Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: #1007 new fam app admin model #1029

Merged
merged 7 commits into from
Nov 10, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docker-base-services.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ services:
- FLYWAY_BASELINE_ON_MIGRATE=true
- FLYWAY_PLACEHOLDERS_api_db_username=fam_proxy_api
- FLYWAY_PLACEHOLDERS_api_db_password=test
- FLYWAY_PLACEHOLDERS_admin_management_api_db_user=fam_proxy_admin_management_api
ianliuwk1019 marked this conversation as resolved.
Show resolved Hide resolved
- FLYWAY_PLACEHOLDERS_admin_management_api_db_password=test
- FLYWAY_PLACEHOLDERS_client_id_fom_public="nolongerinuse1"
- FLYWAY_PLACEHOLDERS_client_id_fom_ministry="nolongerinuse2"
- FLYWAY_PLACEHOLDERS_client_id_fam_console=26tltjjfe7ktm4bte7av998d78
Expand Down
2 changes: 2 additions & 0 deletions infrastructure/server/flyway.tf
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,8 @@ data "aws_lambda_invocation" "invoke_flyway_migration" {
"api_db_password" : "md5${md5(join("", [local.flyway_db_creds.password, local.flyway_db_creds.username]))}",
"auth_lambda_db_user" : "${local.flyway_db_auth_creds.username}",
"auth_lambda_db_password" : "md5${md5(join("", [local.flyway_db_auth_creds.password, local.flyway_db_auth_creds.username]))}",
"admin_management_api_db_user" : "fam_proxy_admin_management_api",
"admin_management_api_db_password" : "not_real_pwd_to_be_replaced",
"client_id_fam_console" : "${aws_cognito_user_pool_client.fam_console_oidc_client.id}",
"client_id_fom_public" : "nolongerinuse1",
"client_id_fom_ministry" : "nolongerinuse2",
Expand Down
83 changes: 83 additions & 0 deletions server/backend/api/app/models/model.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,10 @@ class FamApplication(Base):
"FamApplicationClient", back_populates="application"
)
fam_role = relationship("FamRole", back_populates="application")
fam_application_admin = relationship(
"FamApplicationAdmin",
back_populates="application"
)
__table_args__ = (
PrimaryKeyConstraint("application_id", name="fam_app_pk"),
UniqueConstraint("application_name", name="fam_app_name_uk"),
Expand All @@ -87,6 +91,82 @@ def __repr__(self):
return f'FamApplication({self.application_id}, {self.application_name}, {self.app_environment})'


class FamApplicationAdmin(Base):
__tablename__ = "fam_application_admin"
__table_args__ = (
PrimaryKeyConstraint("application_admin_id", name="fam_app_admin_pk"),
ForeignKeyConstraint(
["application_id"],
["app_fam.fam_application.application_id"],
name="reffam_application_admin_application"
),
ForeignKeyConstraint(
["user_id"],
["app_fam.fam_user.user_id"],
name="reffam_application_admin_user"
),
{
"comment": "Application Admin is a cross-reference object that " +
"allows for the identification of who are the " +
"administrators(User) for an Application, as well as which " +
" Applications the User can administer.",
'schema': 'app_fam'
}
)
application_admin_id = Column(
BigInteger,
Identity(
start=1,
increment=1,
minvalue=1,
maxvalue=9223372036854775807,
cycle=False,
cache=1
),
primary_key=True,
comment="Automatically generated key used to identify the " +
"uniqueness of a User administers the Application."
)
user_id = Column(
BigInteger,
nullable=False,
index=True,
comment="Unique ID to reference and identify the user within FAM system."
)
application_id = Column(
BigInteger,
comment="Unique ID to reference and identify the application within " +
"FAM system.",
)
create_user = Column(
String(30),
nullable=False,
comment="The user or proxy account that created the record.",
)
create_date = Column(
TIMESTAMP(timezone=True, precision=6),
nullable=False,
default=datetime.datetime.utcnow,
comment="The date and time the record was created.",
)
update_user = Column(
String(30),
comment="The user or proxy account that created or last updated the "
+ "record. ",
)
update_date = Column(
TIMESTAMP(timezone=True, precision=6),
onupdate=datetime.datetime.utcnow,
comment="The date and time the record was created or last updated.",
)
application = relationship(
"FamApplication", back_populates="fam_application_admin", lazy="joined"
)
user = relationship(
"FamUser", back_populates="fam_application_admin", lazy="joined"
)


