Set the fides dev environment to the prod security environment

[ThomasLaPiana]

Closes #2461

Code Changes

• update the fides.toml
• update docker compose run -> docker exec where possible. This not only saves resources (one less container running!) but allows multiple commands to run in the same environment (i.e. when something gets run via docker compose run, it is ephemeral and can't be used by following commands
• Add a "login" step that runs before any of the ctl tests get run. This only happens as part of nox, so when running locally a manual login will be needed for the ctl tests to pass
• add the auth_header to the fides db CLI command requests

Steps to Confirm

• all tests pass

Pre-Merge Checklist

• All CI Pipelines Succeeded
• Documentation:
  • documentation complete, PR opened in fidesdocs
  • documentation issue created in fidesdocs
• Issue Requirements are Met
• Relevant Follow-Up Issues Created
• Update CHANGELOG.md

Description Of Changes

With the change in this PR, a CLI login will be required during development, as the new default is prod for the security env.

[cypress]

Passing run #194 ↗︎

0	3	0	0	0
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.

Details:

Merge b01515a into ea5cf1d...
Project: fides	Commit: eafcb73362 ℹ️
Status: Passed	Duration: 00:51 💡
Started: Feb 17, 2023 2:39 PM	Ended: Feb 17, 2023 2:40 PM

_{This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.}

[ThomasLaPiana]

I got all of the tests passing locally but then it looks like they're not passing in CI or when building the test image locally and running it that way...will trouble shoot more locally

[ThomasLaPiana]

if I log into a container locally and run fides user login and then run the tests everything works just fine...but the login command within the fixture doesn't seem to be doing the trick despite the fact that it definitely writes a file

[ThomasLaPiana]

Found the problem in the logs....

2023-02-15 15:19:26.362 [DEBUG] (oauth_util:verify_oauth_client:174): Unable to parse auth token.

So it looks like the order of execution for the fixtures might be wrong....the token gets created at the beginning, but then gets reset because its used to reset the db, so then becomes invalid. So this fixture needs to get called twice

[sanders41]

Is it autouse fixtures you are having issues with or fixtures you are adding to the test yourself? If the latter try playing with order, fixtures run bottom to top so you may be able to change the order up and get a different result.

[ThomasLaPiana]

Is it autouse fixtures you are having issues with or fixtures you are adding to the test yourself? If the latter try playing with order, fixtures run bottom to top so you may be able to change the order up and get a different result.

I'm trying to wrap all of the resets as needed....getting closer

Figured out was actually a cache issue 🤦 it was grabbing the old auth header 🤔

[ThomasLaPiana]

I've once again confirmed that it works perfectly if you have a credentials file before running the tests, but if it tries to create one during the test it doesn't work. I'm not sure why this happens. Going to try using pytest tricks to generate one as a non-fixture?

Despite all of the logs showing that one gets created just fine during the tests 🤔

[codecov]

Codecov Report

Base: 85.74% // Head: 86.23% // Increases project coverage by +0.49% 🎉

Coverage data is based on head (b01515a) compared to base (d3700cb).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2588      +/-   ##
==========================================
+ Coverage   85.74%   86.23%   +0.49%     
==========================================
  Files         285      289       +4     
  Lines       15477    15784     +307     
  Branches     1945     1985      +40     
==========================================
+ Hits        13270    13611     +341     
+ Misses       1832     1785      -47     
- Partials      375      388      +13     

Impacted Files	Coverage Δ
src/fides/cli/__init__.py	92.00% <ø> (-0.73%)	⬇️
src/fides/cli/commands/db.py	81.48% <ø> (ø)
src/fides/core/api.py	82.85% <100.00%> (ø)
src/fides/core/config/user_settings.py	100.00% <100.00%> (ø)
src/fides/core/user.py	100.00% <100.00%> (ø)
src/fides/core/utils.py	86.15% <100.00%> (+5.30%)	⬆️
src/fides/api/ops/schemas/messaging/messaging.py	98.69% <0.00%> (-0.57%)	⬇️
src/fides/api/ops/models/privacy_request.py	95.87% <0.00%> (-0.19%)	⬇️
src/fides/api/ops/tasks/__init__.py	79.41% <0.00%> (ø)
src/fides/api/ops/api/v1/urn_registry.py	100.00% <0.00%> (ø)
... and 19 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[SteveDMurphy]

Thanks for explaining the difference between docker run and docker exec and the value of the change 👍🏽 👍🏽 when spinning up the environment in Docker I am not able to run any commands for some reason, including the fides user login ... - installing the branch locally in a virtual env doesn't seem to have the same issue from what I can see 🤔

[sanders41]

I accidently posted my comment in the issue instead of here. I'm seeing things similar to Steve. #2461 (comment)

[ThomasLaPiana]

ah I'm a total rookie! Sorry for wasting y'alls time, the exec for the interactive shell needs to have the -it flag

Added and confirmed working, please try again 🙏

[SteveDMurphy]

Tried out a few of these successfully! Thanks for the guidance in testing as well 🙌🏽

The only other thing that might be helpful is if we wanted to add something around running pytest locally and needing to log in to the readme or similar? Can imagine people hitting some snags

[TheAndrewJackson]

This worked great for me locally 👍 I just left a few optional nits

[sanders41]

Worked for me now also. I agree with @SteveDMurphy that we may want to add something to the readme or somewhere like it about logging in. The ctl tests worked fine for me when I logged in, but I only knew to do that from the PR instructions.

[ThomasLaPiana]

@sanders41 seeing codecov failures here

[sanders41]

Looks like they passed. Did you have to rerun for them to pass?

[sanders41]

I see it now. This is the flaky issue I mentioned. It has been terrible this week. Looks like adding a token is helping, but not completely preventing the issue. I restarted the failed tests, they usually pass after a rerun.

[ThomasLaPiana]

it failed the codecov upload, merging