Marcel f4ffd8acee feat(observability): create grafana_reader read-only DB role ...

Add Flyway V68 migration that provisions a read-only PostgreSQL role
scoped to audit_log, documents, and transcription_blocks. The role's
password is injected via the new ${grafanaDbPassword} Flyway placeholder,
which FlywayConfig reads from the GRAFANA_DB_PASSWORD env var. The
migration is idempotent: CREATE on first run, ALTER on re-run.

Adds a Testcontainers integration test asserting positive grants on the
three intended tables and a negative grant on app_users (NFR-SEC-01).

Refs #651.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-21 20:21:05 +02:00

..

.mvn/wrapper

build: add mvn properties

2026-03-17 13:33:02 +00:00

api_tests

feat(transcription): add "Alle als fertig markieren" bulk action (#345) (#352)

2026-04-28 08:34:26 +02:00

src

feat(observability): create grafana_reader read-only DB role

2026-05-21 20:21:05 +02:00

.dockerignore

devops(backend): add .dockerignore to exclude target/ from build context

2026-04-15 11:33:03 +02:00

.gitignore

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

CLAUDE.md

docs(backend): document @Transactional(readOnly=true) exception in CLAUDE.md

2026-05-19 09:23:30 +02:00

Dockerfile

devops(backend): pin eclipse-temurin tags, skip test compilation, document jar glob

2026-04-15 11:33:03 +02:00

HELP.md

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

lombok.config

refactor(thumbnail): route document access through DocumentService

2026-05-05 07:20:01 +02:00

mvnw

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

mvnw.cmd

build: add mvn properties

2026-03-17 13:33:02 +00:00

pom.xml

feat(auth): add Bucket4j + Caffeine login rate limiter (10/15 min per IP+email, 20/15 min per IP)

2026-05-19 09:23:01 +02:00