Skip to content

Commit

Permalink
Merge pull request #203 from Greenstand/keycloak-ansible
Browse files Browse the repository at this point in the history
Keycloak deployment
  • Loading branch information
dadiorchen authored Nov 25, 2023
2 parents b84f56a + 64321c7 commit c1052c4
Show file tree
Hide file tree
Showing 36 changed files with 1,137 additions and 131 deletions.
9 changes: 9 additions & 0 deletions database-grants/terraform/README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
# Prerequisites

- Terraform 1.4.6 , please stick to this version for now, tested 1.6.x, it brings issue with the Dititalocean storage as backend


# How to set up terraform

Find your digitalocean spaces access key and secret key here: https://cloud.digitalocean.com/account/api/spaces?i=d79377
Expand Down Expand Up @@ -35,4 +40,8 @@ Apply:
terraform apply -var-file=dev.env.tfvars
```

# Troubleshooting

## Error: role or object does not exist

When applying a new schema/grant, sometimes error reports xxx does not exist. But if you run it again, it works. Known issue [here](https://github.com/Greenstand/treetracker-infrastructure/issues/201)
8 changes: 8 additions & 0 deletions database-grants/terraform/dev/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -81,3 +81,11 @@ module "keycloak_schema" {
postgresql = postgresql.treetracker
}
}


module "wallet_schema" {
source = "./schemas/wallet"
providers = {
postgresql = postgresql.treetracker
}
}
1 change: 1 addition & 0 deletions database-grants/terraform/dev/other
1 change: 1 addition & 0 deletions database-grants/terraform/dev/schemas/wallet
128 changes: 128 additions & 0 deletions database-grants/terraform/prod/extra/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
resource "postgresql_grant" "wallet-operator-schema" {
database = "treetracker"
role = "wallet_operator"
schema = "wallet"
object_type = "schema"
privileges = ["USAGE", "CREATE"]
}

resource "postgresql_grant" "wallet-operator-table" {
database = "treetracker"
role = "wallet_operator"
schema = "wallet"
object_type = "table"
privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
}

resource "postgresql_grant" "wallet-operator-seq" {
database = "treetracker"
role = "wallet_operator"
schema = "wallet"
object_type = "sequence"
privileges = ["USAGE", "SELECT"]

}

resource "postgresql_grant" "wallet-operator-schema-public" {
database = "treetracker"
role = "wallet_operator"
schema = "public"
object_type = "schema"
privileges = ["USAGE", "CREATE"]
}

resource "postgresql_grant" "wallet-operator-table-public" {
database = "treetracker"
role = "wallet_operator"
schema = "public"
object_type = "table"
privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
}


resource "postgresql_grant" "wallet-operator-seq-public" {
database = "treetracker"
role = "wallet_operator"
schema = "public"
object_type = "sequence"
privileges = ["USAGE", "SELECT"]

}


resource "postgresql_grant" "wallet-operator-schema-herbarium" {
database = "treetracker"
role = "wallet_operator"
schema = "herbarium"
object_type = "schema"
privileges = ["USAGE", "CREATE"]
}

resource "postgresql_grant" "wallet-operator-table-herbarium" {
database = "treetracker"
role = "wallet_operator"
schema = "herbarium"
object_type = "table"
privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
}


resource "postgresql_grant" "wallet-operator-seq-herbarium" {
database = "treetracker"
role = "wallet_operator"
schema = "herbarium"
object_type = "sequence"
privileges = ["USAGE", "SELECT"]
}


resource "postgresql_grant" "wallet-operator-schema-stakeholder" {
database = "treetracker"
role = "wallet_operator"
schema = "stakeholder"
object_type = "schema"
privileges = ["USAGE", "CREATE"]
}

resource "postgresql_grant" "wallet-operator-table-stakeholder" {
database = "treetracker"
role = "wallet_operator"
schema = "stakeholder"
object_type = "table"
privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
}


resource "postgresql_grant" "wallet-operator-seq-stakeholder" {
database = "treetracker"
role = "wallet_operator"
schema = "stakeholder"
object_type = "sequence"
privileges = ["USAGE", "SELECT"]
}


resource "postgresql_grant" "wallet-operator-schema-treetracker" {
database = "treetracker"
role = "wallet_operator"
