Hugging Face's logo

Spaces:
Kraft102
/
widgettdc-api
Paused

App Files Community
widgettdc-api / data /dIV /schema-health-check.sql
Kraft102's picture
Kraft102
fix: sql.js Docker/Alpine compatibility layer for PatternMemory and FailureMemory
5a81b95
raw
history blame contribute delete
43.6 kB
 -- schema-health-check.sql
-- Comprehensive Database Schema Health Check
-- Citizen Intelligence Agency - Open Source Intelligence Platform
-- Generated for PostgreSQL 16
--
-- Purpose: Validates database schema integrity, checks view dependencies,
-- verifies data consistency, analyzes performance characteristics,
-- and provides actionable recommendations for improvements.
--
-- Dependencies: Builds on schema-validation.sql from Issue #7865
--
-- Usage:
-- psql -U postgres -d cia_dev -f service.data.impl/src/main/resources/schema-health-check.sql > health_check_report.txt 2>&1
--
-- Output formats:
-- 1. Text report with health score and recommendations
-- 2. JSON export for automation and monitoring
\set ON_ERROR_STOP off
\timing on
\echo '=================================================='
\echo 'CIA Database Schema Health Check'
\echo 'Started:' `date`
\echo 'Database:' :DBNAME
\echo '=================================================='
-- Create temporary table to store health check results
DROP TABLE IF EXISTS health_check_results;
CREATE TEMP TABLE health_check_results (
category VARCHAR(50),
check_name VARCHAR(100),
status VARCHAR(20), -- PASS, WARN, FAIL, INFO
severity INTEGER, -- 1=INFO, 2=WARNING, 3=ERROR, 4=CRITICAL
details TEXT,
recommendation TEXT
);
-- ============================================
-- SECTION 1: Schema Integrity Checks
-- ============================================
\echo ''
\echo '=========================================='
\echo '=== SCHEMA INTEGRITY CHECKS ==='
\echo '=========================================='
-- Check 1.1: Validate all foreign key constraints
\echo ''
\echo 'Checking foreign key integrity...'
DO $$
DECLARE
fk_record RECORD;
orphan_count BIGINT;
check_query TEXT;
BEGIN
FOR fk_record IN
SELECT
tc.constraint_name,
tc.table_schema,
tc.table_name,
kcu.column_name,
ccu.table_schema AS foreign_table_schema,
ccu.table_name AS foreign_table_name,
ccu.column_name AS foreign_column_name
FROM information_schema.table_constraints AS tc
JOIN information_schema.key_column_usage AS kcu
ON tc.constraint_name = kcu.constraint_name
AND tc.table_schema = kcu.table_schema
JOIN information_schema.constraint_column_usage AS ccu
ON ccu.constraint_name = tc.constraint_name
AND ccu.table_schema = tc.table_schema
WHERE tc.constraint_type = 'FOREIGN KEY'
AND tc.table_schema = 'public'
ORDER BY tc.table_name, kcu.column_name
LOOP
BEGIN
-- Build query to check for orphaned records
check_query := format(
'SELECT COUNT(*) FROM %I.%I child ' ||
'LEFT JOIN %I.%I parent ON child.%I = parent.%I ' ||
'WHERE child.%I IS NOT NULL AND parent.%I IS NULL',
fk_record.table_schema, fk_record.table_name,
fk_record.foreign_table_schema, fk_record.foreign_table_name,
fk_record.column_name, fk_record.foreign_column_name,
fk_record.column_name, fk_record.foreign_column_name
);
EXECUTE check_query INTO orphan_count;
INSERT INTO health_check_results VALUES (
'Schema Integrity',
'Foreign Key: ' || fk_record.table_name || '.' || fk_record.column_name,
CASE WHEN orphan_count = 0 THEN 'PASS' ELSE 'FAIL' END,
CASE WHEN orphan_count = 0 THEN 1 ELSE 4 END,
'Found ' || orphan_count || ' orphaned records',
CASE WHEN orphan_count > 0
THEN 'Clean up orphaned records or add missing parent records in ' || fk_record.foreign_table_name
ELSE NULL
END
);
EXCEPTION WHEN OTHERS THEN
INSERT INTO health_check_results VALUES (
'Schema Integrity',
'Foreign Key: ' || fk_record.table_name || '.' || fk_record.column_name,
'WARN',
2,
'Could not check: ' || SQLERRM,
'Review foreign key constraint definition'
);
END;
END LOOP;
END $$;
-- Check 1.2: Validate view definitions (no broken views)
\echo 'Checking view integrity...'
DO $$
DECLARE
r RECORD;
v_error TEXT;
BEGIN
FOR r IN
SELECT schemaname, viewname
FROM pg_views
WHERE schemaname = 'public'
ORDER BY viewname
LOOP
BEGIN
EXECUTE format('SELECT COUNT(*) FROM %I.%I LIMIT 1', r.schemaname, r.viewname);
INSERT INTO health_check_results VALUES (
'Schema Integrity',
'View: ' || r.viewname,
'PASS',
1,
'View definition is valid',
NULL
);
EXCEPTION WHEN OTHERS THEN
v_error := SQLERRM;
INSERT INTO health_check_results VALUES (
'Schema Integrity',
'View: ' || r.viewname,
'FAIL',
4,
'View has broken definition: ' || v_error,
'Recreate view or fix dependencies. See TROUBLESHOOTING_EMPTY_VIEWS.md'
);
END;
END LOOP;
END $$;
-- Check 1.3: Materialized views freshness
\echo 'Checking materialized view freshness...'
