dev permissions copied from terraform deployed and terraform deployed now tiny, minor fixes

spiffworkflow-backend/bin/recreate_db

@@ -61,3 +61,7 @@ for task in $tasks; do
 done
 
 SPIFFWORKFLOW_BACKEND_ENV=testing FLASK_APP=src/spiffworkflow_backend poetry run flask db upgrade
+if [[ -n "${SPIFFWORKFLOW_BACKEND_ENV:-}" ]] && ! grep -Eq '^(development|testing)$' <<< "$SPIFFWORKFLOW_BACKEND_ENV"; then
+  mysql -uroot -e "CREATE DATABASE IF NOT EXISTS spiffworkflow_backend_$SPIFFWORKFLOW_BACKEND_ENV"
+  FLASK_APP=src/spiffworkflow_backend poetry run flask db upgrade
+fi

spiffworkflow-backend/src/spiffworkflow_backend/config/__init__.py

@@ -42,6 +42,7 @@ def load_config_file(app: Flask, env_config_module: str) -> None:
     """Load_config_file."""
     try:
         app.config.from_object(env_config_module)
+        print(f"loaded config: {env_config_module}")
     except ImportStringError as exception:
         if os.environ.get("TERRAFORM_DEPLOYED_ENVIRONMENT") != "true":
             raise ModuleNotFoundError(
@@ -62,6 +63,7 @@ def setup_config(app: Flask) -> None:
     )
     app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
     app.config.from_object("spiffworkflow_backend.config.default")
+    print("loaded config: default")
 
     env_config_prefix = "spiffworkflow_backend.config."
     if (
@@ -69,6 +71,7 @@ def setup_config(app: Flask) -> None:
         and os.environ.get("SPIFFWORKFLOW_BACKEND_ENV") is not None
     ):
         load_config_file(app, f"{env_config_prefix}terraform_deployed_environment")
+        print("loaded config: terraform_deployed_environment")
 
     env_config_module = env_config_prefix + app.config["ENV_IDENTIFIER"]
     load_config_file(app, env_config_module)
@@ -87,6 +90,12 @@ def setup_config(app: Flask) -> None:
             "permissions",
             app.config["SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME"],
         )
+        print(
+            f"set permissions file name config: {app.config['SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME']}"
+        )
+        print(
+            f"set permissions file name full path: {app.config['PERMISSIONS_FILE_FULLPATH']}"
+        )
 
     # unversioned (see .gitignore) config that can override everything and include secrets.
     # src/spiffworkflow_backend/config/secrets.py

spiffworkflow-backend/src/spiffworkflow_backend/config/dev.py

@@ -6,3 +6,4 @@ GIT_USERNAME = environ.get("GIT_USERNAME", default="sartography-automated-commit
 GIT_USER_EMAIL = environ.get(
     "GIT_USER_EMAIL", default="sartography-automated-committer@users.noreply.github.com"
 )
+SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = "dev.yml"

spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/dev.yml

@@ -0,0 +1,151 @@
+default_group: everybody
+
+groups:
+  admin:
+    users:
+      [
+        admin@spiffworkflow.org,
+        jakub@status.im,
+        jarrad@status.im,
+        kb@sartography.com,
+        alex@sartography.com,
+        dan@sartography.com,
+        mike@sartography.com,
+        jason@sartography.com,
+        j@sartography.com,
+        elizabeth@sartography.com,
+        jon@sartography.com,
+      ]
+
+  Finance Team:
+    users:
+      [
+        jakub@status.im,
+        amir@status.im,
+        jarrad@status.im,
+        sasha@status.im,
+        fin@status.im,
+        fin1@status.im,
+        alex@sartography.com,
+        dan@sartography.com,
+        mike@sartography.com,
+        jason@sartography.com,
+        j@sartography.com,
+        elizabeth@sartography.com,
+        jon@sartography.com,
+      ]
+
+  demo:
+    users:
+      [
+        harmeet@status.im,
+        sasha@status.im,
+        manuchehr@status.im,
+        core@status.im,
+        fin@status.im,
+        fin1@status.im,
+        lead@status.im,
+        lead1@status.im,
+      ]
+
+  test:
+    users:
+      [
+        natalia@sartography.com,
+      ]
+
+permissions:
+  admin:
+    groups: [admin]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /*
+
+  # open system defaults for everybody
+  read-all-process-groups:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [read]
+    uri: /process-groups/*
+  read-all-process-models:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [read]
+    uri: /process-models/*
+
+  # basic perms for everybody
+  read-all-process-instances-for-me:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [read]
+    uri: /process-instances/for-me/*
+  read-process-instance-reports:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /process-instances/reports/*
+  processes-read:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [read]
+    uri: /processes
+  service-tasks:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [read]
+    uri: /service-tasks
+  tasks-crud:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /tasks/*
+  user-groups-for-current-user:
+    groups: [everybody]
+    users: []
+    allowed_permissions: [read]
+    uri: /user-groups/for-current-user
+
+
+  finance-admin:
+    groups: ["Finance Team"]
+    users: []
+    allowed_permissions: [create, read, update, delete]
+    uri: /process-groups/manage-procurement:procurement:*
+
+  manage-revenue-streams-instances:
+    groups: ["demo"]
+    users: []
+    allowed_permissions: [create]
+    uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
+  manage-procurement-invoice-instances:
+    groups: ["demo"]
+    users: []
+    allowed_permissions: [create]
+    uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
+  manage-procurement-instances:
+    groups: ["demo"]
+    users: []
+    allowed_permissions: [create]
+    uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
+
+  manage-revenue-streams-instances-for-me:
+    groups: ["demo"]
+    users: []
+    allowed_permissions: [read]
+    uri: /process-instances/for-me/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
+  manage-procurement-invoice-instances-for-me:
+    groups: ["demo"]
+    users: []
+    allowed_permissions: [read]
+    uri: /process-instances/for-me/manage-procurement:procurement:core-contributor-invoice-management:*
+  manage-procurement-instances-for-me:
+    groups: ["demo"]
+    users: []
+    allowed_permissions: [read]
+    uri: /process-instances/for-me/manage-procurement:vendor-lifecycle-management:*
+
+  create-test-instances:
+    groups: ["test"]
+    users: []
+    allowed_permissions: [create, read]
+    uri: /process-instances/misc:test:*

