From a8f6befc178b3367646d65d0b585a5e4ada4b637 Mon Sep 17 00:00:00 2001 From: dandds Date: Thu, 23 Jan 2020 15:35:35 -0500 Subject: [PATCH] secrets-tool command for bootstrapping database. This additional secrets-tool command can be used to run the database bootsrapping script (`script/database_setup.py`) inside an ATAT docker container against the Azure database. It sources the necessary keys from Key Vault. --- script/database_setup.py | 3 - terraform/secrets-tool/README.md | 38 ++++- terraform/secrets-tool/commands/database.py | 134 ++++++++++++++++++ terraform/secrets-tool/postgres-user.yaml | 4 + terraform/secrets-tool/secrets-tool | 8 +- .../secrets-tool/utils/keyvault/secrets.py | 11 +- 6 files changed, 185 insertions(+), 13 deletions(-) create mode 100644 terraform/secrets-tool/commands/database.py create mode 100644 terraform/secrets-tool/postgres-user.yaml diff --git a/script/database_setup.py b/script/database_setup.py index bab95890..623dfd8b 100644 --- a/script/database_setup.py +++ b/script/database_setup.py @@ -1,13 +1,11 @@ # Add root application dir to the python path import os import sys -from contextlib import contextmanager parent_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), "..")) sys.path.append(parent_dir) import sqlalchemy -from alembic import config as alembic_config import yaml from atst.app import make_config, make_app @@ -25,7 +23,6 @@ def database_setup(username, password, dbname, ccpo_users): try: _create_database_user(username, password, dbname) except sqlalchemy.exc.ProgrammingError as err: - raise err print(f"Postgres user role '{username}' already exists.") print("Applying schema and seeding roles and permissions.") diff --git a/terraform/secrets-tool/README.md b/terraform/secrets-tool/README.md index 28b44817..9ce07497 100644 --- a/terraform/secrets-tool/README.md +++ b/terraform/secrets-tool/README.md @@ -15,7 +15,7 @@ With both usernames and passwords generated, the application only needs to make Ex. ``` { - 'postgres_root_user': 'EzTEzSNLKQPHuJyPdPloIDCAlcibbl', + 'postgres_root_user': 'EzTEzSNLKQPHuJyPdPloIDCAlcibbl', 'postgres_root_password': "2+[A@E4:C=ubb/#R#'n