INSERT INTO health_check_results
SELECT
'Schema Integrity' AS category,
'Materialized View Freshness: ' || m.matviewname AS check_name,
CASE
WHEN s.last_vacuum IS NULL AND s.last_autovacuum IS NULL THEN 'WARN'
WHEN GREATEST(s.last_vacuum, s.last_autovacuum) < NOW() - INTERVAL '7 days' THEN 'WARN'
WHEN m.ispopulated = false THEN 'FAIL'
ELSE 'PASS'
END AS status,
CASE
WHEN m.ispopulated = false THEN 4
WHEN s.last_vacuum IS NULL AND s.last_autovacuum IS NULL THEN 2
WHEN GREATEST(s.last_vacuum, s.last_autovacuum) < NOW() - INTERVAL '7 days' THEN 2
ELSE 1
END AS severity,
CASE
WHEN m.ispopulated = false THEN 'Materialized view is not populated'
WHEN s.last_vacuum IS NULL AND s.last_autovacuum IS NULL THEN 'Never refreshed'
ELSE 'Last activity: ' || COALESCE(GREATEST(s.last_vacuum, s.last_autovacuum)::TEXT, 'UNKNOWN')
END AS details,
CASE
WHEN m.ispopulated = false OR (s.last_vacuum IS NULL AND s.last_autovacuum IS NULL)
THEN 'Refresh materialized view: psql -d cia_dev -f refresh-all-views.sql'
WHEN GREATEST(s.last_vacuum, s.last_autovacuum) < NOW() - INTERVAL '7 days'
THEN 'Consider refreshing: REFRESH MATERIALIZED VIEW ' || m.matviewname || ';'
ELSE NULL
END AS recommendation
FROM pg_matviews m
LEFT JOIN pg_stat_user_tables s ON s.schemaname = m.schemaname AND s.relname = m.matviewname
WHERE m.schemaname = 'public';
-- ============================================
-- SECTION 2: Data Quality Checks
-- ============================================
\echo ''
\echo '=========================================='
\echo '=== DATA QUALITY CHECKS ==='
\echo '=========================================='
-- Check 2.1: Empty critical tables
\echo ''
\echo 'Checking for empty critical tables...'
DO $$
DECLARE
v_table TEXT;
v_count BIGINT;
v_critical_tables TEXT[] := ARRAY[
'person_data',
'assignment_data',
'ballot_data',
'vote_data',
'document_data',
'sweden_political_party',
'committee_proposal_data',
'document_element',
'document_person_reference_data'
];
BEGIN
FOREACH v_table IN ARRAY v_critical_tables
LOOP
BEGIN
EXECUTE format('SELECT COUNT(*) FROM %I', v_table) INTO v_count;
IF v_count = 0 THEN
INSERT INTO health_check_results VALUES (
'Data Quality',
'Critical Table: ' || v_table,
'FAIL',
4,
'Table is empty (0 rows)',
'Load data into table or check data import processes. See TROUBLESHOOTING_EMPTY_VIEWS.md'
);
ELSIF v_count < 100 THEN
INSERT INTO health_check_results VALUES (
'Data Quality',
'Critical Table: ' || v_table,
'WARN',
2,
'Table has only ' || v_count || ' rows',
'Verify data completeness and import status'
);
ELSE
INSERT INTO health_check_results VALUES (
'Data Quality',
'Critical Table: ' || v_table,
'PASS',
1,
'Table has ' || v_count || ' rows',
NULL
);
END IF;
EXCEPTION WHEN OTHERS THEN
INSERT INTO health_check_results VALUES (
'Data Quality',
'Critical Table: ' || v_table,
'INFO',
1,
'Table does not exist or cannot be accessed: ' || SQLERRM,
'Verify table name and permissions'
);
END;
END LOOP;
END $$;
-- Check 2.2: NULL values in critical columns
\echo 'Checking for NULLs in critical columns...'
DO $$
DECLARE
null_count BIGINT;
BEGIN
-- Check person_data.person_id
BEGIN
SELECT COUNT(*) INTO null_count FROM person_data WHERE person_id IS NULL;
INSERT INTO health_check_results VALUES (
'Data Quality',
'NULL Check: person_data.person_id',
CASE WHEN null_count > 0 THEN 'FAIL' ELSE 'PASS' END,
CASE WHEN null_count > 0 THEN 3 ELSE 1 END,
'Found ' || null_count || ' NULL person_id values',
CASE WHEN null_count > 0 THEN 'Fix NULL values in person_data.person_id' ELSE NULL END
);
EXCEPTION WHEN OTHERS THEN
NULL; -- Table may not exist
END;
-- Check ballot_data.ballot_id
BEGIN
SELECT COUNT(*) INTO null_count FROM ballot_data WHERE ballot_id IS NULL;
INSERT INTO health_check_results VALUES (
'Data Quality',
'NULL Check: ballot_data.ballot_id',
CASE WHEN null_count > 0 THEN 'FAIL' ELSE 'PASS' END,
CASE WHEN null_count > 0 THEN 3 ELSE 1 END,
'Found ' || null_count || ' NULL ballot_id values',
CASE WHEN null_count > 0 THEN 'Fix NULL values in ballot_data.ballot_id' ELSE NULL END
);
EXCEPTION WHEN OTHERS THEN
NULL; -- Table may not exist
END;
-- Check document_data.id
BEGIN
SELECT COUNT(*) INTO null_count FROM document_data WHERE id IS NULL;
INSERT INTO health_check_results VALUES (
'Data Quality',
'NULL Check: document_data.id',
CASE WHEN null_count > 0 THEN 'FAIL' ELSE 'PASS' END,
CASE WHEN null_count > 0 THEN 3 ELSE 1 END,
'Found ' || null_count || ' NULL id values',
CASE WHEN null_count > 0 THEN 'Fix NULL values in document_data.id' ELSE NULL END
);
EXCEPTION WHEN OTHERS THEN
NULL; -- Table may not exist
END;
END $$;
-- Check 2.3: Duplicate checks in key views
\echo 'Checking for duplicates...'
