graphql-hive
diff --git a/‎deployment/index.ts
Lines changed: 2 additions & 0 deletions b/‎deployment/index.ts
Lines changed: 2 additions & 0 deletions
diff --git a/‎deployment/services/usage.ts
Lines changed: 78 additions & 55 deletions b/‎deployment/services/usage.ts
Lines changed: 78 additions & 55 deletions
diff --git a/‎docker/docker-compose.community.yml
Lines changed: 8 additions & 0 deletions b/‎docker/docker-compose.community.yml
Lines changed: 8 additions & 0 deletions
diff --git a/‎integration-tests/testkit/flow.ts
Lines changed: 36 additions & 0 deletions b/‎integration-tests/testkit/flow.ts
Lines changed: 36 additions & 0 deletions
diff --git a/‎integration-tests/testkit/seed.ts
Lines changed: 24 additions & 0 deletions b/‎integration-tests/testkit/seed.ts
Lines changed: 24 additions & 0 deletions
@@ -160,6 +160,8 @@ const usage = deployUsage({
   docker,
   environment,
   tokens,
+  redis,
+  postgres,
   kafka,
   dbMigrations,
   commerce,
 
@@ -1,4 +1,3 @@
-import * as pulumi from '@pulumi/pulumi';
 import { serviceLocalEndpoint } from '../utils/local-endpoint';
 import { ServiceDeployment } from '../utils/service-deployment';
 import { CommerceService } from './commerce';
@@ -7,6 +6,8 @@ import { Docker } from './docker';
 import { Environment } from './environment';
 import { Kafka } from './kafka';
 import { Observability } from './observability';
+import { Postgres } from './postgres';
+import { Redis } from './redis';
 import { Sentry } from './sentry';
 import { Tokens } from './tokens';
 
@@ -15,6 +16,8 @@ export type Usage = ReturnType<typeof deployUsage>;
 export function deployUsage({
   environment,
   tokens,
+  postgres,
+  redis,
   kafka,
   dbMigrations,
   commerce,
@@ -27,6 +30,8 @@ export function deployUsage({
   image: string;
   environment: Environment;
   tokens: Tokens;
+  postgres: Postgres;
+  redis: Redis;
   kafka: Kafka;
   dbMigrations: DbMigrations;
   commerce: CommerceService;
@@ -39,60 +44,78 @@ export function deployUsage({
   const kafkaBufferDynamic =
     kafka.config.bufferDynamic === 'true' || kafka.config.bufferDynamic === '1' ? '1' : '0';
 
