Updating make_request to help Data-Out API from EBI

EGA-archive · Nov 6, 2018 · 3328ae3 · 3328ae3
1 parent 84e8144
commit 3328ae3
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 83 deletions.
diff --git a/deploy/images/db/data-out-extensions.sql b/deploy/images/db/data-out-extensions.sql
diff --git a/deploy/images/db/download.sql b/deploy/images/db/download.sql
@@ -41,23 +41,40 @@ CREATE TABLE local_ega_download.main (
 );
 
 
+-- View on the vault files
+CREATE VIEW local_ega_download.files AS
+SELECT id,
+       stable_id,
+       vault_file_reference,
+       vault_file_type,
+       vault_file_size,
+       header,
+       vault_file_checksum,
+       vault_file_checksum_type
+FROM local_ega.main
+WHERE status = 'READY';
+
+
 -- Insert new request, and return some vault information
-CREATE TYPE request_type AS (req_id     INTEGER, -- local_ega_download.main.id%TYPE,
-                             file_id    INTEGER, -- local_ega.vault_files.id%TYPE,
-			     header     TEXT,    -- local_ega.vault_files.header%TYPE,
-			     vault_path TEXT,    -- local_ega.vault_files.vault_file_reference%TYPE,
-			     vault_type local_ega.storage);--local_ega.vault_files.vault_file_type%TYPE);
+CREATE TYPE request_type AS (req_id                    INTEGER,
+                             header                    TEXT,
+			     vault_path                TEXT,
+			     vault_type                local_ega.storage,
+			     file_size                 INTEGER,
+			     unencrypted_checksum      VARCHAR,
+			     unencrypted_checksum_type local_ega.checksum_algorithm);
+
 
 CREATE FUNCTION make_request(sid local_ega.main.stable_id%TYPE)
 RETURNS request_type AS $make_request$
 #variable_conflict use_column
 DECLARE
      req  local_ega_download.request_type;
-     vault_rec local_ega.vault_files%ROWTYPE;
+     vault_rec local_ega_download.files%ROWTYPE;
      rid  INTEGER;
 BEGIN
 
-     SELECT * INTO vault_rec FROM local_ega.vault_files WHERE stable_id = sid LIMIT 1;
+     SELECT * INTO vault_rec FROM local_ega_download.files WHERE stable_id = sid LIMIT 1;
 
      IF vault_rec IS NULL THEN
      	RAISE EXCEPTION 'Vault file not found for stable_id: % ', sid;
@@ -67,11 +84,13 @@ BEGIN
      VALUES (vault_rec.id, 'INIT')
      RETURNING local_ega_download.main.id INTO rid;
 
-     req.req_id     := rid;
-     req.file_id    := vault_rec.id;
-     req.header     := vault_rec.header;
-     req.vault_path := vault_rec.vault_file_reference;
-     req.vault_type := vault_rec.vault_file_type;
+     req.req_id                    := rid;
+     req.header                    := vault_rec.header;
+     req.vault_path                := vault_rec.vault_file_reference;
+     req.vault_type                := vault_rec.vault_file_type;
+     req.file_size                 := vault_rec.vault_file_size;
+     req.unencrypted_checksum      := vault_rec.vault_file_checksum;
+     req.unencrypted_checksum_type := vault_rec.vault_file_checksum_type;
      RETURN req;
 END;
 $make_request$ LANGUAGE plpgsql;

diff --git a/deploy/images/db/entrypoint.sh b/deploy/images/db/entrypoint.sh
@@ -11,25 +11,34 @@ if [ "$(id -u)" = '0' ]; then
     chown -R postgres /var/run/postgresql
     chmod 775 /var/run/postgresql
 
-    # Generating the SSL certificate + key
     mkdir -p /etc/ega
-    openssl req -x509 -newkey rsa:2048 \
-	    -keyout /etc/ega/pg.key -nodes \
-	    -out /etc/ega/pg.cert -sha256 \
-	    -days 1000 -subj ${SSL_SUBJ}
-    chown postgres:postgres /etc/ega/pg.{key,cert}
-    chmod 600 /etc/ega/pg.key
+    chgrp postgres /etc/ega
+    chmod 770 /etc/ega
 
     # Run again as 'postgres'
     exec gosu postgres "$BASH_SOURCE" "$@"
 fi
 
 # If already initiliazed, then run
-[ -s "$PGDATA/PG_VERSION" ] && exec postgres -c config_file=/etc/ega/pg.conf
+if [ -s "$PGDATA/PG_VERSION" ]; then
+    # Remove the secrets
+    #rm -f /run/secrets/db_lega_in
+    #rm -f /run/secrets/db_lega_out
+    # And..... cue music
+    exec postgres -c config_file=/etc/ega/pg.conf
+fi
+
+# Don't init if secrets not defined
+[[ ! -s "/run/secrets/db_lega_in" ]] && echo 'DB Lega-IN secret missing' 1>&2 && exit 1
+[[ ! -s "/run/secrets/db_lega_out" ]] && echo 'DB Lega-OUT secret missing' 1>&2 && exit 1
 
