Story: Environment isolation for database roles
Table of Contents
This page documents a story in Sprint 15. It captures the goal, current status, acceptance criteria, and the tasks that compose it.
Goal
Stop cross-environment database contamination by prefixing PostgreSQL roles + users per environment; also extract ores.http.core to round off the api/core split.
Status
| Field | Value |
|---|---|
| State | DONE |
| Parent sprint | Sprint 15 |
| Now | Completed 2026-03-25. |
| Waiting on | None. |
| Next | None. |
| Last touched | 2026-03-25 |
Acceptance
- Environment-prefixed PostgreSQL roles + users in place.
- psql DO-block variable substitution worked around (set_config + current_setting).
- ORES_TEST_ENV_CMD passes env vars to make rat.
- Variability core tests fixed for missing system tenant UUIDs.
- ores.http.core extracted from http.api.
Tasks
| Task | State | Start | End | Description |
|---|---|---|---|---|
| Implement full environment isolation for database roles | DONE | 2026-05-20 | 2026-03-25 | Environment-prefixed PostgreSQL roles + users so operations in one environment (e.g. local1) don't interfere with others (e.g. local2); psql DO-block variable substitution via set_config + current_setting; ORES_TEST_ENV_CMD passes env vars to make rat; variability core tests fixed for missing system tenant UUIDs; ores.http.core extracted for domain-layer route handlers (separating from ores.http.api). |
Decisions
- Roles prefixed per environment
- prevents tests in one env from affecting another's data + permissions.
Out of scope
- Multi-tenant per-environment role rotation (separate workstream).
See also
None.