Skip to content

Commit

Permalink
add option to setup roles + online demo
Browse files Browse the repository at this point in the history
  • Loading branch information
3nids committed Nov 11, 2024
1 parent c0fe6f2 commit d57e902
Show file tree
Hide file tree
Showing 5 changed files with 84 additions and 13 deletions.
22 changes: 18 additions & 4 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ on:

jobs:
docker-tests:
name: Docker
name: Run tests and deploy demo data
runs-on: ubuntu-latest

steps:
Expand All @@ -29,7 +29,7 @@ jobs:

- name: "initialize container"
run: |
docker run -d -p 5432:5432 --name signalo opengisch/signalo:unstable
docker run -d -p 5432:5432 --name signalo -v $(pwd):/src opengisch/signalo:unstable
docker exec signalo init_db.sh wait
docker exec -e PGSERVICE=pg_signalo_demo signalo init_db.sh build -d
docker exec -e PGSERVICE=pg_signalo_demo signalo /src/scripts/all-signs.py
Expand All @@ -42,8 +42,8 @@ jobs:
- name: "test data model"
run: docker exec signalo pytest

- name: "test images"
run: docker exec signalo /src/test/official_sign_images.sh
# - name: "test images"
# run: docker exec signalo /src/test/official_sign_images.sh

- name: "test changelog"
run: docker exec signalo /src/test/test-changelog.sh
Expand All @@ -66,6 +66,20 @@ jobs:
run: |
docker push opengisch/signalo:unstable
- name: Deploy Demo DB
env:
DEMO_DB_HOST: ${{ secrets.DEMO_DB_HOST }}
DEMO_DB_USER: ${{ secrets.DEMO_DB_USER }}
DEMO_DB_PORT: ${{ secrets.DEMO_DB_PORT }}
DEMO_DB_TESTING: ${{ secrets.DEMO_DB_TESTING }}
DEMO_DB_PASSWORD: ${{ secrets.DEMO_DB_PASSWORD }}
run: |
BACKUP_FILE=signalo-testing-db-dump-with-demo.backup
export PGPASSWORD=${DEMO_DB_PASSWORD}
docker exec signalo pg_dump --format custom --exclude-schema=public --blobs --compress 5 --file ${BACKUP_FILE} signalo
pg_restore --host=${DEMO_DB_HOST} --username=${DEMO_DB_USER} --port=${DEMO_DB_PORT} --dbname==${DEMO_DB_TESTING} --exit-on-error --clean --if-exists --no-owner ${BACKUP_FILE}
psql --host=${DEMO_DB_HOST} --username=${DEMO_DB_USER} --port=${DEMO_DB_PORT} --dbname=${DEMO_DB_TESTING} -v EXIT_ON_ERROR=on -f ./datamodel/roles.sql
- name: "failure logs"
if: failure()
run: |
Expand Down
5 changes: 5 additions & 0 deletions datamodel/roles/create.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

CREATE ROLE signalo_viewer NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
CREATE ROLE signalo_user NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;

GRANT signalo_viewer TO signalo_user;
30 changes: 30 additions & 0 deletions datamodel/roles/setup.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
------------------------------------------
/* GRANT on schemas - once per database */
------------------------------------------

/* Viewer */
GRANT USAGE ON SCHEMA signalo_db TO signalo_viewer;
GRANT USAGE ON SCHEMA signalo_app TO signalo_viewer;

GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA signalo_db TO signalo_viewer;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA signalo_app TO signalo_viewer;

GRANT SELECT, REFERENCES, TRIGGER ON ALL TABLES IN SCHEMA signalo_db TO signalo_viewer;
GRANT SELECT, REFERENCES, TRIGGER ON ALL TABLES IN SCHEMA signalo_app TO signalo_viewer;

ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_db GRANT SELECT, REFERENCES, TRIGGER ON TABLES TO signalo_viewer;
ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_app GRANT SELECT, REFERENCES, TRIGGER ON TABLES TO signalo_viewer;


/* User */
GRANT ALL ON SCHEMA signalo_db TO signalo_user;
GRANT ALL ON ALL TABLES IN SCHEMA signalo_db TO signalo_user;
GRANT ALL ON ALL SEQUENCES IN SCHEMA signalo_db TO signalo_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_db GRANT ALL ON TABLES TO signalo_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_db GRANT ALL ON SEQUENCES TO signalo_user;

GRANT ALL ON SCHEMA signalo_app TO signalo_user;
GRANT ALL ON ALL TABLES IN SCHEMA signalo_app TO signalo_user;
GRANT ALL ON ALL SEQUENCES IN SCHEMA signalo_app TO signalo_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_app GRANT ALL ON TABLES TO signalo_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_app GRANT ALL ON SEQUENCES TO signalo_user;
7 changes: 7 additions & 0 deletions datamodel/setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,10 @@ if [[ $demo_data == True ]]; then
fi

${DIR}/app/create_app.py --pg_service ${PGSERVICE} --srid=${SRID}

if [[ $roles == True ]]; then
echo "*** setting roles"
# for now demo data is the test data
psql "service=${PGSERVICE}" -v ON_ERROR_STOP=1 -f ${DIR}/roles/create.sql
psql "service=${PGSERVICE}" -v ON_ERROR_STOP=1 -f ${DIR}/roles/setup.sql
fi
33 changes: 24 additions & 9 deletions scripts/run-docker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,25 @@ set -e
export $(grep -v '^#' .env | xargs)

BUILD=0
DEMO_DATA=0
DEMO_DATA=""
SIGNALO_PG_PORT=${SIGNALO_PG_PORT:-5432}

while getopts 'bdp:' opt; do
ROLES=""

show_help() {
echo "Usage: $(basename "$0") [OPTIONS]... [ARGUMENTS]..."
echo
echo "Description:"
echo " Build and run Docker container with SIGNALO application"
echo
echo "Options:"
echo " -h Display this help message and exit"
echo " -b Build Docker image"
echo " -d Load demo data"
echo " -r Create roles"
echo " -p Override PG port"
}

while getopts 'bdrp:h' opt; do
case "$opt" in
b)
echo "Rebuild docker image"
Expand All @@ -19,15 +34,17 @@ while getopts 'bdp:' opt; do

d)
echo "Load demo data"
DEMO_DATA=1
DEMO_DATA="-d"
;;

p)
echo "Overriding PG port to ${OPTARG}"
TWW_PG_PORT=${OPTARG}
;;


r)
echo "Setting up roles"
ROLES="-r"
;;
?|h)
echo "Usage: $(basename $0) [-bd] [-p PG_PORT]"
exit 1
Expand All @@ -43,6 +60,4 @@ fi
docker rm -f signalo || true
docker run -d -p ${SIGNALO_PG_PORT}:5432 -v $(pwd):/src --name signalo opengisch/signalo -c log_statement=all
docker exec signalo init_db.sh wait
if [[ $DEMO_DATA -eq 1 ]]; then
docker exec signalo init_db.sh build -d
fi
docker exec signalo init_db.sh build ${DEMO_DATA} ${ROLES}

0 comments on commit d57e902

Please sign in to comment.