diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index ee48bcd..e8ec154 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -119,7 +119,11 @@ jobs: -v $(pwd)/test-secrets/db-timetables-api-username:/run/secrets/db-timetables-api-username:ro -v - $(pwd)/test-secrets/db-timetables-api-password:/run/secrets/db-timetables-api-password:ro" + $(pwd)/test-secrets/db-timetables-api-password:/run/secrets/db-timetables-api-password:ro + -v + $(pwd)/test-secrets/db-dss-username:/run/secrets/db-dss-username:ro + -v + $(pwd)/test-secrets/db-dss-password:/run/secrets/db-dss-password:ro" dbQuery: # finds all users in the database "SELECT usename FROM pg_catalog.pg_user ORDER BY usename;" @@ -132,8 +136,9 @@ jobs: tiamat timetablesapiusername user + dss - (6 rows) + (7 rows) steps: - name: Checkout code @@ -144,6 +149,8 @@ jobs: docker run -d --rm -p 6432:5432 --name postgres ${{ matrix.envMapping }} ${{ matrix.secretMapping }} ${{ matrix.dockerImage }} - name: Verify that postgres database is up and can be connected to + id: healthcheck + continue-on-error: true uses: HSLdevcom/jore4-tools/github-actions/healthcheck@healthcheck-v1 with: command: @@ -151,11 +158,36 @@ jobs: "SELECT ''OK'';"' - name: Verify that the proper sql dumps got imported (diff expected results) + id: verify_sql_dump + continue-on-error: true run: | psql -h localhost -p 6432 -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "${{ matrix.dbQuery }}" > dbresults.txt echo "${{ matrix.expectedOutput }}" > expectedresults.txt diff --ignore-all-space --ignore-blank-lines dbresults.txt expectedresults.txt + - name: Dump container diagnostics on failure + if: always() && (steps.healthcheck.outcome == 'failure' || steps.verify_sql_dump.outcome == 'failure') + run: | + echo "::group::docker ps" + docker ps -a + echo "::endgroup::" + + echo "::group::container inspect" + docker inspect postgres || true + echo "::endgroup::" + + echo "::group::container logs" + docker logs postgres || true + echo "::endgroup::" + + - name: Clean up test container + if: always() + run: docker rm -f postgres || true + + - name: Fail job if container validation failed + if: always() && (steps.healthcheck.outcome == 'failure' || steps.verify_sql_dump.outcome == 'failure') + run: exit 1 + run_e2e_tests: name: Run E2E tests needs: diff --git a/.github/workflows/test-docker-compose.yml b/.github/workflows/test-docker-compose.yml index 37d01f8..5066404 100644 --- a/.github/workflows/test-docker-compose.yml +++ b/.github/workflows/test-docker-compose.yml @@ -21,6 +21,8 @@ jobs: run: docker compose up -d - name: Verify that mapmatching database is up and can be connected to + id: mapmatching_healthcheck + continue-on-error: true uses: HSLdevcom/jore4-tools/github-actions/healthcheck@healthcheck-v1 env: POSTGRES_USER: username @@ -32,6 +34,8 @@ jobs: "SELECT ''OK'';"' - name: Verify that azuredbmock database is up and can be connected to + id: azuredbmock_healthcheck + continue-on-error: true uses: HSLdevcom/jore4-tools/github-actions/healthcheck@healthcheck-v1 env: POSTGRES_USER: username @@ -41,3 +45,22 @@ jobs: command: 'psql -h localhost -p 7432 -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "SELECT ''OK'';"' + + - name: Dump compose diagnostics on failure + if: always() && (steps.mapmatching_healthcheck.outcome == 'failure' || steps.azuredbmock_healthcheck.outcome == 'failure') + run: | + echo "::group::docker compose ps" + docker compose ps -a + echo "::endgroup::" + + echo "::group::docker compose logs" + docker compose logs --no-color + echo "::endgroup::" + + - name: Clean up compose services + if: always() + run: docker compose down -v + + - name: Fail job if compose validation failed + if: always() && (steps.mapmatching_healthcheck.outcome == 'failure' || steps.azuredbmock_healthcheck.outcome == 'failure') + run: exit 1 diff --git a/README.md b/README.md index f109908..765acba 100644 --- a/README.md +++ b/README.md @@ -76,17 +76,19 @@ Secrets: | db-auth-password | \*\*\* | Password of the database user for the authentication microservice | | db-auth-name | authdb | Name of the (internal) database used by the auth backend microservice | | db-jore3importer-username | dbjore3importer | Name of the database user for the jore3 importer microservice | -| db-jore3importer-password | \*\*\* | Name of the database user for the jore3 importer microservice | +| db-jore3importer-password | \*\*\* | Password of the database user for the jore3 importer microservice | | db-jore3importer-name | importerdb | Name of the (internal) database used by the jore3 importer microservice | | db-hasura-username | dbhasura | Name of the database user for the hasura microservice | | db-hasura-password | \*\*\* | Password of the database user for