diff --git a/pkg/service/role.go b/pkg/service/role.go index 4d767ce..9ae4023 100644 --- a/pkg/service/role.go +++ b/pkg/service/role.go @@ -3,6 +3,7 @@ package service import ( "context" "fmt" + "strings" "time" "github.com/RafaySystems/rcloud-base/internal/dao" @@ -138,6 +139,14 @@ func (s *roleService) Create(ctx context.Context, role *rolev3.Role) (*rolev3.Ro return nil, fmt.Errorf("role '%v' already exists", role.GetMetadata().GetName()) } + scope := role.GetSpec().GetScope() + // since this is purely additional metadata at this point, we + // can kinda treat it as optional, and so we are allowing empty + // TODO: check if "" is valid + if !contains([]string{"system", "organization", "project", ""}, strings.ToLower(scope)) { + return nil, fmt.Errorf("unknown scope '%v'", scope) + } + // convert v3 spec to internal models rle := models.Role{ Name: role.GetMetadata().GetName(), @@ -148,7 +157,7 @@ func (s *roleService) Create(ctx context.Context, role *rolev3.Role) (*rolev3.Ro OrganizationId: organizationId, PartnerId: partnerId, IsGlobal: role.GetSpec().GetIsGlobal(), - Scope: role.GetSpec().GetScope(), // TODO: validate scope is SYSTEM/ORG/PROJECT? + Scope: strings.ToLower(scope), } entity, err := s.dao.Create(ctx, &rle) if err != nil { diff --git a/pkg/service/role_test.go b/pkg/service/role_test.go index 62f84a6..ea1e9d9 100644 --- a/pkg/service/role_test.go +++ b/pkg/service/role_test.go @@ -71,7 +71,7 @@ func TestCreateRole(t *testing.T) { role := &rolev3.Role{ Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid}, - Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster"}, + Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "system"}, } role, err := rs.Create(context.Background(), role) if err != nil { @@ -107,7 +107,7 @@ func TestCreateRoleWithPermissions(t *testing.T) { role := &rolev3.Role{ Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid}, - Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster", Rolepermissions: []string{"ops_star.all"}}, + Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "system", Rolepermissions: []string{"ops_star.all"}}, } role, err := rs.Create(context.Background(), role) if err != nil { @@ -141,7 +141,7 @@ func TestCreateRoleDuplicate(t *testing.T) { role := &rolev3.Role{ Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid}, - Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster"}, + Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "system"}, } _, err := rs.Create(context.Background(), role) if err == nil { @@ -168,7 +168,7 @@ func TestUpdateRole(t *testing.T) { mock.ExpectQuery(`SELECT "resourcerole"."id", "resourcerole"."name", .*FROM "authsrv_resourcerole" AS "resourcerole" WHERE .organization_id = '` + ouuid + `'. AND .partner_id = '` + puuid + `'. AND .name = 'role-` + ruuid + `'.`). WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name", "organization_id", "partner_id"}).AddRow(ruuid, "role-"+ruuid, ouuid, puuid)) - mock.ExpectExec(`UPDATE "authsrv_resourcerole" AS "resourcerole" SET "name" = 'role-` + ruuid + `', .*"organization_id" = '` + ouuid + `', "partner_id" = '` + puuid + `', "is_global" = TRUE, "scope" = 'cluster' WHERE .id = '` + ruuid + `'.`). + mock.ExpectExec(`UPDATE "authsrv_resourcerole" AS "resourcerole" SET "name" = 'role-` + ruuid + `', .*"organization_id" = '` + ouuid + `', "partner_id" = '` + puuid + `', "is_global" = TRUE, "scope" = 'system' WHERE .id = '` + ruuid + `'.`). WillReturnResult(sqlmock.NewResult(1, 1)) mock.ExpectExec(`DELETE FROM "authsrv_resourcerolepermission" AS "resourcerolepermission" WHERE ."resource_role_id" = '` + ruuid + `'.`). WillReturnResult(sqlmock.NewResult(1, 1)) @@ -180,7 +180,7 @@ func TestUpdateRole(t *testing.T) { role := &rolev3.Role{ Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid}, - Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster", Rolepermissions: []string{"ops_star.all"}}, + Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: "system", Rolepermissions: []string{"ops_star.all"}}, } role, err := rs.Update(context.Background(), role) if err != nil { diff --git a/pkg/service/utils.go b/pkg/service/utils.go index e08dbcd..55ce70e 100644 --- a/pkg/service/utils.go +++ b/pkg/service/utils.go @@ -11,3 +11,12 @@ func unique(items []string) []string { } return list } + +func contains(s []string, str string) bool { + for _, v := range s { + if v == str { + return true + } + } + return false +} diff --git a/scripts/initialize/main.go b/scripts/initialize/main.go new file mode 100644 index 0000000..852d098 --- /dev/null +++ b/scripts/initialize/main.go @@ -0,0 +1,212 @@ +package main + +import ( + "context" + "database/sql" + "encoding/json" + "flag" + "fmt" + "io/ioutil" + "log" + "os" + "path" + + "github.com/RafaySystems/rcloud-base/internal/models" + providers "github.com/RafaySystems/rcloud-base/internal/persistence/provider/kratos" + "github.com/RafaySystems/rcloud-base/internal/persistence/provider/pg" + "github.com/RafaySystems/rcloud-base/pkg/common" + "github.com/RafaySystems/rcloud-base/pkg/enforcer" + "github.com/RafaySystems/rcloud-base/pkg/service" + commonv3 "github.com/RafaySystems/rcloud-base/proto/types/commonpb/v3" + rolev3 "github.com/RafaySystems/rcloud-base/proto/types/rolepb/v3" + systemv3 "github.com/RafaySystems/rcloud-base/proto/types/systempb/v3" + userv3 "github.com/RafaySystems/rcloud-base/proto/types/userpb/v3" + kclient "github.com/ory/kratos-client-go" + "github.com/spf13/viper" + "github.com/uptrace/bun" + "github.com/uptrace/bun/dialect/pgdialect" + "github.com/uptrace/bun/driver/pgdriver" + "gorm.io/driver/postgres" + "gorm.io/gorm" +) + +// This script will be run in an init container after we crate all the +// permissions. It will take care of the initialization, namely: +// - creating partner +// - creating org +// - creating roles in org +// +// We make use of service instead of just insserting to db as that way +// all the dependent items will be taken care of automatically. + +// Inorder to reset everything, we can do +// truncate table authsrv_partner cascade; +// truncate table casbin_rule; + +const ( + dbAddrEnv = "DB_ADDR" + dbNameEnv = "DB_NAME" + dbUserEnv = "DB_USER" + dbPasswordEnv = "DB_PASSWORD" + kratosSchemeEnv = "KRATOS_SCHEME" + kratosAddrEnv = "KRATOS_ADDR" +) + +func addResourcePermissions(dao pg.EntityDAO, basePath string) error { + var items []models.ResourcePermission + + files, err := ioutil.ReadDir(basePath) + if err != nil { + log.Fatal(err) + } + for _, file := range files { + if !file.IsDir() { // probably not, but just in case + content, err := ioutil.ReadFile(path.Join(basePath, file.Name())) + if err != nil { + log.Fatal(err) + } + // It has ResourceRefId, but that does not seem to be used in the old implementation + // Also, why do we need two items? + var data models.ResourcePermission + err = json.Unmarshal(content, &data) + if err != nil { + log.Fatal(err) + } + items = append(items, data) + } + } + + fmt.Println("Adding", len(items), "resource permissions") + _, err = dao.Create(context.Background(), &items) + return