refactor(backend): Complete system_credentials removal - consolidate to unified_credentials

remyluslosius · claude · remyluslosius · commit da531d7d7f6a · 2025-11-03T21:12:27.000-05:00
Step 2 of credentials migration - Remove all legacy code: 1. Dropped system_credentials table from PostgreSQL database 2. Deleted legacy backend/app/routes/system_settings.py (13 deprecated endpoints) 3. Removed v2_credentials router from main.py (deprecated /api/v2/credentials/*) 4. Updated init_roles.py init_default_system_credentials() to use unified_credentials table All credential operations now use single unified system: - Frontend: /api/system/credentials (from system_settings_unified.py) - Backend: unified_credentials table (PostgreSQL) - Init: Creates default credentials in unified_credentials Migration complete - simplified from dual-system to single unified approach. Related: docs/SIMPLE_CREDENTIALS_MIGRATION.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/backend/app/init_roles.py b/backend/app/init_roles.py
@@ -151,13 +151,19 @@ def create_default_super_admin(db: Session):
 
 
 def init_default_system_credentials(db: Session):
-    """Initialize default system SSH credentials for frictionless onboarding"""
+    """
+    Initialize default system SSH credentials for frictionless onboarding
+
+    Uses unified_credentials table (system_credentials removed 2025-11-03)
+    """
     try:
-        # Check if any system credentials already exist
+        # Check if system-level credentials exist in unified_credentials
         result = db.execute(
             text(
                 """
-            SELECT COUNT(*) as count FROM system_credentials WHERE is_active = true
+            SELECT COUNT(*) as count
+            FROM unified_credentials
+            WHERE scope = 'system' AND is_active = true
         """
             )
         )
@@ -168,7 +174,7 @@ def init_default_system_credentials(db: Session):
             logger.info(f"Found {existing_count} existing system credentials, skipping initialization")
             return
 
-        logger.info("No system credentials found - creating placeholder credentials for easy setup")
+        logger.info("No system credentials found - creating placeholder in unified_credentials")
 
         # Create placeholder credentials that guide users to configure actual credentials
         placeholder_description = (
@@ -185,38 +191,35 @@ def init_default_system_credentials(db: Session):
         encrypted_bytes = encryption_service.encrypt(b"CHANGE_ME_PLEASE")
         encrypted_password = base64.b64encode(encrypted_bytes).decode("ascii")
 
-        # Insert placeholder credentials (no actual sensitive data)
+        # Insert into unified_credentials (NOT system_credentials)
         db.execute(
             text(
                 """
-            INSERT INTO system_credentials
-            (name, description, username, auth_method, encrypted_password,
-             encrypted_private_key, private_key_passphrase, is_default, is_active,
-             created_by, created_at, updated_at)
-            VALUES (:name, :description, :username, :auth_method, :encrypted_password,
-                    :encrypted_private_key, :private_key_passphrase, :is_default, :is_active,
-                    :created_by, :created_at, :updated_at)
+            INSERT INTO unified_credentials
+            (name, description, username, auth_method,
+             encrypted_password, encrypted_private_key, private_key_passphrase,
+             scope, target_id, is_default, is_active, created_at, updated_at)
+            VALUES (:name, :description, :username, :auth_method,
+                    :encrypted_password, :encrypted_private_key, :private_key_passphrase,
+                    'system', NULL, true, true, :created_at, :updated_at)
         """
             ),
             {
                 "name": "Setup Required - Default SSH Credentials",
                 "description": placeholder_description,
                 "username": "root",
                 "auth_method": "password",
-                "encrypted_password": encrypted_password,  # Obvious placeholder
+                "encrypted_password": encrypted_password,
                 "encrypted_private_key": None,
                 "private_key_passphrase": None,
-                "is_default": True,
-                "is_active": True,
-                "created_by": 1,  # Created by default admin user
                 "created_at": current_time,
                 "updated_at": current_time,
             },
         )
 
         db.commit()
 
-        logger.info("Created placeholder system credentials - users should update these in Settings")
+        logger.info("Created placeholder system credentials in unified_credentials - users should update these in Settings")
         logger.warning(
             "SECURITY NOTICE: Default SSH credentials created with placeholder password. Users must update these credentials in Settings before performing SSH operations."
         )
diff --git a/backend/app/main.py b/backend/app/main.py
@@ -51,7 +51,6 @@
     webhooks,
 )
 from .routes.system_settings_unified import router as system_settings_router
-from .routes.v2 import credentials as v2_credentials  # WEEK 2: v2 credentials API
 
 # Import security routes only if available
 try:
@@ -532,9 +531,6 @@ async def metrics():
 app.include_router(scan_templates.router, prefix="/api", tags=["Scan Templates"])
 app.include_router(webhooks.router, prefix="/api/v1", tags=["Webhooks"])
 app.include_router(credentials.router, tags=["Credential Sharing"])
-app.include_router(
-    v2_credentials.router, prefix="/api", tags=["Credentials v2"]
-)  # WEEK 2: v2 credentials API (adds /api prefix to router's /v2/credentials)
 app.include_router(api_keys.router, prefix="/api/api-keys", tags=["API Keys"])
 app.include_router(remediation_callback.router, tags=["AEGIS Integration"])
 app.include_router(
diff --git a/backend/app/routes/system_settings.py b/backend/app/routes/system_settings.py
