Details
-
Bug
-
Status: Closed (View Workflow)
-
P5
-
Resolution: Won't Do
-
7.0.2
-
None
-
ACQ Sprint 133
-
3
-
Thunderjet
-
GBV
Description
Overview:
When migrating mod-finance-storage from a version < 7.0.0 to a version >= 7.0.0 this migration script is executed:
https://github.com/folio-org/mod-finance-storage/blob/v8.0.2/src/main/resources/templates/db_scripts/migration/update_encumbrances_order_status.ftl
It directly accesses a mod_orders_storage database table.
This illegal cross-module database access fails because mod-finance-storage doesn't have any permissions for mod_orders_storage tables.
Notes:
The FOLIO architecture mandates that cross-module communication goes through HTTP APIs only, not via direct database access.
SysOps that configure their installations correctly (for example GBV multi-tenant installation) use database ROLEs with access restricted to the current schema. Migrations fail when running this migration script because this illegal cross-module database access is blocked.
If one module requires that some other module exists it must list that other module's interface in its ModuleDescriptor "requires" section. mod-finance-storage's ModuleDescriptor correctly doesn't have a "requires" section. The FOLIO architecture mandates that storage backend modules do not depend on each other.
Upgrade tasks that require access to multiple back-end modules should NOT be in mod-finance-storage but in mod-finance. This ensures a clean architecture and reduces module dependencies.
Task:
Move the cross-module migration code into some business-login back-end module, for example mod-finance.
The migration code
- fetches records to update from mod-finance-storage's /finance-storage/transactions API
- fetches the matching records from mod_orders_storage's /orders-storage/purchase-orders API
- merges the information from the purchase order record into the transaction record
- writes the updated transaction record using PUT /finance-storage/transactions API
TestRail: Results
Attachments
Issue Links
- defines
-
UXPROD-3310 Thunderjet - Lotus (R1 2022) Tech Debt, NFR
-
- Closed
-
- relates to
-
FOLIO-1935 Service creating ROLE and SCHEMA on tenant initialization
-
- Draft
-
-
FOLIO-1935 Service creating ROLE and SCHEMA on tenant initialization
-
- Draft
-
-
MODFISTO-214 Illegal cross-module *_mod_finance_storage.fund access on migration
-
- Closed
-
- mentioned in
-
Page Loading...