err +} + +func main() { + partner := flag.String("partner", "", "Name of partner") + partnerDesc := flag.String("partner-desc", "", "Description of partner") + partnerHost := flag.String("partner-host", "", "Host of partner") + + org := flag.String("org", "", "Name of org") + orgDesc := flag.String("org-desc", "", "Description of org") + + oae := flag.String("admin-email", "", "Email of org admin") + oafn := flag.String("admin-first-name", "", "First name of org admin") + oaln := flag.String("admin-last-name", "", "Last name of org admin") + + flag.Parse() + + if *partner == "" || *org == "" || *oae == "" || *oafn == "" || *oaln == "" || *partnerHost == "" { + fmt.Println("Usage: initialize") + flag.PrintDefaults() + os.Exit(1) + } + + viper.SetDefault(dbAddrEnv, "localhost:5432") + viper.SetDefault(dbNameEnv, "admindb") + viper.SetDefault(dbUserEnv, "admindbuser") + viper.SetDefault(dbPasswordEnv, "admindbpassword") + viper.SetDefault(kratosSchemeEnv, "http") + viper.SetDefault(kratosAddrEnv, "localhost:4433") + + viper.BindEnv(dbAddrEnv) + viper.BindEnv(dbNameEnv) + viper.BindEnv(dbUserEnv) + viper.BindEnv(dbPasswordEnv) + viper.BindEnv(kratosSchemeEnv) + viper.BindEnv(kratosAddrEnv) + + dbAddr := viper.GetString(dbAddrEnv) + dbName := viper.GetString(dbNameEnv) + dbUser := viper.GetString(dbUserEnv) + dbPassword := viper.GetString(dbPasswordEnv) + kratosScheme := viper.GetString(kratosSchemeEnv) + kratosAddr := viper.GetString(kratosAddrEnv) + + content, err := ioutil.ReadFile(path.Join("scripts", "initialize", "roles.json")) + if err != nil { + log.Fatal("unable to read file: ", err) + } + + var data map[string]map[string][]string + err = json.Unmarshal(content, &data) + if err != nil { + log.Fatal("unable to parse data file", err) + } + + dsn := "postgres://" + dbUser + ":" + dbPassword + "@" + dbAddr + "/" + dbName + "?sslmode=disable" + sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn))) + db := bun.NewDB(sqldb, pgdialect.New()) + dao := pg.NewEntityDAO(db) + + kratosConfig := kclient.NewConfiguration() + kratosUrl := kratosScheme + "://" + kratosAddr + kratosConfig.Servers[0].URL = kratosUrl + kc := kclient.NewAPIClient(kratosConfig) + + // authz services + gormDb, err := gorm.Open(postgres.Open(dsn), &gorm.Config{}) + if err != nil { + log.Fatal("unable to create db connection", "error", err) + } + enforcer, err := enforcer.NewCasbinEnforcer(gormDb).Init() + if err != nil { + log.Fatal("unable to init enforcer", "error", err) + } + as := service.NewAuthzService(gormDb, enforcer) + + ps := service.NewPartnerService(db) + os := service.NewOrganizationService(db) + rs := service.NewRoleService(db, as) + us := service.NewUserService(providers.NewKratosAuthProvider(kc), db, as, nil, common.CliConfigDownloadData{}) + + err = dao.DeleteAll(context.Background(), &models.ResourcePermission{}) + if err != nil { + log.Fatal(err) + } + err = addResourcePermissions(dao, path.Join("scripts", "initialize", "permissions")) + if err != nil { + fmt.Println("Run from base directory") + log.Fatal(err) + } + + // Create partner + _, err = ps.Create(context.Background(), &systemv3.Partner{ + Metadata: &commonv3.Metadata{Name: *partner, Description: *partnerDesc}, + Spec: &systemv3.PartnerSpec{Host: *partnerHost}, + }) + if err != nil { + log.Fatal("unable to create partner", err) + } + _, err = os.Create(context.Background(), &systemv3.Organization{ + Metadata: &commonv3.Metadata{Name: *org, Partner: *partner, Description: *orgDesc}, + Spec: &systemv3.OrganizationSpec{Active: true}, + }) + if err != nil { + log.Fatal("unable to create organization", err) + } + + for scope := range data { + for name := range data[scope] { + perms := data[scope][name] + fmt.Println(scope, name, len(perms)) + _, err := rs.Create(context.Background(), &rolev3.Role{ + Metadata: &commonv3.Metadata{Name: name, Partner: *partner, Organization: *org, Description: "..."}, + Spec: &rolev3.RoleSpec{IsGlobal: true, Scope: scope, Rolepermissions: perms}, + }) + if err != nil { + log.Fatal("unable to create rolepermission", scope, name, err) + } + } + } + + // should we directly interact with kratos and create a user with a password? + _, err = us.Create(context.Background(), &userv3.User{ + Metadata: &commonv3.Metadata{Name: *oae, Partner: *partner, Organization: *org, Description: "..."}, + Spec: &userv3.UserSpec{FirstName: *oafn, LastName: *oaln, ProjectNamespaceRoles: []*userv3.ProjectNamespaceRole{{Role: "ADMIN"}}}, + }) + + if err != nil { + fmt.Println("err:", err) + log.Fatal("unable to bind user to role", err) + } +} diff --git a/scripts/resourcepermissions/data/account_read.json b/scripts/initialize/permissions/account_read.json similarity index 100% rename from scripts/resourcepermissions/data/account_read.json rename to scripts/initialize/permissions/account_read.json diff --git a/scripts/resourcepermissions/data/accountrole_read.json b/scripts/initialize/permissions/accountrole_read.json similarity index 100% rename from scripts/resourcepermissions/data/accountrole_read.json rename to scripts/initialize/permissions/accountrole_read.json diff --git a/scripts/resourcepermissions/data/accountrole_write.json b/scripts/initialize/permissions/accountrole_write.json similarity index 100% rename from scripts/resourcepermissions/data/accountrole_write.json rename to scripts/initialize/permissions/accountrole_write.json diff --git a/scripts/resourcepermissions/data/audit_read.json b/scripts/initialize/permissions/audit_read.json similarity index 100% rename from scripts/resourcepermissions/data/audit_read.json rename to scripts/initialize/permissions/audit_read.json diff --git a/scripts/resourcepermissions/data/certificate_read.json b/scripts/initialize/permissions/certificate_read.json similarity index 100% rename from scripts/resourcepermissions/data/certificate_read.json rename to scripts/initialize/permissions/certificate_read.json diff --git a/scripts/resourcepermissions/data/certificate_write.json b/scripts/initialize/permissions/certificate_write.json similarity index 100% rename from scripts/resourcepermissions/data/certificate_write.json rename to scripts/initialize/permissions/certificate_write.json diff --git a/scripts/resourcepermissions/data/cluster_scheduler_read.json b/scripts/initialize/permissions/cluster_scheduler_read.json similarity index 100% rename from scripts/resourcepermissions/data/cluster_scheduler_read.json rename to scripts/initialize/permissions/cluster_scheduler_read.json diff --git a/scripts/resourcepermissions/data/cluster_scheduler_write.json b/scripts/initialize/permissions/cluster_scheduler_write.json similarity index 100% rename from scripts/resourcepermissions/data/cluster_scheduler_write.json rename to scripts/initialize/permissions/cluster_scheduler_write.json diff --git a/scripts/resourcepermissions/data/clusterctl_read.json b/scripts/initialize/permissions/clusterctl_read.json similarity index 100% rename from scripts/resourcepermissions/data/clusterctl_read.json rename to scripts/initialize/permissions/clusterctl_read.json