DO $$
DECLARE
dup_count BIGINT;
BEGIN
-- Check for duplicate person_ids in view_riksdagen_politician
BEGIN
WITH duplicate_politicians AS (
SELECT person_id, COUNT(*) as count
FROM view_riksdagen_politician
GROUP BY person_id
HAVING COUNT(*) > 1
)
SELECT COUNT(*) INTO dup_count FROM duplicate_politicians;
INSERT INTO health_check_results VALUES (
'Data Quality',
'Duplicate Check: view_riksdagen_politician.person_id',
CASE WHEN dup_count > 0 THEN 'FAIL' ELSE 'PASS' END,
CASE WHEN dup_count > 0 THEN 3 ELSE 1 END,
'Found ' || dup_count || ' duplicate person_ids',
CASE WHEN dup_count > 0 THEN 'Investigate and remove duplicates in view definition' ELSE NULL END
);
EXCEPTION WHEN OTHERS THEN
INSERT INTO health_check_results VALUES (
'Data Quality',
'Duplicate Check: view_riksdagen_politician',
'INFO',
1,
'View does not exist or cannot be checked: ' || SQLERRM,
NULL
);
END;
END $$;
-- Check 2.4: NULL percentage in critical columns
\echo 'Checking NULL percentage in critical columns...'
DO $$
DECLARE
v_null_pct NUMERIC;
v_critical_columns TEXT[][] := ARRAY[
['person_data', 'first_name'],
['person_data', 'last_name'],
['assignment_data', 'org_code'],
['vote_data', 'vote']
];
v_col TEXT[];
BEGIN
FOREACH v_col SLICE 1 IN ARRAY v_critical_columns
LOOP
BEGIN
EXECUTE format(
'SELECT ROUND(COUNT(*) FILTER (WHERE %I IS NULL) * 100.0 / NULLIF(COUNT(*), 0), 2) FROM %I',
v_col[2], v_col[1]
) INTO v_null_pct;
INSERT INTO health_check_results VALUES (
'Data Quality',
'NULL Percentage: ' || v_col[1] || '.' || v_col[2],
CASE
WHEN v_null_pct > 10 THEN 'FAIL'
WHEN v_null_pct > 5 THEN 'WARN'
ELSE 'PASS'
END,
CASE
WHEN v_null_pct > 10 THEN 3
WHEN v_null_pct > 5 THEN 2
ELSE 1
END,
COALESCE(v_null_pct::TEXT, '0') || '% NULL values',
CASE
WHEN v_null_pct > 5 THEN 'Investigate and fix NULL values in ' || v_col[1] || '.' || v_col[2]
ELSE NULL
END
);
EXCEPTION WHEN OTHERS THEN
-- Table or column doesn't exist, skip
NULL;
END;
END LOOP;
END $$;
-- Check 2.5: Data distribution analysis (party balance)
\echo 'Checking data distribution...'
DO $$
DECLARE
v_stddev NUMERIC;
v_avg NUMERIC;
v_coefficient NUMERIC;
BEGIN
BEGIN
WITH person_party_distribution AS (
SELECT party, COUNT(*) as count
FROM person_data
WHERE party IS NOT NULL
GROUP BY party
)
SELECT
STDDEV(count),
AVG(count),
CASE WHEN AVG(count) > 0 THEN STDDEV(count) / AVG(count) ELSE 0 END
INTO v_stddev, v_avg, v_coefficient
FROM person_party_distribution;
INSERT INTO health_check_results VALUES (
'Data Quality',
'Party Distribution Balance',
CASE
WHEN v_coefficient > 1.5 THEN 'WARN'
ELSE 'PASS'
END,
CASE
WHEN v_coefficient > 1.5 THEN 2
ELSE 1
END,
'Distribution coefficient: ' || COALESCE(ROUND(v_coefficient, 2)::TEXT, 'N/A') ||
' | Avg per party: ' || COALESCE(ROUND(v_avg, 0)::TEXT, 'N/A'),
CASE
WHEN v_coefficient > 1.5 THEN 'Party distribution imbalance detected - investigate if intentional'
ELSE NULL
END
);
EXCEPTION WHEN OTHERS THEN
INSERT INTO health_check_results VALUES (
'Data Quality',
'Party Distribution Balance',
'INFO',
1,
'Could not analyze: ' || SQLERRM,
NULL
);
END;
END $$;
-- ============================================
-- SECTION 3: Performance Analysis
-- ============================================
\echo ''
\echo '=========================================='
\echo '=== PERFORMANCE ANALYSIS ==='
\echo '=========================================='
-- Check 3.1: Missing indexes on foreign keys
\echo ''
\echo 'Checking for missing indexes on foreign keys...'