class FamForestClient(Base):
__tablename__ = "fam_forest_client"
__table_args__ = (
Expand Down Expand Up @@ -238,6 +318,9 @@ class FamUser(Base):

fam_user_role_xref = relationship("FamUserRoleXref", back_populates="user")
user_type_relation = relationship("FamUserType", backref="user_relation", lazy="joined")
fam_application_admin = relationship(
"FamApplicationAdmin", back_populates="user"
)

__table_args__ = (
PrimaryKeyConstraint("user_id", name="fam_usr_pk"),
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
-- Create fam_application_admin table
CREATE TABLE IF NOT EXISTS app_fam.fam_application_admin
(
application_admin_id bigint GENERATED BY DEFAULT AS IDENTITY (START WITH 1 INCREMENT BY 1),
user_id bigint NOT NULL,
application_id bigint NOT NULL,
create_user varchar(30) NOT NULL,
create_date timestamp(6) DEFAULT CURRENT_DATE NOT NULL,
update_user varchar(30),
update_date timestamp(6) DEFAULT CURRENT_DATE
);

-- Add table/column comments
COMMENT ON TABLE app_fam.fam_application_admin IS 'Application Admin is a cross-reference object that allows for the identification of who are the administrators(User) for an Application, as well as which Applications the User can administer.'
;
COMMENT ON COLUMN app_fam.fam_application_admin.application_admin_id IS 'Automatically generated key used to identify the uniqueness of a User administers the Application.'
;
COMMENT ON COLUMN app_fam.fam_application_admin.user_id IS 'Unique ID to reference and identify the user within FAM system.'
;
COMMENT ON COLUMN app_fam.fam_application_admin.application_id IS 'Unique ID to reference and identify the application within FAM system.'
;
COMMENT ON COLUMN app_fam.fam_application_admin.create_user IS 'The user or proxy account that created the record.'
;
COMMENT ON COLUMN app_fam.fam_application_admin.create_date IS 'The date and time the record was created.'
;
COMMENT ON COLUMN app_fam.fam_application_admin.update_user IS 'The user or proxy account that created or last updated the record.'
;
COMMENT ON COLUMN app_fam.fam_application_admin.update_date IS 'The date and time the record was created or last updated.'
;

-- Create index
CREATE INDEX ix_app_fam_fam_application_admin_user_id ON app_fam.fam_application_admin (user_id)
;
CREATE INDEX ix_app_fam_fam_application_admin_application_id ON app_fam.fam_application_admin (application_id)
;

-- Add constraints
ALTER TABLE app_fam.fam_application_admin ADD CONSTRAINT fam_app_admin_pk PRIMARY KEY (application_admin_id)
;
ALTER TABLE app_fam.fam_application_admin ADD CONSTRAINT Reffam_application_admin_application
FOREIGN KEY (application_id)
REFERENCES app_fam.fam_application(application_id)
;
ALTER TABLE app_fam.fam_application_admin ADD CONSTRAINT Reffam_application_admin_user
FOREIGN KEY (user_id)
REFERENCES app_fam.fam_user(user_id)
;

-- Add proxy user and grant privileges
CREATE USER ${admin_management_api_db_user} WITH NOSUPERUSER NOCREATEDB NOCREATEROLE PASSWORD '${admin_management_api_db_password}'
;
GRANT USAGE ON SCHEMA app_fam TO ${admin_management_api_db_user}
;
-- -- on 'fam_application_admin' table
GRANT SELECT, UPDATE, DELETE, INSERT ON app_fam.fam_application_admin TO ${admin_management_api_db_user}
;
-- -- on 'fam_application' and 'fam_user' tables for new api proxy user.
GRANT SELECT, UPDATE, DELETE, INSERT ON app_fam.fam_application TO ${admin_management_api_db_user}
;
GRANT SELECT, UPDATE, DELETE, INSERT ON app_fam.fam_user TO ${admin_management_api_db_user}
;