diff --git a/scripts/resourcepermissions/data/clusterctl_write.json b/scripts/initialize/permissions/clusterctl_write.json similarity index 100% rename from scripts/resourcepermissions/data/clusterctl_write.json rename to scripts/initialize/permissions/clusterctl_write.json diff --git a/scripts/resourcepermissions/data/console_all.json b/scripts/initialize/permissions/console_all.json similarity index 100% rename from scripts/resourcepermissions/data/console_all.json rename to scripts/initialize/permissions/console_all.json diff --git a/scripts/resourcepermissions/data/credential_read.json b/scripts/initialize/permissions/credential_read.json similarity index 100% rename from scripts/resourcepermissions/data/credential_read.json rename to scripts/initialize/permissions/credential_read.json diff --git a/scripts/resourcepermissions/data/credential_write.json b/scripts/initialize/permissions/credential_write.json similarity index 100% rename from scripts/resourcepermissions/data/credential_write.json rename to scripts/initialize/permissions/credential_write.json diff --git a/scripts/resourcepermissions/data/group_read.json b/scripts/initialize/permissions/group_read.json similarity index 100% rename from scripts/resourcepermissions/data/group_read.json rename to scripts/initialize/permissions/group_read.json diff --git a/scripts/resourcepermissions/data/group_write.json b/scripts/initialize/permissions/group_write.json similarity index 100% rename from scripts/resourcepermissions/data/group_write.json rename to scripts/initialize/permissions/group_write.json diff --git a/scripts/resourcepermissions/data/hub_agent_read.json b/scripts/initialize/permissions/hub_agent_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_agent_read.json rename to scripts/initialize/permissions/hub_agent_read.json diff --git a/scripts/resourcepermissions/data/hub_agent_write.json b/scripts/initialize/permissions/hub_agent_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_agent_write.json rename to scripts/initialize/permissions/hub_agent_write.json diff --git a/scripts/resourcepermissions/data/hub_cluster_read.json b/scripts/initialize/permissions/hub_cluster_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_cluster_read.json rename to scripts/initialize/permissions/hub_cluster_read.json diff --git a/scripts/resourcepermissions/data/hub_cluster_write.json b/scripts/initialize/permissions/hub_cluster_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_cluster_write.json rename to scripts/initialize/permissions/hub_cluster_write.json diff --git a/scripts/resourcepermissions/data/hub_infraprovisioner_read.json b/scripts/initialize/permissions/hub_infraprovisioner_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_infraprovisioner_read.json rename to scripts/initialize/permissions/hub_infraprovisioner_read.json diff --git a/scripts/resourcepermissions/data/hub_infraprovisioner_write.json b/scripts/initialize/permissions/hub_infraprovisioner_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_infraprovisioner_write.json rename to scripts/initialize/permissions/hub_infraprovisioner_write.json diff --git a/scripts/resourcepermissions/data/hub_namespace_read.json b/scripts/initialize/permissions/hub_namespace_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_namespace_read.json rename to scripts/initialize/permissions/hub_namespace_read.json diff --git a/scripts/resourcepermissions/data/hub_namespace_write.json b/scripts/initialize/permissions/hub_namespace_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_namespace_write.json rename to scripts/initialize/permissions/hub_namespace_write.json diff --git a/scripts/resourcepermissions/data/hub_openapi_explorer.read.json b/scripts/initialize/permissions/hub_openapi_explorer.read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_openapi_explorer.read.json rename to scripts/initialize/permissions/hub_openapi_explorer.read.json diff --git a/scripts/resourcepermissions/data/hub_organization_read.json b/scripts/initialize/permissions/hub_organization_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_organization_read.json rename to scripts/initialize/permissions/hub_organization_read.json diff --git a/scripts/resourcepermissions/data/hub_organization_write.json b/scripts/initialize/permissions/hub_organization_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_organization_write.json rename to scripts/initialize/permissions/hub_organization_write.json diff --git a/scripts/resourcepermissions/data/hub_partner_read.json b/scripts/initialize/permissions/hub_partner_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_partner_read.json rename to scripts/initialize/permissions/hub_partner_read.json diff --git a/scripts/resourcepermissions/data/hub_partner_write.json b/scripts/initialize/permissions/hub_partner_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_partner_write.json rename to scripts/initialize/permissions/hub_partner_write.json diff --git a/scripts/resourcepermissions/data/hub_pipeline_read.json b/scripts/initialize/permissions/hub_pipeline_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_pipeline_read.json rename to scripts/initialize/permissions/hub_pipeline_read.json diff --git a/scripts/resourcepermissions/data/hub_pipeline_write.json b/scripts/initialize/permissions/hub_pipeline_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_pipeline_write.json rename to scripts/initialize/permissions/hub_pipeline_write.json diff --git a/scripts/resourcepermissions/data/hub_project_read.json b/scripts/initialize/permissions/hub_project_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_project_read.json rename to scripts/initialize/permissions/hub_project_read.json diff --git a/scripts/resourcepermissions/data/hub_project_write.json b/scripts/initialize/permissions/hub_project_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_project_write.json rename to scripts/initialize/permissions/hub_project_write.json diff --git a/scripts/resourcepermissions/data/hub_repository_read.json b/scripts/initialize/permissions/hub_repository_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_repository_read.json rename to scripts/initialize/permissions/hub_repository_read.json diff --git a/scripts/resourcepermissions/data/hub_repository_write.json b/scripts/initialize/permissions/hub_repository_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_repository_write.json rename to scripts/initialize/permissions/hub_repository_write.json diff --git a/scripts/resourcepermissions/data/hub_wellknown_read.json b/scripts/initialize/permissions/hub_wellknown_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_wellknown_read.json rename to scripts/initialize/permissions/hub_wellknown_read.json diff --git a/scripts/resourcepermissions/data/hub_workload_read.json b/scripts/initialize/permissions/hub_workload_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_workload_read.json rename to scripts/initialize/permissions/hub_workload_read.json diff --git