diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.Cli/Commands.MigrateDb.cs b/TeachingRecordSystem/src/TeachingRecordSystem.Cli/Commands.MigrateDb.cs index ec11b5e57..7aa9821d9 100644 --- a/TeachingRecordSystem/src/TeachingRecordSystem.Cli/Commands.MigrateDb.cs +++ b/TeachingRecordSystem/src/TeachingRecordSystem.Cli/Commands.MigrateDb.cs @@ -1,5 +1,6 @@ using Microsoft.EntityFrameworkCore.Infrastructure; using Microsoft.EntityFrameworkCore.Migrations; +using Npgsql; using TeachingRecordSystem.Core.DataStore.Postgres; namespace TeachingRecordSystem.Cli; @@ -27,6 +28,13 @@ public static Command CreateMigrateDbCommand(IConfiguration configuration) async (string connectionString, string? targetMigration) => { using var dbContext = TrsDbContext.Create(connectionString, commandTimeout: (int)TimeSpan.FromMinutes(10).TotalSeconds); + + // Ensure the user has the replication permission + var user = new NpgsqlConnectionStringBuilder(connectionString).Username; +#pragma warning disable EF1002 // Risk of vulnerability to SQL injection. + await dbContext.Database.ExecuteSqlRawAsync($"alter user {user} with replication"); +#pragma warning restore EF1002 // Risk of vulnerability to SQL injection. + await dbContext.GetService().MigrateAsync(targetMigration); }, connectionStringOption, diff --git a/terraform/aks/app.tf b/terraform/aks/app.tf index 902b29698..1280e9fdb 100644 --- a/terraform/aks/app.tf +++ b/terraform/aks/app.tf @@ -24,18 +24,13 @@ resource "kubernetes_job" "migrations" { container { name = "cli" image = var.docker_image - command = ["/bin/ash", "-e", "-c"] - args = ["./db.sh -c 'alter user $(PG_USER) with replication;'", "trscli migrate-db --connection-string $(ConnectionStrings__DefaultConnection)"] + command = ["trscli"] + args = ["migrate-db", "--connection-string", "$(CONNECTION_STRING)"] env { - name = "ConnectionStrings__DefaultConnection" + name = "CONNECTION_STRING" value = module.postgres.dotnet_connection_string } - - env { - name = "PG_USER" - value = module.postgres.username - } } restart_policy = "Never"