feat(ocrvs-10450): legacy user migration

[Zangetsu101]

• Introduce mongo foreign data wrapper to migrate legacy mongo data
  • This required a migration to be run as the "SUPERUSER" so a separate SUPERUSER postgres migration path was introduced
• Migrate the legacy users to postgres via a feature flag migrate-legacy-users
• Refactor the tRPC context to allow defining public procedures that don't require authentication. The v2 seed data endpoint needs this.
• Remove legacy mongo migration status outputs and skip typecheck which reduced the migration service startup time by 66%.
• The postgres migration files now get restored to their original state (i.e. without the environment variables being replaced) regardless of the migration passing or not

opencrvs/opencrvs-countryconfig#1172

[Zangetsu101]

Could this be elaborated? Sounds unsafe without context

Basically this would allow us to create endpoints that don't require auth only IF we want. Currently we do not have any yet but after the legacy users are removed, we will be deprecating the data-seeder package and define a public endpoint in events service that will seed data.

[ocrvs-bot]

Your environment is deployed to https://ocrvs-10450.e2e-k8s.opencrvs.dev

[Zangetsu101]

@makelicious I've put the legacy user migration under the migrate-legacy-users flag and we are running it as a separate service from countryconfig: https://github.com/opencrvs/opencrvs-countryconfig/pull/1172/files#diff-ba8e76e28deb79c9af80270674a0f04af642ba68d7b1c608ed5790db9cc6f4c8R949

This allows us to easily switch back to the official postgres image once the migrations have run successfully.

[Zangetsu101]

Initially I planned on creating a public endpoint to run the migration but afterwards moved the migration to the "migration" package. Still retaining the public procedure as the seed endpoint would potentially need it after the refactor.

[Zangetsu101]

Yea I've been there too. Let's enforce it with zod schema then

[Zangetsu101]

Thanks, kinda forgot to add it in

[Zangetsu101]

We mainly need it for our legacy data migration on 2.0. Perhaps we can switch back to official images in 2.1 and remove these mongo related migration files. Do you see any constraints on going with that route?

[Zangetsu101]

Actually yes, they are dependent on the timestamps and I've also had to change the timestamps if newer migrations were merged into develop first. But that only applies if all the migrations are tracked using single migration table. I've created a separate one for the superuser ones:

opencrvs-core/packages/migration/run-migrations.sh

Line 75 in 666d130

--migrations-table="$migrations_table"

[Zangetsu101]

formatting changes, can be ignored

[Zangetsu101]

This is basically a duplicate of the one defined in the events migration, to ensure the users table exists no matter which migrations run first, events or migrate-legacy-users.

[Zangetsu101]

Changing owner to the migration user as this runs as SUPERUSER

[makelicious]

Looks good! You might get better review regarding .sh changes from someone else.