the hasura microservice | -| db-hasura-name | jore4db | Name of the database used by the hasura microservice | +| db-hasura-name | jore4db | Name of the (internal) database used by the hasura microservice | | db-timetables-name | timetablesdb | Name of the database used by the timetables module | | db-tiamat-username | tiamat | Name of the database user for the tiamat microservice | | db-tiamat-password | \*\*\* | Password of the database user for the tiamat microservice | -| db-tiamat-name | stopdb | Name of the database used by the tiamat microservice | +| db-tiamat-name | stopdb | Name of the (internal) database used by the tiamat microservice | | db-timetables-api-username | dbtimetablesapi | Name of the database user for the timetables API microservice | | db-timetables-api-password | \*\*\* | Password of the database user for the timetables API microservice | +| db-dss-username | dss | Name of the database user for the DSS service | +| db-dss-password | \*\*\* | Password of the database user for the DSS service. | All other environment variables are the same as as in `postgis/postgis`'s base image, [postgres](https://registry.hub.docker.com/_/postgres/) diff --git a/azuredbmock/migrations/07-create-jore4-main-database.sql b/azuredbmock/migrations/07-create-jore4-main-database.sql index 343792b..8d6ed7e 100644 --- a/azuredbmock/migrations/07-create-jore4-main-database.sql +++ b/azuredbmock/migrations/07-create-jore4-main-database.sql @@ -1,4 +1,4 @@ --- This migration replicates initialization of the JORE4 main database in script scripts/ssh-to-bastion-host +-- This migration replicates initialization of the JORE4 main database in script scripts/create_db_roles_and_extensions.sh -- in azure-infra-jore4aks repository CREATE DATABASE xxx_db_jore4_main_name_xxx; @@ -14,6 +14,7 @@ CREATE SCHEMA IF NOT EXISTS network AUTHORIZATION xxx_db_hasura_username_xxx; CREATE SCHEMA IF NOT EXISTS stopregistry AUTHORIZATION xxx_db_tiamat_username_xxx; CREATE SCHEMA IF NOT EXISTS timetables AUTHORIZATION xxx_db_hasura_username_xxx; CREATE SCHEMA IF NOT EXISTS hdb_catalog AUTHORIZATION xxx_db_hasura_username_xxx; +CREATE SCHEMA IF NOT EXISTS dssview AUTHORIZATION xxx_db_hasura_username_xxx; CREATE SCHEMA IF NOT EXISTS topology AUTHORIZATION xxx_db_tiamat_username_xxx; @@ -48,6 +49,7 @@ GRANT CONNECT, CREATE ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_tiamat_us GRANT CONNECT ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_jore3importer_username_xxx; GRANT CONNECT ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_timetables_api_username_xxx; +GRANT CONNECT ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_dss_username_xxx; ------------------------------------------------------- @@ -105,3 +107,19 @@ GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA timetables TO xxx_db_hasura_username_xx GRANT USAGE ON SCHEMA timetables TO xxx_db_timetables_api_username_xxx; GRANT SELECT ON ALL TABLES IN SCHEMA timetables TO xxx_db_timetables_api_username_xxx; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA timetables TO xxx_db_timetables_api_username_xxx; + + +-------------------------------------------------------- +----- Grant DSS View Schema Level Access Privileges ---- +-------------------------------------------------------- + +-- See the beginning of the initial database migration in: +-- https://github.com/entur/tiamat/blob/master/src/main/resources/db/migration/V1__Base_version.sql +GRANT USAGE ON SCHEMA dssview TO xxx_db_hasura_username_xxx; +GRANT ALL ON ALL TABLES IN SCHEMA dssview TO xxx_db_hasura_username_xxx; +ALTER DEFAULT PRIVILEGES FOR USER xxx_db_dss_username_xxx IN SCHEMA dssview GRANT ALL ON TABLES TO xxx_db_hasura_username_xxx; + +GRANT USAGE ON SCHEMA dssview TO xxx_db_dss_username_xxx; +GRANT SELECT ON ALL TABLES IN SCHEMA dssview TO xxx_db_dss_username_xxx; +ALTER DEFAULT PRIVILEGES FOR USER xxx_db_dss_username_xxx IN SCHEMA dssview GRANT SELECT ON TABLES TO xxx_db_dss_username_xxx; + diff --git a/docker-compose.yml b/docker-compose.yml index 48d8f5e..731fbf2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -91,3 +91,7 @@ secrets: file: ./test-secrets/db-timetables-api-username db-timetables-api-password: file: ./test-secrets/db-timetables-api-password + db-dss-username: + file: ./test-secrets/db-dss-username + db-dss-password: + file: ./test-secrets/db-dss-password diff --git a/test-secrets/db-dss-password b/test-secrets/db-dss-password new file mode 100644 index 0000000..0e6e490 --- /dev/null +++ b/test-secrets/db-dss-password @@ -0,0 +1 @@ +dsspassword diff --git a/test-secrets/db-dss-username b/test-secrets/db-dss-username new file mode 100644 index 0000000..2df356e --- /dev/null +++ b/test-secrets/db-dss-username @@ -0,0 +1 @@ +dss