-
Notifications
You must be signed in to change notification settings - Fork 7
VRO Database
VRO's database does not store any Personal Identifiable Information (PII) or Personal Health Information (PHI).
- Use non-PII identifiers for the Veteran
- Use non-PHI summary information for contentions
The VRO platform only supports Postgres as a DB engine at this time.
- https://aws-controllers-k8s.github.io/community/docs/user-docs/resource-crud/
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
- https://animated-carnival-57b3e7f5.pages.github.io/aws-iaas/rds/
The postgres subproject builds the Docker container to serve as the database, which is useful for local testing. The postgres/Dockerfile
uses the PostgresSQL image as a base image and runs the initialization script init_db.sh
. This script creates a database user to run Flyway database migrations -- this user must be separate from the super user for security purposes.
Data is retained between container restarts through persistent Docker Volumes -- see the volumes configuration in docker-compose.yml.
To connect to the local Postgres DB:
- Start the VRO Platform Base:
./gradlew :dockerComposeUp
(see Docker Compose)- Or start only the postgres container:
docker compose up -d postgres-service db-init
- Or start only the postgres container:
- Get the connection URI:
echo postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/vro
- Connect using
psql
(if needed, install psql)-
psql postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/vro -c "\dt claims.*"
List of relations Schema | Name | Type | Owner --------+----------------------+-------+---------------- claims | bie_contention_event | table | vro_admin_user claims | schema_history | table | vro_admin_user (2 rows)
- To connect using a GUI, try DBeaver -- it provides an Entity Relationship Diagram (ERD) of the tables and columns.
-
VRO uses the LHDI provided, self service model, integration with AWS RDS. The URLs for accessing RDS DB Instances are made available to applications as K8s secrets which are passed along as environment variables to applications through Helm. We have access to many RDS operations through command line kubectl commands and the CRDs that are made available in Kubernetes on AWS.
Helpful Commands
Command | Description |
---|---|
kubectl get dbinstance -n va-abd-rrd-dev -o json | Overview of dbinstance event-bus-rds in |
kubectl get dbinstance -n va-abd-rrd-dev -o jsonpath='{.status.conditions}' | Condition of dev dbinstance event-bus-rds |
As of now, we have to manually add a datadog
user to RDS in order for metrics to populate in [VRO Dashboard][ddog-vro-dashboard]. In order to do so, the following instructions are provided from LHDI.
Note: Get password from Vault as described in the LHDI instructions first before creating user
A useful set of these environment variables can be referenced here. For any application seeking to use the DB, developers should ensure they include these definitions via symlink in their Helm chart deployment definition definition under a subdirectory named named_templates
. Then in their deployment definitions they should set environment variables for the db client like in the xample-workflows deployment definition
Application developers may use their PostgresSQL client of choice in a supported language to connect to the database by querying these environment variables at application startup or runtime.
See the internal wiki for documentation on AWS entities created for the RDS integration.
These AWS entities are most easily managed by interacting with the LHDI kubernetes clusters (e.g. with the kubectl command or through the Lens GUI tool). They are specified using AWS controllers for Kubernetes.
In order to take administrative or maintenance actions on the Postgres instance within RDS (e.g. perform initialization steps to get a new Postgres instance ready for VRO platform, perform adhoc queries, add new DB users or schemas, etc.). You will need a shell in the K8s cluster which has access to a utility like psql
. To achieve this, you can deploy a dev-tools
pod using steps in Deploying VRO and then use Lens to get a shell into this pod in the namespace where you deployed it. This pod comes with psql
utility pre-installed. Then, you can make a connection to the Postgres DB using the credentials stored in HashiCorp vault.
VRO uses Flyway to initialize and change the database. The db-init subproject contains all database migrations and is used to initialize and update the database schema.
- All versioned migrations are SQL based and in the migrations directory. These migrations create all the schemas and tables.
- An additional user with limited privileges is created. This user is used to access the database within all non-migration VRO functionality. A separate user can be created for each new domain.
The db-init/Dockerfile
will run the migrations both in the local development and in LHDI deployments.
The strategy for creating migration files is simple:
- Each work branch and subsequent Pull Request should be its own contained version number.
- Create one migration file per proposed table change.
- Smaller, incremental changes on a per-file basis allows for better maintainability, troubleshooting, and testability.
NOTE: At this time, migrations are only applied in remote environments on deployment of the VRO Application.
DB tables have created_at
and updated_at
columns. These columns are inherited by the corresponding Entities from a BaseEntity. BaseEntity
uses Spring Data JPA @CreatedAt
and @LastModifiedDate
annotations to implement the functionality. With these annotations Spring Data JPA automatically populates the fields without additional code in VRO.
Similarly, the id
UUID column is also included in BaseEntity.
All the tables reside in the claims
schema. These are the tables in the database:
-
schema_history
: stores DB migration version information and is used by Flyway for database migrations. -
bie_contention_event
: stores BIE Kafka events related to contentions
VRO uses Spring Data JPA to access and manage data in the database from the Java code. The subproject shared/persistence-model
contains the Object-relational mapping (ORM).
To access and manage entity data, VRO uses JPA Repositories. All the JPA repositories are in shared/persistence-model. These JPA Repositories inherit basic CRUD methods and also contains explicit definition of more complex methods needed by the VRO applications.