From fd878988aa83dcb01cfc438eae84d2e1a7da4fc1 Mon Sep 17 00:00:00 2001
From: glyphack <sh.hooshyari@gmail.com>
Date: Tue, 22 Feb 2022 17:53:17 +0330
Subject: [PATCH] Add sentry database config from AWS RDS secrets

---
 .env                            |  3 +++
 docker-compose.yml              |  1 +
 sentry/requirements.example.txt |  1 +
 sentry/sentry.conf.example.py   | 22 +++++++++++++++++-----
 4 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/.env b/.env
index acb4ee8041..31ae3be4fd 100644
--- a/.env
+++ b/.env
@@ -13,3 +13,6 @@ WAL2JSON_VERSION=latest
 HEALTHCHECK_INTERVAL=30s
 HEALTHCHECK_TIMEOUT=60s
 HEALTHCHECK_RETRIES=5
+
+# AWS specific settings
+AWS_RDS_SECRET_NAME = ""
diff --git a/docker-compose.yml b/docker-compose.yml
index df61067282..ad7198629f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -64,6 +64,7 @@ x-sentry-defaults: &sentry_defaults
     # on the host system (or in the .env file)
     SENTRY_EVENT_RETENTION_DAYS:
     SENTRY_MAIL_HOST:
+    AWS_RDS_SECRET_NAME:
   volumes:
     - "sentry-data:/data"
     - "./sentry:/etc/sentry"
diff --git a/sentry/requirements.example.txt b/sentry/requirements.example.txt
index b4659b6ba9..32d603a3d0 100644
--- a/sentry/requirements.example.txt
+++ b/sentry/requirements.example.txt
@@ -1 +1,2 @@
 # Add plugins here
+boto3==1.21.4
diff --git a/sentry/sentry.conf.example.py b/sentry/sentry.conf.example.py
index 355ae63363..e5163f9f6e 100644
--- a/sentry/sentry.conf.example.py
+++ b/sentry/sentry.conf.example.py
@@ -2,6 +2,7 @@
 # you can inherit and tweak settings to your hearts content.
 
 from sentry.conf.server import *  # NOQA
+import boto3
 
 
 # Generously adapted from pynetlinux: https://git.io/JJmga
@@ -33,14 +34,25 @@ def get_internal_network():
 INTERNAL_SYSTEM_IPS = (get_internal_network(),)
 
 
+def get_db_secret_from_secrets_manager(secret_name, region_name="eu-west-1"):
+    session = boto3.session.Session()
+    client = session.client(
+        service_name="secretsmanager",
+        region_name=region_name,
+    )
+    return client.get_secret_value(SecretId=secret_name)
+
+
+db_secret = get_db_secret_from_secrets_manager(env("AWS_RDS_SECRET_NAME"))
+
 DATABASES = {
     "default": {
         "ENGINE": "sentry.db.postgres",
-        "NAME": "postgres",
-        "USER": "postgres",
-        "PASSWORD": "",
-        "HOST": "postgres",
-        "PORT": "",
+        "NAME": db_secret["dbname"],
+        "USER": db_secret["username"],
+        "PASSWORD": db_secret["password"],
+        "HOST": db_secret["host"],
+        "PORT": db_secret["port"],
     }
 }