Add dssview schema and dss user

.github/workflows/cd.yml

@@ -119,7 +119,11 @@ jobs:
               -v
               $(pwd)/test-secrets/db-timetables-api-username:/run/secrets/db-timetables-api-username:ro
               -v
-              $(pwd)/test-secrets/db-timetables-api-password:/run/secrets/db-timetables-api-password:ro"
+              $(pwd)/test-secrets/db-timetables-api-password:/run/secrets/db-timetables-api-password:ro
+              -v
+              $(pwd)/test-secrets/db-dss-username:/run/secrets/db-dss-username:ro
+              -v
+              $(pwd)/test-secrets/db-dss-password:/run/secrets/db-dss-password:ro"
             dbQuery:
               # finds all users in the database
               "SELECT usename FROM pg_catalog.pg_user ORDER BY usename;"
@@ -132,8 +136,9 @@ jobs:
               tiamat
               timetablesapiusername
               user
+              dss
 
-              (6 rows)
+              (7 rows)
 
     steps:
       - name: Checkout code
@@ -144,18 +149,45 @@ jobs:
           docker run -d --rm -p 6432:5432 --name postgres ${{ matrix.envMapping }} ${{ matrix.secretMapping }} ${{ matrix.dockerImage }}
 
       - name: Verify that postgres database is up and can be connected to
+        id: healthcheck
+        continue-on-error: true
         uses: HSLdevcom/jore4-tools/github-actions/healthcheck@healthcheck-v1
         with:
           command:
             'psql -h localhost -p 6432 -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c
             "SELECT ''OK'';"'
 
       - name: Verify that the proper sql dumps got imported (diff expected results)
+        id: verify_sql_dump
+        continue-on-error: true
         run: |
           psql -h localhost -p 6432 -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "${{ matrix.dbQuery }}" > dbresults.txt
           echo "${{ matrix.expectedOutput }}" > expectedresults.txt
           diff --ignore-all-space --ignore-blank-lines dbresults.txt expectedresults.txt
 
+      - name: Dump container diagnostics on failure
+        if: always() && (steps.healthcheck.outcome == 'failure' || steps.verify_sql_dump.outcome == 'failure')
+        run: |
+          echo "::group::docker ps"
+          docker ps -a
+          echo "::endgroup::"
+
+          echo "::group::container inspect"
+          docker inspect postgres || true
+          echo "::endgroup::"
+
+          echo "::group::container logs"
+          docker logs postgres || true
+          echo "::endgroup::"
+
+      - name: Clean up test container
+        if: always()
+        run: docker rm -f postgres || true
+
+      - name: Fail job if container validation failed
+        if: always() && (steps.healthcheck.outcome == 'failure' || steps.verify_sql_dump.outcome == 'failure')
+        run: exit 1
+
   run_e2e_tests:
     name: Run E2E tests
     needs:

.github/workflows/test-docker-compose.yml

@@ -21,6 +21,8 @@ jobs:
         run: docker compose up -d
 
       - name: Verify that mapmatching database is up and can be connected to
+        id: mapmatching_healthcheck
+        continue-on-error: true
         uses: HSLdevcom/jore4-tools/github-actions/healthcheck@healthcheck-v1
         env:
           POSTGRES_USER: username
@@ -32,6 +34,8 @@ jobs:
             "SELECT ''OK'';"'
 
       - name: Verify that azuredbmock database is up and can be connected to
+        id: azuredbmock_healthcheck
+        continue-on-error: true
         uses: HSLdevcom/jore4-tools/github-actions/healthcheck@healthcheck-v1
         env:
           POSTGRES_USER: username
@@ -41,3 +45,22 @@ jobs:
           command:
             'psql -h localhost -p 7432 -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c
             "SELECT ''OK'';"'
+
+      - name: Dump compose diagnostics on failure
+        if: always() && (steps.mapmatching_healthcheck.outcome == 'failure' || steps.azuredbmock_healthcheck.outcome == 'failure')
+        run: |
+          echo "::group::docker compose ps"
+          docker compose ps -a
+          echo "::endgroup::"
+
+          echo "::group::docker compose logs"
+          docker compose logs --no-color
+          echo "::endgroup::"
+
+      - name: Clean up compose services
+        if: always()
+        run: docker compose down -v
+
+      - name: Fail job if compose validation failed
+        if: always() && (steps.mapmatching_healthcheck.outcome == 'failure' || steps.azuredbmock_healthcheck.outcome == 'failure')
+        run: exit 1

