fix: use postgres application user (#717)

Signed-off-by: Kranium Gikos Mendoza <kraniumgikos.mendoza@iohk.io> Signed-off-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Signed-off-by: Milos Backonja <milos.backonja@iohk.io> Co-authored-by: Yurii Shynbuiev <yurii.shynbuiev@iohk.io> Co-authored-by: Milos Backonja <milos.backonja@iohk.io>
hyperledger · Sep 14, 2023 · 63403a5 · 63403a5
1 parent a79b4ab
commit 63403a5
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 8 deletions.
diff --git a/.gitmodules b/.gitmodules
diff --git a/infrastructure/charts/agent/templates/deployment.yaml b/infrastructure/charts/agent/templates/deployment.yaml
@@ -50,6 +50,18 @@ spec:
                 name: castor-admin.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
                 key: password
                 optional: false
+          - name: CASTOR_DB_APP_USER
+            valueFrom:
+              secretKeyRef:
+                name: castor-application-user.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
+                key: username
+                optional: false
+          - name: CASTOR_DB_APP_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: castor-application-user.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
+                key: password
+                optional: false
           - name: POLLUX_DB_HOST
             value: "{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.{{.Release.Namespace}}"
           - name: POLLUX_DB_PORT
@@ -68,6 +80,18 @@ spec:
                 name: pollux-admin.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
                 key: password
                 optional: false
+          - name: POLLUX_DB_APP_USER
+            valueFrom:
+              secretKeyRef:
+                name: pollux-application-user.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
+                key: username
+                optional: false
+          - name: POLLUX_DB_APP_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: pollux-application-user.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
+                key: password
+                optional: false
           - name: CONNECT_DB_HOST
             value: "{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.{{.Release.Namespace}}"
           - name: CONNECT_DB_PORT
@@ -86,6 +110,18 @@ spec:
                 name: connect-admin.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
                 key: password
                 optional: false
+          - name: CONNECT_DB_APP_USER
+            valueFrom:
+              secretKeyRef:
+                name: connect-application-user.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
+                key: username
+                optional: false
+          - name: CONNECT_DB_APP_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: connect-application-user.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
+                key: password
+                optional: false
           - name: AGENT_DB_HOST
             value: "{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.{{.Release.Namespace}}"
           - name: AGENT_DB_PORT
@@ -104,6 +140,18 @@ spec:
                 name: agent-admin.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
                 key: password
                 optional: false
+          - name: AGENT_DB_APP_USER
+            valueFrom:
+              secretKeyRef:
+                name: agent-application-user.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
+                key: username
+                optional: false
+          - name: AGENT_DB_APP_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: agent-application-user.{{ .Values.database.postgres.managingTeam }}-prism-agent-postgres-cluster.credentials.postgresql.acid.zalan.do
+                key: password
+                optional: false
           - name: DIDCOMM_SERVICE_URL
             value: "https://{{ index .Values.ingress.applicationUrls 0 }}/prism-agent/didcomm"
           - name: PRISM_NODE_HOST

diff --git a/infrastructure/charts/agent/templates/postgresql.yaml b/infrastructure/charts/agent/templates/postgresql.yaml
@@ -14,19 +14,23 @@ spec:
     castor-admin:
       - superuser
       - createdb
-    castor-application-user: []
+    castor-application-user:
+      - superuser
     pollux-admin:
       - superuser
       - createdb
-    pollux-application-user: []
+    pollux-application-user:
+      - superuser
     connect-admin:
       - superuser
       - createdb
-    connect-application-user: []
+    connect-application-user:
+      - superuser
     agent-admin:
       - superuser
       - createdb
-    agent-application-user: []
+    agent-application-user:
+      - superuser
   databases:
     castor: castor-admin
     pollux: pollux-admin

diff --git a/mercury/roots-id-mediator/didcomm-mediator b/mercury/roots-id-mediator/didcomm-mediator