DBM
DataBase Management. Provides initialization of our "standard" db users and common tables.
ENV
Several DB connection urls are used in initialization
export DATABASE_URL_DBA=postgresql://postgres@$DBHOST:$DBPORT/
export DATABASE_URL_DDL=postgresql://${PROJECT_NAME}_ddl@$DBHOST:$DBPORT/$PROJECT_NAME
export DATABASE_URL_CONFIG=postgresql://${PROJECT_NAME}_config@$DBHOST:$DBPORT/$PROJECT_NAME
Passwords as set via:
export DATABASE_DDL_PASSWORD=
export DATABASE_CONFIG_PASSWORD=
export DATABASE_DELETE_PASSWORD=
export DATABASE_WRITE_PASSWORD=
export DATABASE_READ_PASSWORD=
db-config
Additional DB connection urls are provided via the db-config
:
postgresql://${PROJECT_NAME}_read@$DBHOST:$DBPORT/$PROJECT_NAME
postgresql://${PROJECT_NAME}_write@$DBHOST:$DBPORT/$PROJECT_NAME
postgresql://${PROJECT_NAME}_delete@$DBHOST:$DBPORT/$PROJECT_NAME
Note about SSL
When using ssl use both sslmode=required
and ssl=true
in the connection arguments as different drivers use
on or the other.
Scripts
db-init
(and db-init-*
)
db-init
initializes the database (assumes it exists and is empty). This is done by running db-init-dba
,
db-init-ddl
, db-init-config
and loading ./data/seed.sql
using the ddl
user. Note: the ddl
user can
only create or alter tables in the data
schema and add functions in the func
schema; extensions must be
loaded by the dba
user when the database is created.
db-init-dba
creates 5 users, ddl
for running seed and db migrations, config
for accessing the config
table, read
, write
, and delete
for the application to use as appropriate. The applications users
cannot alter schema.
db-snapshot
Produce a snapshot of the db in ./data/snaphosts
.
db-restore-last
(not done yet) will eventually restore the last snapshot taken.
db-new-migration description
Creates an empty sql file in ./data/migrations
named date_time_description
. Edit this file with SQL for
the ddl user to apply.
db-up
Applies migrations from ./data/migrations
in date/time order that haven't already been applied.
Use DRY_RUN=1 yarn db-up
to apply and rollback the migration. Eventually the intent is to use db-snapshot
,
db-up
, and db-restore-last
to develop migrations (and avoid having to write "down" migrations).
Baseline Schema
All tables use tuids
for ids or are single-data tables for enforcing set membership.
DBM provides the tables:
-
config
: dynamic configuration data -
users
: to track users of the system -
user_emails
: used for mapping oauth based login to users -
sessions
: used to track session (including anonymous users) -
_data_migrations
: used to track applied migrations -
permissions
: valid permission names in the system -
permission_groups
: valid permission group names in the system -
user_permissions
: what permissions a user has -
user_permission_groups
: what permission groups a user has -
permissions_permission_groups
: what permissions a permission group has
In general these tables are not directly accessed (the exception, currently, is adding and granting permissions), and instead the library code is used.
Library Code
db-provider
Intended for use by the application, resolves to three dbPromise
instances, one for each read
, write
,
and delete
. Ensure that all actions that need to see modifications are wrapped in a tx
as these
will create overlapped connections to the db when used.
db-config
Resolves to the current dynamic configuration as read from the config
table. This is cached for 1
minute internally.
db-session
Manages sessions. Default is 1 hour expiry. Used mainly by the middleware in serf
db-user
Manages users. Used mainly by the middleware in serf
db-permissions
Manages getting the permissions for user. Used mainly by the middleware in serf