-  return new ServiceDeployment(
-    'usage-service',
-    {
-      image,
-      imagePullSecret: docker.secret,
-      replicas,
-      readinessProbe: {
-        initialDelaySeconds: 10,
-        periodSeconds: 5,
-        failureThreshold: 2,
-        timeoutSeconds: 5,
-        endpoint: '/_readiness',
-      },
-      livenessProbe: '/_health',
-      startupProbe: '/_health',
-      availabilityOnEveryNode: true,
-      env: {
-        ...environment.envVars,
-        SENTRY: sentry.enabled ? '1' : '0',
-        REQUEST_LOGGING: '0',
-        KAFKA_BUFFER_SIZE: kafka.config.bufferSize,
-        KAFKA_SASL_MECHANISM: kafka.config.saslMechanism,
-        KAFKA_CONCURRENCY: kafka.config.concurrency,
-        KAFKA_BUFFER_INTERVAL: kafka.config.bufferInterval,
-        KAFKA_BUFFER_DYNAMIC: kafkaBufferDynamic,
-        KAFKA_TOPIC: kafka.config.topic,
-        TOKENS_ENDPOINT: serviceLocalEndpoint(tokens.service),
-        COMMERCE_ENDPOINT: serviceLocalEndpoint(commerce.service),
-        OPENTELEMETRY_COLLECTOR_ENDPOINT:
-          observability.enabled &&
-          observability.enabledForUsageService &&
-          observability.tracingEndpoint
-            ? observability.tracingEndpoint
-            : '',
-      },
-      exposesMetrics: true,
-      port: 4000,
-      pdb: true,
-      autoScaling: {
-        cpu: {
-          cpuAverageToScale: 60,
-          limit: cpuLimit,
+  return (
+    new ServiceDeployment(
+      'usage-service',
+      {
+        image,
+        imagePullSecret: docker.secret,
+        replicas,
+        readinessProbe: {
+          initialDelaySeconds: 10,
+          periodSeconds: 5,
+          failureThreshold: 2,
+          timeoutSeconds: 5,
+          endpoint: '/_readiness',
+        },
+        livenessProbe: '/_health',
+        startupProbe: '/_health',
+        availabilityOnEveryNode: true,
+        env: {
+          ...environment.envVars,
+          SENTRY: sentry.enabled ? '1' : '0',
+          REQUEST_LOGGING: '0',
+          KAFKA_BUFFER_SIZE: kafka.config.bufferSize,
+          KAFKA_SASL_MECHANISM: kafka.config.saslMechanism,
+          KAFKA_CONCURRENCY: kafka.config.concurrency,
+          KAFKA_BUFFER_INTERVAL: kafka.config.bufferInterval,
+          KAFKA_BUFFER_DYNAMIC: kafkaBufferDynamic,
+          KAFKA_TOPIC: kafka.config.topic,
+          TOKENS_ENDPOINT: serviceLocalEndpoint(tokens.service),
+          COMMERCE_ENDPOINT: serviceLocalEndpoint(commerce.service),
+          OPENTELEMETRY_COLLECTOR_ENDPOINT:
+            observability.enabled &&
+            observability.enabledForUsageService &&
+            observability.tracingEndpoint
+              ? observability.tracingEndpoint
+              : '',
+        },
+        exposesMetrics: true,
+        port: 4000,
+        pdb: true,
+        autoScaling: {
+          cpu: {
+            cpuAverageToScale: 60,
+            limit: cpuLimit,
+          },
+          maxReplicas,
         },
-        maxReplicas,
       },
-    },
-    [dbMigrations, tokens.deployment, tokens.service, commerce.deployment, commerce.service].filter(
-      Boolean,
-    ),
-  )
-    .withSecret('KAFKA_SASL_USERNAME', kafka.secret, 'saslUsername')
-    .withSecret('KAFKA_SASL_PASSWORD', kafka.secret, 'saslPassword')
-    .withSecret('KAFKA_SSL', kafka.secret, 'ssl')
-    .withSecret('KAFKA_BROKER', kafka.secret, 'endpoint')
-    .withConditionalSecret(sentry.enabled, 'SENTRY_DSN', sentry.secret, 'dsn')
-    .deploy();
+      [
+        dbMigrations,
+        tokens.deployment,
+        tokens.service,
+        commerce.deployment,
+        commerce.service,
+      ].filter(Boolean),
+    )
+      // Redis
+      .withSecret('REDIS_HOST', redis.secret, 'host')
+      .withSecret('REDIS_PORT', redis.secret, 'port')
+      .withSecret('REDIS_PASSWORD', redis.secret, 'password')
+      // PG
+      .withSecret('POSTGRES_HOST', postgres.pgBouncerSecret, 'host')
+      .withSecret('POSTGRES_PORT', postgres.pgBouncerSecret, 'port')
+      .withSecret('POSTGRES_USER', postgres.pgBouncerSecret, 'user')
+      .withSecret('POSTGRES_PASSWORD', postgres.pgBouncerSecret, 'password')
+      .withSecret('POSTGRES_DB', postgres.pgBouncerSecret, 'database')
+      .withSecret('POSTGRES_SSL', postgres.pgBouncerSecret, 'ssl')
+      // Kafka
+      .withSecret('KAFKA_SASL_USERNAME', kafka.secret, 'saslUsername')
+      .withSecret('KAFKA_SASL_PASSWORD', kafka.secret, 'saslPassword')
+      .withSecret('KAFKA_SSL', kafka.secret, 'ssl')
+      .withSecret('KAFKA_BROKER', kafka.secret, 'endpoint')
+      .withConditionalSecret(sentry.enabled, 'SENTRY_DSN', sentry.secret, 'dsn')
+      .deploy()
+  );
 }
@@ -363,6 +363,14 @@ services:
       KAFKA_BUFFER_SIZE: 350
       KAFKA_BUFFER_INTERVAL: 1000
       KAFKA_BUFFER_DYNAMIC: '1'
+      POSTGRES_HOST: db
+      POSTGRES_PORT: 5432
+      POSTGRES_DB: '${POSTGRES_DB}'
+      POSTGRES_USER: '${POSTGRES_USER}'
+      POSTGRES_PASSWORD: '${POSTGRES_PASSWORD}'
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: '${REDIS_PASSWORD}'
       PORT: 3006
       LOG_LEVEL: '${LOG_LEVEL:-debug}'
       SENTRY: '${SENTRY:-0}'
 
@@ -6,6 +6,7 @@ import type {
   AssignMemberRoleInput,
   ClientStatsInput,
   CreateMemberRoleInput,
+  CreateOrganizationAccessTokenInput,
   CreateOrganizationInput,
   CreateProjectInput,
   CreateTargetInput,
@@ -1491,3 +1492,38 @@ export async function updateTargetSchemaComposition(
     token,
   });
 }
+
+export function createOrganizationAccessToken(
+  input: CreateOrganizationAccessTokenInput,
+  authToken: string,
+) {
+  return execute({
+    document: graphql(`
+      mutation CreateOrganizationAccessToken($input: CreateOrganizationAccessTokenInput!) {
+        createOrganizationAccessToken(input: $input) {
+          ok {
+            privateAccessKey
+            createdOrganizationAccessToken {
+              id
+              title
+              description
+              permissions
+              createdAt
+            }
+          }
+          error {
+            message
+            details {
+              title
+              description
+            }
+          }
+        }
+      }
+    `),
+    authToken,
+    variables: {
+      input,
+    },
+  });
+}
@@ -21,6 +21,7 @@ import {
   createCdnAccess,
   createMemberRole,
   createOrganization,
+  createOrganizationAccessToken,
   createProject,
   createTarget,
   createToken,
@@ -110,6 +111,29 @@ export function initSeed() {
 
           return {
             organization,
+            async createOrganizationAccessToken(args: {
+              permissions: Array<string>;
+              resources: GraphQLSchema.ResourceAssignmentInput;
+            }) {
+              const result = await createOrganizationAccessToken(
+                {
+                  title: 'A Access Token',
+                  description: 'access token',
+                  organization: {
+                    byId: organization.id,
+                  },
+                  permissions: args.permissions,
+                  resources: args.resources,
+                },
+                ownerToken,
+              ).then(r => r.expectNoGraphQLErrors());
+
+              if (result.createOrganizationAccessToken.error) {
+                throw new Error(result.createOrganizationAccessToken.error.message);
+              }
+
+              return result.createOrganizationAccessToken.ok!.privateAccessKey;
+            },
             async setFeatureFlag(name: string, value: boolean | string[]) {
               const pool = await createConnectionPool();