Update birdbath configuration to match kit (#177)

torchbox · Mar 22, 2024 · f3c4cd8 · f3c4cd8
1 parent 57da072
commit f3c4cd8
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/docs/anonymised-data.md b/docs/anonymised-data.md
@@ -19,3 +19,5 @@ As and when models/fields are added that may be populated with sensitive data (s
 For full documentation see https://git.torchbox.com/internal/django-birdbath/-/blob/master/README.md.
 
 If data directly from **production** is required, then `run_birdbath` command should be run immediately after download.
+
+The `flightpath` tool can be used to copy production data (and media) from the production environment to staging. It will automatically `run_birdbath` immediately following this sync operation. See [Resetting the staging site](http://0.0.0.0:8001/infrastructure/#resetting-the-staging-site) for more details.
diff --git a/tbx/settings/base.py b/tbx/settings/base.py
@@ -575,20 +575,22 @@
 # Trial Hotjar tracking for the CMS admin.
 ADMIN_HOTJAR_SITE_ID = env.get("ADMIN_HOTJAR_SITE_ID")
 
+
 # Birdbath - Database anonymisation
-BIRDBATH_REQUIRED = os.environ.get("BIRDBATH_REQUIRED", "true").lower() == "true"
-BIRDBATH_SKIP_CHECKS = os.environ.get("BIRDBATH_SKIP_CHECKS", "false").lower() == "true"
-BIRDBATH_USER_ANONYMISER_EXCLUDE_EMAIL_RE = r"@(?:torchbox\.com)$"
+# -----------------------------------------------------------------------------
+# Configure django-birdbath to anonymise data when syncing database
 BIRDBATH_USER_ANONYMISER_EXCLUDE_SUPERUSERS = True
-# Only allow birdbath to run on heroku app specified in `ALLOWS_ANONYMISATION` env var
-# to prevent accidentally running it on production
-BIRDBATH_CHECKS = ["birdbath.checks.contrib.heroku.HerokuAnonymisationAllowedCheck"]
+BIRDBATH_USER_ANONYMISER_EXCLUDE_EMAIL_RE = r"(torchbox\.com)$"
+# Do not anonymise data on any heroku app containing 'production' in app name
+BIRDBATH_CHECKS = ["birdbath.checks.contrib.heroku.HerokuNotProductionCheck"]
+BIRDBATH_REQUIRED = env.get("BIRDBATH_REQUIRED", "true").lower() == "true"
 # Add project specific processors here to anonymise or delete sensitive data.
 # See https://git.torchbox.com/internal/django-birdbath/#processors
 BIRDBATH_PROCESSORS = [
     "birdbath.processors.users.UserEmailAnonymiser",
     "birdbath.processors.users.UserPasswordAnonymiser",
 ]
+
 WILLOW_OPTIMIZERS = True
Original file line number	Diff line number	Diff line change
Expand Up		@@ -19,3 +19,5 @@ As and when models/fields are added that may be populated with sensitive data (s
		For full documentation see https://git.torchbox.com/internal/django-birdbath/-/blob/master/README.md.

		If data directly from production is required, then `run_birdbath` command should be run immediately after download.

		The `flightpath` tool can be used to copy production data (and media) from the production environment to staging. It will automatically `run_birdbath` immediately following this sync operation. See [Resetting the staging site](http://0.0.0.0:8001/infrastructure/#resetting-the-staging-site) for more details.