Close #210, Add PostgreSQL backup user

Jenkinsfile

@@ -20,6 +20,8 @@ pipeline {
                 SMTP_PASS = credentials("smtp-secret")
                 DB_USER = 'opex'
                 DB_PASS = credentials("db-secret")
+                DB_BACKUP_USER = 'opex_backup'
+                DB_BACKUP_PASSWORD = credentials("db-backup-secret")
                 KEYCLOAK_ADMIN_URL = 'https://demo.opex.dev/auth'
                 KEYCLOAK_FRONTEND_URL = 'https://demo.opex.dev/auth'
                 COMPOSE_PROJECT_NAME = 'demo-core'

dev.Jenkinsfile

@@ -20,6 +20,8 @@ pipeline {
                 SMTP_PASS = credentials("smtp-secret-dev")
                 DB_USER = 'opex'
                 DB_PASS = credentials("db-secret-dev")
+                DB_BACKUP_USER = 'opex_backup'
+                DB_BACKUP_PASSWORD = credentials("db-backup-secret-dev")
                 KEYCLOAK_ADMIN_URL = 'https://demo.opex.dev:8443/auth'
                 KEYCLOAK_FRONTEND_URL = 'https://demo.opex.dev:8443/auth'
                 COMPOSE_PROJECT_NAME = 'dev-core'

docker-compose.yml

@@ -77,6 +77,21 @@ services:
     deploy:
       restart_policy:
         condition: on-failure
+  akhq:
+    image: tchiotludo/akhq
+    environment:
+      AKHQ_CONFIGURATION: |
+        akhq:
+          connections:
+            docker-kafka-server:
+              properties:
+                bootstrap.servers: "kafka-1:29092,kafka-2:29092,kafka-3:29092"
+    networks:
+      - default
+    depends_on:
+      - kafka-1
+      - kafka-2
+      - kafka-3
   vault:
     image: vault
     volumes:
@@ -89,6 +104,8 @@ services:
       - SMTP_PASS=${SMTP_PASS}
       - DB_USER=${DB_USER:-opex}
       - DB_PASS=${DB_PASS:-hiopex}
+      - DB_BACKUP_USER=${DB_USER:-opex_backup}
+      - DB_BACKUP_PASS=${DB_PASS:-hiopex}
     healthcheck:
       retries: 5
     cap_add:
@@ -127,32 +144,23 @@ services:
       - POSTGRES_USER=${DB_USER:-opex}
       - POSTGRES_PASSWORD=${DB_PASS:-hiopex}
       - POSTGRES_DB=opex_accountant
+      - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup}
+      - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex}
     volumes:
+      - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh
       - $DATA/accountant-data:/var/lib/postgresql/data/
     networks:
       - default
-  akhq:
-    image: tchiotludo/akhq
-    environment:
-      AKHQ_CONFIGURATION: |
-        akhq:
-          connections:
-            docker-kafka-server:
-              properties:
-                bootstrap.servers: "kafka-1:29092,kafka-2:29092,kafka-3:29092"
-    networks:
-      - default
-    depends_on:
-      - kafka-1
-      - kafka-2
-      - kafka-3
   postgres-eventlog:
     image: postgres:14-alpine
     environment:
       - POSTGRES_USER=${DB_USER:-opex}
       - POSTGRES_PASSWORD=${DB_PASS:-hiopex}
       - POSTGRES_DB=opex_eventlog
+      - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup}
+      - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex}
     volumes:
+      - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh
       - $DATA/eventlog-data:/var/lib/postgresql/data/
     networks:
       - default
@@ -162,7 +170,10 @@ services:
       - POSTGRES_USER=${DB_USER:-opex}
       - POSTGRES_PASSWORD=${DB_PASS:-hiopex}
       - POSTGRES_DB=opex_auth
+      - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup}
+      - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex}
     volumes:
+      - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh
       - $DATA/auth-data:/var/lib/postgresql/data/
     networks:
       - default
@@ -175,7 +186,10 @@ services:
       - POSTGRES_USER=${DB_USER:-opex}
       - POSTGRES_PASSWORD=${DB_PASS:-hiopex}
       - POSTGRES_DB=opex_wallet
+      - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup}
+      - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex}
     volumes:
+      - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh
       - $DATA/wallet-data:/var/lib/postgresql/data/
     networks:
       - default
@@ -188,7 +202,10 @@ services:
       - POSTGRES_USER=${DB_USER:-opex}
       - POSTGRES_PASSWORD=${DB_PASS:-hiopex}
       - POSTGRES_DB=opex_api
+      - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup}
+      - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex}
     volumes:
+      - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh
       - $DATA/api-data:/var/lib/postgresql/data/
     networks:
       - default
@@ -201,7 +218,10 @@ services:
       - POSTGRES_USER=${DB_USER:-opex}
       - POSTGRES_PASSWORD=${DB_PASS:-hiopex}
       - POSTGRES_DB=opex_bc_gateway
+      - POSTGRES_BACKUP_USER=${DB_BACKUP_USER:-opex_backup}
+      - POSTGRES_BACKUP_PASSWORD=${DB_BACKUP_PASSWORD:-hiopex}
     volumes:
+      - ./resources/postgres/init-backup-user.sh:/docker-entrypoint-initdb.d/init-backup-user.sh
       - $DATA/bc-gateway-data:/var/lib/postgresql/data/
     networks:
       - default

resources/postgres/init-backup-user.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+	CREATE USER $POSTGRES_BACKUP_USER WITH ENCRYPTED PASSWORD '$POSTGRES_BACKUP_PASSWORD';
+	GRANT CONNECT ON DATABASE $POSTGRES_DB TO $POSTGRES_BACKUP_USER;
+	GRANT USAGE ON SCHEMA public TO $POSTGRES_BACKUP_USER;
+  ALTER DEFAULT PRIVILEGES IN SCHEMA public
+  GRANT SELECT ON TABLES TO $POSTGRES_BACKUP_USER;
+EOSQL