|
| 1 | +-- This migration replicates initialization of the JORE4 main database in script scripts/ssh-to-bastion-host |
| 2 | +-- in azure-infra-jore4aks repository |
| 3 | + |
| 4 | +CREATE DATABASE xxx_db_jore4_main_name_xxx; |
| 5 | + |
| 6 | +\connect xxx_db_jore4_main_name_xxx; |
| 7 | + |
| 8 | + |
| 9 | +-------------------------- |
| 10 | +----- Create Schemas ----- |
| 11 | +-------------------------- |
| 12 | + |
| 13 | +CREATE SCHEMA IF NOT EXISTS network AUTHORIZATION xxx_db_hasura_username_xxx; |
| 14 | +CREATE SCHEMA IF NOT EXISTS stopregistry AUTHORIZATION xxx_db_tiamat_username_xxx; |
| 15 | +CREATE SCHEMA IF NOT EXISTS timetables AUTHORIZATION xxx_db_hasura_username_xxx; |
| 16 | +CREATE SCHEMA IF NOT EXISTS hdb_catalog AUTHORIZATION xxx_db_hasura_username_xxx; |
| 17 | + |
| 18 | +CREATE SCHEMA IF NOT EXISTS topology AUTHORIZATION xxx_db_tiamat_username_xxx; |
| 19 | + |
| 20 | + |
| 21 | +----------------------------- |
| 22 | +----- Create Extensions ----- |
| 23 | +----------------------------- |
| 24 | + |
| 25 | +-- Extensions are created in public schema so the extensions are found from the search path |
| 26 | +CREATE EXTENSION IF NOT EXISTS btree_gist WITH SCHEMA public; |
| 27 | +CREATE EXTENSION IF NOT EXISTS pg_trgm WITH SCHEMA public; |
| 28 | +CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA public; |
| 29 | +CREATE EXTENSION IF NOT EXISTS postgis WITH SCHEMA public; |
| 30 | +CREATE EXTENSION IF NOT EXISTS postgis_topology WITH SCHEMA topology; |
| 31 | + |
| 32 | + |
| 33 | +--------------------------------------- |
| 34 | +----- Configure Database Settings ----- |
| 35 | +--------------------------------------- |
| 36 | + |
| 37 | +-- Interval outputs by default are using the SQL format ('3 4:05:06'). Here we |
| 38 | +-- switch to ISO 8601 format ('P3DT4H5M6S'). |
| 39 | +ALTER DATABASE xxx_db_jore4_main_name_xxx SET intervalstyle = 'iso_8601'; |
| 40 | + |
| 41 | + |
| 42 | +-------------------------------------------------- |
| 43 | +----- Grant Database Level Access Privileges ----- |
| 44 | +-------------------------------------------------- |
| 45 | + |
| 46 | +GRANT CONNECT, CREATE ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_hasura_username_xxx; |
| 47 | +GRANT CONNECT, CREATE ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_tiamat_username_xxx; |
| 48 | + |
| 49 | +GRANT CONNECT ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_jore3importer_username_xxx; |
| 50 | +GRANT CONNECT ON DATABASE xxx_db_jore4_main_name_xxx TO xxx_db_timetables_api_username_xxx; |
| 51 | + |
| 52 | + |
| 53 | +------------------------------------------------------- |
| 54 | +----- Grant Network Schema Level Access Privileges ---- |
| 55 | +------------------------------------------------------- |
| 56 | + |
| 57 | +-- Grant required privileges to Hasura. |
| 58 | +GRANT ALL ON SCHEMA network TO xxx_db_hasura_username_xxx; |
| 59 | +GRANT SELECT ON ALL TABLES IN SCHEMA network TO xxx_db_hasura_username_xxx; |
| 60 | +GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA network TO xxx_db_hasura_username_xxx; |
| 61 | + |
| 62 | +-- Grant the JORE3-Importer role to access the schema and the objects and |
| 63 | +-- functions created by extensions. Other schema-specific privileges are granted |
| 64 | +-- in Hasura migrations. |
| 65 | +GRANT USAGE ON SCHEMA network TO xxx_db_jore3importer_username_xxx; |
| 66 | +GRANT SELECT ON ALL TABLES IN SCHEMA network TO xxx_db_jore3importer_username_xxx; |
| 67 | +GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA network TO xxx_db_jore3importer_username_xxx; |
| 68 | + |
| 69 | + |
| 70 | +------------------------------------------------------------- |
| 71 | +----- Grant Stop Registry Schema Level Access Privileges ---- |
| 72 | +------------------------------------------------------------- |
| 73 | + |
| 74 | +-- Tiamat |
| 75 | +GRANT ALL ON SCHEMA stopregistry TO xxx_db_tiamat_username_xxx; |
| 76 | +GRANT SELECT ON ALL TABLES IN SCHEMA stopregistry TO xxx_db_tiamat_username_xxx; |
| 77 | +GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA stopregistry TO xxx_db_tiamat_username_xxx; |
| 78 | + |
| 79 | +-- Hasura |
| 80 | +GRANT USAGE ON SCHEMA stopregistry TO xxx_db_hasura_username_xxx; |
| 81 | +GRANT SELECT ON ALL TABLES IN SCHEMA stopregistry TO xxx_db_hasura_username_xxx; |
| 82 | +ALTER DEFAULT PRIVILEGES FOR USER xxx_db_tiamat_username_xxx IN SCHEMA stopregistry GRANT SELECT ON TABLES TO xxx_db_hasura_username_xxx; |
| 83 | + |
| 84 | + |
| 85 | +-------------------------------------------------------- |
| 86 | +----- Grant Topology Schema Level Access Privileges ---- |
| 87 | +-------------------------------------------------------- |
| 88 | + |
| 89 | +-- See the beginning of the initial database migration in: |
| 90 | +-- https://github.com/entur/tiamat/blob/master/src/main/resources/db/migration/V1__Base_version.sql |
| 91 | +GRANT USAGE ON SCHEMA topology TO xxx_db_hasura_username_xxx; |
| 92 | +GRANT SELECT ON ALL TABLES IN SCHEMA topology TO xxx_db_hasura_username_xxx; |
| 93 | +ALTER DEFAULT PRIVILEGES FOR USER xxx_db_tiamat_username_xxx IN SCHEMA topology GRANT SELECT ON TABLES TO xxx_db_hasura_username_xxx; |
| 94 | + |
| 95 | + |
| 96 | +---------------------------------------------------------- |
| 97 | +----- Grant Timetables Schema Level Access Privileges ---- |
| 98 | +---------------------------------------------------------- |
| 99 | + |
| 100 | +GRANT ALL ON SCHEMA timetables TO xxx_db_hasura_username_xxx; |
| 101 | +GRANT SELECT ON ALL TABLES IN SCHEMA timetables TO xxx_db_hasura_username_xxx; |
| 102 | +GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA timetables TO xxx_db_hasura_username_xxx; |
| 103 | + |
| 104 | +-- Allow the timetables-api role to use timetables schema |
| 105 | +GRANT USAGE ON SCHEMA timetables TO xxx_db_timetables_api_username_xxx; |
| 106 | +GRANT SELECT ON ALL TABLES IN SCHEMA timetables TO xxx_db_timetables_api_username_xxx; |
| 107 | +GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA timetables TO xxx_db_timetables_api_username_xxx; |
0 commit comments