README.md

@@ -76,17 +76,19 @@ Secrets:
 | db-auth-password           | \*\*\*          | Password of the database user for the authentication microservice       |
 | db-auth-name               | authdb          | Name of the (internal) database used by the auth backend microservice   |
 | db-jore3importer-username  | dbjore3importer | Name of the database user for the jore3 importer microservice           |
-| db-jore3importer-password  | \*\*\*          | Name of the database user for the jore3 importer microservice           |
+| db-jore3importer-password  | \*\*\*          | Password of the database user for the jore3 importer microservice       |
 | db-jore3importer-name      | importerdb      | Name of the (internal) database used by the jore3 importer microservice |
 | db-hasura-username         | dbhasura        | Name of the database user for the hasura microservice                   |
 | db-hasura-password         | \*\*\*          | Password of the database user for the hasura microservice               |
-| db-hasura-name             | jore4db         | Name of the database used by the hasura microservice                    |
+| db-hasura-name             | jore4db         | Name of the (internal) database used by the hasura microservice         |
 | db-timetables-name         | timetablesdb    | Name of the database used by the timetables module                      |
 | db-tiamat-username         | tiamat          | Name of the database user for the tiamat microservice                   |
 | db-tiamat-password         | \*\*\*          | Password of the database user for the tiamat microservice               |
-| db-tiamat-name             | stopdb          | Name of the database used by the tiamat microservice                    |
+| db-tiamat-name             | stopdb          | Name of the (internal) database used by the tiamat microservice         |
 | db-timetables-api-username | dbtimetablesapi | Name of the database user for the timetables API microservice           |
 | db-timetables-api-password | \*\*\*          | Password of the database user for the timetables API microservice       |
+| db-dss-username            | dss             | Name of the database user for the DSS service                           |
+| db-dss-password            | \*\*\*          | Password of the database user for the DSS service.                      |
 
 All other environment variables are the same as as in `postgis/postgis`'s base
 image, [postgres](https://registry.hub.docker.com/_/postgres/)

azuredbmock/migrations/07-create-jore4-main-database.sql

@@ -1,4 +1,4 @@
--- This migration replicates initialization of the JORE4 main database in script scripts/ssh-to-bastion-host
+-- This migration replicates initialization of the JORE4 main database in script scripts/create_db_roles_and_extensions.sh
 -- in azure-infra-jore4aks repository
 
 CREATE DATABASE xxx_db_jore4_main_name_xxx;
@@ -14,6 +14,7 @@ CREATE SCHEMA IF NOT EXISTS network AUTHORIZATION xxx_db_hasura_username_xxx;
 CREATE SCHEMA IF NOT EXISTS stopregistry AUTHORIZATION xxx_db_tiamat_username_xxx;
 CREATE SCHEMA IF NOT EXISTS timetables AUTHORIZATION xxx_db_hasura_username_xxx;
 CREATE SCHEMA IF NOT EXISTS hdb_catalog AUTHORIZATION xxx_db_hasura_username_xxx;
+CREATE SCHEMA IF NOT EXISTS dssview AUTHORIZATION xxx_db_hasura_username_xxx;
 
 CREATE SCHEMA IF NOT EXISTS topology AUTHORIZATION xxx_db_tiamat_username_xxx;
 
@@ -48,6 +49,7 @@ GRANT CONNECT, CREATE ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_tiamat_us
 
 GRANT CONNECT ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_jore3importer_username_xxx;
 GRANT CONNECT ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_timetables_api_username_xxx;
+GRANT CONNECT ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_dss_username_xxx;
 
 
 -------------------------------------------------------
@@ -105,3 +107,19 @@ GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA timetables TO xxx_db_hasura_username_xx
 GRANT USAGE ON SCHEMA timetables TO xxx_db_timetables_api_username_xxx;
 GRANT SELECT ON ALL TABLES IN SCHEMA timetables TO xxx_db_timetables_api_username_xxx;
 GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA timetables TO xxx_db_timetables_api_username_xxx;
+
+
+--------------------------------------------------------
+----- Grant DSS View Schema Level Access Privileges ----
+--------------------------------------------------------
+
+-- See the beginning of the initial database migration in:
+--  https://github.com/entur/tiamat/blob/master/src/main/resources/db/migration/V1__Base_version.sql
+GRANT USAGE ON SCHEMA dssview TO xxx_db_hasura_username_xxx;
+GRANT ALL ON ALL TABLES IN SCHEMA dssview TO xxx_db_hasura_username_xxx;
+ALTER DEFAULT PRIVILEGES FOR USER xxx_db_dss_username_xxx IN SCHEMA dssview GRANT ALL ON TABLES TO xxx_db_hasura_username_xxx;
+
+GRANT USAGE ON SCHEMA dssview TO xxx_db_dss_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA dssview TO xxx_db_dss_username_xxx;
+ALTER DEFAULT PRIVILEGES FOR USER xxx_db_dss_username_xxx IN SCHEMA dssview GRANT SELECT ON TABLES TO xxx_db_dss_username_xxx;
+

docker-compose.yml

@@ -91,3 +91,7 @@ secrets:
     file: ./test-secrets/db-timetables-api-username
   db-timetables-api-password:
     file: ./test-secrets/db-timetables-api-password
+  db-dss-username:
+    file: ./test-secrets/db-dss-username
+  db-dss-password:
+    file: ./test-secrets/db-dss-password

test-secrets/db-dss-password

@@ -0,0 +1 @@
+dsspassword

test-secrets/db-dss-username

@@ -0,0 +1 @@
+dss