refactoring: public/private configs

1 files changed, 64 insertions, 13 deletions

diff --git a/pavement.py b/pavement.py
index 9d42e6c..b637df3 100644
--- a/pavement.py
+++ b/pavement.py
@@ -20,12 +20,17 @@ the License.
 
 import os
 
+from raven import Client
 from paver.easy import task
 from paver.easy import sh
 
 
+client = Client(os.environ.get('RAVEN_DNS'))
+
+
 @task
 def test():
+    os.environ["OMAHA_SERVER_PRIVATE"] = 'True'
     sh('./manage.py test --settings=omaha_server.settings_test', cwd='omaha_server')
 
 
@@ -70,23 +75,69 @@ def create_admin():
 
 
 @task
-def mount_s3():
-    kwargs = dict(bucket=os.environ['AWS_STORAGE_BUCKET_NAME'],
-                  mount_point='/srv/omaha_s3')
-    env = dict(AWSACCESSKEYID=os.environ['AWS_ACCESS_KEY_ID'],
-               AWSSECRETACCESSKEY=os.environ['AWS_SECRET_ACCESS_KEY'])
-    cmd = 's3fs {bucket} {mount_point} -ouse_cache=/tmp'.format(**kwargs)
-    sh(cmd, env=env)
+def create_db_public_user():
+    import psycopg2
+
+    db_public_user = os.environ['DB_PUBLIC_USER']
+    db_public_password = os.environ['DB_PUBLIC_PASSWORD']
+
+    conn = psycopg2.connect(host=os.environ['DB_HOST'],
+                          user=os.environ['DB_USER'],
+                          password=os.environ['DB_PASSWORD'],
+                          database=os.environ['DB_NAME'])
+    curs = conn.cursor()
+
+    try:
+        # user and group
+        curs.execute("CREATE USER %s WITH PASSWORD '%s';" % (db_public_user, db_public_password))
+        curs.execute('CREATE GROUP public_users WITH USER %s;' % db_public_user)
+
+        # versions
+        curs.execute('GRANT SELECT ON TABLE applications, platforms, platforms_id_seq, '
+                     'channels, channels_id_seq, versions, versions_id_seq, actions, '
+                     'actions_id_seq, omaha_data, omaha_data_id_seq, omaha_partialupdate, '
+                     'omaha_partialupdate_id_seq, sparkle_sparkleversion, '
+                     'sparkle_sparkleversion_id_seq TO GROUP public_users;')
+
+        # crash
+        curs.execute('GRANT SELECT, INSERT, UPDATE ON TABLE crash_crash, crash_crash_id_seq, '
+                     'crash_crashdescription, crash_crashdescription_id_seq TO GROUP public_users;')
+        curs.execute('GRANT SELECT ON TABLE crash_symbols, crash_symbols_id_seq TO GROUP public_users;')
+        curs.execute('GRANT INSERT ON TABLE feedback_feedback, feedback_feedback_id_seq TO GROUP public_users;')
+
+        # statistics
+        curs.execute('GRANT SELECT, INSERT, UPDATE ON TABLE omaha_apprequest, '
+                     'omaha_apprequest_id_seq, omaha_apprequest_events, '
+                     'omaha_apprequest_events_id_seq, omaha_event, omaha_event_id_seq, omaha_hw, '
+                     'omaha_hw_id_seq, omaha_os, omaha_os_id_seq, omaha_request, '
+                     'omaha_request_id_seq TO GROUP public_users;')
+
+        # dev
+        curs.execute('GRANT INSERT ON TABLE httplog_entry, httplog_entry_id_seq TO GROUP public_users;')
+        conn.commit()
+    except psycopg2.ProgrammingError:
+        pass
+    finally:
+        curs.close()
+        conn.close()
 
 
 @task
 def docker_run():
-    migrate()
-    loaddata()
-    create_admin()
-    collectstatic()
-    # mount_s3()
-    sh('/usr/bin/supervisord')
+    try:
+        is_private = True if os.environ.get('OMAHA_SERVER_PRIVATE') == 'True' else False
+
+        if is_private:
+            migrate()
+            create_db_public_user()
+            loaddata()
+            create_admin()
+            collectstatic()
+
+        sh('/usr/bin/supervisord')
+    except:
+        client.captureException()
+        raise
 
 
 @task