From f9a901529d16a036822242ff8ced06b5da1b4c45 Mon Sep 17 00:00:00 2001
From: daisie_local <daisieh@gmail.com>
Date: Fri, 29 Oct 2021 15:55:15 -0700
Subject: [PATCH 1/4] check secrets file

---
 chord_metadata_service/metadata/settings.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/chord_metadata_service/metadata/settings.py b/chord_metadata_service/metadata/settings.py
index 1c9a086ae..c8585c56e 100644
--- a/chord_metadata_service/metadata/settings.py
+++ b/chord_metadata_service/metadata/settings.py
@@ -23,7 +23,9 @@
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-
+if os.environ.get('POSTGRES_PASSWORD_FILE') is not None:
+    with open(os.environ.get('POSTGRES_PASSWORD_FILE'), "r") as f:
+        POSTGRES_PASSWORD_FILE = f.read()
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
@@ -185,7 +187,7 @@
         'ENGINE': 'django.db.backends.postgresql',
         'NAME': os.environ.get("POSTGRES_DATABASE", 'metadata'),
         'USER': os.environ.get("POSTGRES_USER", 'admin'),
-        'PASSWORD': os.environ.get("POSTGRES_PASSWORD", 'admin'),
+        'PASSWORD': os.environ.get("POSTGRES_PASSWORD", POSTGRES_PASSWORD_FILE),
 
         # Use sockets if we're inside a CHORD container / as a priority
         'HOST': os.environ.get("POSTGRES_SOCKET_DIR", os.environ.get("POSTGRES_HOST", "localhost")),

From fd419132e7f186015e6aa3fcfc89777c941e2e56 Mon Sep 17 00:00:00 2001
From: daisie_local <daisieh@gmail.com>
Date: Fri, 29 Oct 2021 16:17:51 -0700
Subject: [PATCH 2/4] check secrets file

---
 chord_metadata_service/metadata/settings.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/chord_metadata_service/metadata/settings.py b/chord_metadata_service/metadata/settings.py
index c8585c56e..3fe030a24 100644
--- a/chord_metadata_service/metadata/settings.py
+++ b/chord_metadata_service/metadata/settings.py
@@ -23,7 +23,8 @@
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-if os.environ.get('POSTGRES_PASSWORD_FILE') is not None:
+POSTGRES_PASSWORD_FILE = os.environ.get('POSTGRES_PASSWORD_FILE')
+if POSTGRES_PASSWORD_FILE is not None:
     with open(os.environ.get('POSTGRES_PASSWORD_FILE'), "r") as f:
         POSTGRES_PASSWORD_FILE = f.read()
 

From 1848fdb06c664a4c1ab30c4ef398233889bf08b1 Mon Sep 17 00:00:00 2001
From: daisie_local <daisieh@gmail.com>
Date: Fri, 29 Oct 2021 16:32:11 -0700
Subject: [PATCH 3/4] allowed_hosts

---
 chord_metadata_service/metadata/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chord_metadata_service/metadata/settings.py b/chord_metadata_service/metadata/settings.py
index 3fe030a24..d4f3a0882 100644
--- a/chord_metadata_service/metadata/settings.py
+++ b/chord_metadata_service/metadata/settings.py
@@ -60,7 +60,7 @@
 CHORD_HOST = urlparse(CHORD_URL or "").netloc
 ALLOWED_HOSTS = [CHORD_HOST or "localhost"]
 if DEBUG:
-    ALLOWED_HOSTS = list(set(ALLOWED_HOSTS + ["localhost", "127.0.0.1", "[::1]"]))
+    ALLOWED_HOSTS = list(set(ALLOWED_HOSTS + ["localhost", "127.0.0.1", "[::1]", "10.10.11.54"]))
 
 APPEND_SLASH = False
 

From 6925a3b7056e18ca76848f69cbf292df492ea21d Mon Sep 17 00:00:00 2001
From: daisie_local <daisieh@gmail.com>
Date: Mon, 1 Nov 2021 17:02:42 -0700
Subject: [PATCH 4/4] allowed_hosts is not relevant here

---
 chord_metadata_service/metadata/settings.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/chord_metadata_service/metadata/settings.py b/chord_metadata_service/metadata/settings.py
index d4f3a0882..e54ebf527 100644
--- a/chord_metadata_service/metadata/settings.py
+++ b/chord_metadata_service/metadata/settings.py
@@ -58,9 +58,9 @@
 # Allowed hosts - TODO: Derive from CHORD_URL
 
 CHORD_HOST = urlparse(CHORD_URL or "").netloc
-ALLOWED_HOSTS = [CHORD_HOST or "localhost"]
+ALLOWED_HOSTS = ["*"]  # we'll determine access via middleware before we get here
 if DEBUG:
-    ALLOWED_HOSTS = list(set(ALLOWED_HOSTS + ["localhost", "127.0.0.1", "[::1]", "10.10.11.54"]))
+    ALLOWED_HOSTS = list(set(ALLOWED_HOSTS + ["localhost", "127.0.0.1", "[::1]"]))
 
 APPEND_SLASH = False