110 lines
4.6 KiB
PowerShell
110 lines
4.6 KiB
PowerShell
Function Set-SDKServicePermissions {
|
|
param(
|
|
[string]$dbmsUser,
|
|
[string]$microUser,
|
|
[string]$databaseName,
|
|
[string]$databaseSource
|
|
)
|
|
|
|
$logLead = Get-LogLeadName
|
|
|
|
## We'll use the database permitter to grant access to any dbms services
|
|
$pathToPermitter = "C:\ProgramData\chocolatey\lib\Alkami.MicroServices.Choco.Installer.Database\tools\Alkami.Database.Permitter.exe"
|
|
|
|
# We just want to make sure everything is off before we try to do this
|
|
Stop-SDKServices
|
|
|
|
$chocoRootPath = Get-ChocolateyInstallPath
|
|
$chocoLibPath = Join-Path -Path $chocoRootPath -ChildPath 'lib'
|
|
|
|
$serviceNames = (Get-AlkamiServices).Name
|
|
foreach ($serviceName in $serviceNames) {
|
|
|
|
Write-Debug "Baking $serviceName...";
|
|
|
|
$chocoPackagePath = Join-Path -Path $chocoLibPath -ChildPath $serviceName
|
|
if (-not (Test-Path -Path $chocoPackagePath)) {
|
|
Write-Warning "$logLead : Could not find the chocolatey package at [$chocoPackagePath], continuing to next package"
|
|
continue
|
|
}
|
|
|
|
## Own the service, this allows us to make changes to it
|
|
Write-Debug "Owning service...";
|
|
Invoke-SCExe @('config',$serviceName,'type=','own')
|
|
|
|
$manifest = $null
|
|
try {
|
|
$manifest = Get-PackageManifest -Path $chocoPackagePath
|
|
} catch {}
|
|
if ($null -ne $manifest) {
|
|
# found a manifest
|
|
if ($null -ne $manifest.ServiceManifest) {
|
|
# found a service manifest
|
|
|
|
# Assume that the service does not need to use the dbms user
|
|
$message = "Serice does not require access to the database"
|
|
$accountName = $microUser
|
|
if (Test-ServiceManifestRequiresDbAccess -ServiceManifest $manifest.ServiceManifest) {
|
|
# Service needs to use the dbms user
|
|
$message = "Service requires access to the database"
|
|
$accountName = $dbmsUser
|
|
}
|
|
|
|
Write-Host "$logLead : $message. Configuring to use [$accountName] for [$serviceName]"
|
|
Invoke-SCExe @('config', $serviceName, 'obj=', $accountName)
|
|
|
|
# Skipping the legacy applier because that should have been done on a successful install. Another function should reapply migrations as required
|
|
} else {
|
|
Write-Warning "$logLead : Manifest found is not a service manifest at [$chocoPackagePath]"
|
|
}
|
|
|
|
continue
|
|
} # else fallback to the legacy path
|
|
|
|
## Service relative pathing for the various tasks we'll be doing
|
|
$toolsPath = "c:\programdata\chocolatey\lib\$serviceName\tools";
|
|
$configPath = "c:\programdata\chocolatey\lib\$serviceName\tools\$serviceName.exe.config";
|
|
$dbConfigPath = (Join-Path -Path $toolsPath -ChildPath "DatabaseConfig.ps1");
|
|
|
|
if(Test-Path -Path $configPath) {
|
|
|
|
# TODO: This is now handled by the migration runner
|
|
## test if dbms service
|
|
if(Test-Path -Path $dbConfigPath) {
|
|
Write-Debug "DatabaseConfig.ps1 detected: $dbConfigPath";
|
|
|
|
## Each service has a DatabaseConfig.ps1 that defines the database role for the service and the migrations library
|
|
## We'll use the $schemaGroupRole defined here as the role to add to the database
|
|
. $dbConfigPath
|
|
|
|
## Change the service to run as the dbms user
|
|
Write-Debug "Setting service user name...$dbmsUser"
|
|
Invoke-SCExe @('config',$serviceName,'obj=',$dbmsUser)
|
|
|
|
## Run the permitter in the migrations folder to create and assign roles to the already existing dbms user
|
|
Write-Debug "Permitting user for db roles..."
|
|
$connectionString = "data source=$databaseSource;Integrated Security=SSPI; Database=$databaseName";
|
|
& $pathToPermitter $connectionString $dbmsUser $schemaGroupRole;
|
|
}
|
|
else {
|
|
Write-Debug "Logical service detected: $configPath";
|
|
|
|
## Update the microservices to run as our micro user.
|
|
Write-Debug "Setting service user name...$microUser"
|
|
Invoke-SCExe @('config',$serviceName,'obj=',$microUser)
|
|
}
|
|
}
|
|
else {
|
|
Write-Debug "Unable to verify configuration file for $serviceName. Skipping."
|
|
}
|
|
}
|
|
|
|
# TODO: Verify this user is a valid user to be set
|
|
# And Radium...
|
|
$radiumuser = "CORP\dev.radium$"
|
|
$radiumServiceName = "Alkami Radium Scheduler Service";
|
|
Invoke-SCExe @('config',$radiumServiceName,'obj=',$radiumuser)
|
|
|
|
Write-Debug "Done baking.";
|
|
}
|