a/scripts/resourcepermissions/data/hub_workload_write.json b/scripts/initialize/permissions/hub_workload_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_workload_write.json rename to scripts/initialize/permissions/hub_workload_write.json diff --git a/scripts/resourcepermissions/data/hub_workloadtemplate_read.json b/scripts/initialize/permissions/hub_workloadtemplate_read.json similarity index 100% rename from scripts/resourcepermissions/data/hub_workloadtemplate_read.json rename to scripts/initialize/permissions/hub_workloadtemplate_read.json diff --git a/scripts/resourcepermissions/data/hub_workloadtemplate_write.json b/scripts/initialize/permissions/hub_workloadtemplate_write.json similarity index 100% rename from scripts/resourcepermissions/data/hub_workloadtemplate_write.json rename to scripts/initialize/permissions/hub_workloadtemplate_write.json diff --git a/scripts/resourcepermissions/data/idle_timeout_settings_read.json b/scripts/initialize/permissions/idle_timeout_settings_read.json similarity index 100% rename from scripts/resourcepermissions/data/idle_timeout_settings_read.json rename to scripts/initialize/permissions/idle_timeout_settings_read.json diff --git a/scripts/resourcepermissions/data/idle_timeout_settings_write.json b/scripts/initialize/permissions/idle_timeout_settings_write.json similarity index 100% rename from scripts/resourcepermissions/data/idle_timeout_settings_write.json rename to scripts/initialize/permissions/idle_timeout_settings_write.json diff --git a/scripts/resourcepermissions/data/kubeconfig_read.json b/scripts/initialize/permissions/kubeconfig_read.json similarity index 100% rename from scripts/resourcepermissions/data/kubeconfig_read.json rename to scripts/initialize/permissions/kubeconfig_read.json diff --git a/scripts/resourcepermissions/data/kubeconfig_write.json b/scripts/initialize/permissions/kubeconfig_write.json similarity index 100% rename from scripts/resourcepermissions/data/kubeconfig_write.json rename to scripts/initialize/permissions/kubeconfig_write.json diff --git a/scripts/resourcepermissions/data/kubectl_cluster_read.json b/scripts/initialize/permissions/kubectl_cluster_read.json similarity index 100% rename from scripts/resourcepermissions/data/kubectl_cluster_read.json rename to scripts/initialize/permissions/kubectl_cluster_read.json diff --git a/scripts/resourcepermissions/data/kubectl_cluster_write.json b/scripts/initialize/permissions/kubectl_cluster_write.json similarity index 100% rename from scripts/resourcepermissions/data/kubectl_cluster_write.json rename to scripts/initialize/permissions/kubectl_cluster_write.json diff --git a/scripts/resourcepermissions/data/kubectl_clustersettings_read.json b/scripts/initialize/permissions/kubectl_clustersettings_read.json similarity index 100% rename from scripts/resourcepermissions/data/kubectl_clustersettings_read.json rename to scripts/initialize/permissions/kubectl_clustersettings_read.json diff --git a/scripts/resourcepermissions/data/kubectl_clustersettings_write.json b/scripts/initialize/permissions/kubectl_clustersettings_write.json similarity index 100% rename from scripts/resourcepermissions/data/kubectl_clustersettings_write.json rename to scripts/initialize/permissions/kubectl_clustersettings_write.json diff --git a/scripts/resourcepermissions/data/kubectl_full_access.json b/scripts/initialize/permissions/kubectl_full_access.json similarity index 100% rename from scripts/resourcepermissions/data/kubectl_full_access.json rename to scripts/initialize/permissions/kubectl_full_access.json diff --git a/scripts/resourcepermissions/data/kubectl_namespace_read.json b/scripts/initialize/permissions/kubectl_namespace_read.json similarity index 100% rename from scripts/resourcepermissions/data/kubectl_namespace_read.json rename to scripts/initialize/permissions/kubectl_namespace_read.json diff --git a/scripts/resourcepermissions/data/kubectl_namespace_write.json b/scripts/initialize/permissions/kubectl_namespace_write.json similarity index 100% rename from scripts/resourcepermissions/data/kubectl_namespace_write.json rename to scripts/initialize/permissions/kubectl_namespace_write.json diff --git a/scripts/resourcepermissions/data/lockout_settings_read.json b/scripts/initialize/permissions/lockout_settings_read.json similarity index 100% rename from scripts/resourcepermissions/data/lockout_settings_read.json rename to scripts/initialize/permissions/lockout_settings_read.json diff --git a/scripts/resourcepermissions/data/lockout_settings_write.json b/scripts/initialize/permissions/lockout_settings_write.json similarity index 100% rename from scripts/resourcepermissions/data/lockout_settings_write.json rename to scripts/initialize/permissions/lockout_settings_write.json diff --git a/scripts/resourcepermissions/data/namespace_read.json b/scripts/initialize/permissions/namespace_read.json similarity index 100% rename from scripts/resourcepermissions/data/namespace_read.json rename to scripts/initialize/permissions/namespace_read.json diff --git a/scripts/resourcepermissions/data/namespace_write.json b/scripts/initialize/permissions/namespace_write.json similarity index 100% rename from scripts/resourcepermissions/data/namespace_write.json rename to scripts/initialize/permissions/namespace_write.json diff --git a/scripts/resourcepermissions/data/ops_star_all.json b/scripts/initialize/permissions/ops_star_all.json similarity index 100% rename from scripts/resourcepermissions/data/ops_star_all.json rename to scripts/initialize/permissions/ops_star_all.json diff --git a/scripts/resourcepermissions/data/org_alert_read.json b/scripts/initialize/permissions/org_alert_read.json similarity index 100% rename from scripts/resourcepermissions/data/org_alert_read.json rename to scripts/initialize/permissions/org_alert_read.json diff --git a/scripts/resourcepermissions/data/org_alertconfig_read.json b/scripts/initialize/permissions/org_alertconfig_read.json similarity index 100% rename from scripts/resourcepermissions/data/org_alertconfig_read.json rename to scripts/initialize/permissions/org_alertconfig_read.json diff --git a/scripts/resourcepermissions/data/org_alertconfig_write.json b/scripts/initialize/permissions/org_alertconfig_write.json similarity index 100% rename from scripts/resourcepermissions/data/org_alertconfig_write.json rename to scripts/initialize/permissions/org_alertconfig_write.json diff --git a/scripts/resourcepermissions/data/org_auditLog_read.json b/scripts/initialize/permissions/org_auditLog_read.json similarity index 100% rename from scripts/resourcepermissions/data/org_auditLog_read.json rename to scripts/initialize/permissions/org_auditLog_read.json diff --git a/scripts/resourcepermissions/data/org_relayAudit_read.json b/scripts/initialize/permissions/org_relayAudit_read.json similarity index 100% rename from scripts/resourcepermissions/data/org_relayAudit_read.json rename to scripts/initialize/permissions/org_relayAudit_read.json diff --git a/scripts/resourcepermissions/data/organization_read.json