INSERT INTO health_check_results
SELECT
'Performance' AS category,
'Missing Index: ' || fk.table_name || '.' || fk.column_name AS check_name,
CASE WHEN idx.indexname IS NULL THEN 'WARN' ELSE 'PASS' END AS status,
CASE WHEN idx.indexname IS NULL THEN 2 ELSE 1 END AS severity,
CASE
WHEN idx.indexname IS NULL THEN 'No index found on foreign key column'
ELSE 'Index exists: ' || idx.indexname
END AS details,
CASE
WHEN idx.indexname IS NULL THEN 'CREATE INDEX idx_' || fk.table_name || '_' || fk.column_name || ' ON ' || fk.table_name || '(' || fk.column_name || ');'
ELSE NULL
END AS recommendation
FROM (
SELECT DISTINCT
tc.table_schema,
tc.table_name,
kcu.column_name
FROM information_schema.table_constraints AS tc
JOIN information_schema.key_column_usage AS kcu
ON tc.constraint_name = kcu.constraint_name
AND tc.table_schema = kcu.table_schema
WHERE tc.constraint_type = 'FOREIGN KEY'
AND tc.table_schema = 'public'
) fk
LEFT JOIN LATERAL (
SELECT
ci.relname AS indexname
FROM pg_class ct
JOIN pg_namespace ns ON ns.oid = ct.relnamespace
JOIN pg_index i ON i.indrelid = ct.oid
JOIN pg_class ci ON ci.oid = i.indexrelid
JOIN pg_attribute a ON a.attrelid = ct.oid AND a.attname = fk.column_name
WHERE ns.nspname = fk.table_schema
AND ct.relname = fk.table_name
AND i.indisvalid
AND i.indisready
AND i.indisprimary = false
AND i.indkey[0] = a.attnum
LIMIT 1
) idx ON TRUE;
-- Check 3.2: Large tables without recent vacuum
\echo 'Checking table maintenance...'
INSERT INTO health_check_results
SELECT
'Performance' AS category,
'Table Maintenance: ' || schemaname || '.' || relname AS check_name,
CASE
WHEN last_vacuum IS NULL THEN 'WARN'
WHEN last_vacuum < NOW() - INTERVAL '30 days' THEN 'WARN'
ELSE 'PASS'
END AS status,
CASE
WHEN last_vacuum IS NULL THEN 2
WHEN last_vacuum < NOW() - INTERVAL '30 days' THEN 2
ELSE 1
END AS severity,
'Last vacuum: ' || COALESCE(last_vacuum::TEXT, 'NEVER') ||
' | Size: ' || pg_size_pretty(pg_total_relation_size(relid)) AS details,
CASE
WHEN last_vacuum IS NULL OR last_vacuum < NOW() - INTERVAL '30 days'
THEN 'VACUUM ANALYZE ' || quote_ident(schemaname) || '.' || quote_ident(relname) || ';'
ELSE NULL
END AS recommendation
FROM pg_stat_user_tables
WHERE schemaname = 'public'
AND n_live_tup > 1000
ORDER BY last_vacuum ASC NULLS FIRST
LIMIT 10;
-- Check 3.3: Slow query patterns (from pg_stat_statements if available)
\echo 'Checking for slow query patterns...'
DO $$
BEGIN
IF EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_stat_statements') THEN
INSERT INTO health_check_results
SELECT
'Performance' AS category,
'Slow Query: ' || LEFT(query, 50) || '...' AS check_name,
'WARN' AS status,
2 AS severity,
'Avg time: ' || ROUND(mean_exec_time::NUMERIC, 2) || 'ms | Calls: ' || calls AS details,
'Optimize query or add indexes' AS recommendation
FROM pg_stat_statements
WHERE mean_exec_time > 1000 -- > 1 second
ORDER BY mean_exec_time DESC
LIMIT 10;
ELSE
INSERT INTO health_check_results VALUES (
'Performance',
'pg_stat_statements Extension',
'INFO',
1,
'Extension not enabled',
'Enable pg_stat_statements for query performance tracking: CREATE EXTENSION pg_stat_statements;'
);
END IF;
END $$;
-- Check 3.4: Bloated tables and indexes
\echo 'Checking for table bloat...'
INSERT INTO health_check_results
SELECT
'Performance' AS category,
'Table Bloat: ' || schemaname || '.' || relname AS check_name,
CASE
WHEN n_dead_tup > n_live_tup * 0.2 THEN 'WARN'
ELSE 'PASS'
END AS status,
CASE
WHEN n_dead_tup > n_live_tup * 0.2 THEN 2
ELSE 1
END AS severity,
'Live tuples: ' || n_live_tup || ' | Dead tuples: ' || n_dead_tup ||
' | Dead ratio: ' || ROUND(n_dead_tup::NUMERIC / NULLIF(n_live_tup, 0) * 100, 2) || '%' AS details,
CASE
WHEN n_dead_tup > n_live_tup * 0.2
THEN 'VACUUM FULL ' || schemaname || '.' || relname || '; -- WARNING: Locks table'
ELSE NULL
END AS recommendation
FROM pg_stat_user_tables
WHERE schemaname = 'public'
AND n_live_tup > 0
AND n_dead_tup > n_live_tup * 0.2
ORDER BY n_dead_tup DESC
LIMIT 10;
-- Check 3.5: Connection pool usage
\echo 'Checking connection pool usage...'
INSERT INTO health_check_results
SELECT
'Performance' AS category,
'Connection Pool Usage' AS check_name,
CASE
WHEN active_connections * 100.0 / max_connections > 90 THEN 'FAIL'
WHEN active_connections * 100.0 / max_connections > 80 THEN 'WARN'
ELSE 'PASS'
END AS status,
CASE
WHEN active_connections * 100.0 / max_connections > 90 THEN 3
WHEN active_connections * 100.0 / max_connections > 80 THEN 2
ELSE 1
END AS severity,
'Client Connections: ' || active_connections || ' / Max: ' || max_connections ||
' (' || ROUND(active_connections * 100.0 / max_connections, 1) || '%)' AS details,
CASE
WHEN active_connections * 100.0 / max_connections > 80
THEN 'Increase max_connections or review connection pooling configuration'
ELSE NULL
END AS recommendation
FROM (
SELECT COUNT(*) as active_connections
FROM pg_stat_activity
WHERE pid != pg_backend_pid()
AND backend_type = 'client backend'
) a,
(SELECT setting::INT as max_connections FROM pg_settings WHERE name = 'max_connections') m;
-- Check 3.6: Query cache hit ratio
\echo 'Checking query cache hit ratio...'
