Conversation
ci/create-and-update-db.sh
Outdated
| # Remove default privileges | ||
| psql_adm -d "${db}" -c "REVOKE ALL ON SCHEMA public FROM PUBLIC" | ||
|
|
||
| # Special case for uaadb, create totp seed table for use with MFA |
There was a problem hiding this comment.
Do we need any of this here? I'm very confused by references to Shibboleth here
There was a problem hiding this comment.
I was trying to keep the script that runs in terraform-provision as close to this as possible to make future upgrades to the base script easier to roll out.
There was a problem hiding this comment.
If we want to reuse the script, should we put it in cg-scripts and reference it in the pipelines?
It's a little confusing to have these references in this repo script when they're not related to the aws-broker at all
There was a problem hiding this comment.
I've removed the if block to keep the script to only be focused on the RDS instances for aws-broker.
ci/create-and-update-db.sh
Outdated
| ) | ||
| EOT | ||
|
|
||
| # Enforce cloud.gov origin for IdP users by validating that their username |
There was a problem hiding this comment.
I'm assuming none of this is relevant here
There was a problem hiding this comment.
The goal was to keep this and https://github.com/cloud-gov/terraform-provision/blob/main/ci/scripts/create-and-update-db.sh as close as possible, the only difference now are lines 9&10.
I can pull the entire if block if that is desired, it is, strictly speaking, not required for this RDS instance
2 participants
Changes proposed in this pull request:
Security considerations
Needed for CIS Benchmark requirements for pgcypto in Nessus scans