b/scripts/initialize/permissions/organization_read.json similarity index 100% rename from scripts/resourcepermissions/data/organization_read.json rename to scripts/initialize/permissions/organization_read.json diff --git a/scripts/resourcepermissions/data/organization_write.json b/scripts/initialize/permissions/organization_write.json similarity index 100% rename from scripts/resourcepermissions/data/organization_write.json rename to scripts/initialize/permissions/organization_write.json diff --git a/scripts/resourcepermissions/data/partner_alertconfig_read.json b/scripts/initialize/permissions/partner_alertconfig_read.json similarity index 100% rename from scripts/resourcepermissions/data/partner_alertconfig_read.json rename to scripts/initialize/permissions/partner_alertconfig_read.json diff --git a/scripts/resourcepermissions/data/partner_alertconfig_write.json b/scripts/initialize/permissions/partner_alertconfig_write.json similarity index 100% rename from scripts/resourcepermissions/data/partner_alertconfig_write.json rename to scripts/initialize/permissions/partner_alertconfig_write.json diff --git a/scripts/resourcepermissions/data/partner_read.json b/scripts/initialize/permissions/partner_read.json similarity index 100% rename from scripts/resourcepermissions/data/partner_read.json rename to scripts/initialize/permissions/partner_read.json diff --git a/scripts/resourcepermissions/data/partner_write.json b/scripts/initialize/permissions/partner_write.json similarity index 100% rename from scripts/resourcepermissions/data/partner_write.json rename to scripts/initialize/permissions/partner_write.json diff --git a/scripts/resourcepermissions/data/partnerdetalis_read.json b/scripts/initialize/permissions/partnerdetalis_read.json similarity index 100% rename from scripts/resourcepermissions/data/partnerdetalis_read.json rename to scripts/initialize/permissions/partnerdetalis_read.json diff --git a/scripts/resourcepermissions/data/project_activityjobs_read.json b/scripts/initialize/permissions/project_activityjobs_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_activityjobs_read.json rename to scripts/initialize/permissions/project_activityjobs_read.json diff --git a/scripts/resourcepermissions/data/project_activityjobs_write.json b/scripts/initialize/permissions/project_activityjobs_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_activityjobs_write.json rename to scripts/initialize/permissions/project_activityjobs_write.json diff --git a/scripts/resourcepermissions/data/project_activityplans_read.json b/scripts/initialize/permissions/project_activityplans_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_activityplans_read.json rename to scripts/initialize/permissions/project_activityplans_read.json diff --git a/scripts/resourcepermissions/data/project_activityplans_write.json b/scripts/initialize/permissions/project_activityplans_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_activityplans_write.json rename to scripts/initialize/permissions/project_activityplans_write.json diff --git a/scripts/resourcepermissions/data/project_admin_write.json b/scripts/initialize/permissions/project_admin_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_admin_write.json rename to scripts/initialize/permissions/project_admin_write.json diff --git a/scripts/resourcepermissions/data/project_agent_read.json b/scripts/initialize/permissions/project_agent_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_agent_read.json rename to scripts/initialize/permissions/project_agent_read.json diff --git a/scripts/resourcepermissions/data/project_agent_version_read.json b/scripts/initialize/permissions/project_agent_version_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_agent_version_read.json rename to scripts/initialize/permissions/project_agent_version_read.json diff --git a/scripts/resourcepermissions/data/project_agent_write.json b/scripts/initialize/permissions/project_agent_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_agent_write.json rename to scripts/initialize/permissions/project_agent_write.json diff --git a/scripts/resourcepermissions/data/project_aggregate_status_read.json b/scripts/initialize/permissions/project_aggregate_status_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_aggregate_status_read.json rename to scripts/initialize/permissions/project_aggregate_status_read.json diff --git a/scripts/resourcepermissions/data/project_alert_read.json b/scripts/initialize/permissions/project_alert_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_alert_read.json rename to scripts/initialize/permissions/project_alert_read.json diff --git a/scripts/resourcepermissions/data/project_alertconfig_read.json b/scripts/initialize/permissions/project_alertconfig_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_alertconfig_read.json rename to scripts/initialize/permissions/project_alertconfig_read.json diff --git a/scripts/resourcepermissions/data/project_alertconfig_write.json b/scripts/initialize/permissions/project_alertconfig_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_alertconfig_write.json rename to scripts/initialize/permissions/project_alertconfig_write.json diff --git a/scripts/resourcepermissions/data/project_approval_customer_read.json b/scripts/initialize/permissions/project_approval_customer_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_approval_customer_read.json rename to scripts/initialize/permissions/project_approval_customer_read.json diff --git a/scripts/resourcepermissions/data/project_approval_customer_write.json b/scripts/initialize/permissions/project_approval_customer_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_approval_customer_write.json rename to scripts/initialize/permissions/project_approval_customer_write.json diff --git a/scripts/resourcepermissions/data/project_approval_read.json b/scripts/initialize/permissions/project_approval_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_approval_read.json rename to scripts/initialize/permissions/project_approval_read.json diff --git a/scripts/resourcepermissions/data/project_approval_write.json b/scripts/initialize/permissions/project_approval_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_approval_write.json rename to scripts/initialize/permissions/project_approval_write.json diff --git a/scripts/resourcepermissions/data/project_approvalsummary_read.json b/scripts/initialize/permissions/project_approvalsummary_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_approvalsummary_read.json rename to scripts/initialize/permissions/project_approvalsummary_read.json diff --git a/scripts/resourcepermissions/data/project_auditLog_read.json b/scripts/initialize/permissions/project_auditLog_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_auditLog_read.json rename to scripts/initialize/permissions/project_auditLog_read.json diff --git a/scripts/resourcepermissions/data/project_audit_read.json b/scripts/initialize/permissions/project_audit_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_audit_read.json