From 9d90c6cc6e428c2d0bdfb29a99164ae7cb5f4517 Mon Sep 17 00:00:00 2001
From: Chris Cannon <chris.cannon@crowdstrike.com>
Date: Mon, 4 Dec 2023 16:40:09 -0500
Subject: [PATCH 1/2] adds db schema to configuration

---
 cmd/api/README.md               |  1 +
 cmd/api/main.go                 | 28 ++++++++++++++--------------
 config/base/env/config          |  1 +
 docs/external-database.md       |  5 ++++-
 pkg/api/server/config/config.go |  1 +
 test/e2e/gcs-emulator.yaml      |  1 +
 6 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/cmd/api/README.md b/cmd/api/README.md
index 845771bfd..4fb0b71e8 100644
--- a/cmd/api/README.md
+++ b/cmd/api/README.md
@@ -8,6 +8,7 @@
 | DB_PASSWORD              | Postgres Database Password                                                                                                        | hunter2                                      |
 | DB_HOST                  | Postgres Database host                                                                                                            | /cloudsql/my-project:us-east1:tekton-results |
 | DB_NAME                  | Postgres Database name                                                                                                            | tekton_results                               |
+| DB_SCHEMA                | Postgres Table schema                                                                                                             | public                                       |
 | DB_SSLMODE               | Database SSL mode                                                                                                                 | verify-full                                  |
 | DB_SSLROOTCERT           | Path to CA cert used to validate Database cert                                                                                    | /etc/tls/db/ca.crt                           |
 | DB_ENABLE_AUTO_MIGRATION | Auto-migrate the database on startup (create/update schemas). For further details, refer to <https://gorm.io/docs/migration.html> | true (default)                               |
diff --git a/cmd/api/main.go b/cmd/api/main.go
index 3c0e78213..bb45a6ab3 100644
--- a/cmd/api/main.go
+++ b/cmd/api/main.go
@@ -25,19 +25,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/tektoncd/results/pkg/api/server/v1alpha2/auth/impersonation"
-	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/h2c"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/credentials/insecure"
-	"google.golang.org/grpc/status"
-
-	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/rest"
-
-	"go.uber.org/zap"
-	"go.uber.org/zap/zapcore"
-
 	"github.com/golang-jwt/jwt/v4"
 	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
@@ -52,17 +39,28 @@ import (
 	"github.com/tektoncd/results/pkg/api/server/logger"
 	v1alpha2 "github.com/tektoncd/results/pkg/api/server/v1alpha2"
 	"github.com/tektoncd/results/pkg/api/server/v1alpha2/auth"
+	"github.com/tektoncd/results/pkg/api/server/v1alpha2/auth/impersonation"
 	v1alpha2pb "github.com/tektoncd/results/proto/v1alpha2/results_go_proto"
 	_ "go.uber.org/automaxprocs"
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/health"
 	healthpb "google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/grpc/reflection"
+	"google.golang.org/grpc/status"
 	"gorm.io/driver/postgres"
 	"gorm.io/gorm"
 	gormlogger "gorm.io/gorm/logger"
+	"gorm.io/gorm/schema"
 	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 )
 
