From 3ec0b51e7269ca0802580537417b356d7cf51b1e Mon Sep 17 00:00:00 2001
From: Matthew Spence <matthew.spence@cisa.dhs.gov>
Date: Wed, 18 Dec 2024 15:56:00 -0600
Subject: [PATCH 1/4] add db workflow documentation

---
 docs/developer/cloning-databases.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 docs/developer/cloning-databases.md

diff --git a/docs/developer/cloning-databases.md b/docs/developer/cloning-databases.md
new file mode 100644
index 000000000..8dc22979a
--- /dev/null
+++ b/docs/developer/cloning-databases.md
@@ -0,0 +1,5 @@
+# Cloning Databases
+The clone-db workflow clones a Source database to a Destination database using cloud.gov's cg-manage-rds tool. This document contains additional information needed to understand how the workflow functions.
+
+## Additional Roles Required
+The clone-db workflow functions by temporarily sharing the Destination database with the space of the Source database. This is because cloning databases across spaces is hard. Sharing is done via the `cf share-service` command, but requires that the authenticated user (in this case this will be a user from the Source space) have the `space-developer` role in *both* the Source and Destination spaces. This must be set by someone with permission to edit space roles *before* the workflow runs. The user in question can be found using the `cf space-users [ORG] [SPACE]` command where the SPACE is the Source space, and will appear as a UAA user with a UUID as the name. There is only one such user per space by default (this is a [service account](https://cloud.gov/docs/services/cloud-gov-service-account/) set up by cloud.gov for our Github workflows). This user needs to be provided with the `space-developer` role in the Destination space, which can be accomplished using `cf set-space-role [USER] [ORG] [DESTINATION SPACE] SpaceDeveloper`.

From 1f104f0004c1ce07faa48c9f93352ea3c6bf9196 Mon Sep 17 00:00:00 2001
From: Matt-Spence <matthewswSpence@gmail.com>
Date: Mon, 23 Dec 2024 11:19:34 -0600
Subject: [PATCH 2/4] Update cloning-databases.md

---
 docs/developer/cloning-databases.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/developer/cloning-databases.md b/docs/developer/cloning-databases.md
index 8dc22979a..cd4b2e9c1 100644
--- a/docs/developer/cloning-databases.md
+++ b/docs/developer/cloning-databases.md
@@ -3,3 +3,13 @@ The clone-db workflow clones a Source database to a Destination database using c
 
 ## Additional Roles Required
 The clone-db workflow functions by temporarily sharing the Destination database with the space of the Source database. This is because cloning databases across spaces is hard. Sharing is done via the `cf share-service` command, but requires that the authenticated user (in this case this will be a user from the Source space) have the `space-developer` role in *both* the Source and Destination spaces. This must be set by someone with permission to edit space roles *before* the workflow runs. The user in question can be found using the `cf space-users [ORG] [SPACE]` command where the SPACE is the Source space, and will appear as a UAA user with a UUID as the name. There is only one such user per space by default (this is a [service account](https://cloud.gov/docs/services/cloud-gov-service-account/) set up by cloud.gov for our Github workflows). This user needs to be provided with the `space-developer` role in the Destination space, which can be accomplished using `cf set-space-role [USER] [ORG] [DESTINATION SPACE] SpaceDeveloper`.
+
+## Turning Off DB Cloning Fast (For Emergencies or other Scenarios)
+Step 1:
+Get the name of the correct service using `cf spaces-users cisa-dotgov stable`. There should only be one user with a name that is a UUID, that is the one you want.
+
+step 2:
+Remove the space develeper role by doing the following command:
+`cf unset-space-role [USER] cisa-dotgov staging SpaceDeveloper`
+
+This will cause the job to fail without requiring pushing anything to main.

From 9f3fff03fdfaac009377c522f81eb8eb1f0d44c1 Mon Sep 17 00:00:00 2001
From: Matt-Spence <matthewswSpence@gmail.com>
Date: Thu, 2 Jan 2025 12:45:28 -0600
Subject: [PATCH 3/4] Update cloning-databases.md

---
 docs/developer/cloning-databases.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/developer/cloning-databases.md b/docs/developer/cloning-databases.md
index cd4b2e9c1..4dcb5f52d 100644
--- a/docs/developer/cloning-databases.md
+++ b/docs/developer/cloning-databases.md
@@ -5,6 +5,8 @@ The clone-db workflow clones a Source database to a Destination database using c
 The clone-db workflow functions by temporarily sharing the Destination database with the space of the Source database. This is because cloning databases across spaces is hard. Sharing is done via the `cf share-service` command, but requires that the authenticated user (in this case this will be a user from the Source space) have the `space-developer` role in *both* the Source and Destination spaces. This must be set by someone with permission to edit space roles *before* the workflow runs. The user in question can be found using the `cf space-users [ORG] [SPACE]` command where the SPACE is the Source space, and will appear as a UAA user with a UUID as the name. There is only one such user per space by default (this is a [service account](https://cloud.gov/docs/services/cloud-gov-service-account/) set up by cloud.gov for our Github workflows). This user needs to be provided with the `space-developer` role in the Destination space, which can be accomplished using `cf set-space-role [USER] [ORG] [DESTINATION SPACE] SpaceDeveloper`.
 
 ## Turning Off DB Cloning Fast (For Emergencies or other Scenarios)
+Note: In less urgent situations it may be better to make a PR removing the scheduled workflow trigger.
+
 Step 1:
 Get the name of the correct service using `cf spaces-users cisa-dotgov stable`. There should only be one user with a name that is a UUID, that is the one you want.
 

From f3f1a1fb062aaece1a8b4570b8014f3ddebf5081 Mon Sep 17 00:00:00 2001
From: Matt-Spence <matthewswSpence@gmail.com>
Date: Tue, 14 Jan 2025 12:03:36 -0600
Subject: [PATCH 4/4] Update docs/developer/cloning-databases.md

Co-authored-by: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
---
 docs/developer/cloning-databases.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/developer/cloning-databases.md b/docs/developer/cloning-databases.md
index 4dcb5f52d..a193e4685 100644
--- a/docs/developer/cloning-databases.md
+++ b/docs/developer/cloning-databases.md
@@ -11,7 +11,7 @@ Step 1:
 Get the name of the correct service using `cf spaces-users cisa-dotgov stable`. There should only be one user with a name that is a UUID, that is the one you want.
 
 step 2:
-Remove the space develeper role by doing the following command:
+Remove the space developer role by doing the following command:
 `cf unset-space-role [USER] cisa-dotgov staging SpaceDeveloper`
 
 This will cause the job to fail without requiring pushing anything to main.