Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sandbox db upload job #2949

Merged
merged 1 commit into from
Aug 6, 2024
Merged

sandbox db upload job #2949

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions jobs/gcp-db-data-masking/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
FROM google/cloud-sdk:latest

USER root

# Create working directory
RUN mkdir /opt/app-root && chmod 755 /opt/app-root
WORKDIR /opt/app-root

COPY jobs/gcp-db-data-masking/ .

EXPOSE 8080

CMD [ "/bin/bash", "run.sh" ]
4 changes: 4 additions & 0 deletions jobs/gcp-db-data-masking/cloudbuild.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
steps:
- name: "gcr.io/cloud-builders/docker"
args: ["build", "-f", "jobs/gcp-db-data-masking/Dockerfile", "-t", "${_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${_REGISTRY_REPO}/${_IMAGE}:${SHORT_SHA}", "-t", "${_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${_REGISTRY_REPO}/${_IMAGE}:${_TAG}", "."]
images: ["${_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${_REGISTRY_REPO}/${_IMAGE}:${_TAG}"]
2 changes: 2 additions & 0 deletions jobs/gcp-db-data-masking/db_mask.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#!/bin/bash
echo "mask script goes in here"
31 changes: 31 additions & 0 deletions jobs/gcp-db-data-masking/run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/bin/bash
root_dir="/opt/app-root"
cd $root_dir

echo "recreating sandbox db"
gcloud sql instances restart "${DB_NAME}-tools"
gcloud --quiet sql databases delete $DB_NAME --instance="${DB_NAME}-tools"
gcloud --quiet sql databases create $DB_NAME --instance="${DB_NAME}-tools"
gsutil cp "gs://${DB_NAME}-dump-${ENV}/${DB_NAME}.sql.gz" ${DB_NAME}.sql.gz

echo "starting mask script"
sh db_mask.sh
echo "loading dump into sandbox db"
gcloud --quiet sql import sql "${DB_NAME}-tools" "gs://${DB_NAME}-dump-${ENV}/${DB_NAME}.sql.gz" --database=$DB_NAME --user=$DB_USER

touch readonly.sql

echo "writing grants to users ..."

echo "GRANT USAGE ON SCHEMA public TO readonly;" >> readonly.sql
echo "GRANT SELECT ON ALL TABLES IN SCHEMA public to readonly;" >> readonly.sql
echo "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly;" >> readonly.sql

echo "GRANT USAGE ON SCHEMA public TO auth;" >> readonly.sql
echo "GRANT SELECT ON ALL TABLES IN SCHEMA public to auth;" >> readonly.sql
echo "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO auth;" >> readonly.sql
echo "GRANT INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO auth;" >> readonly.sql

echo "applying readonly user changes ..."
gsutil cp readonly.sql "gs://${DB_NAME}-dump-${ENV}/"
gcloud --quiet sql import sql "${DB_NAME}-tools" "gs://${DB_NAME}-dump-${ENV}/readonly.sql" --database=$DB_NAME --user=$DB_USER