schema = "treetracker"
object_type = "schema"
privileges = ["USAGE", "CREATE"]
}

resource "postgresql_grant" "wallet-operator-table-treetracker" {
database = "treetracker"
role = "wallet_operator"
schema = "treetracker"
object_type = "table"
privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
}


resource "postgresql_grant" "wallet-operator-seq-treetracker" {
database = "treetracker"
role = "wallet_operator"
schema = "treetracker"
object_type = "sequence"
privileges = ["USAGE", "SELECT"]
}
24 changes: 17 additions & 7 deletions database-grants/terraform/prod/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,6 @@ module "messaging_schema" {
}
}

module "query_schema" {
source = "./schemas/query"
providers = {
postgresql = postgresql.treetracker
}
}

module "stakeholder_schema" {
source = "./schemas/stakeholder"
providers = {
Expand All @@ -83,3 +76,20 @@ module "contracts_schema" {
postgresql = postgresql.treetracker
}
}

module "keycloak_schema" {
source = "./schemas/keycloak"
providers = {
postgresql = postgresql.treetracker
}
}

module "extra" {
source = "./extra"
providers = {
postgresql = postgresql.treetracker
}
depends_on = [
module.wallet_schema
]
}
4 changes: 2 additions & 2 deletions database-grants/terraform/prod/prod.env.tfvars
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
port = "1111"
host = "localhost"
port = "25060"
host = "treetracker-cluster-do-user-8540031-0.b.db.ondigitalocean.com"
37 changes: 5 additions & 32 deletions database-grants/terraform/prod/read-only-user.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,33 +11,6 @@ resource "postgresql_role" "readonlyuser_human" {
password = random_password.readonlyuser_password.result
}

resource "postgresql_grant" "readonlyyuser_select_field" {
provider = "postgresql.treetracker"
database = "treetracker"
role = "readonlyuser"
schema = "field"
object_type = "table"
privileges = ["SELECT"]
}

resource "postgresql_grant" "readonlyyuser_usage_field" {
provider = "postgresql.treetracker"
database = "treetracker"
role = "readonlyuser"
schema = "field"
object_type = "schema"
privileges = ["USAGE"]
}

resource "postgresql_grant" "readonlyyuser_sequence_field" {
provider = "postgresql.treetracker"
database = "treetracker"
role = "readonlyuser"
schema = "field"
object_type = "sequence"
privileges = ["SELECT"]
}

resource "postgresql_grant" "readonlyyuser_select_public" {
provider = "postgresql.treetracker"
database = "treetracker"
Expand Down Expand Up @@ -161,7 +134,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_treetracker" {
role = "readonlyuser"
schema = "treetracker"
object_type = "sequence"
privileges = ["SELECT"]
privileges = ["SELECT", "USAGE"]
}

resource "postgresql_grant" "readonlyyuser_usage_wallet" {
Expand All @@ -188,7 +161,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_wallet" {
role = "readonlyuser"
schema = "wallet"
object_type = "sequence"
privileges = ["SELECT"]
privileges = ["SELECT", "USAGE"]
}

resource "postgresql_grant" "readonlyyuser_usage_webmap" {
Expand All @@ -206,7 +179,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_webmap" {
role = "readonlyuser"
schema = "webmap"
object_type = "sequence"
privileges = ["SELECT"]
privileges = ["SELECT", "USAGE"]
}

resource "postgresql_grant" "readonlyyuser_usage_airflow" {
Expand Down Expand Up @@ -288,7 +261,7 @@ resource "postgresql_grant" "readonlyuser_sequence_earnings" {
role = "readonlyuser"
schema = "earnings"
object_type = "sequence"
privileges = ["SELECT"]
privileges = ["SELECT", "USAGE"]
}


Expand All @@ -311,7 +284,7 @@ resource "postgresql_default_privileges" "read_only_reporting_sequence" {

owner = "doadmin"
object_type = "sequence"
privileges = ["SELECT"]
privileges = ["SELECT", "USAGE"]
}

resource "postgresql_default_privileges" "read_only_reporting_tables" {
Expand Down
88 changes: 0 additions & 88 deletions database-grants/terraform/prod/schemas/query/main.tf

This file was deleted.

2 changes: 0 additions & 2 deletions database-grants/terraform/prod/schemas/wallet/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,3 @@ module "microservice_schema" {
source = "./../../modules/microservice_schema"
schema = "wallet"
}


Loading

0 comments on commit c1052c4

Please sign in to comment.