rename to scripts/initialize/permissions/project_audit_read.json diff --git a/scripts/resourcepermissions/data/project_certificate_read.json b/scripts/initialize/permissions/project_certificate_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_certificate_read.json rename to scripts/initialize/permissions/project_certificate_read.json diff --git a/scripts/resourcepermissions/data/project_certificate_write.json b/scripts/initialize/permissions/project_certificate_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_certificate_write.json rename to scripts/initialize/permissions/project_certificate_write.json diff --git a/scripts/resourcepermissions/data/project_cluster_override_read_workload.json b/scripts/initialize/permissions/project_cluster_override_read_workload.json similarity index 100% rename from scripts/resourcepermissions/data/project_cluster_override_read_workload.json rename to scripts/initialize/permissions/project_cluster_override_read_workload.json diff --git a/scripts/resourcepermissions/data/project_cluster_override_write_workload.json b/scripts/initialize/permissions/project_cluster_override_write_workload.json similarity index 100% rename from scripts/resourcepermissions/data/project_cluster_override_write_workload.json rename to scripts/initialize/permissions/project_cluster_override_write_workload.json diff --git a/scripts/resourcepermissions/data/project_cluster_scheduler_read.json b/scripts/initialize/permissions/project_cluster_scheduler_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_cluster_scheduler_read.json rename to scripts/initialize/permissions/project_cluster_scheduler_read.json diff --git a/scripts/resourcepermissions/data/project_cluster_scheduler_write.json b/scripts/initialize/permissions/project_cluster_scheduler_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_cluster_scheduler_write.json rename to scripts/initialize/permissions/project_cluster_scheduler_write.json diff --git a/scripts/resourcepermissions/data/project_clusterctl_read.json b/scripts/initialize/permissions/project_clusterctl_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_clusterctl_read.json rename to scripts/initialize/permissions/project_clusterctl_read.json diff --git a/scripts/resourcepermissions/data/project_clusterctl_write.json b/scripts/initialize/permissions/project_clusterctl_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_clusterctl_write.json rename to scripts/initialize/permissions/project_clusterctl_write.json diff --git a/scripts/resourcepermissions/data/project_container_registry_read.json b/scripts/initialize/permissions/project_container_registry_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_container_registry_read.json rename to scripts/initialize/permissions/project_container_registry_read.json diff --git a/scripts/resourcepermissions/data/project_container_registry_write.json b/scripts/initialize/permissions/project_container_registry_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_container_registry_write.json rename to scripts/initialize/permissions/project_container_registry_write.json diff --git a/scripts/resourcepermissions/data/project_credential_read.json b/scripts/initialize/permissions/project_credential_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_credential_read.json rename to scripts/initialize/permissions/project_credential_read.json diff --git a/scripts/resourcepermissions/data/project_credential_write.json b/scripts/initialize/permissions/project_credential_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_credential_write.json rename to scripts/initialize/permissions/project_credential_write.json diff --git a/scripts/resourcepermissions/data/project_customer_clusters_read.json b/scripts/initialize/permissions/project_customer_clusters_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_customer_clusters_read.json rename to scripts/initialize/permissions/project_customer_clusters_read.json diff --git a/scripts/resourcepermissions/data/project_customer_clusters_write.json b/scripts/initialize/permissions/project_customer_clusters_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_customer_clusters_write.json rename to scripts/initialize/permissions/project_customer_clusters_write.json diff --git a/scripts/resourcepermissions/data/project_customer_providers_read.json b/scripts/initialize/permissions/project_customer_providers_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_customer_providers_read.json rename to scripts/initialize/permissions/project_customer_providers_read.json diff --git a/scripts/resourcepermissions/data/project_customer_providers_write.json b/scripts/initialize/permissions/project_customer_providers_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_customer_providers_write.json rename to scripts/initialize/permissions/project_customer_providers_write.json diff --git a/scripts/resourcepermissions/data/project_customer_read.json b/scripts/initialize/permissions/project_customer_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_customer_read.json rename to scripts/initialize/permissions/project_customer_read.json diff --git a/scripts/resourcepermissions/data/project_customer_write.json b/scripts/initialize/permissions/project_customer_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_customer_write.json rename to scripts/initialize/permissions/project_customer_write.json diff --git a/scripts/resourcepermissions/data/project_dashboard_workload_read.json b/scripts/initialize/permissions/project_dashboard_workload_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_dashboard_workload_read.json rename to scripts/initialize/permissions/project_dashboard_workload_read.json diff --git a/scripts/resourcepermissions/data/project_data_protection_location_read.json b/scripts/initialize/permissions/project_data_protection_location_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_data_protection_location_read.json rename to scripts/initialize/permissions/project_data_protection_location_read.json diff --git a/scripts/resourcepermissions/data/project_data_protection_location_write.json b/scripts/initialize/permissions/project_data_protection_location_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_data_protection_location_write.json rename to scripts/initialize/permissions/project_data_protection_location_write.json diff --git a/scripts/resourcepermissions/data/project_data_protection_policy_read.json b/scripts/initialize/permissions/project_data_protection_policy_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_data_protection_policy_read.json rename to scripts/initialize/permissions/project_data_protection_policy_read.json diff --git a/scripts/resourcepermissions/data/project_data_protection_policy_write.json b/scripts/initialize/permissions/project_data_protection_policy_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_data_protection_policy_write.json rename to scripts/initialize/permissions/project_data_protection_policy_write.json diff --git