-# Don't init if env vars not defined
-[[ -z "${DB_LEGA_IN_PASSWORD}" ]] && echo 'Environment DB_LEGA_IN_PASSWORD is empty' 1>&2 && exit 1
-[[ -z "${DB_LEGA_OUT_PASSWORD}" ]] && echo 'Environment DB_LEGA_OUT_PASSWORD is empty' 1>&2 && exit 1
+# Generating the SSL certificate + key
+openssl req -x509 -newkey rsa:2048 \
+	    -keyout /etc/ega/pg.key -nodes \
+	    -out /etc/ega/pg.cert -sha256 \
+	    -days 1000 -subj ${SSL_SUBJ}
+chown postgres:postgres /etc/ega/pg.{key,cert}
+chmod 600 /etc/ega/pg.key
 
 # Otherwise, do initilization (as postgres user)
 initdb --username=postgres # no password: no authentication for postgres user
@@ -55,7 +64,6 @@ EOSQL
 DB_FILES=(/docker-entrypoint-initdb.d/main.sql
 	  /docker-entrypoint-initdb.d/download.sql
 	  /docker-entrypoint-initdb.d/qc.sql
-	  /docker-entrypoint-initdb.d/data-out-extensions.sql
 	  /docker-entrypoint-initdb.d/grants.sql)
 
 for f in ${DB_FILES[@]}; do # in order
@@ -66,12 +74,16 @@ for f in ${DB_FILES[@]}; do # in order
 done
 
 # Set password for lega_in and lega_out users
+echo "Password for lega-in:  -----$(</run/secrets/db_lega_in)-----"
+echo "Password for lega-out: -----$(</run/secrets/db_lega_out)-----"
 
+# Set password for lega_in and lega_out users
 psql -v ON_ERROR_STOP=1 --username postgres --no-password --dbname lega <<EOSQL
-     ALTER USER lega_in WITH PASSWORD '${DB_LEGA_IN_PASSWORD}';
-     ALTER USER lega_out WITH PASSWORD '${DB_LEGA_OUT_PASSWORD}';
+     ALTER USER lega_in WITH PASSWORD '$(</run/secrets/db_lega_in)';
+     ALTER USER lega_out WITH PASSWORD '$(</run/secrets/db_lega_out)';
 EOSQL
 
+
 # Stop the server
 pg_ctl -D "$PGDATA" -m fast -w stop
 
@@ -95,4 +107,8 @@ echo
 echo 'PostgreSQL init process complete; ready for start up.'
 echo
 
+# Remove the secrets
+#rm -f /run/secrets/db_lega_in
+#rm -f /run/secrets/db_lega_out
+# And..... cue music
 exec postgres -c config_file=/etc/ega/pg.conf
diff --git a/deploy/images/db/grants.sql b/deploy/images/db/grants.sql
@@ -16,10 +16,10 @@ CREATE USER lega_out;
 GRANT USAGE ON SCHEMA local_ega TO lega_in, lega_out;
 GRANT ALL PRIVILEGES ON ALL TABLES    IN SCHEMA local_ega TO lega_in; -- Read/Write access on local_ega.* for lega_in
 GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA local_ega TO lega_in; -- Don't forget the sequences
-GRANT SELECT ON local_ega.vault_files TO lega_out;                    -- Read-Only access for lega_out
-GRANT SELECT ON local_ega.ebi_files   TO lega_out;                    -- Used by EBI
 
 -- Set up rights access for audit schema
 GRANT USAGE ON SCHEMA local_ega_download TO lega_out;
 GRANT ALL PRIVILEGES ON ALL TABLES    IN SCHEMA local_ega_download TO lega_out; -- Read/Write on audit.* for lega_out
 GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA local_ega_download TO lega_out; -- Don't forget the sequences
+
+GRANT SELECT ON local_ega.main TO lega_out; -- Read-Only access for lega_out, through the view local_ega_download.files
diff --git a/deploy/images/db/main.sql b/deploy/images/db/main.sql
@@ -269,22 +269,6 @@ CREATE TRIGGER mark_ready
     EXECUTE PROCEDURE mark_ready();
 
 
-
-
--- ##########################################################################
---           For data-out
--- ##########################################################################
-
--- View on the vault files
-CREATE VIEW local_ega.vault_files AS
-SELECT id,
-       stable_id,
-       vault_file_reference,
-       vault_file_type,
-       header
-FROM local_ega.main
-WHERE status = 'READY';
-
 -- ##########################################################################
 --                   About the encryption
 -- ##########################################################################