Merge pull request #143 from rackerlabs/move-django-users-to-scantron_secrets.json

Update how creds are generated for django, database, and users

Author: derpadoo

ansible-playbooks/roles/master/tasks/main.yml

@@ -233,13 +233,13 @@
     chdir: "{{ scantron_dir }}"
 
 - name: Create initial "{{ django_super_user }}" superuser.
-  shell: echo "from django.contrib.auth.models import User; User.objects.create_superuser('{{ django_super_user }}', '{{ django_super_user_email }}', '{{ scantron_secrets["django_super_user_password"] }}')" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
+  shell: echo "from django.contrib.auth.models import User; User.objects.create_superuser('{{ scantron_secrets["django_super_user"] }}', '{{ scantron_secrets["django_super_user_email"] }}', '{{ scantron_secrets["django_super_user_password"] }}')" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
   args:
     chdir: "{{ scantron_dir }}"
   ignore_errors: yes  # Only applicable if playbook has already been run.  Use 'python manage.py change changepassword admin'.
 
 - name: Create "{{ django_user }}" user.
-  shell: echo "from django.contrib.auth.models import User; User.objects.create_user('{{ django_user }}', '{{ django_user_email }}', '{{ scantron_secrets['django_user_password']  }}')" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
+  shell: echo "from django.contrib.auth.models import User; User.objects.create_user('{{ scantron_secrets["django_user"] }}', '{{ scantron_secrets["django_user_email"] }}', '{{ scantron_secrets['django_user_password']  }}')" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
   args:
     chdir: "{{ scantron_dir }}"
   ignore_errors: yes  # Only applicable if playbook has already been run.  Use 'python manage.py changepassword scantron'.

ansible-playbooks/roles/master/vars/main.yml

@@ -40,11 +40,5 @@ venv_python: "{{ venv_dir }}/bin/python3.6"
 # Django
 django_project_name: django_scantron
 
-django_super_user: admin
-django_super_user_email: changeme@localhost  # Filler email address, does not matter.
-
-django_user: agent1
-django_user_email: changeme@localhost  # Filler email address, does not matter.
-
 # uwsgi
 uwsgi_version: 2.0.18

initial_setup.sh

@@ -36,27 +36,33 @@ cp master/scantron_secrets.json.empty master/scantron_secrets.json
 
 # Generate random Django key.
 # https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/
-echo "[*] Generating random Django Key and database passwords."
-# Locale needs to be set for OSX, else tr responds with "tr: Illegal byte sequence".
-# https://unix.stackexchange.com/questions/45404/why-cant-tr-read-from-dev-urandom-on-osx
+echo "[*] Generating a random Django Key, database, and user passwords."
+
 if [[ `uname` == "Darwin" ]]
 then
+   # Locale needs to be set for OSX, else tr responds with "tr: Illegal byte sequence".
+   # https://unix.stackexchange.com/questions/45404/why-cant-tr-read-from-dev-urandom-on-osx
    DJANGO_KEY=`< /dev/urandom LC_ALL=C tr -dc _A-Z-a-z-0-9 | head -c${1:-64};echo;`
    DATABASE_PASSWORD=`< /dev/urandom LC_ALL=C tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
+   DJANGO_SUPER_USER_PASSWORD=`< /dev/urandom LC_ALL=C tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
+   DJANGO_USER_PASSWORD=`< /dev/urandom LC_ALL=C tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
+
+   # -i requires additional arguments on OSX, else it responds with "sed: 1: "<filename>": invalid command code".
+   # https://markhneedham.com/blog/2011/01/14/sed-sed-1-invalid-command-code-r-on-mac-os-x/
+   sed -i "" "s/REPLACE_THIS_DJANGO_KEY/$DJANGO_KEY/g" master/scantron_secrets.json
+   sed -i "" "s/REPLACE_THIS_DATABASE_PASSWORD/$DATABASE_PASSWORD/g" master/scantron_secrets.json
+   sed -i "" "s/REPLACE_THIS_DJANGO_SUPER_USER_PASSWORD/$DJANGO_SUPER_USER_PASSWORD/g" master/scantron_secrets.json
+   sed -i "" "s/REPLACE_THIS_DJANGO_USER_PASSWORD/$DJANGO_USER_PASSWORD/g" master/scantron_secrets.json
 else
    DJANGO_KEY=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-64};echo;`
    DATABASE_PASSWORD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
-fi
+   DJANGO_SUPER_USER_PASSWORD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
+   DJANGO_USER_PASSWORD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
 
-# -i requires additional arguments on OSX, else it responds with "sed: 1: "<filename>": invalid command code".
-# https://markhneedham.com/blog/2011/01/14/sed-sed-1-invalid-command-code-r-on-mac-os-x/
-if [[ `uname` == "Darwin" ]]
-then
-   sed -i "" "s/REPLACE_THIS_DJANGO_KEY/$DJANGO_KEY/g" master/scantron_secrets.json
-   sed -i "" "s/REPLACE_THIS_DATABASE_PASSWORD/$DATABASE_PASSWORD/g" master/scantron_secrets.json
-else 
    sed -i "s/REPLACE_THIS_DJANGO_KEY/$DJANGO_KEY/g" master/scantron_secrets.json
    sed -i "s/REPLACE_THIS_DATABASE_PASSWORD/$DATABASE_PASSWORD/g" master/scantron_secrets.json
+   sed -i "s/REPLACE_THIS_DJANGO_SUPER_USER_PASSWORD/$DJANGO_SUPER_USER_PASSWORD/g" master/scantron_secrets.json
+   sed -i "s/REPLACE_THIS_DJANGO_USER_PASSWORD/$DJANGO_USER_PASSWORD/g" master/scantron_secrets.json
 fi
 
 echo "[+] Done!"

master/django_scantron/__init__.py

@@ -1 +1 @@
-__version__ = "1.13"
+__version__ = "1.14"

master/scantron_secrets.json.empty

@@ -1,6 +1,10 @@
 {
-    "django_super_user_password": "",
-    "django_user_password": "",
+    "django_super_user": "admin",
+    "django_super_user_password": "REPLACE_THIS_DJANGO_SUPER_USER_PASSWORD",
+    "django_super_user_email": "changeme@localhost",
+    "django_user": "agent1",
+    "django_user_password": "REPLACE_THIS_DJANGO_USER_PASSWORD",
+    "django_user_email": "changeme@localhost",
     "production": {
         "SECRET_KEY": "REPLACE_THIS_DJANGO_KEY",
         "DATABASE_NAME": "scantron",