a/scripts/resourcepermissions/data/project_data_protection_read.json b/scripts/initialize/permissions/project_data_protection_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_data_protection_read.json rename to scripts/initialize/permissions/project_data_protection_read.json diff --git a/scripts/resourcepermissions/data/project_data_protection_write.json b/scripts/initialize/permissions/project_data_protection_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_data_protection_write.json rename to scripts/initialize/permissions/project_data_protection_write.json diff --git a/scripts/resourcepermissions/data/project_infra_overrides_read.json b/scripts/initialize/permissions/project_infra_overrides_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_infra_overrides_read.json rename to scripts/initialize/permissions/project_infra_overrides_read.json diff --git a/scripts/resourcepermissions/data/project_infra_provisioner_read.json b/scripts/initialize/permissions/project_infra_provisioner_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_infra_provisioner_read.json rename to scripts/initialize/permissions/project_infra_provisioner_read.json diff --git a/scripts/resourcepermissions/data/project_infra_provisioner_runtime_read.json b/scripts/initialize/permissions/project_infra_provisioner_runtime_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_infra_provisioner_runtime_read.json rename to scripts/initialize/permissions/project_infra_provisioner_runtime_read.json diff --git a/scripts/resourcepermissions/data/project_infra_provisioner_write.json b/scripts/initialize/permissions/project_infra_provisioner_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_infra_provisioner_write.json rename to scripts/initialize/permissions/project_infra_provisioner_write.json diff --git a/scripts/resourcepermissions/data/project_integrationEndpoint_read.json b/scripts/initialize/permissions/project_integrationEndpoint_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_integrationEndpoint_read.json rename to scripts/initialize/permissions/project_integrationEndpoint_read.json diff --git a/scripts/resourcepermissions/data/project_integrationEndpoint_write.json b/scripts/initialize/permissions/project_integrationEndpoint_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_integrationEndpoint_write.json rename to scripts/initialize/permissions/project_integrationEndpoint_write.json diff --git a/scripts/resourcepermissions/data/project_myapproval_read.json b/scripts/initialize/permissions/project_myapproval_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_myapproval_read.json rename to scripts/initialize/permissions/project_myapproval_read.json diff --git a/scripts/resourcepermissions/data/project_myapprovalsummary_read.json b/scripts/initialize/permissions/project_myapprovalsummary_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_myapprovalsummary_read.json rename to scripts/initialize/permissions/project_myapprovalsummary_read.json diff --git a/scripts/resourcepermissions/data/project_namespace_customer_read.json b/scripts/initialize/permissions/project_namespace_customer_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_namespace_customer_read.json rename to scripts/initialize/permissions/project_namespace_customer_read.json diff --git a/scripts/resourcepermissions/data/project_namespace_customer_write.json b/scripts/initialize/permissions/project_namespace_customer_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_namespace_customer_write.json rename to scripts/initialize/permissions/project_namespace_customer_write.json diff --git a/scripts/resourcepermissions/data/project_namespace_read.json b/scripts/initialize/permissions/project_namespace_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_namespace_read.json rename to scripts/initialize/permissions/project_namespace_read.json diff --git a/scripts/resourcepermissions/data/project_namespace_write.json b/scripts/initialize/permissions/project_namespace_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_namespace_write.json rename to scripts/initialize/permissions/project_namespace_write.json diff --git a/scripts/resourcepermissions/data/project_override_read.json b/scripts/initialize/permissions/project_override_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_override_read.json rename to scripts/initialize/permissions/project_override_read.json diff --git a/scripts/resourcepermissions/data/project_override_write.json b/scripts/initialize/permissions/project_override_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_override_write.json rename to scripts/initialize/permissions/project_override_write.json diff --git a/scripts/resourcepermissions/data/project_pipeline_customer_read.json b/scripts/initialize/permissions/project_pipeline_customer_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipeline_customer_read.json rename to scripts/initialize/permissions/project_pipeline_customer_read.json diff --git a/scripts/resourcepermissions/data/project_pipeline_customer_write.json b/scripts/initialize/permissions/project_pipeline_customer_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipeline_customer_write.json rename to scripts/initialize/permissions/project_pipeline_customer_write.json diff --git a/scripts/resourcepermissions/data/project_pipeline_org_admin_write.json b/scripts/initialize/permissions/project_pipeline_org_admin_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipeline_org_admin_write.json rename to scripts/initialize/permissions/project_pipeline_org_admin_write.json diff --git a/scripts/resourcepermissions/data/project_pipeline_read.json b/scripts/initialize/permissions/project_pipeline_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipeline_read.json rename to scripts/initialize/permissions/project_pipeline_read.json diff --git a/scripts/resourcepermissions/data/project_pipeline_variable_read.json b/scripts/initialize/permissions/project_pipeline_variable_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipeline_variable_read.json rename to scripts/initialize/permissions/project_pipeline_variable_read.json diff --git a/scripts/resourcepermissions/data/project_pipeline_variable_write.json b/scripts/initialize/permissions/project_pipeline_variable_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipeline_variable_write.json rename to scripts/initialize/permissions/project_pipeline_variable_write.json diff --git a/scripts/resourcepermissions/data/project_pipeline_write.json b/scripts/initialize/permissions/project_pipeline_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipeline_write.json rename to scripts/initialize/permissions/project_pipeline_write.json diff --git a/scripts/resourcepermissions/data/project_pipelinesummary_customer_read.json b/scripts/initialize/permissions/project_pipelinesummary_customer_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipelinesummary_customer_read.json rename to scripts/initialize/permissions/project_pipelinesummary_customer_read.json diff --git a/scripts/resourcepermissions/data/project_pipelinesummary_read.json