add option to setup roles + online demo

opengisch · Nov 11, 2024 · b8adf16 · b8adf16
1 parent c0fe6f2
commit b8adf16
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 5 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -66,6 +66,13 @@ jobs:
         run: |
           docker push opengisch/signalo:unstable
 
+      - name: Deploy Demo DB
+        if: github.event_name != 'pull_request'
+        run: |
+            docker exec signalo pg_dump --format custom --exclude-schema=public --blobs --compress 5 --file signalo-testing-db-dump-with-demo.backup signalo
+            pg_restore --host=${DEMO_HOST} --username=signalo_admin --port=21699 --dbname=signalo_testing --exit-on-error --clean --if-exists --no-owner /Users/rouzauddenis/dev/signalo/signalo-testing-db-dump-with-demo.backup
+            psql --host=${DEMO_HOST} --username=signalo_admin --port=21699 --dbname=signalo_testing -v EXIT_ON_ERROR=on -f /Users/rouzauddenis/dev/signalo/datamodel/roles.sql
+
       - name: "failure logs"
         if: failure()
         run: |

diff --git a/datamodel/roles/create.sql b/datamodel/roles/create.sql
@@ -0,0 +1,5 @@
+
+CREATE ROLE signalo_viewer NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
+CREATE ROLE signalo_user NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
+
+GRANT signalo_viewer TO signalo_user;
diff --git a/datamodel/roles/setup.sql b/datamodel/roles/setup.sql
@@ -0,0 +1,30 @@
+------------------------------------------
+/* GRANT on schemas - once per database */
+------------------------------------------
+
+/* Viewer */
+GRANT USAGE ON SCHEMA signalo_db  TO signalo_viewer;
+GRANT USAGE ON SCHEMA signalo_app  TO signalo_viewer;
+
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA signalo_db  TO signalo_viewer;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA signalo_app TO signalo_viewer;
+
+GRANT SELECT, REFERENCES, TRIGGER ON ALL TABLES IN SCHEMA signalo_db  TO signalo_viewer;
+GRANT SELECT, REFERENCES, TRIGGER ON ALL TABLES IN SCHEMA signalo_app TO signalo_viewer;
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_db  GRANT SELECT, REFERENCES, TRIGGER ON TABLES TO signalo_viewer;
+ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_app GRANT SELECT, REFERENCES, TRIGGER ON TABLES TO signalo_viewer;
+
+
+/* User */
+GRANT ALL ON SCHEMA signalo_db TO signalo_user;
+GRANT ALL ON ALL TABLES IN SCHEMA signalo_db TO signalo_user;
+GRANT ALL ON ALL SEQUENCES IN SCHEMA signalo_db TO signalo_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_db GRANT ALL ON TABLES TO signalo_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_db GRANT ALL ON SEQUENCES TO signalo_user;
+
+GRANT ALL ON SCHEMA signalo_app TO signalo_user;
+GRANT ALL ON ALL TABLES IN SCHEMA signalo_app TO signalo_user;
+GRANT ALL ON ALL SEQUENCES IN SCHEMA signalo_app TO signalo_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_app GRANT ALL ON TABLES TO signalo_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA signalo_app GRANT ALL ON SEQUENCES TO signalo_user;
diff --git a/datamodel/setup.sh b/datamodel/setup.sh
@@ -94,3 +94,10 @@ if [[ $demo_data == True ]]; then
 fi
 
 ${DIR}/app/create_app.py --pg_service ${PGSERVICE} --srid=${SRID}
+
+if [[ $roles == True ]]; then
+  echo "*** setting roles"
+  # for now demo data is the test data
+  psql "service=${PGSERVICE}" -v ON_ERROR_STOP=1 -f ${DIR}/roles/create.sql
+  psql "service=${PGSERVICE}" -v ON_ERROR_STOP=1 -f ${DIR}/roles/setup.sql
+fi
diff --git a/scripts/run-docker.sh b/scripts/run-docker.sh
@@ -7,10 +7,47 @@ set -e
 export $(grep -v '^#' .env | xargs)
 
 BUILD=0
-DEMO_DATA=0
+DEMO_DATA=""
 SIGNALO_PG_PORT=${SIGNALO_PG_PORT:-5432}
+<<<<<<< Updated upstream
 
 while getopts 'bdp:' opt; do
+||||||| Stash base
+
+
+show_help() {
+    echo "Usage: $(basename "$0") [OPTIONS]... [ARGUMENTS]..."
+    echo
+    echo "Description:"
+    echo "  Build and run Docker container with SIGNALO application"
+    echo
+    echo "Options:"
+    echo "  -h      Display this help message and exit"
+    echo "  -b      Build Docker image"
+    echo "  -d      Load demo data"
+    echo "  -p      Override PG port"
+}
+
+while getopts 'bdp:h' opt; do
+=======
+ROLES=""
+
+show_help() {
+    echo "Usage: $(basename "$0") [OPTIONS]... [ARGUMENTS]..."
+    echo
+    echo "Description:"
+    echo "  Build and run Docker container with SIGNALO application"
+    echo
+    echo "Options:"
+    echo "  -h      Display this help message and exit"
+    echo "  -b      Build Docker image"
+    echo "  -d      Load demo data"
+    echo "  -r      Create roles"
+    echo "  -p      Override PG port"
+}
+
+while getopts 'bdrp:h' opt; do
+>>>>>>> Stashed changes
   case "$opt" in
     b)
       echo "Rebuild docker image"
@@ -19,15 +56,23 @@ while getopts 'bdp:' opt; do
 
     d)
       echo "Load demo data"
-      DEMO_DATA=1
+      DEMO_DATA="-d"
       ;;
 
     p)
       echo "Overriding PG port to ${OPTARG}"
       TWW_PG_PORT=${OPTARG}
       ;;
+<<<<<<< Updated upstream
 
 
+||||||| Stash base
+=======
+    r)
+      echo "Setting up roles"
+      ROLES="-r"
+      ;;
+>>>>>>> Stashed changes
     ?|h)
       echo "Usage: $(basename $0) [-bd] [-p PG_PORT]"
       exit 1
@@ -43,6 +88,4 @@ fi
 docker rm -f signalo || true
 docker run -d -p ${SIGNALO_PG_PORT}:5432 -v $(pwd):/src --name signalo opengisch/signalo -c log_statement=all
 docker exec signalo init_db.sh wait
-if [[ $DEMO_DATA -eq 1 ]]; then
-  docker exec signalo init_db.sh build -d
-fi
+docker exec signalo init_db.sh build ${DEMO_DATA} ${ROLES}