feat: #1007 new fam app admin model

docker-base-services.yml

@@ -38,6 +38,8 @@ services:
       - FLYWAY_BASELINE_ON_MIGRATE=true
       - FLYWAY_PLACEHOLDERS_api_db_username=fam_proxy_api
       - FLYWAY_PLACEHOLDERS_api_db_password=test
+      - FLYWAY_PLACEHOLDERS_admin_api_db_user=fam_proxy_admin_api
+      - FLYWAY_PLACEHOLDERS_admin_api_db_password=ojkr97y663kvqcwlm8hyvf8dalxd
       - FLYWAY_PLACEHOLDERS_client_id_fom_public="nolongerinuse1"
       - FLYWAY_PLACEHOLDERS_client_id_fom_ministry="nolongerinuse2"
       - FLYWAY_PLACEHOLDERS_client_id_fam_console=26tltjjfe7ktm4bte7av998d78

infrastructure/server/flyway.tf

@@ -231,6 +231,8 @@ data "aws_lambda_invocation" "invoke_flyway_migration" {
           "api_db_password" : "md5${md5(join("", [local.flyway_db_creds.password, local.flyway_db_creds.username]))}",
           "auth_lambda_db_user" : "${local.flyway_db_auth_creds.username}",
           "auth_lambda_db_password" : "md5${md5(join("", [local.flyway_db_auth_creds.password, local.flyway_db_auth_creds.username]))}",
+          "admin_api_db_username" : "fam_proxy_admin_api",
+          "admin_api_db_password" : "ojkr97y663kvqcwlm8hyvf8dalxd",
           "client_id_fam_console" : "${aws_cognito_user_pool_client.fam_console_oidc_client.id}",
           "client_id_fom_public" : "nolongerinuse1",
           "client_id_fom_ministry" : "nolongerinuse2",

server/backend/api/app/models/model.py

@@ -67,6 +67,10 @@ class FamApplication(Base):
         "FamApplicationClient", back_populates="application"
     )
     fam_role = relationship("FamRole", back_populates="application")
+    fam_application_admin = relationship(
+        "FamApplicationAdmin",
+        back_populates="application"
+    )
     __table_args__ = (
         PrimaryKeyConstraint("application_id", name="fam_app_pk"),
         UniqueConstraint("application_name", name="fam_app_name_uk"),
@@ -87,6 +91,82 @@ def __repr__(self):
         return f'FamApplication({self.application_id}, {self.application_name}, {self.app_environment})'
 
 
+class FamApplicationAdmin(Base):
+    __tablename__ = "fam_application_admin"
+    __table_args__ = (
+        PrimaryKeyConstraint("application_admin_id", name="fam_app_admin_pk"),
+        ForeignKeyConstraint(
+            ["application_id"],
+            ["app_fam.fam_application.application_id"],
+            name="reffam_application_admin_application"
+        ),
+        ForeignKeyConstraint(
+            ["user_id"],
+            ["app_fam.fam_user.user_id"],
+            name="reffam_application_admin_user"
+        ),
+        {
+            "comment": "Application Admin is a cross-reference object that " +
+            "allows for the identification of who are the " +
+            "administrators(User) for an Application, as well as which " +
+            " Applications the User can administer.",
+            'schema': 'app_fam'
+        }
+    )
+    application_admin_id = Column(
+        BigInteger,
+        Identity(
+            start=1,
+            increment=1,
+            minvalue=1,
+            maxvalue=9223372036854775807,
+            cycle=False,
+            cache=1
+        ),
+        primary_key=True,
+        comment="Automatically generated key used to identify the " +
+        "uniqueness of a User administers the Application."
+    )
+    user_id = Column(
+        BigInteger,
+        nullable=False,
+        index=True,
+        comment="Unique ID to reference and identify the user within FAM system."
+    )
+    application_id = Column(
+        BigInteger,
+        comment="Unique ID to reference and identify the application within " +
+        "FAM system.",
+    )
+    create_user = Column(
+        String(30),
+        nullable=False,
+        comment="The user or proxy account that created the record.",
+    )
+    create_date = Column(
+        TIMESTAMP(timezone=True, precision=6),
+        nullable=False,
+        default=datetime.datetime.utcnow,
+        comment="The date and time the record was created.",
+    )
+    update_user = Column(
+        String(30),
+        comment="The user or proxy account that created or last updated the "
+        + "record. ",
+    )
+    update_date = Column(
+        TIMESTAMP(timezone=True, precision=6),
+        onupdate=datetime.datetime.utcnow,
+        comment="The date and time the record was created or last updated.",
+    )
+    application = relationship(
+        "FamApplication", back_populates="fam_application_admin", lazy="joined"
+    )
+    user = relationship(
+        "FamUser", back_populates="fam_application_admin", lazy="joined"
+    )
+
+
 class FamForestClient(Base):
     __tablename__ = "fam_forest_client"
     __table_args__ = (
@@ -238,6 +318,9 @@ class FamUser(Base):
 
