From 3ec0b51e7269ca0802580537417b356d7cf51b1e Mon Sep 17 00:00:00 2001 From: Matthew Spence Date: Wed, 18 Dec 2024 15:56:00 -0600 Subject: [PATCH] add db workflow documentation --- docs/developer/cloning-databases.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 docs/developer/cloning-databases.md diff --git a/docs/developer/cloning-databases.md b/docs/developer/cloning-databases.md new file mode 100644 index 000000000..8dc22979a --- /dev/null +++ b/docs/developer/cloning-databases.md @@ -0,0 +1,5 @@ +# Cloning Databases +The clone-db workflow clones a Source database to a Destination database using cloud.gov's cg-manage-rds tool. This document contains additional information needed to understand how the workflow functions. + +## Additional Roles Required +The clone-db workflow functions by temporarily sharing the Destination database with the space of the Source database. This is because cloning databases across spaces is hard. Sharing is done via the `cf share-service` command, but requires that the authenticated user (in this case this will be a user from the Source space) have the `space-developer` role in *both* the Source and Destination spaces. This must be set by someone with permission to edit space roles *before* the workflow runs. The user in question can be found using the `cf space-users [ORG] [SPACE]` command where the SPACE is the Source space, and will appear as a UAA user with a UUID as the name. There is only one such user per space by default (this is a [service account](https://cloud.gov/docs/services/cloud-gov-service-account/) set up by cloud.gov for our Github workflows). This user needs to be provided with the `space-developer` role in the Destination space, which can be accomplished using `cf set-space-role [USER] [ORG] [DESTINATION SPACE] SpaceDeveloper`.