feat(17-01): add CredentialProfile model and Pydantic schemas

- SQLAlchemy model mapping to credential_profiles table (migration 037) - CredentialProfileCreate with model_validator enforcing per-type required fields - CredentialProfileUpdate with conditional validation on type change - CredentialProfileResponse without any credential fields (write-only) - Device model updated with credential_profile_id FK and relationship Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 18:51:53 -05:00
parent 390df0531d
commit 3d149b674f
3 changed files with 289 additions and 0 deletions
--- a/backend/app/models/credential_profile.py
+++ b/backend/app/models/credential_profile.py
@@ -0,0 +1,55 @@
+"""CredentialProfile model -- reusable credential sets for devices."""
+
+import uuid
+from datetime import datetime
+
+from sqlalchemy import DateTime, ForeignKey, LargeBinary, String, Text, UniqueConstraint, func
+from sqlalchemy.dialects.postgresql import UUID
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from app.models.base import Base
+
+
+class CredentialProfile(Base):
+    __tablename__ = "credential_profiles"
+    __table_args__ = (
+        UniqueConstraint("tenant_id", "name", name="uq_credential_profiles_tenant_name"),
+    )
+
+    id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True),
+        primary_key=True,
+        default=uuid.uuid4,
+        server_default=func.gen_random_uuid(),
+    )
+    tenant_id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("tenants.id", ondelete="CASCADE"),
+        nullable=False,
+        index=True,
+    )
+    name: Mapped[str] = mapped_column(String(255), nullable=False)
+    description: Mapped[str | None] = mapped_column(Text, nullable=True)
+    credential_type: Mapped[str] = mapped_column(String(50), nullable=False)
+    encrypted_credentials: Mapped[bytes | None] = mapped_column(LargeBinary, nullable=True)
+    encrypted_credentials_transit: Mapped[str | None] = mapped_column(Text, nullable=True)
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), server_default=func.now(), nullable=False
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False
+    )
+
+    # Relationships
+    tenant: Mapped["Tenant"] = relationship("Tenant")  # type: ignore[name-defined]
+    devices: Mapped[list["Device"]] = relationship(  # type: ignore[name-defined]
+        "Device",
+        back_populates="credential_profile",
+        foreign_keys="[Device.credential_profile_id]",
+    )
+
+    def __repr__(self) -> str:
+        return (
+            f"<CredentialProfile id={self.id} name={self.name!r}"
+            f" type={self.credential_type!r} tenant_id={self.tenant_id}>"
+        )
--- a/backend/app/models/device.py
+++ b/backend/app/models/device.py
@@ -117,6 +117,17 @@ class Device(Base):
    sector: Mapped["Sector"] = relationship(  # type: ignore[name-defined]
        "Sector", back_populates="devices", foreign_keys=[sector_id]
    )
+    credential_profile_id: Mapped[uuid.UUID | None] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("credential_profiles.id", ondelete="SET NULL"),
+        nullable=True,
+        index=True,
+    )
+    credential_profile: Mapped["CredentialProfile"] = relationship(  # type: ignore[name-defined]
+        "CredentialProfile",
+        back_populates="devices",
+        foreign_keys=[credential_profile_id],
+    )

    def __repr__(self) -> str:
        return f"<Device id={self.id} hostname={self.hostname!r} tenant_id={self.tenant_id}>"