 func main() {
@@ -100,7 +98,9 @@ func main() {
 	var err error
 
 	dbURI := fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%s sslmode=%s sslrootcert=%s", serverConfig.DB_HOST, serverConfig.DB_USER, serverConfig.DB_PASSWORD, serverConfig.DB_NAME, serverConfig.DB_PORT, serverConfig.DB_SSLMODE, serverConfig.DB_SSLROOTCERT)
-	gormConfig := &gorm.Config{}
+	gormConfig := &gorm.Config{NamingStrategy: schema.NamingStrategy{
+		TablePrefix: serverConfig.DB_SCHEMA,
+	}}
 	if log.Level() != zap.DebugLevel {
 		gormConfig.Logger = gormlogger.Default.LogMode(gormlogger.Silent)
 	}
diff --git a/config/base/env/config b/config/base/env/config
index 721ce3117..b394743d7 100644
--- a/config/base/env/config
+++ b/config/base/env/config
@@ -3,6 +3,7 @@ DB_PASSWORD=
 DB_HOST=
 DB_PORT=5432
 DB_NAME=
+DB_SCHEMA=public
 DB_SSLMODE=disable
 DB_SSLROOTCERT=
 DB_ENABLE_AUTO_MIGRATION=true
diff --git a/docs/external-database.md b/docs/external-database.md
index 3fb7ee6bb..852192a08 100755
--- a/docs/external-database.md
+++ b/docs/external-database.md
@@ -57,7 +57,7 @@ patches:
   - path: delete-database-configmap.yaml
 ```
 
-## Modifying DB_HOST and DB_NAME
+## Modifying DB_HOST, DB_NAME, DB_SCHEMA
 
 You may add patches to modify them. Here, we will utilize env/config. If you
 want to securely store these variables, consider adding patches to fetch these
@@ -68,6 +68,7 @@ Copy the [config](../config/base/env/config) and change these values.
 ```cfg
 DB_HOST=
 DB_NAME=
+DB_SCHEMA=
 ```
 
 Here is the required patch if you want to use Kubernetes Secret for passing
@@ -89,6 +90,8 @@ spec:
               value: <put-your-external-db-host-here>
             - name: DB_NAME
               value: <your-db-name default:tekton-results>
+            - name: DB_SCHEMA
+              value: <your-db-schema default:public>
 ```
 
 ## Create Secret for storing database username and password
diff --git a/pkg/api/server/config/config.go b/pkg/api/server/config/config.go
index 2c7f5afb9..a9c571b9c 100644
--- a/pkg/api/server/config/config.go
+++ b/pkg/api/server/config/config.go
@@ -12,6 +12,7 @@ type Config struct {
 	DB_HOST                  string `mapstructure:"DB_HOST"`
 	DB_PORT                  string `mapstructure:"DB_PORT"`
 	DB_NAME                  string `mapstructure:"DB_NAME"`
+	DB_SCHEMA                string `mapstructure:"DB_SCHEMA"`
 	DB_SSLMODE               string `mapstructure:"DB_SSLMODE"`
 	DB_SSLROOTCERT           string `mapstructure:"DB_SSLROOTCERT"`
 	DB_ENABLE_AUTO_MIGRATION bool   `mapstructure:"DB_ENABLE_AUTO_MIGRATION"`
diff --git a/test/e2e/gcs-emulator.yaml b/test/e2e/gcs-emulator.yaml
index c01491f84..8dfef5fba 100644
--- a/test/e2e/gcs-emulator.yaml
+++ b/test/e2e/gcs-emulator.yaml
@@ -75,6 +75,7 @@ data:
     DB_HOST=
     DB_PORT=5432
     DB_NAME=
+    DB_SCHEMA=public
     DB_SSLMODE=disable
     DB_ENABLE_AUTO_MIGRATION=true
     SERVER_PORT=8080

From 5f0c21456e95132c9af17f8dc352a0b26ba41f98 Mon Sep 17 00:00:00 2001
From: Chris Cannon <chris.cannon@crowdstrike.com>
Date: Wed, 3 Jan 2024 14:11:23 -0500
Subject: [PATCH 2/2] only set the table prefix if a db schema is set

---
 cmd/api/main.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/cmd/api/main.go b/cmd/api/main.go
index bb45a6ab3..f84939f8c 100644
--- a/cmd/api/main.go
+++ b/cmd/api/main.go
@@ -98,9 +98,12 @@ func main() {
 	var err error
 
 	dbURI := fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%s sslmode=%s sslrootcert=%s", serverConfig.DB_HOST, serverConfig.DB_USER, serverConfig.DB_PASSWORD, serverConfig.DB_NAME, serverConfig.DB_PORT, serverConfig.DB_SSLMODE, serverConfig.DB_SSLROOTCERT)
-	gormConfig := &gorm.Config{NamingStrategy: schema.NamingStrategy{
-		TablePrefix: serverConfig.DB_SCHEMA,
-	}}
+
+	gormConfig := &gorm.Config{}
+	if serverConfig.DB_SCHEMA != "" {
+		gormConfig.NamingStrategy = schema.NamingStrategy{TablePrefix: serverConfig.DB_SCHEMA}
+	}
+
 	if log.Level() != zap.DebugLevel {
 		gormConfig.Logger = gormlogger.Default.LogMode(gormlogger.Silent)
 	}