     fam_user_role_xref = relationship("FamUserRoleXref", back_populates="user")
     user_type_relation = relationship("FamUserType", backref="user_relation", lazy="joined")
+    fam_application_admin = relationship(
+        "FamApplicationAdmin", back_populates="user"
+    )
 
     __table_args__ = (
         PrimaryKeyConstraint("user_id", name="fam_usr_pk"),

server/flyway/sql/V32__add_application_admin_table_and_proxy_user.sql

@@ -0,0 +1,62 @@
+-- Create fam_application_admin table
+CREATE TABLE IF NOT EXISTS app_fam.fam_application_admin
+(
+    application_admin_id        bigint          GENERATED BY DEFAULT AS IDENTITY (START WITH 1 INCREMENT BY 1),
+    user_id                     bigint          NOT NULL,
+    application_id              bigint          NOT NULL,
+    create_user                 varchar(30)     NOT NULL,
+    create_date                 timestamp(6)    DEFAULT CURRENT_DATE NOT NULL,
+    update_user                 varchar(30),
+    update_date                 timestamp(6)    DEFAULT CURRENT_DATE
+);
+
+-- Add table/column comments
+COMMENT ON TABLE app_fam.fam_application_admin IS 'Application Admin is a cross-reference object that allows for the identification of who are the administrators(User) for an Application, as well as which Applications the User can administer.'
+;
+COMMENT ON COLUMN app_fam.fam_application_admin.application_admin_id IS 'Automatically generated key used to identify the uniqueness of a User administers the Application.'
+;
+COMMENT ON COLUMN app_fam.fam_application_admin.user_id IS 'Unique ID to reference and identify the user within FAM system.'
+;
+COMMENT ON COLUMN app_fam.fam_application_admin.application_id IS 'Unique ID to reference and identify the application within FAM system.'
+;
+COMMENT ON COLUMN app_fam.fam_application_admin.create_user IS 'The user or proxy account that created the record.'
+;
+COMMENT ON COLUMN app_fam.fam_application_admin.create_date IS 'The date and time the record was created.'
+;
+COMMENT ON COLUMN app_fam.fam_application_admin.update_user IS 'The user or proxy account that created or last updated the record.'
+;
+COMMENT ON COLUMN app_fam.fam_application_admin.update_date IS 'The date and time the record was created or last updated.'
+;
+
+-- Create index
+CREATE INDEX ix_app_fam_fam_application_admin_user_id ON app_fam.fam_application_admin (user_id)
+;
+CREATE INDEX ix_app_fam_fam_application_admin_application_id ON app_fam.fam_application_admin (application_id)
+;
+
+-- Add constraints
+ALTER TABLE app_fam.fam_application_admin ADD CONSTRAINT fam_app_admin_pk PRIMARY KEY (application_admin_id)
+;
+ALTER TABLE app_fam.fam_application_admin ADD CONSTRAINT Reffam_application_admin_application
+    FOREIGN KEY (application_id)
+    REFERENCES app_fam.fam_application(application_id)
+;
+ALTER TABLE app_fam.fam_application_admin ADD CONSTRAINT Reffam_application_admin_user
+    FOREIGN KEY (user_id)
+    REFERENCES app_fam.fam_user(user_id)
+;
+
+-- Add proxy user and grant privileges
+CREATE USER ${admin_api_db_user} WITH NOSUPERUSER NOCREATEDB NOCREATEROLE PASSWORD '${admin_api_db_password}'
+;
+GRANT USAGE ON SCHEMA app_fam TO ${admin_api_db_user}
+;
+-- -- on 'fam_application_admin' table
+GRANT SELECT, UPDATE, DELETE, INSERT ON app_fam.fam_application_admin TO ${admin_api_db_user}
+;
+-- -- on 'fam_application' and 'fam_user' tables for ${admin_api_db_user} user.
+GRANT SELECT, UPDATE, DELETE, INSERT ON app_fam.fam_application TO ${admin_api_db_user}
+;
+GRANT SELECT, UPDATE, DELETE, INSERT ON app_fam.fam_user TO ${admin_api_db_user}
+;
+