INSERT INTO health_check_results
SELECT
'Performance' AS category,
'Query Cache Hit Ratio' AS check_name,
CASE
WHEN hit_ratio < 80 THEN 'FAIL'
WHEN hit_ratio < 90 THEN 'WARN'
ELSE 'PASS'
END AS status,
CASE
WHEN hit_ratio < 80 THEN 3
WHEN hit_ratio < 90 THEN 2
ELSE 1
END AS severity,
'Hit Ratio: ' || ROUND(hit_ratio, 2) || '%' AS details,
CASE
WHEN hit_ratio < 90 THEN 'Increase shared_buffers or optimize queries to reduce disk I/O'
ELSE NULL
END AS recommendation
FROM (
SELECT
COALESCE(SUM(heap_blks_hit) * 100.0 / NULLIF(SUM(heap_blks_hit + heap_blks_read), 0), 100) AS hit_ratio
FROM pg_statio_user_tables
) cache;
-- Check 3.7: Database lock waits
\echo 'Checking for database lock waits...'
INSERT INTO health_check_results
SELECT
'Performance' AS category,
'Database Lock Waits' AS check_name,
CASE
WHEN lock_count > 10 THEN 'FAIL'
WHEN lock_count > 5 THEN 'WARN'
ELSE 'PASS'
END AS status,
CASE
WHEN lock_count > 10 THEN 3
WHEN lock_count > 5 THEN 2
ELSE 1
END AS severity,
'Current lock waits: ' || lock_count AS details,
CASE
WHEN lock_count > 5 THEN 'Investigate long-running transactions: SELECT pid, usename, query, state, wait_event, wait_event_type, query_start FROM pg_stat_activity WHERE wait_event_type = ''Lock'''
ELSE NULL
END AS recommendation
FROM (
SELECT COUNT(*) as lock_count
FROM pg_stat_activity
WHERE wait_event_type = 'Lock'
) locks;
-- ============================================
-- SECTION 4: Security Validation
-- ============================================
\echo ''
\echo '=========================================='
\echo '=== SECURITY VALIDATION ==='
\echo '=========================================='
-- Check 4.1: User permission audit
\echo ''
\echo 'Checking user permissions...'
INSERT INTO health_check_results
SELECT
'Security' AS category,
'User Permissions: ' || usename AS check_name,
CASE
WHEN usename = 'postgres' THEN 'INFO' -- expected postgres superuser
WHEN usesuper THEN 'WARN' -- other superusers
ELSE 'PASS'
END AS status,
CASE
WHEN usename = 'postgres' THEN 1
WHEN usesuper THEN 2
ELSE 1
END AS severity,
'User: ' || usename || ' | Superuser: ' || usesuper || ' | Create DB: ' || usecreatedb AS details,
CASE
WHEN usesuper AND usename != 'postgres' THEN 'Review superuser privileges for ' || usename
ELSE NULL
END AS recommendation
FROM pg_user;
-- Check 4.2: SSL configuration
\echo 'Checking SSL configuration...'
DO $$
DECLARE
ssl_setting TEXT;
BEGIN
SELECT setting INTO ssl_setting FROM pg_settings WHERE name = 'ssl';
IF ssl_setting IS NOT NULL THEN
INSERT INTO health_check_results VALUES (
'Security',
'SSL Configuration',
CASE
WHEN ssl_setting = 'on' THEN 'PASS'
ELSE 'WARN'
END,
CASE
WHEN ssl_setting = 'on' THEN 1
ELSE 2
END,
'SSL: ' || ssl_setting,
CASE
WHEN ssl_setting != 'on' THEN 'Consider enabling SSL in postgresql.conf for encrypted connections'
ELSE NULL
END
);
ELSE
INSERT INTO health_check_results VALUES (
'Security',
'SSL Configuration',
'INFO',
1,
'SSL setting not found',
'SSL may not be configured'
);
END IF;
END $$;
-- Check 4.3: pgaudit extension
\echo 'Checking pgaudit extension...'
INSERT INTO health_check_results
SELECT
'Security' AS category,
'pgaudit Extension' AS check_name,
CASE
WHEN extname IS NOT NULL THEN 'PASS'
ELSE 'INFO'
END AS status,
1 AS severity,
CASE
WHEN extname IS NOT NULL THEN 'pgaudit is installed and active'
ELSE 'pgaudit extension not found'
END AS details,
CASE
WHEN extname IS NULL THEN 'Consider installing pgaudit extension for comprehensive audit logging: CREATE EXTENSION pgaudit;'
ELSE NULL
END AS recommendation
FROM (
SELECT extname FROM pg_extension WHERE extname = 'pgaudit'
UNION ALL
SELECT NULL WHERE NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pgaudit')
LIMIT 1
) ext;
-- Check 4.4: Password encryption method
\echo 'Checking password encryption...'
