dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d73f1b103aebbd52c0ea800352c795ccc9779041
ScadaBridge/docker-env2/seed-sites.sh
T
Joseph Doherty d73f1b103a fix(seed): grant Design + Deployment to multi-role in primary seed-sites.sh 
A fresh ScadaBridgeConfig has only the Admin LdapGroupMappings row
(InitialSchema migration ships one row, SecurityConfiguration.HasData
declares four). docker-env2/seed-sites.sh already inserts the missing
three idempotently; docker/seed-sites.sh did not, so multi-role got
Admin only on a primary cutover. Mirror the env2 insert block.
2026-05-28 10:11:21 -04:00

60 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -euo pipefail
# Seed env2's single test site with Akka and gRPC addresses.
# Run after deploy.sh once the env2 central cluster is healthy.
#
# Prerequisites:
# - Infrastructure services running (infra/docker-compose up -d)
# - Env2 application containers running (docker-env2/deploy.sh)
# - Env2 central cluster healthy (curl http://localhost:9100/health/ready)
#
# Usage:
# docker-env2/seed-sites.sh
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
CLI="dotnet run --project $PROJECT_ROOT/src/ZB.MOM.WW.ScadaBridge.CLI --"
AUTH="--username multi-role --password password"
URL="--url http://localhost:9100"
echo "=== Seeding ScadaBridge Env2 Sites ==="
echo ""
echo "Creating Site-X (Env2 Site X)..."
$CLI $URL $AUTH site create \
--name "Env2 Site X" \
--identifier "site-x" \
--description "Env2 test site - two-node cluster" \
--node-a-address "akka.tcp://scadabridge@scadabridge-env2-site-x-a:8082" \
--node-b-address "akka.tcp://scadabridge@scadabridge-env2-site-x-b:8082" \
--grpc-node-a-address "http://scadabridge-env2-site-x-a:8083" \
--grpc-node-b-address "http://scadabridge-env2-site-x-b:8083" \
|| echo " (Site-X may already exist)"
echo ""
echo "Seeding LDAP group mappings (Design + Deployment)..."
# SecurityConfiguration.HasData declares 4 mappings but the InitialSchema
# migration only inserts the Admin row, so a fresh ScadaBridgeConfig2 starts
# with multi-role getting Admin only -- no Design and no Deployment access.
# Insert the missing three idempotently. (Mirror of docker/seed-sites.sh.)
docker exec -i scadabridge-mssql /opt/mssql-tools18/bin/sqlcmd \
-S localhost -U sa -P 'ScadaBridge_Dev1#' -C \
-d ScadaBridgeConfig2 -Q "
SET IDENTITY_INSERT LdapGroupMappings ON;
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 2)
INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (2, 'SCADA-Designers', 'Design');
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 3)
INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (3, 'SCADA-Deploy-All', 'Deployment');
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 4)
INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (4, 'SCADA-Deploy-SiteA', 'Deployment');
SET IDENTITY_INSERT LdapGroupMappings OFF;
"
echo ""
echo "=== Env2 site seeding complete ==="
echo ""
echo "Verify with: $CLI $URL $AUTH site list"
echo "Multi-role test user now has Admin + Design + Deployment in env2."
echo "Sign out and back in to refresh session role claims."
Reference in New Issue View Git Blame Copy Permalink