Skip to content

Commit

Permalink
fix(prism-agent): define db app user privileges before app starts (#722)
Browse files Browse the repository at this point in the history
Signed-off-by: Pat Losoponkul <[email protected]>
  • Loading branch information
patlo-iog authored Sep 15, 2023
1 parent a0e0a74 commit 8039654
Show file tree
Hide file tree
Showing 4 changed files with 75 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
package io.iohk.atala.connect.sql.repository

import doobie.*
import doobie.implicits.*
import doobie.util.transactor.Transactor
import io.iohk.atala.shared.db.DbConfig
import org.flywaydb.core.Flyway
import zio.*
import zio.interop.catz.*

final case class Migrations(config: DbConfig) {

Expand Down Expand Up @@ -30,4 +34,19 @@ final case class Migrations(config: DbConfig) {
object Migrations {
val layer: URLayer[DbConfig, Migrations] =
ZLayer.fromFunction(Migrations.apply _)

def initDbPrivileges(appUser: String): RIO[Transactor[Task], Unit] = {
val cxnIO = for {
_ <- doobie.free.connection.createStatement.map { stm =>
stm.execute(s"""
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO "$appUser"
""".stripMargin)
}
} yield ()

for {
xa <- ZIO.service[Transactor[Task]]
_ <- cxnIO.transact(xa)
} yield ()
}
}
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
package io.iohk.atala.pollux.sql.repository

import doobie.*
import doobie.implicits.*
import doobie.util.transactor.Transactor
import io.iohk.atala.shared.db.DbConfig
import org.flywaydb.core.Flyway
import zio.*
import zio.interop.catz.*

final case class Migrations(config: DbConfig) {

Expand Down Expand Up @@ -31,4 +35,19 @@ final case class Migrations(config: DbConfig) {
object Migrations {
val layer: URLayer[DbConfig, Migrations] =
ZLayer.fromFunction(Migrations.apply _)

def initDbPrivileges(appUser: String): RIO[Transactor[Task], Unit] = {
val cxnIO = for {
_ <- doobie.free.connection.createStatement.map { stm =>
stm.execute(s"""
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO "$appUser"
""".stripMargin)
}
} yield ()

for {
xa <- ZIO.service[Transactor[Task]]
_ <- cxnIO.transact(xa)
} yield ()
}
}
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package io.iohk.atala.agent.server

import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton
import io.iohk.atala.agent.server.config.AppConfig
import io.iohk.atala.agent.server.http.ZioHttpClient
import io.iohk.atala.agent.server.sql.Migrations as AgentMigrations
import io.iohk.atala.agent.walletapi.service.{
Expand Down Expand Up @@ -58,6 +59,22 @@ object MainApp extends ZIOAppDefault {

Security.insertProviderAt(BouncyCastleProviderSingleton.getInstance(), 2)

// FIXME: remove this when db app user have correct privileges provisioned by k8s operator.
// This should be executed before migration to have correct privilege for new objects.
val preMigrations = for {
_ <- ZIO.logInfo("running pre-migration steps.")
appConfig <- ZIO.service[AppConfig].provide(SystemModule.configLayer)
_ <- PolluxMigrations
.initDbPrivileges(appConfig.pollux.database.appUsername)
.provide(RepoModule.polluxTransactorLayer)
_ <- ConnectMigrations
.initDbPrivileges(appConfig.connect.database.appUsername)
.provide(RepoModule.connectTransactorLayer)
_ <- AgentMigrations
.initDbPrivileges(appConfig.agent.database.appUsername)
.provide(RepoModule.agentTransactorLayer)
} yield ()

val migrations = for {
_ <- ZIO.serviceWithZIO[PolluxMigrations](_.migrate)
_ <- ZIO.serviceWithZIO[ConnectMigrations](_.migrate)
Expand Down Expand Up @@ -100,6 +117,7 @@ object MainApp extends ZIOAppDefault {
}
_ <- ZIO.logInfo(s"DIDComm Service port => $didCommServicePort")

_ <- preMigrations
_ <- migrations

app <- PrismAgentApp
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
package io.iohk.atala.agent.server.sql

import doobie.*
import doobie.implicits.*
import doobie.util.transactor.Transactor
import io.iohk.atala.shared.db.DbConfig
import org.flywaydb.core.Flyway
import zio.*
import zio.interop.catz.*

final case class Migrations(config: DbConfig) {

Expand Down Expand Up @@ -30,4 +34,19 @@ final case class Migrations(config: DbConfig) {
object Migrations {
val layer: URLayer[DbConfig, Migrations] =
ZLayer.fromFunction(Migrations.apply _)

def initDbPrivileges(appUser: String): RIO[Transactor[Task], Unit] = {
val cxnIO = for {
_ <- doobie.free.connection.createStatement.map { stm =>
stm.execute(s"""
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO "$appUser"
""".stripMargin)
}
} yield ()

for {
xa <- ZIO.service[Transactor[Task]]
_ <- cxnIO.transact(xa)
} yield ()
}
}

0 comments on commit 8039654

Please sign in to comment.