DO $$
DECLARE
encryption_method TEXT;
BEGIN
SELECT setting INTO encryption_method FROM pg_settings WHERE name = 'password_encryption';
IF encryption_method IS NOT NULL THEN
INSERT INTO health_check_results VALUES (
'Security',
'Password Encryption Method',
CASE
WHEN encryption_method = 'scram-sha-256' THEN 'PASS'
WHEN encryption_method = 'md5' THEN 'WARN'
ELSE 'FAIL'
END,
CASE
WHEN encryption_method = 'scram-sha-256' THEN 1
WHEN encryption_method = 'md5' THEN 2
ELSE 3
END,
'Encryption method: ' || encryption_method,
CASE
WHEN encryption_method = 'md5' THEN 'MD5 is deprecated - migrate to scram-sha-256 for better security'
WHEN encryption_method NOT IN ('scram-sha-256', 'md5') THEN 'Use scram-sha-256 for password security'
ELSE NULL
END
);
END IF;
END $$;
-- ============================================
-- SECTION 5: Referential Integrity
-- ============================================
\echo ''
\echo '=========================================='
\echo '=== REFERENTIAL INTEGRITY CHECKS ==='
\echo '=========================================='
-- Check 5.1: Cascade delete configuration
\echo ''
\echo 'Checking cascade delete rules...'
INSERT INTO health_check_results
SELECT
'Referential Integrity' AS category,
'Cascade Rule: ' || tc.table_name || ' -> ' || ccu.table_name AS check_name,
CASE
WHEN rc.delete_rule = 'CASCADE' THEN 'INFO'
WHEN rc.delete_rule = 'NO ACTION' THEN 'PASS'
ELSE 'INFO'
END AS status,
1 AS severity,
'Delete rule: ' || rc.delete_rule || ' | Update rule: ' || rc.update_rule AS details,
CASE
WHEN rc.delete_rule = 'CASCADE'
THEN 'CASCADE delete configured - ensure this is intentional for ' || tc.table_name
ELSE NULL
END AS recommendation
FROM information_schema.table_constraints AS tc
JOIN information_schema.referential_constraints AS rc
ON tc.constraint_name = rc.constraint_name
JOIN information_schema.constraint_column_usage AS ccu
ON ccu.constraint_name = tc.constraint_name
WHERE tc.constraint_type = 'FOREIGN KEY'
AND tc.table_schema = 'public'
AND rc.delete_rule = 'CASCADE'
ORDER BY tc.table_name
LIMIT 20;
-- Check 5.2: Constraint validation
\echo 'Checking constraint validation status...'
INSERT INTO health_check_results
SELECT
'Referential Integrity' AS category,
'Constraint Validation: ' || conname AS check_name,
CASE
WHEN convalidated THEN 'PASS'
ELSE 'WARN'
END AS status,
CASE
WHEN convalidated THEN 1
ELSE 2
END AS severity,
'Constraint ' || conname || ' on ' || conrelid::regclass::text ||
' | Validated: ' || convalidated AS details,
CASE
WHEN NOT convalidated THEN 'Validate constraint: ALTER TABLE ' || conrelid::regclass::text ||
' VALIDATE CONSTRAINT ' || conname || ';'
ELSE NULL
END AS recommendation
FROM pg_constraint
WHERE connamespace = 'public'::regnamespace
AND contype IN ('f', 'c') -- Foreign keys and check constraints
AND NOT convalidated
LIMIT 10;
-- ============================================
-- SECTION 6: View Dependency Analysis
-- ============================================
\echo ''
\echo '=========================================='
\echo '=== VIEW DEPENDENCY ANALYSIS ==='
\echo '=========================================='
-- Check 6.1: View dependency depth
\echo ''
\echo 'Checking view dependency depth...'
DO $$
DECLARE
max_depth INTEGER;
deep_views INTEGER;
view_count INTEGER;
BEGIN
-- Simplified dependency check - just count direct dependencies
WITH view_deps AS (
SELECT
dependent_view.relname AS view_name,
COUNT(DISTINCT source_table.relname) AS dep_count
FROM pg_depend
JOIN pg_rewrite ON pg_depend.objid = pg_rewrite.oid
JOIN pg_class AS dependent_view ON pg_rewrite.ev_class = dependent_view.oid
JOIN pg_class AS source_table ON pg_depend.refobjid = source_table.oid
WHERE dependent_view.relkind IN ('v', 'm')
AND source_table.relkind IN ('v', 'm', 'r')
AND dependent_view.relnamespace = (SELECT oid FROM pg_namespace WHERE nspname = 'public')
GROUP BY dependent_view.relname
)
SELECT
COALESCE(MAX(dep_count), 0),
COUNT(*) FILTER (WHERE dep_count > 5),
COUNT(*)
INTO max_depth, deep_views, view_count
FROM view_deps;
INSERT INTO health_check_results VALUES (
'View Dependencies',
'View Dependency Analysis',
CASE WHEN max_depth > 10 THEN 'WARN' ELSE 'PASS' END,
CASE WHEN max_depth > 10 THEN 2 ELSE 1 END,
'Maximum direct dependencies: ' || COALESCE(max_depth::TEXT, '0') ||
' | Views with >5 dependencies: ' || COALESCE(deep_views::TEXT, '0') ||
' | Total views analyzed: ' || COALESCE(view_count::TEXT, '0'),
CASE WHEN max_depth > 10
THEN 'Consider simplifying views with many dependencies to improve maintainability'
ELSE NULL
END
);
END $$;
-- Check 6.2: Empty views that may indicate data issues
\echo 'Checking for empty views...'
