feat: anonymization using DbToolsBundle

https://www.wrike.com/open.htm?id=1396105243

Author: lucasmirloup

faros-ng/deploy-pack/1.7/ansible/_variables.yml

@@ -26,14 +26,23 @@ lephare_install_adminer: false
 lephare_packagist_com_token: "{{ vault_lephare_packagist_com_token }}"
 
 # (db-pull) Database settings
-db_pull_local_database_host: <local_database_host>
+db_pull_local_database_host: pgsql_17
 db_pull_local_database_name: <local_database_name>
-db_pull_local_database_user: <local_database_user>
-db_pull_local_database_password: <local_database_password>
-db_pull_local_database_port: <local_database_port> # MySQL/MariaDB: 3306, PostgreSQL: 5432
+db_pull_local_database_user: postgres
+db_pull_local_database_password: root
+db_pull_local_database_port: 5432
 
 db_pull_local_backup_path: ../var/database/
 db_pull_remote_backup_path: "{{ ansistrano_deploy_to }}/var/database"
 db_pull_remote_database_host: localhost
 db_pull_remote_database_port: 5432
 db_pull_remote_database_password: "{{ vault_database_password }}"
+
+# Requires an additional remote database dedicated to anonymization + installing `makinacorpus/db-tools-bundle`
+db_pull_anonymization: true
+
+db_pull_anonymization_remote_database_user: <anonymization_remote_database_user>
+db_pull_anonymization_remote_database_host: <anonymization_remote_database_host>
+db_pull_anonymization_remote_database_name: <anonymization_remote_database_name>
+db_pull_anonymization_remote_database_password: "{{ vault_anonymization_remote_database_password }}"
+db_pull_anonymization_remote_database_port: 5432

faros-ng/deploy-pack/1.7/ansible/preprod/group_vars/app/vault

@@ -1,2 +1,3 @@
 vault_database_password: <remote_database_password>
 vault_lephare_packagist_com_token: <lephare_packagist_com_token>
+vault_anonymization_remote_database_password: <anonymization_remote_database_password>

makinacorpus/db-tools-bundle/1.2/config/anonymizations.yaml

@@ -0,0 +1,3 @@
+faros_user:
+    firstname: firstname
+    lastname: lastname

makinacorpus/db-tools-bundle/1.2/config/packages/db_tools.yaml

@@ -0,0 +1,107 @@
+db_tools:
+    # Where to put generated backups.
+    # Root directory of the backup storage manager. Default filename
+    # strategy will always use this folder as root path.
+    #storage_directory: '%kernel.project_dir%/var/db_tools'
+
+    # Filename strategies. You may specify one strategy for each doctrine
+    # connection. Keys are doctrine connection names. Values are strategy
+    # names, "default" (or null) or omitting the connection will use the
+    # default implementation.
+    # If you created and registered a custom one into the container as a
+    # service, you may simply set the service identifier. If no service
+    # exists, and your implementation does not require parameters, simply
+    # set the class name.
+    # Allowed values are:
+    #  - "default": alias of "datetime".
+    #  - "datetime": implementation is "%db_tools.storage_directory%/YYYY/MM/<connection-name>-<datestamp>.<ext>".
+    #  - CLASS_NAME: a class name to use that implements a strategy.
+    #  - SERVICE_ID: A service identifier registered in container that
+    #    implements a strategy.
+    #storage_filename_strategy: default
+
+    # When old backups are considered obsolete.
+    # (Use relative date/time formats : https://www.php.net/manual/en/datetime.formats.relative.php)
+    #backup_expiration_age: '6 months ago' # default '3 months ago'
+
+    # Default timeout for backup process.
+    #backup_timeout: 1200 # default 600
+
+    # Default timeout for restore process.
+    #restore_timeout: 2400 # default 1800
+
+    # List here tables you don't want in your backups.
+    # If you have more than one connection, it is strongly advised to configure
+    # this for each connection instead.
+    #backup_excluded_tables: ['table1', 'table2']
+
+    # Specify here paths to backup and restoration binaries and command line
+    # options.
+    # Warning: this will apply to all connections disregarding their database
+    # vendor. If you have more than one connection and if they use different
+    # database vendors or versions, please configure those for each connection
+    # instead.
+    # Default values depends upon vendor and are documented at
+    # https://dbtoolsbundle.readthedocs.io/en/stable/configuration.html
+    #backup_binary: '/usr/bin/pg_dump'
+    #backup_options: '-Z 5 --lock-wait-timeout=120'
+    #restore_binary: '/usr/bin/pg_restore'
+    #restore_options: '-j 2 --clean --if-exists --disable-triggers'
+
+    # For advanced usage, you may also override any parameter for each connection.
+    # Each key is a connection name, all parameters above are allowed for each
+    # unique connection.
+    # Keys are doctrine connection names.
+    #connections:
+    #    connection_one:
+    #        # Complete list of accepted parameters follows.
+    #        url: "pgsql://username:password@hostname:port?version=16.0&other_option=..."
+    #        backup_binary: /usr/local/bin/vendor-one-dump
+    #        backup_excluded_tables: ['table_one', 'table_two']
+    #        backup_expiration_age: '1 month ago'
+    #        backup_options: --no-table-lock
+    #        backup_timeout: 2000
+    #        restore_binary: /usr/local/bin/vendor-one-restore
+    #        restore_options: --disable-triggers --other-option
+    #        restore_timeout: 5000
+    #        storage_directory: /path/to/storage
+    #        storage_filename_strategy: datetime
+    #    connection_two:
+    #        # ...
+
+    # Update this configuration if you want to look for anonymizers in a custom
+    # folder.
+    # Be aware that DbToolsBundle will always take a look at the default folder
+    # dedicated to your custom anonymizers: %kernel.project_dir%/src/Anonymizer,
+    # so you don't have to repeat it.
+    #anonymizer_paths:
+    #    - '%kernel.project_dir%/src/Database/Anonymizer'
+
+    # For simple needs, you may simply write the anonymization configuration
+    # here. Keys are connection names, values are structures which are identical
+    # to what you may find in the "anonymizations.sample.yaml" example.
+    #anonymization:
+    #    connection_one:
+    #        table1:
+    #            column1:
+    #                anonymizer: anonymizer_name
+    #                # ... anonymizer specific options...
+    #            column2:
+    #            # ...
+    #        table2:
+    #            # ...
+    #    connection_two:
+    #        # ...
+
+    # You can for organisation purpose delegate anonymization config into extra
+    # YAML configuration files, and simply reference them here.
+    # Paths can be either relative or absolute. Relative paths are relative to
+    # the workdir option if specified, or from this configuration file directory
+    # otherwise.
+    # See the "anonymizations.sample.yaml" in this folder for an example.
+    #anonymization_files:
+    #    connection_one: '%kernel.project_dir%/config/anonymization/connection_one.yaml'
+    #    connection_two: '%kernel.project_dir%/config/anonymization/connection_two.yaml'
+
+    # If you have only one connection, you can adopt the following syntax.
+    anonymization_files: '%kernel.project_dir%/config/anonymizations.yaml'

makinacorpus/db-tools-bundle/1.2/manifest.json

@@ -0,0 +1,8 @@
+{
+    "bundles": {
+        "MakinaCorpus\\DbToolsBundle\\Bridge\\Symfony\\DbToolsBundle": ["all"]
+    },
+    "copy-from-recipe": {
+        "config/": "%CONFIG_DIR%/"
+    }
+}