ARS Search Engine - Database access

[mvb-nt]

For security we want a READ only database user to contact the database, when we're querying the database. The way the Search Engine works, it should not be possible to make any Update, Delete or Drop commands. But to be completely sure we're changing the user.

The new read only datasource is configured in the application properties via Env variables.

Acceptance Criteria

• [x] We only have read access when calling the DB from the Search Engine
• [x] I can input the DB user info as Env variables.
• [x] Tested locally

[Nicolas-Northtech]

Application properties now has datasource.admin and datasource.readonly. Readonly user is currently created with a Liquibase file for test and development environments. Had to remove

"CREATE EXTENSION IF NOT EXISTS age;
            LOAD 'age';
            SET search_path = ag_catalog, "$user", public;

as it errored with the readonly user. Instead, I added

handle.execute("set search_path TO ag_catalog;");

so it would recognize agtypes.

Only repository using the readonly user is Queries.

[Nicolas-Northtech]

Tests are populating the database and not a temporary instance. Have to check that up. Issue is back open.

[Nicolas-Northtech]

Finally done. We now have a readonly user available for use, with select privileges only. It is used in Queries. It is created with Liquibase.