feat: add anonymization

SocialGouv · Jun 11, 2024 · 85b72a0 · 85b72a0
1 parent 7f8639e
commit 85b72a0
Show file tree

Hide file tree

Showing 29 changed files with 3,134 additions and 3 deletions.
diff --git a/.anonymizer/.env.example b/.anonymizer/.env.example
@@ -0,0 +1,15 @@
+export bucket_access_key=
+export bucket_endpoint=
+export bucket_name=
+export bucket_region=
+export bucket_secret_key=
+
+export PGHOST=
+export PGUSER=
+export PGPASSWORD=
+export PGDATABASE=
+
+export PGHOST_RESTORE=
+export PGUSER_RESTORE=
+export PGPASSWORD_RESTORE=
+export PGDATABASE_RESTORE=
diff --git a/.anonymizer/.gitignore b/.anonymizer/.gitignore
@@ -0,0 +1,9 @@
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
+
+dist/
diff --git a/.anonymizer/.prettierrc.json b/.anonymizer/.prettierrc.json
@@ -0,0 +1,8 @@
+{
+  "semi": false,
+  "tabWidth": 2,
+  "useTabs": false,
+  "printWidth": 80,
+  "singleQuote": false,
+  "trailingComma": "es5"
+}
diff --git a/.anonymizer/.yarn/releases/yarn-4.2.2.cjs b/.anonymizer/.yarn/releases/yarn-4.2.2.cjs
diff --git a/.anonymizer/.yarnrc.yml b/.anonymizer/.yarnrc.yml
@@ -0,0 +1,5 @@
+compressionLevel: mixed
+
+enableGlobalCache: false
+
+yarnPath: .yarn/releases/yarn-4.2.2.cjs
diff --git a/.anonymizer/anonymize-prod.sh b/.anonymizer/anonymize-prod.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -e
+
+exclude_tables="contact_support,contact_support_message,expired_token,message_email,monitor_batch_process,user_usager_login"
+
+mkdir -p /tmp/pg_dump
+
+cd /workspace/.anonymizer
+
+cat config.yaml \
+    | sed "s%{{tmp}}%/tmp/pg_dump%" \
+    | sed "s%{{bucket_access_key}}%$bucket_access_key%" \
+    | sed "s%{{bucket_secret_key}}%$bucket_secret_key%" \
+    | sed "s%{{bucket_endpoint}}%$bucket_endpoint%" \
+    | sed "s%{{bucket_name}}%$bucket_name%" \
+    | sed "s%{{bucket_region}}%$bucket_region%" \
+    | sed "s%{{type}}%directory%" \
+    > config.local.yaml
+
+yarn
+yarn build
+
+greenmask dump --config config.local.yaml -j 1 --exclude-table-data $exclude_tables
diff --git a/.anonymizer/anonymize.sh b/.anonymizer/anonymize.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -e
+
+exclude_tables="contact_support,contact_support_message,expired_token,message_email,monitor_batch_process,user_usager_login"
+
+cd "$(dirname "$0")"
+
+source .env
+pg_dump_directory=./tmp/pg_dump
+mkdir -p $pg_dump_directory
+
+greenmask -v || (echo "You need to download greenmask from https://github.com/GreenmaskIO/greenmask/releases/tag/v0.1.14 in $directory" && exit)
+
+cat config.yaml \
+    | sed "s%{{tmp}}%$(pwd)/tmp/pg_dump%" \
+    | sed "s%{{bucket_access_key}}%$bucket_access_key%" \
+    | sed "s%{{bucket_secret_key}}%$bucket_secret_key%" \
+    | sed "s%{{bucket_endpoint}}%$bucket_endpoint%" \
+    | sed "s%{{bucket_name}}%$bucket_name%" \
+    | sed "s%{{bucket_region}}%$bucket_region%" \
+    | sed "s%{{type}}%directory%" \
+    > config.local.yaml
+
+greenmask dump --config config.local.yaml --log-level debug -j 10 --exclude-table-data $exclude_tables
+
+export PGDATABASE=${PGDATABASE_RESTORE:-$PGDATABASE_anonymized}
+pg_restore --clean --if-exists --no-owner --no-acl --verbose -d $PGDATABASE $pg_dump_directory/$(ls $pg_dump_directory | tail -n 1)