From adacb6ff1913a4c56e79d893922cae64d292b16a Mon Sep 17 00:00:00 2001 From: dandds Date: Mon, 27 Jan 2020 13:16:56 -0500 Subject: [PATCH] Cleanup cruft --- notes.md | 6 ----- script/database_setup.py | 9 ++++--- terraform/secrets-tool/commands/database.py | 26 ++++++++++----------- users.yml | 3 --- 4 files changed, 17 insertions(+), 27 deletions(-) delete mode 100644 notes.md delete mode 100644 users.yml diff --git a/notes.md b/notes.md deleted file mode 100644 index 4c1dd84f..00000000 --- a/notes.md +++ /dev/null @@ -1,6 +0,0 @@ -- for setting up the database: - - create database - - create postgres user password? could we do this as a key? - - create user secret in application key vault - - execute SQL to create user -- we need an initial image to seed ACR with diff --git a/script/database_setup.py b/script/database_setup.py index 623dfd8b..7784be05 100644 --- a/script/database_setup.py +++ b/script/database_setup.py @@ -16,7 +16,6 @@ from reset_database import reset_database def database_setup(username, password, dbname, ccpo_users): - """docstring for database_setup""" print( f"Creating Postgres user role for '{username}' and granting all privileges to database '{dbname}'." ) @@ -42,10 +41,10 @@ def _create_database_user(username, password, dbname): engine.execute( f"CREATE ROLE {username} WITH LOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION PASSWORD '{password}';\n" - + f"GRANT ALL PRIVILEGES ON DATABASE {dbname} TO {username};\n" - + f"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {username}; \n" - + f"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO {username}; \n" - + f"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON FUNCTIONS TO {username}; \n" + f"GRANT ALL PRIVILEGES ON DATABASE {dbname} TO {username};\n" + f"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {username}; \n" + f"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO {username}; \n" + f"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON FUNCTIONS TO {username}; \n" ) trans.commit() diff --git a/terraform/secrets-tool/commands/database.py b/terraform/secrets-tool/commands/database.py index 98f404a5..144ceee6 100644 --- a/terraform/secrets-tool/commands/database.py +++ b/terraform/secrets-tool/commands/database.py @@ -118,24 +118,24 @@ def provision( create_database_cmd = ( f"docker run -e PGHOST='{dbhost}'" - +f" -e PGPASSWORD='{root_password}'" - +f" -e PGUSER='{root_name}@{dbhost}'" - +f" -e PGDATABASE='{dbname}'" - +f" -e PGSSLMODE=require" - +f" {container}" - +f" .venv/bin/python script/create_database.py {dbname}" + f" -e PGPASSWORD='{root_password}'" + f" -e PGUSER='{root_name}@{dbhost}'" + f" -e PGDATABASE='{dbname}'" + f" -e PGSSLMODE=require" + f" {container}" + f" .venv/bin/python script/create_database.py {dbname}" ) _run_cmd(create_database_cmd) seed_database_cmd = ( f"docker run -e PGHOST='{dbhost}'" - +f" -e PGPASSWORD='{root_password}'" - +f" -e PGUSER='{root_name}@{dbhost}'" - +f" -e PGDATABASE='{dbname}'" - +f" -e PGSSLMODE=require" - +f" -v {ccpo_users}:/opt/atat/atst/users.yml" - +f" {container}" - +f" .venv/bin/python script/database_setup.py {user_username} '{user_password}' users.yml" + f" -e PGPASSWORD='{root_password}'" + f" -e PGUSER='{root_name}@{dbhost}'" + f" -e PGDATABASE='{dbname}'" + f" -e PGSSLMODE=require" + f" -v {ccpo_users}:/opt/atat/atst/users.yml" + f" {container}" + f" .venv/bin/python script/database_setup.py {user_username} '{user_password}' users.yml" ) _run_cmd(seed_database_cmd) diff --git a/users.yml b/users.yml deleted file mode 100644 index 561031f2..00000000 --- a/users.yml +++ /dev/null @@ -1,3 +0,0 @@ -- dod_id: "2323232323" - first_name: "hi" - last_name: "bye"