Migration from 1.7.x to 1.8.x
This guide contains instructions for migration from PowerAuth Cloud version 1.7.x to version 1.8.0.
Docker Environment
Since 1.8.0 we support unified DB for all internal components. This change is due to a startup optimization and to prevent conflict when the DB setup was not done properly. Internally PowerAuth Cloud still uses 4 DB pools (default with 10 connection). But you need to configure only one.
Environment Variables for DB connection
All DB Pools will use this url and credentials:
POWERAUTH_CLOUD_DATASOURCE_URL POWERAUTH_CLOUD_DATASOURCE_USERNAME POWERAUTH_CLOUD_DATASOURCE_PASSWORD
Deprecated Environment Variables
This environmental variables will be supported to achieve backward compatibility. If not specified the relevant POWERAUTH_CLOUD_* variable is used.
ENROLLMENT_SERVER_DATASOURCE_USERNAME ENROLLMENT_SERVER_DATASOURCE_PASSWORD ENROLLMENT_SERVER_DATASOURCE_URL POWERAUTH_SERVER_DATASOURCE_USERNAME POWERAUTH_SERVER_DATASOURCE_PASSWORD POWERAUTH_SERVER_DATASOURCE_URL PUSH_SERVER_DATASOURCE_URL PUSH_SERVER_DATASOURCE_USERNAME PUSH_SERVER_DATASOURCE_PASSWORD
Database
Add Unique Constraint to Indexes
To ensure data integrity and prevent duplicate entries, unique constraints were added to several indexes. The affected indexes are on the following tables and columns:
pa_cloud_user(username)viapa_cloud_user_username_idxpa_cloud_user_authority(user_id, authority)viapa_cloud_user_authority_idxpa_cloud_localization(placeholder, language)viapa_cloud_loc_placehoder_idx
Action Required: Verify that there are no duplicate values in these fields before applying this update. Consider running a query to find and resolve any duplicates. It is highly recommended to backup your database before performing this operation to safeguard your data.
Drop Unused pa_cloud_callback
The pa_cloud_callback table and its associated index pa_cloud_callback_idx were remnants from before
version 1.3.x,
erroneously reintroduced during migration to liquibase in version 1.4.x. This update involves cleaning up these unused
components from the database schema.
Actions:
- Drop the index
pa_cloud_callback_idxonpa_cloud_callback(app_id). - Drop the table
pa_cloud_callback.
Precaution: Confirm that no external functionalities are dependent on this table or index, such as DWH exports, before making these changes. Consider backing up your database as a precautionary measure before executing these updates.
MSSQL Server Snapshot Isolation
In case you use PowerAuth Cloud with Microsoft SQL server, enable the SNAPSHOT isolation to avoid deadlocks.
You can enable the SNAPSHOT isolation mode using following query:
ALTER DATABASE [powerauth_database] SET ALLOW_SNAPSHOT_ISOLATION ON;
ALTER DATABASE [powerauth_database] SET READ_COMMITTED_SNAPSHOT ON;
The SNAPSHOT transaction isolation level is enforced automatically by PowerAuth server when database sessions are started using following query:
SET TRANSACTION ISOLATION LEVEL SNAPSHOT;
REST API
The support of the v1 REST API has been completely removed.
Monitoring
The endpoint /health has been used to display status of PowerAuth Server only.
Since now, /powerauth-cloud/actuator/health represents composite results of PowerAuth Cloud, PowerAuth Server, Enrollment Server and Push Server.
Also probes for Kubernetes are exposed (/powerauth-cloud/actuator/health/liveness and /actuator/health/readiness).
When authenticated with ADMIN or MONITORING role, you may see details.