DO $$
DECLARE
view_rec RECORD;
row_count BIGINT;
empty_view_count INTEGER := 0;
BEGIN
FOR view_rec IN
SELECT schemaname, viewname
FROM pg_views
WHERE schemaname = 'public'
ORDER BY viewname
LOOP
BEGIN
EXECUTE format('SELECT COUNT(*) FROM %I.%I', view_rec.schemaname, view_rec.viewname)
INTO row_count;
IF row_count = 0 THEN
empty_view_count := empty_view_count + 1;
INSERT INTO health_check_results VALUES (
'View Dependencies',
'Empty View: ' || view_rec.viewname,
'WARN',
2,
'View returns 0 rows',
'Check if this is expected. See TROUBLESHOOTING_EMPTY_VIEWS.md for diagnostic steps'
);
END IF;
EXCEPTION WHEN OTHERS THEN
-- Already caught in integrity check
NULL;
END;
END LOOP;
IF empty_view_count = 0 THEN
INSERT INTO health_check_results VALUES (
'View Dependencies',
'Empty View Check',
'PASS',
1,
'All views contain data',
NULL
);
END IF;
END $$;
-- ============================================
-- SECTION 7: Calculate Health Score & Report
-- ============================================
\echo ''
\echo '=========================================='
\echo '=== HEALTH SCORE CALCULATION ==='
\echo '=========================================='
WITH health_summary AS (
SELECT
category,
COUNT(*) AS total_checks,
COUNT(*) FILTER (WHERE status = 'PASS') AS passed,
COUNT(*) FILTER (WHERE status = 'WARN') AS warnings,
COUNT(*) FILTER (WHERE status = 'FAIL') AS failures,
COUNT(*) FILTER (WHERE severity >= 3) AS critical_issues,
-- Category-level score
ROUND(
(COUNT(*) FILTER (WHERE status = 'PASS') * 100.0 +
COUNT(*) FILTER (WHERE status = 'WARN') * 50.0) /
NULLIF(COUNT(*), 0),
2
) AS category_score
FROM health_check_results
WHERE status != 'INFO' -- Exclude informational checks from scoring
GROUP BY category
),
overall_score AS (
SELECT
COUNT(*) AS total_checks,
COUNT(*) FILTER (WHERE status = 'PASS') AS passed,
COUNT(*) FILTER (WHERE status = 'WARN') AS warnings,
COUNT(*) FILTER (WHERE status = 'FAIL') AS failures,
COUNT(*) FILTER (WHERE severity >= 3) AS critical_issues,
-- Score formula: (passed * 100 + warnings * 50 + failures * 0) / total
ROUND(
(COUNT(*) FILTER (WHERE status = 'PASS') * 100.0 +
COUNT(*) FILTER (WHERE status = 'WARN') * 50.0) /
NULLIF(COUNT(*), 0),
2
) AS health_score
FROM health_check_results
WHERE status != 'INFO' -- Exclude informational checks from scoring
)
SELECT
''::TEXT AS blank1,
'=================================================='::TEXT AS separator,
' HEALTH CHECK SUMMARY'::TEXT AS title,
'=================================================='::TEXT AS separator2,
''::TEXT AS blank2,
'Total Checks: ' || total_checks AS total,
'Passed: ' || passed AS pass_count,
'Warnings: ' || warnings AS warn_count,
'Failures: ' || failures AS fail_count,
'Critical Issues: ' || critical_issues AS critical_count,
''::TEXT AS blank3,
'**OVERALL HEALTH SCORE: ' || health_score || '/100**' AS score,
''::TEXT AS blank4,
CASE
WHEN health_score >= 90 THEN '✓ Status: EXCELLENT - No action needed'
WHEN health_score >= 75 THEN '⚠ Status: GOOD - Monitor warnings, plan improvements'
WHEN health_score >= 60 THEN '⚠⚠ Status: NEEDS ATTENTION - Address failures soon'
ELSE '✗✗✗ Status: CRITICAL - Immediate action required'
END AS status_assessment,
'=================================================='::TEXT AS separator3,
''::TEXT AS blank5
FROM overall_score;
-- Display category-level health scores
\echo ''
\echo '--- CATEGORY HEALTH SCORES ---'
SELECT
category,
category_score || '/100' AS health_score,
CASE
WHEN category_score >= 90 THEN 'EXCELLENT ✓'
WHEN category_score >= 75 THEN 'GOOD ⚠'
WHEN category_score >= 60 THEN 'NEEDS ATTENTION ⚠⚠'
ELSE 'CRITICAL ✗✗✗'
END AS status,
total_checks AS checks,
passed || ' pass' AS passed,
warnings || ' warn' AS warnings,
failures || ' fail' AS failures
FROM (
SELECT
category,
COUNT(*) AS total_checks,
COUNT(*) FILTER (WHERE status = 'PASS') AS passed,
COUNT(*) FILTER (WHERE status = 'WARN') AS warnings,
COUNT(*) FILTER (WHERE status = 'FAIL') AS failures,
ROUND(
(COUNT(*) FILTER (WHERE status = 'PASS') * 100.0 +
COUNT(*) FILTER (WHERE status = 'WARN') * 50.0) /
NULLIF(COUNT(*), 0),
2
) AS category_score
FROM health_check_results
WHERE status != 'INFO'
GROUP BY category
) cat_scores
ORDER BY category_score ASC;
-- Display category breakdown (traditional format)
\echo ''
\echo '--- CATEGORY BREAKDOWN ---'
SELECT
category,
total_checks,
passed || ' passed' AS passed_count,
warnings || ' warnings' AS warning_count,
failures || ' failures' AS failure_count,
ROUND(passed * 100.0 / NULLIF(total_checks, 0), 1) || '%' AS pass_rate
FROM (
SELECT
category,
COUNT(*) AS total_checks,
COUNT(*) FILTER (WHERE status = 'PASS') AS passed,
COUNT(*) FILTER (WHERE status = 'WARN') AS warnings,
COUNT(*) FILTER (WHERE status = 'FAIL') AS failures
FROM health_check_results
WHERE status != 'INFO'
GROUP BY category
) cat_summary
ORDER BY pass_rate ASC;
-- Display all issues (warnings and failures)
\echo ''
\echo '--- ISSUES REQUIRING ATTENTION ---'
SELECT
category,
check_name,
status,
CASE severity
WHEN 1 THEN 'INFO'
WHEN 2 THEN 'WARNING'
WHEN 3 THEN 'ERROR'
WHEN 4 THEN 'CRITICAL'
END AS severity_level,
details,
recommendation
FROM health_check_results
WHERE status IN ('WARN', 'FAIL')
ORDER BY severity DESC, category, check_name;
-- Display informational messages
\echo ''
\echo '--- INFORMATIONAL ---'
SELECT
category,
check_name,
details,
recommendation
FROM health_check_results
WHERE status = 'INFO'
ORDER BY category, check_name;
-- Export to JSON
\echo ''
\echo '--- JSON EXPORT ---'
\echo 'Generating JSON health check report...'
