Split the SQL initialisation into multiple files.

This way, it is easier to track in version control what changes will occur in
roles and different databases when we update the version of the PostgreSQL
server.

Author: jarkkoka

azuredbmock/00-initialize.sql

@@ -8,7 +8,7 @@ ENV LANG fi_FI.utf8
 # download script for reading docker secrets
 ADD https://raw.githubusercontent.com/HSLdevcom/jore4-tools/main/docker/read-secrets.sh /jore4/scripts/read-secrets.sh
 
-COPY 00-initialize.sql /jore4/migrations/00-initialize.sql
+COPY migrations/ /jore4/migrations/
 COPY replace-placeholders-in-sql-schema-migrations.sh /jore4/scripts/replace-placeholders-in-sql-schema-migrations.sh
 
 COPY docker-entrypoint.sh /jore4/scripts/

azuredbmock/Dockerfile

@@ -0,0 +1,14 @@
+-- These database roles are also created in the azure-infra-jore4aks (Azure
+-- DevOps) repository.
+CREATE USER xxx_db_auth_username_xxx PASSWORD 'xxx_db_auth_password_xxx';
+CREATE USER xxx_db_jore3importer_username_xxx PASSWORD 'xxx_db_jore3importer_password_xxx';
+CREATE USER xxx_db_hasura_username_xxx PASSWORD 'xxx_db_hasura_password_xxx';
+CREATE USER xxx_db_tiamat_username_xxx PASSWORD 'xxx_db_tiamat_password_xxx';
+CREATE USER xxx_db_timetables_api_username_xxx PASSWORD 'xxx_db_timetables_api_password_xxx';
+
+-- Make the hasura role a member of jore3importer role because both roles must
+-- have ownership of tables and sequences in the default database (network and
+-- routes) since both are responsible for populating and truncating tables in
+-- the aforementioned database. In particular, sequence reset requires an
+-- ownership and cannot be granted as a privilege.
+GRANT xxx_db_jore3importer_username_xxx TO xxx_db_hasura_username_xxx;

azuredbmock/migrations/01-create-roles.sql

@@ -0,0 +1,10 @@
+-- Create the extensions used, see https://hasura.io/docs/latest/graphql/core/deployment/postgres-requirements.html
+-- Create the extensions in the public schema, since we'd need to give additional privileges ("use schema") to any
+-- user who wishes to use these in the future. Also, Hasura would require additional setup to be able to use the
+-- extensions from another schema.
+CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA public;
+CREATE EXTENSION IF NOT EXISTS postgis WITH SCHEMA public;
+CREATE EXTENSION IF NOT EXISTS btree_gist WITH SCHEMA public;
+
+-- Allow Hasura to create new schemas.
+GRANT CREATE ON DATABASE xxx_db_hasura_name_xxx TO xxx_db_hasura_username_xxx;

azuredbmock/migrations/02-create-network-database.sql

@@ -0,0 +1,3 @@
+-- Create database and give ALL privileges to the auth user.
+CREATE DATABASE xxx_db_auth_name_xxx;
+GRANT ALL ON DATABASE xxx_db_auth_name_xxx TO xxx_db_auth_username_xxx;

azuredbmock/migrations/03-create-auth-database.sql

@@ -0,0 +1,3 @@
+-- Create database and give ALL privileges to the jore3importer user.
+CREATE DATABASE xxx_db_jore3importer_name_xxx;
+GRANT ALL ON DATABASE xxx_db_jore3importer_name_xxx TO xxx_db_jore3importer_username_xxx;

azuredbmock/migrations/04-create-jore3importer-database.sql

@@ -0,0 +1,13 @@
+-- Create database and allow Hasura to create new schemas in it.
+CREATE DATABASE xxx_db_timetables_name_xxx;
+GRANT CREATE ON DATABASE xxx_db_timetables_name_xxx TO xxx_db_hasura_username_xxx;
+
+-- Interval outputs by default are using the sql format ('3 4:05:06'). Here we
+-- are switching to ISO 8601 format ('P3DT4H5M6S').
+ALTER DATABASE xxx_db_timetables_name_xxx SET intervalstyle = 'iso_8601';
+
+-- Switch database context to be able to add extensions there.
+\connect xxx_db_timetables_name_xxx;
+
+CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA public;
+CREATE EXTENSION IF NOT EXISTS btree_gist WITH SCHEMA public;

azuredbmock/migrations/05-create-timetables-database.sql

@@ -0,0 +1,27 @@
+-- Create database and give ALL privileges to Tiamat in it.
+CREATE DATABASE xxx_db_tiamat_name_xxx;
+GRANT ALL ON DATABASE xxx_db_tiamat_name_xxx TO xxx_db_tiamat_username_xxx;
+
+-- Switch database context to initialise it to the state where Tiamat can use
+-- it.
+\connect xxx_db_tiamat_name_xxx;
+
+CREATE EXTENSION IF NOT EXISTS pg_trgm WITH SCHEMA public;
+CREATE EXTENSION IF NOT EXISTS postgis WITH SCHEMA public;
+
+CREATE SCHEMA IF NOT EXISTS topology AUTHORIZATION xxx_db_tiamat_username_xxx;
+CREATE EXTENSION IF NOT EXISTS postgis_topology WITH SCHEMA topology;
+-- The postgis_topology creates two tables.
+ALTER TABLE topology.layer OWNER TO xxx_db_tiamat_username_xxx;
+ALTER TABLE topology.topology OWNER TO xxx_db_tiamat_username_xxx;
+
+-- Grant Hasura read permissions to the stop registry database.
+GRANT CONNECT ON DATABASE xxx_db_tiamat_name_xxx TO xxx_db_hasura_username_xxx;
+
+GRANT USAGE ON SCHEMA public TO xxx_db_hasura_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO xxx_db_hasura_username_xxx;
+ALTER DEFAULT PRIVILEGES FOR USER xxx_db_tiamat_username_xxx IN SCHEMA public GRANT SELECT ON TABLES TO xxx_db_hasura_username_xxx;
+
+GRANT USAGE ON SCHEMA topology TO xxx_db_hasura_username_xxx;
+GRANT SELECT ON ALL TABLES IN SCHEMA topology TO xxx_db_hasura_username_xxx;
+ALTER DEFAULT PRIVILEGES FOR USER xxx_db_tiamat_username_xxx IN SCHEMA topology GRANT SELECT ON TABLES TO xxx_db_hasura_username_xxx;