Add factory reset endpoint for stage environment cleanup (#54)

- Add POST /api/v1/admin/factory-reset endpoint requiring admin auth and X-Confirm-Reset header for safety - Add delete_all() method to storage backend for bulk S3 cleanup - Add reset_stage CI job that calls the endpoint after integration tests - Automatically resets stage to clean state after each test run
2026-01-21 21:06:24 +00:00
parent c9026e1950
commit 00cc594cfd
4 changed files with 206 additions and 0 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,6 +11,12 @@ variables:
  # Environment URLs (used by deploy and test jobs)
  STAGE_URL: https://orchard-stage.common.global.bsf.tools
  PROD_URL: https://orchard.common.global.bsf.tools
+  # Stage environment AWS resources (used by reset job)
+  STAGE_RDS_HOST: orchard-stage.cluster-cvw3jzjkozoc.us-gov-west-1.rds.amazonaws.com
+  STAGE_RDS_DBNAME: postgres
+  STAGE_SECRET_ARN: "arn:aws-us-gov:secretsmanager:us-gov-west-1:052673043337:secret:rds!cluster-a573672b-1a38-4665-a654-1b7df37b5297-IaeFQL"
+  STAGE_S3_BUCKET: orchard-artifacts-stage
+  AWS_REGION: us-gov-west-1
  # Shared pip cache directory
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.pip-cache"

@@ -141,6 +147,64 @@ integration_test_stage:
    - if: '$CI_COMMIT_BRANCH == "main"'
      when: on_success

+# Reset stage environment after integration tests (clean slate for next run)
+# Calls the /api/v1/admin/factory-reset endpoint which handles DB and S3 cleanup
+reset_stage:
+  stage: deploy
+  needs: [integration_test_stage]
+  image: deps.global.bsf.tools/docker/python:3.12-slim
+  timeout: 5m
+  before_script:
+    - pip install --index-url "$PIP_INDEX_URL" httpx
+  script:
+    - |
+      python - <<'RESET_SCRIPT'
+      import httpx
+      import sys
+
+      BASE_URL = "${STAGE_URL}"
+      ADMIN_USER = "admin"
+      ADMIN_PASS = "changeme123"  # Default admin password
+
+      print(f"=== Resetting stage environment at {BASE_URL} ===")
+
+      client = httpx.Client(base_url=BASE_URL, timeout=60.0)
+
+      # Login as admin
+      print("Logging in as admin...")
+      login_response = client.post(
+          "/api/v1/auth/login",
+          json={"username": ADMIN_USER, "password": ADMIN_PASS},
+      )
+      if login_response.status_code != 200:
+          print(f"Login failed: {login_response.status_code} - {login_response.text}")
+          sys.exit(1)
+      print("Login successful")
+
+      # Call factory reset endpoint
+      print("Calling factory reset endpoint...")
+      reset_response = client.post(
+          "/api/v1/admin/factory-reset",
+          headers={"X-Confirm-Reset": "yes-delete-all-data"},
+      )
+
+      if reset_response.status_code == 200:
+          result = reset_response.json()
+          print(f"Factory reset successful!")
+          print(f"  Database tables dropped: {result['results']['database_tables_dropped']}")
+          print(f"  S3 objects deleted: {result['results']['s3_objects_deleted']}")
+          print(f"  Database reinitialized: {result['results']['database_reinitialized']}")
+          print(f"  Seeded: {result['results']['seeded']}")
+          sys.exit(0)
+      else:
+          print(f"Factory reset failed: {reset_response.status_code} - {reset_response.text}")
+          sys.exit(1)
+      RESET_SCRIPT
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "main"'
+      when: on_success
+  allow_failure: true  # Don't fail pipeline if reset has issues
+
 # Integration tests for feature deployment (full suite)
 integration_test_feature:
  <<: *integration_test_template