Ensure that values of attributes are unique in the database

While this is already ensured on the Java level when using a Set, database inconsistencies as occurred with Hibernate could lead to follow-up problems that are hard to analyze (as seen in #11666).

Closes #11671

model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/client/entity/JpaClientAttributeEntity.java

@@ -18,10 +18,14 @@ package org.keycloak.models.map.storage.jpa.client.entity;
 
 import javax.persistence.Entity;
 import javax.persistence.Table;
+import javax.persistence.UniqueConstraint;
+
 import org.keycloak.models.map.storage.jpa.JpaAttributeEntity;
 
 @Entity
-@Table(name = "kc_client_attribute")
+@Table(name = "kc_client_attribute", uniqueConstraints = {
+        @UniqueConstraint(columnNames = {"fk_root", "name", "value"})
+})
 public class JpaClientAttributeEntity extends JpaAttributeEntity<JpaClientEntity> {
 
     public JpaClientAttributeEntity() {

model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/clientscope/entity/JpaClientScopeAttributeEntity.java

@@ -18,10 +18,14 @@ package org.keycloak.models.map.storage.jpa.clientscope.entity;
 
 import javax.persistence.Entity;
 import javax.persistence.Table;
+import javax.persistence.UniqueConstraint;
+
 import org.keycloak.models.map.storage.jpa.JpaAttributeEntity;
 
 @Entity
-@Table(name = "kc_client_scope_attribute")
+@Table(name = "kc_client_scope_attribute", uniqueConstraints = {
+        @UniqueConstraint(columnNames = {"fk_root", "name", "value"})
+})
 public class JpaClientScopeAttributeEntity extends JpaAttributeEntity<JpaClientScopeEntity> {
 
     public JpaClientScopeAttributeEntity() {

model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/group/entity/JpaGroupAttributeEntity.java

@@ -18,10 +18,14 @@ package org.keycloak.models.map.storage.jpa.group.entity;
 
 import javax.persistence.Entity;
 import javax.persistence.Table;
+import javax.persistence.UniqueConstraint;
+
 import org.keycloak.models.map.storage.jpa.JpaAttributeEntity;
 
 @Entity
-@Table(name = "kc_group_attribute")
+@Table(name = "kc_group_attribute", uniqueConstraints = {
+        @UniqueConstraint(columnNames = {"fk_root", "name", "value"})
+})
 public class JpaGroupAttributeEntity extends JpaAttributeEntity<JpaGroupEntity> {
 
     public JpaGroupAttributeEntity() {

model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/realm/entity/JpaRealmAttributeEntity.java

@@ -18,6 +18,7 @@ package org.keycloak.models.map.storage.jpa.realm.entity;
 
 import javax.persistence.Entity;
 import javax.persistence.Table;
+import javax.persistence.UniqueConstraint;
 
 import org.keycloak.models.map.storage.jpa.JpaAttributeEntity;
 
@@ -28,7 +29,9 @@ import org.keycloak.models.map.storage.jpa.JpaAttributeEntity;
  * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
  */
 @Entity
-@Table(name = "kc_realm_attribute")
+@Table(name = "kc_realm_attribute", uniqueConstraints = {
+        @UniqueConstraint(columnNames = {"fk_root", "name", "value"})
+})
 public class JpaRealmAttributeEntity extends JpaAttributeEntity<JpaRealmEntity> {
 
     public JpaRealmAttributeEntity() {

model/map-jpa/src/main/java/org/keycloak/models/map/storage/jpa/role/entity/JpaRoleAttributeEntity.java

@@ -18,10 +18,14 @@ package org.keycloak.models.map.storage.jpa.role.entity;
 
 import javax.persistence.Entity;
 import javax.persistence.Table;
+import javax.persistence.UniqueConstraint;
+
 import org.keycloak.models.map.storage.jpa.JpaAttributeEntity;
 
 @Entity
-@Table(name = "kc_role_attribute")
+@Table(name = "kc_role_attribute", uniqueConstraints = {
+        @UniqueConstraint(columnNames = {"fk_root", "name", "value"})
+})
 public class JpaRoleAttributeEntity extends JpaAttributeEntity<JpaRoleEntity> {
 
     public JpaRoleAttributeEntity() {

model/map-jpa/src/main/resources/META-INF/client-scopes/jpa-client-scopes-changelog-1.xml

@@ -57,6 +57,8 @@ limitations under the License.
             <column name="name" type="VARCHAR(255)"/>
             <column name="value" type="text"/>
         </createTable>
+        <!-- this is deferrable and initiallyDeferred as hibernate will first insert new entries and then delete the old by default -->
+        <addUniqueConstraint tableName="kc_client_scope_attribute" columnNames="fk_root, name, value" deferrable="true" initiallyDeferred="true" />
         <createIndex tableName="kc_client_scope_attribute" indexName="client_scope_attr_fk_root">
             <column name="fk_root"/>
         </createIndex>

model/map-jpa/src/main/resources/META-INF/clients/jpa-clients-changelog-1.xml

@@ -64,6 +64,8 @@ limitations under the License.
             <column name="name" type="VARCHAR(255)"/>
             <column name="value" type="text"/>
         </createTable>
+        <!-- this is deferrable and initiallyDeferred as hibernate will first insert new entries and then delete the old by default -->
+        <addUniqueConstraint tableName="kc_client_attribute" columnNames="fk_root, name, value" deferrable="true" initiallyDeferred="true" />
         <createIndex tableName="kc_client_attribute" indexName="client_attr_fk_root">
             <column name="fk_root"/>
         </createIndex>

model/map-jpa/src/main/resources/META-INF/groups/jpa-groups-changelog-1.xml

@@ -59,6 +59,8 @@ limitations under the License.
             <column name="name" type="VARCHAR(255)"/>
             <column name="value" type="text"/>
         </createTable>
+        <!-- this is deferrable and initiallyDeferred as hibernate will first insert new entries and then delete the old by default -->
+        <addUniqueConstraint tableName="kc_group_attribute" columnNames="fk_root, name, value" deferrable="true" initiallyDeferred="true" />
         <createIndex tableName="kc_group_attribute" indexName="group_attr_fk_root">
             <column name="fk_root"/>
         </createIndex>

model/map-jpa/src/main/resources/META-INF/realms/jpa-realms-changelog-1.xml

@@ -83,6 +83,8 @@ limitations under the License.
             <column name="name" type="VARCHAR(255)"/>
             <column name="value" type="TEXT"/>
         </createTable>
+        <!-- this is deferrable and initiallyDeferred as hibernate will first insert new entries and then delete the old by default -->
+        <addUniqueConstraint tableName="kc_realm_attribute" columnNames="fk_root, name, value" deferrable="true" initiallyDeferred="true" />
         <createIndex tableName="kc_realm_attribute" indexName="realm_attr_fk_root">
             <column name="fk_root"/>
         </createIndex>

model/map-jpa/src/main/resources/META-INF/roles/jpa-roles-changelog-1.xml

@@ -66,6 +66,8 @@ limitations under the License.
             <column name="name" type="VARCHAR(255)"/>
             <column name="value" type="text"/>
         </createTable>
+        <!-- this is deferrable and initiallyDeferred as hibernate will first insert new entries and then delete the old by default -->
+        <addUniqueConstraint tableName="kc_role_attribute" columnNames="fk_root, name, value" deferrable="true" initiallyDeferred="true" />
         <createIndex tableName="kc_role_attribute" indexName="role_attr_fk_root">
             <column name="fk_root"/>
         </createIndex>