SELECT json_build_object(
'timestamp', NOW(),
'database', current_database(),
'health_score', (
SELECT ROUND(
(COUNT(*) FILTER (WHERE status = 'PASS') * 100.0 +
COUNT(*) FILTER (WHERE status = 'WARN') * 50.0) /
NULLIF(COUNT(*), 0),
2
)
FROM health_check_results
WHERE status != 'INFO'
),
'summary', json_build_object(
'total_checks', (SELECT COUNT(*) FROM health_check_results WHERE status != 'INFO'),
'passed', (SELECT COUNT(*) FROM health_check_results WHERE status = 'PASS'),
'warnings', (SELECT COUNT(*) FROM health_check_results WHERE status = 'WARN'),
'failures', (SELECT COUNT(*) FROM health_check_results WHERE status = 'FAIL'),
'critical_issues', (SELECT COUNT(*) FROM health_check_results WHERE severity >= 3 AND status != 'INFO')
),
'categories', (
SELECT json_agg(
json_build_object(
'category', category,
'total_checks', total_checks,
'passed', passed,
'warnings', warnings,
'failures', failures,
'pass_rate', ROUND(passed * 100.0 / NULLIF(total_checks, 0), 1),
'category_score', ROUND(
(passed * 100.0 + warnings * 50.0) / NULLIF(total_checks, 0),
2
)
)
)
FROM (
SELECT
category,
COUNT(*) AS total_checks,
COUNT(*) FILTER (WHERE status = 'PASS') AS passed,
COUNT(*) FILTER (WHERE status = 'WARN') AS warnings,
COUNT(*) FILTER (WHERE status = 'FAIL') AS failures
FROM health_check_results
WHERE status != 'INFO'
GROUP BY category
) cat
),
'issues', (
SELECT json_agg(issue_obj)
FROM (
SELECT json_build_object(
'category', category,
'check_name', check_name,
'status', status,
'severity', severity,
'details', details,
'recommendation', recommendation
) AS issue_obj
FROM health_check_results
WHERE status IN ('WARN', 'FAIL')
ORDER BY severity DESC
) issues_subq
)
)::text AS json_report;
-- ============================================
-- SECTION 8: Prometheus Metrics Export
-- ============================================
\echo ''
\echo '--- PROMETHEUS METRICS EXPORT ---'
\echo 'Generating Prometheus-compatible metrics...'
WITH category_metrics AS (
SELECT
category,
COUNT(*) AS total_checks,
COUNT(*) FILTER (WHERE status = 'PASS') AS passed,
COUNT(*) FILTER (WHERE status = 'WARN') AS warnings,
COUNT(*) FILTER (WHERE status = 'FAIL') AS failures,
ROUND(
(COUNT(*) FILTER (WHERE status = 'PASS') * 100.0 +
COUNT(*) FILTER (WHERE status = 'WARN') * 50.0) /
NULLIF(COUNT(*), 0),
2
) AS category_score
FROM health_check_results
WHERE status != 'INFO'
GROUP BY category
)
SELECT
'# HELP cia_db_health_score Database health score by category' || E'\n' ||
'# TYPE cia_db_health_score gauge' || E'\n' ||
string_agg(
'cia_db_health_score{category="' || category || '"} ' || category_score::TEXT,
E'\n'
) || E'\n' ||
E'\n' ||
'# HELP cia_db_health_checks_total Total health checks by category and status' || E'\n' ||
'# TYPE cia_db_health_checks_total gauge' || E'\n' ||
string_agg(
'cia_db_health_checks_total{category="' || category || '",status="pass"} ' || passed::TEXT || E'\n' ||
'cia_db_health_checks_total{category="' || category || '",status="warn"} ' || warnings::TEXT || E'\n' ||
'cia_db_health_checks_total{category="' || category || '",status="fail"} ' || failures::TEXT,
E'\n'
) AS prometheus_metrics
FROM category_metrics;
\echo ''
\echo 'To export Prometheus metrics to file, run:'
\echo ' psql -U postgres -d cia_dev -t -A -f schema-health-check.sql | grep -E "^(#|cia_db_)" > metrics.prom'
\echo ''
\echo ''
\echo '=================================================='
\echo 'Health check completed'
\echo 'Finished:' `date`
\echo '=================================================='
\echo ''
\echo 'To save JSON output to file, run:'
\echo ' psql -U postgres -d cia_dev -t -A -c "SELECT json_build_object(...)" > health_check.json'
\echo ''
\echo 'For automation, see README-SCHEMA-MAINTENANCE.md'
\echo ''
\timing off