 			ConditionStatus: commonv3.ConditionStatus_StatusFailed,
 			Reason:          errormsg,
 		}
-		return cluster, fmt.Errorf(errormsg)
+		return cluster, errors.New(errormsg)
 	}
 	if len(cluster.Metadata.Name) > 63 {
 		errormsg = "maximum characters allowed for cluster name is 63. please try another name"
@@ -135,7 +135,7 @@ func (s *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster) (
 			ConditionStatus: commonv3.ConditionStatus_StatusFailed,
 			Reason:          errormsg,
 		}
-		return cluster, fmt.Errorf(errormsg)
+		return cluster, errors.New(errormsg)
 	}

 	clusterPresent, err := dao.GetByNamePartnerOrg(ctx, s.db, cluster.Metadata.Name, uuid.NullUUID{UUID: proj.PartnerId, Valid: true},
@@ -144,7 +144,7 @@ func (s *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster) (
 		_log.Infof("Skipping as first time cluster create ")
 	} else if clusterPresent != nil {
 		errormsg = "cluster name is already taken. please try another name"
-		return &infrav3.Cluster{}, fmt.Errorf(errormsg)
+		return &infrav3.Cluster{}, errors.New(errormsg)
 	}

 	metro := &models.Metro{}
--- a/pkg/service/oidc_provider.go
+++ b/pkg/service/oidc_provider.go
@@ -242,7 +242,7 @@ func (s *oidcProvider) GetByName(ctx context.Context, provider *systemv3.OIDCPro
 		if errors.Is(err, sql.ErrNoRows) {
 			return &systemv3.OIDCProvider{}, status.Errorf(codes.InvalidArgument, "OIDC PROVIDER %q NOT EXIST", name)
 		} else {
-			return &systemv3.OIDCProvider{}, status.Errorf(codes.Internal, codes.Internal.String())
+			return &systemv3.OIDCProvider{}, status.Error(codes.Internal, codes.Internal.String())
 		}

 	}
--- a/scripts/initialize/main.go
+++ b/scripts/initialize/main.go
@@ -297,10 +297,15 @@ func main() {
 				},
 			}

-			_, err := rs.Upsert(internalCtx, role)
+			_, err := rs.Create(internalCtx, role)
 			if err != nil {
-				log.Fatalf("unable to upsert role %s: %v", name, err)
+				if strings.Contains(err.Error(), "already exists") {
+					// role already present, safe to ignore
+					continue
+				}
+				log.Fatalf("unable to create role %s: %v", name, err)
 			}
+
 		}
 	}
 	//default "All Local Users" group should be created
@@ -337,11 +342,14 @@ func main() {
 	}

 	existingProject, err := prs.GetByName(context.Background(), "default")
-	if err != nil && !strings.Contains(err.Error(), "not found") && !strings.Contains(err.Error(), "no rows in result set") {
+	fmt.Println(existingProject)
+	isNotFound := err != nil &&
+		(strings.Contains(err.Error(), "not found") ||
+			strings.Contains(err.Error(), "no rows in result set"))
+	if err != nil && !isNotFound {
 		log.Fatal("unable to get project", err)
 	}
-	if existingProject == nil {
-		//default project with name "default" should be created with default flag true
+	if isNotFound {
 		_, err := prs.Create(context.Background(), &systemv3.Project{
 			Metadata: &commonv3.Metadata{
 				Name:         "default",