From a10821ac689f79955392ee97e622eb88bb1e26dd Mon Sep 17 00:00:00 2001
From: James Gunn <james@gunn.io>
Date: Thu, 8 Aug 2024 15:15:04 +0100
Subject: [PATCH] Ensure postgres user has the replication privilege (#1456)

---
 TeachingRecordSystem/db.sh |  2 +-
 terraform/aks/app.tf       | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/TeachingRecordSystem/db.sh b/TeachingRecordSystem/db.sh
index 7c7f9b358..8a16be639 100644
--- a/TeachingRecordSystem/db.sh
+++ b/TeachingRecordSystem/db.sh
@@ -5,4 +5,4 @@ ENV_VARS=$(env | grep DefaultConnection | sed 's/^ConnectionStrings__DefaultConn
 /^Password/ { print "export PGPASSWORD=" substr($0, 10) }
 ')
 eval "$ENV_VARS"
-psql
+psql "$@"
diff --git a/terraform/aks/app.tf b/terraform/aks/app.tf
index 1280e9fdb..4c89b75a4 100644
--- a/terraform/aks/app.tf
+++ b/terraform/aks/app.tf
@@ -24,13 +24,18 @@ resource "kubernetes_job" "migrations" {
         container {
           name    = "cli"
           image   = var.docker_image
-          command = ["trscli"]
-          args    = ["migrate-db", "--connection-string", "$(CONNECTION_STRING)"]
+          command = ["/bin/ash", "-c"]
+          args    = ["./db.sh -c 'alter user $(PG_USER) with replication;'", "trscli migrate-db --connection-string $(ConnectionStrings__DefaultConnection)"]
 
           env {
-            name  = "CONNECTION_STRING"
+            name  = "ConnectionStrings__DefaultConnection"
             value = module.postgres.dotnet_connection_string
           }
+
+          env {
+            name  = "PG_USER"
+            value = module.postgres.username
+          }
         }
 
         restart_policy = "Never"