cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: separate Flyway and app datasource search paths for schema isolation
Some checks failed
CI / build (push) Successful in 1m6s
Details
CI / cleanup-branch (push) Has been skipped
Details
CI / docker (push) Successful in 41s
Details
CI / deploy (push) Failing after 2m19s
Details
CI / deploy-feature (push) Has been skipped
Details

Browse Source 
Flyway needs public in the search_path to access TimescaleDB extension
functions (create_hypertable). The app datasource must NOT include public
to prevent accidental cross-schema reads from production data.

- spring.flyway.url: currentSchema=<branch>,public (extensions accessible)
- spring.datasource.url: currentSchema=<branch> (strict isolation)
- SPRING_FLYWAY_URL env var added to K8s base manifest

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-03-17 13:26:01 +01:00
parent b393d262cb
commit 247fdb01c0
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/base/server.yaml
View File

@@ -22,6 +22,8 @@ spec:
env:
- name: SPRING_DATASOURCE_URL
value: "jdbc:postgresql://postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=$(CAMELEER_DB_SCHEMA)"
- name: SPRING_FLYWAY_URL
value: "jdbc:postgresql://postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=$(CAMELEER_DB_SCHEMA),public"
- name: CAMELEER_DB_SCHEMA
value: "public"
- name: SPRING_DATASOURCE_USERNAME