feat: anonymization using DbToolsBundle

https://www.wrike.com/open.htm?id=1396105243
le-phare · Jan 29, 2025 · c49382b · c49382b
1 parent 504c92a
commit c49382b
Show file tree

Hide file tree

Showing 4 changed files with 113 additions and 4 deletions.
diff --git a/faros-ng/deploy-pack/1.7/ansible/_variables.yml b/faros-ng/deploy-pack/1.7/ansible/_variables.yml
@@ -26,14 +26,23 @@ lephare_install_adminer: false
 lephare_packagist_com_token: "{{ vault_lephare_packagist_com_token }}"
 
 # (db-pull) Database settings
-db_pull_local_database_host: <local_database_host>
+db_pull_local_database_host: pgsql_17
 db_pull_local_database_name: <local_database_name>
-db_pull_local_database_user: <local_database_user>
-db_pull_local_database_password: <local_database_password>
-db_pull_local_database_port: <local_database_port> # MySQL/MariaDB: 3306, PostgreSQL: 5432
+db_pull_local_database_user: postgres
+db_pull_local_database_password: root
+db_pull_local_database_port: 5432
 
 db_pull_local_backup_path: ../var/database/
 db_pull_remote_backup_path: "{{ ansistrano_deploy_to }}/var/database"
 db_pull_remote_database_host: localhost
 db_pull_remote_database_port: 5432
 db_pull_remote_database_password: "{{ vault_database_password }}"
+
+# Requires an additional remote database dedicated to anonymization + installing `makinacorpus/db-tools-bundle`
+db_pull_anonymization: true
+
+db_pull_anonymization_remote_database_user: <anonymization_remote_database_user>
+db_pull_anonymization_remote_database_host: <anonymization_remote_database_host>
+db_pull_anonymization_remote_database_name: <anonymization_remote_database_name>
+db_pull_anonymization_remote_database_password: "{{ vault_anonymization_remote_database_password }}"
+db_pull_anonymization_remote_database_port: 5432
diff --git a/faros-ng/deploy-pack/1.7/ansible/preprod/group_vars/app/vault b/faros-ng/deploy-pack/1.7/ansible/preprod/group_vars/app/vault
@@ -1,2 +1,3 @@
 vault_database_password: <remote_database_password>
 vault_lephare_packagist_com_token: <lephare_packagist_com_token>
+vault_anonymization_remote_database_password: <anonymization_remote_database_password>
diff --git a/makinacorpus/db-tools-bundle/1.2/anonymizations.yaml b/makinacorpus/db-tools-bundle/1.2/anonymizations.yaml
@@ -0,0 +1,3 @@
+faros_user:
+    firstname: firstname
+    lastname: lastname
diff --git a/makinacorpus/db-tools-bundle/1.2/config/packages/db_tools.yaml b/makinacorpus/db-tools-bundle/1.2/config/packages/db_tools.yaml
@@ -0,0 +1,96 @@
+db_tools:
+    # Where to put generated backups.
+    #storage:
+        # Root directory of the backup storage manager. Default filename
+        # strategy will always use this folder as root path.
+        #root_dir: '%kernel.project_dir%/var/db_tools'
+
+        # Filename strategies. You may specify one strategy for each doctrine
+        # connection. Keys are doctrine connection names. Values are strategy
+        # names, "default" (or null) or omitting the connection will use the
+        # default implementation.
+        # If you created and registered a custom one into the container as a
+        # service, you may simply set the service identifier. If no service
+        # exists, and your implementation does not require parameters, simply
+        # set the class name.
+        #filename_strategy:
+            # Backup filename strategy.
+            # "default" is an alias of "datetime"
+            #default: default
+            # "datetime" implementation is "%db_tools.storage.root_dir%/YYYY/MM/<connection-name>-<datestamp>.<ext>"
+            #other_connection_strategy: datetime
+            # Example of using a service name:
+            #yet_another_connection: app.db_tools.filename.custom_strategy
+            # Or a classe name:
+            #another_one: App\DbTools\Storage\MyCustomStrategy
+
+    # When old backups are considered obsolete
+    # (Use relative date/time formats : https://www.php.net/manual/en/datetime.formats.relative.php)
+    #backup_expiration_age: '6 months ago' # default '3 months ago'
+
+    # Timeout for backups.
+    # backup_timeout: 1200 # default 600
+
+    # Timeout for restores.
+    # restore_timeout: 2400 # default 1800
+
+    # List here tables (per connection) you don't want in your backups
+    #excluded_tables:
+        #default: ['table1', 'table2']
+
+    # Specify here paths to binaries, only if the system can't find them by himself
+    # platform are 'mysql', 'postgresql', 'sqlite'
+    #backupper_binaries:
+        #mariadb: '/usr/bin/mariadb-dump' # default 'mariadb-dump'
+        #mysql: '/usr/bin/mysqldump' # default 'mysqldump'
+        #postgresql: '/usr/bin/pg_dump' # default 'pg_dump'
+        #sqlite: '/usr/bin/sqlite3' # default 'sqlite3'
+    #restorer_binaries:
+        #mariadb: '/usr/bin/mariadb' # default 'mariadb'
+        #mysql: '/usr/bin/mysql' # default 'mysql'
+        #postgresql: '/usr/bin/pg_restore' # default 'pg_restore'
+        #sqlite: '/usr/bin/sqlite3' # default 'sqlite3'
+
+    # Default options to pass to the binary when backing up or restoring
+    # a database. Those options must be defined per connection.
+    # If you do not define some default options, here or by using the
+    # "--extra-options" option when invoking the command, the following
+    # ones will be used according to the database vendor:
+    # - When backing up:
+    #   - MariaDB: --no-tablespaces
+    #   - MySQL: --no-tablespaces
+    #   - PostgreSQL: -Z 5 --lock-wait-timeout=120
+    #   - SQLite: -bail
+    # - When restoring:
+    #   - MariaDB: None
+    #   - MySQL: None
+    #   - PostgreSQL: -j 2 --clean --if-exists --disable-triggers
+    #   - SQLite: None
+    #backupper_options:
+        #default: ''
+        #another_connection: ''
+    #restorer_options:
+        #default: ''
+        #another_connection: ''
+
+    # Update this configuration if you want to look for anonymizers in a custom folder.
+    # These are default paths that will always be registered even if you override
+    # the setting and don't repeat them:
+    #anonymizer_paths:
+        #- '%kernel.project_dir%/vendor/makinacorpus/db-tools-bundle/src/Anonymizer'
+        #- '%kernel.project_dir%/src/Anonymization/Anonymizer'
+
+    # Anonymization configuration.
+    anonymization:
+        # If you want to configure anonymization with attributes on
+        # Doctrine entities, you have nothing to add here: if doctrine/orm
+        # is available the DbToolsBundle will automatically look for it.
+        #
+        # If you want to load configuration from a yaml:
+        # 1/ If you want to configure anonymization only for the default
+        # DBAL connection, declare it like this:
+        yaml: '%kernel.project_dir%/config/anonymizations.yaml'
+        # 2/ If you use multiple connections, declare each configuration like this:
+        #yaml:
+            #- connection_one: '%kernel.project_dir%/config/anonymizations/connection_one.yaml'
+            #- connection_two: '%kernel.project_dir%/config/anonymizations/connection_two.yaml'