remove admin access from webapp

Change-Id: Ib2ce0d38a8e4dd30ae6842bfb5579d9c3dd10f18

4 files changed, 4 insertions, 49 deletions

diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents
deleted file mode 100644
index 6e24aa5b..00000000
--- a/puppet/modules/site_webapp/files/migrate_design_documents
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-cd /srv/leap/webapp
-
-# use admin credentials
-cp config/couchdb.yml.admin config/couchdb.yml
-chown leap-webapp:leap-webapp config/couchdb.yml
-
-# needs to be run twice 
-RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate
-RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate
-
-# use user credentials and remove admin credentials
-cp config/couchdb.yml.webapp config/couchdb.yml
-chown leap-webapp:leap-webapp config/couchdb.yml
-
diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp
index 5a5cccad..7f6ebbc6 100644
--- a/puppet/modules/site_webapp/manifests/couchdb.pp
+++ b/puppet/modules/site_webapp/manifests/couchdb.pp
@@ -4,8 +4,6 @@ class site_webapp::couchdb {
   # haproxy listener on port localhost:4096, see site_webapp::haproxy
   $couchdb_host            = 'localhost'
   $couchdb_port            = '4096'
-  $couchdb_admin_user      = $webapp['couchdb_admin_user']['username']
-  $couchdb_admin_password  = $webapp['couchdb_admin_user']['password']
   $couchdb_webapp_user     = $webapp['couchdb_webapp_user']['username']
   $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password']
 
@@ -16,13 +14,6 @@ class site_webapp::couchdb {
   include x509::variables
 
   file {
-    '/srv/leap/webapp/config/couchdb.yml.admin':
-      content => template('site_webapp/couchdb.yml.admin.erb'),
-      owner   => leap-webapp,
-      group   => leap-webapp,
-      mode    => '0600',
-      require => Vcsrepo['/srv/leap/webapp'];
-
     '/srv/leap/webapp/config/couchdb.yml.webapp':
       content => template('site_webapp/couchdb.yml.erb'),
       owner   => leap-webapp,
@@ -43,23 +34,10 @@ class site_webapp::couchdb {
       group   => leap-webapp,
       mode    => '0666',
       require => Vcsrepo['/srv/leap/webapp'];
-
-    '/usr/local/sbin/migrate_design_documents':
-      source => 'puppet:///modules/site_webapp/migrate_design_documents',
-      owner  => root,
-      group  => root,
-      mode   => '0744';
   }
 
   include site_stunnel
 
-  exec { 'migrate_design_documents':
-    cwd      => '/srv/leap/webapp',
-    command  => '/usr/local/sbin/migrate_design_documents',
-    require  => Exec['bundler_update'],
-    notify   => Service['apache'];
-  }
-
   $couchdb_stunnel_client_defaults = {
     'connect_port' => $couch_client_connect,
     'client'       => true,
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index cb94d328..ae644287 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -65,9 +65,11 @@ class site_webapp {
   }
 
   #
-  # NOTE: in order to support a webapp that is running on a subpath and not the root of the domain
-  # assets:precompile needs to be run with RAILS_RELATIVE_URL_ROOT=/application-root
+  # NOTE: in order to support a webapp that is running on a subpath and not the
+  # root of the domain assets:precompile needs to be run with
+  # RAILS_RELATIVE_URL_ROOT=/application-root
   #
+
   exec { 'compile_assets':
     cwd       => '/srv/leap/webapp',
     command   => '/bin/bash -c "RAILS_ENV=production /usr/bin/bundle exec rake assets:precompile"',
diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb
deleted file mode 100644
index a0921add..00000000
--- a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb
+++ /dev/null
@@ -1,9 +0,0 @@
-production:
-  prefix: ""
-  protocol: 'http'
-  host: <%= @couchdb_host %>
-  port: <%= @couchdb_port %>
-  auto_update_design_doc: false
-  username: <%= @couchdb_admin_user %>
-  password: <%= @couchdb_admin_password %>
-