fleetanalytics_mcp/scripts
kiania e571eeabed infra(db-roles): validated Option A — shared tracksolid_owner for migrators
Discovery (live) corrected the design: webhook_receiver, ingest_worker, and worker
all run run_migrations.py (DDL) and write telemetry — worker is the same image as
ingest_worker, not a reader. Because they ALTER objects they must own them, so all
three connect as the shared non-superuser tracksolid_owner (the role the repo already
intends to own these schemas). dashboard_api backend stays a reader (dashboard_app).

- app_roles_tracksolid_db.sql rewritten: tracksolid_owner LOGIN + CONNECTION LIMIT 30
  + GUCs + USAGE/CREATE; Timescale-aware ownership reassignment (skips table-linked
  sequences, ALTER MATERIALIZED VIEW for continuous aggregates, leaves reporting.v_trips
  with reporting_refresher, reassigns functions); dashboard_app read role.
- Reassignment validated in a rolled-back transaction on the live DB: reassigns the
  31-chunk position_history hypertable + the v_mileage_daily_cagg continuous aggregate,
  and as tracksolid_owner can ALTER the hypertable and create/drop tables.
- Runbook updated: discovery marked done, ownership folded into the apply (safe while
  apps still run as postgres — superuser bypasses ownership), corrected cutover order.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-20 00:08:52 +03:00
..
analytics_ro_role.sql feat(access): expose tickets + fuel schemas to analytics_ro (read-only) 2026-06-17 11:37:25 +03:00
app_roles_fleet_platform.sql infra(db-roles): dedicated non-superuser roles for the six apps on postgres 2026-06-19 23:51:52 +03:00
app_roles_tracksolid_db.sql infra(db-roles): validated Option A — shared tracksolid_owner for migrators 2026-06-20 00:08:52 +03:00
bootstrap_analytics_ro.sh docs: fix stale deploy-script name in bootstrap closing message 2026-06-16 23:52:36 +03:00
MIGRATE_APPS_OFF_SUPERUSER.md infra(db-roles): validated Option A — shared tracksolid_owner for migrators 2026-06-20 00:08:52 +03:00