Commit graph

2 commits

Author SHA1 Message Date
david kiania
cbbe3dab87 feat(db): dedicated read-only dashboard_ro role + repoint staging
Replaces the grafana_ro reuse with a purpose-built least-privilege login role
that can serve the FULL dashboard_api read surface — so it backs the staging
instance now and can take over the live prod connection later (stage 2).

scripts/dashboard_ro_role.sql (run as postgres, password-free in repo):
  - CREATE ROLE dashboard_ro LOGIN, read-only
  - SELECT on reporting.* + tracksolid.*; explicit SELECT on the
    reporting.v_trips MATERIALIZED VIEW (not covered by GRANT ON ALL TABLES)
  - EXECUTE on reporting.fn_* map functions
  - ALTER DEFAULT PRIVILEGES so future objects are auto-readable ("dynamic")

scripts/bootstrap_dashboard_ro.sh:
  - generates the password into ~/.dashboard_ro.pw (0600), never printed
  - applies the DDL via docker exec psql -U postgres -v ro_pw=...

deploy_dashboard_api_staging.sh: build DATABASE_URL from dashboard_ro +
~/.dashboard_ro.pw instead of grafana_ro.

Migrations 17/18 (already applied) are left intact. Not yet executed on host.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-10 12:33:53 +03:00
david kiania
3015104f5b docs+tooling: OSM POI export workflow + Shell stations data; graded DQ report
Some checks failed
Static Analysis / static (push) Has been cancelled
Tests / test (push) Has been cancelled
- scripts/export_osm_pois.py: reproducible OSM .pbf -> GeoJSON+CSV exporter
  (amenity/brand filter; pyosmium via uv, no system deps).
- docs/OSM_POI_EXPORT.md: runbook (extract -> export -> FleetNow layer) with
  reference counts (1,794 fuel stations; Shell=232).
- shell_stations.geojson/.csv: the Shell export of record (232 pts, kenya-260605).
- docs/reports/260608_fleet_registry_data_quality.*: rewritten as a graded
  (Red/Amber/Yellow) action plan with owners.
- .gitignore: ignore *.osm.pbf (331MB, reproducible). CLAUDE.md: index the new docs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 22:04:49 +03:00