spiffworkflow-backend/src/spiffworkflow_backend/config/permissions/terraform_deployed_environment.yml

@@ -2,57 +2,7 @@ default_group: everybody
 
 groups:
   admin:
-    users:
-      [
-        admin@spiffworkflow.org,
-        jakub@status.im,
-        jarrad@status.im,
-        kb@sartography.com,
-        alex@sartography.com,
-        dan@sartography.com,
-        mike@sartography.com,
-        jason@sartography.com,
-        j@sartography.com,
-        elizabeth@sartography.com,
-        jon@sartography.com,
-      ]
-
-  Finance Team:
-    users:
-      [
-        jakub@status.im,
-        amir@status.im,
-        jarrad@status.im,
-        sasha@status.im,
-        fin@status.im,
-        fin1@status.im,
-        alex@sartography.com,
-        dan@sartography.com,
-        mike@sartography.com,
-        jason@sartography.com,
-        j@sartography.com,
-        elizabeth@sartography.com,
-        jon@sartography.com,
-      ]
-
-  demo:
-    users:
-      [
-        harmeet@status.im,
-        sasha@status.im,
-        manuchehr@status.im,
-        core@status.im,
-        fin@status.im,
-        fin1@status.im,
-        lead@status.im,
-        lead1@status.im,
-      ]
-
-  test:
-    users:
-      [
-        natalia@sartography.com,
-      ]
+    users: [admin@spiffworkflow.org]
 
 permissions:
   admin:
@@ -60,92 +10,3 @@ permissions:
     users: []
     allowed_permissions: [create, read, update, delete]
     uri: /*
-
-  # open system defaults for everybody
-  read-all-process-groups:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /process-groups/*
-  read-all-process-models:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /process-models/*
-
-  # basic perms for everybody
-  read-all-process-instances-for-me:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /process-instances/for-me/*
-  read-process-instance-reports:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [create, read, update, delete]
-    uri: /process-instances/reports/*
-  processes-read:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /processes
-  service-tasks:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /service-tasks
-  tasks-crud:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [create, read, update, delete]
-    uri: /tasks/*
-  user-groups-for-current-user:
-    groups: [everybody]
-    users: []
-    allowed_permissions: [read]
-    uri: /user-groups/for-current-user
-
-
-  finance-admin:
-    groups: ["Finance Team"]
-    users: []
-    allowed_permissions: [create, read, update, delete]
-    uri: /process-groups/manage-procurement:procurement:*
-
-  manage-revenue-streams-instances:
-    groups: ["demo"]
-    users: []
-    allowed_permissions: [create]
-    uri: /process-instances/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
-  manage-procurement-invoice-instances:
-    groups: ["demo"]
-    users: []
-    allowed_permissions: [create]
-    uri: /process-instances/manage-procurement:procurement:core-contributor-invoice-management:*
-  manage-procurement-instances:
-    groups: ["demo"]
-    users: []
-    allowed_permissions: [create]
-    uri: /process-instances/manage-procurement:vendor-lifecycle-management:*
-
-  manage-revenue-streams-instances-for-me:
-    groups: ["demo"]
-    users: []
-    allowed_permissions: [read]
-    uri: /process-instances/for-me/manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms/*
-  manage-procurement-invoice-instances-for-me:
-    groups: ["demo"]
-    users: []
-    allowed_permissions: [read]
-    uri: /process-instances/for-me/manage-procurement:procurement:core-contributor-invoice-management:*
-  manage-procurement-instances-for-me:
-    groups: ["demo"]
-    users: []
-    allowed_permissions: [read]
-    uri: /process-instances/for-me/manage-procurement:vendor-lifecycle-management:*
-
-  create-test-instances:
-    groups: ["test"]
-    users: []
-    allowed_permissions: [create, read]
-    uri: /process-instances/misc:test:*

spiffworkflow-backend/src/spiffworkflow_backend/config/staging.py

@@ -1,7 +1,7 @@
 """Staging."""
 from os import environ
 
-GIT_BRANCH = environ.get("GIT_BRANCH_TO_PUBLISH_TO", default="staging")
+GIT_BRANCH = environ.get("GIT_BRANCH", default="staging")
 GIT_BRANCH_TO_PUBLISH_TO = environ.get("GIT_BRANCH_TO_PUBLISH_TO", default="main")
 GIT_COMMIT_ON_SAVE = False
 SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME = "staging.yml"