b/scripts/initialize/permissions/project_pipelinesummary_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_pipelinesummary_read.json rename to scripts/initialize/permissions/project_pipelinesummary_read.json diff --git a/scripts/resourcepermissions/data/project_placement_read.json b/scripts/initialize/permissions/project_placement_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_placement_read.json rename to scripts/initialize/permissions/project_placement_read.json diff --git a/scripts/resourcepermissions/data/project_placement_write.json b/scripts/initialize/permissions/project_placement_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_placement_write.json rename to scripts/initialize/permissions/project_placement_write.json diff --git a/scripts/resourcepermissions/data/project_providers_org_admin_write.json b/scripts/initialize/permissions/project_providers_org_admin_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_providers_org_admin_write.json rename to scripts/initialize/permissions/project_providers_org_admin_write.json diff --git a/scripts/resourcepermissions/data/project_providers_read.json b/scripts/initialize/permissions/project_providers_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_providers_read.json rename to scripts/initialize/permissions/project_providers_read.json diff --git a/scripts/resourcepermissions/data/project_providers_write.json b/scripts/initialize/permissions/project_providers_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_providers_write.json rename to scripts/initialize/permissions/project_providers_write.json diff --git a/scripts/resourcepermissions/data/project_read.json b/scripts/initialize/permissions/project_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_read.json rename to scripts/initialize/permissions/project_read.json diff --git a/scripts/resourcepermissions/data/project_registry_read.json b/scripts/initialize/permissions/project_registry_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_registry_read.json rename to scripts/initialize/permissions/project_registry_read.json diff --git a/scripts/resourcepermissions/data/project_registry_write.json b/scripts/initialize/permissions/project_registry_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_registry_write.json rename to scripts/initialize/permissions/project_registry_write.json diff --git a/scripts/resourcepermissions/data/project_relayAudit_read.json b/scripts/initialize/permissions/project_relayAudit_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_relayAudit_read.json rename to scripts/initialize/permissions/project_relayAudit_read.json diff --git a/scripts/resourcepermissions/data/project_repository_read.json b/scripts/initialize/permissions/project_repository_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_repository_read.json rename to scripts/initialize/permissions/project_repository_read.json diff --git a/scripts/resourcepermissions/data/project_repository_write.json b/scripts/initialize/permissions/project_repository_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_repository_write.json rename to scripts/initialize/permissions/project_repository_write.json diff --git a/scripts/resourcepermissions/data/project_schedulerplacement_read.json b/scripts/initialize/permissions/project_schedulerplacement_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_schedulerplacement_read.json rename to scripts/initialize/permissions/project_schedulerplacement_read.json diff --git a/scripts/resourcepermissions/data/project_schedulerplacement_write.json b/scripts/initialize/permissions/project_schedulerplacement_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_schedulerplacement_write.json rename to scripts/initialize/permissions/project_schedulerplacement_write.json diff --git a/scripts/resourcepermissions/data/project_secretStore_read.json b/scripts/initialize/permissions/project_secretStore_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_secretStore_read.json rename to scripts/initialize/permissions/project_secretStore_read.json diff --git a/scripts/resourcepermissions/data/project_secretStore_write.json b/scripts/initialize/permissions/project_secretStore_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_secretStore_write.json rename to scripts/initialize/permissions/project_secretStore_write.json diff --git a/scripts/resourcepermissions/data/project_systemsync_read.json b/scripts/initialize/permissions/project_systemsync_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_systemsync_read.json rename to scripts/initialize/permissions/project_systemsync_read.json diff --git a/scripts/resourcepermissions/data/project_systemsync_write.json b/scripts/initialize/permissions/project_systemsync_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_systemsync_write.json rename to scripts/initialize/permissions/project_systemsync_write.json diff --git a/scripts/resourcepermissions/data/project_taskset_read.json b/scripts/initialize/permissions/project_taskset_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_taskset_read.json rename to scripts/initialize/permissions/project_taskset_read.json diff --git a/scripts/resourcepermissions/data/project_taskset_write.json b/scripts/initialize/permissions/project_taskset_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_taskset_write.json rename to scripts/initialize/permissions/project_taskset_write.json diff --git a/scripts/resourcepermissions/data/project_trigger_customer_read.json b/scripts/initialize/permissions/project_trigger_customer_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_trigger_customer_read.json rename to scripts/initialize/permissions/project_trigger_customer_read.json diff --git a/scripts/resourcepermissions/data/project_trigger_customer_write.json b/scripts/initialize/permissions/project_trigger_customer_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_trigger_customer_write.json rename to scripts/initialize/permissions/project_trigger_customer_write.json diff --git a/scripts/resourcepermissions/data/project_trigger_read.json b/scripts/initialize/permissions/project_trigger_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_trigger_read.json rename to scripts/initialize/permissions/project_trigger_read.json diff --git a/scripts/resourcepermissions/data/project_trigger_write.json b/scripts/initialize/permissions/project_trigger_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_trigger_write.json rename to scripts/initialize/permissions/project_trigger_write.json diff --git a/scripts/resourcepermissions/data/project_v2_namespace_read.json b/scripts/initialize/permissions/project_v2_namespace_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_v2_namespace_read.json rename to scripts/initialize/permissions/project_v2_namespace_read.json diff --git a/scripts/resourcepermissions/data/project_v2_namespace_write.json b/scripts/initialize/permissions/project_v2_namespace_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_v2_namespace_write.json rename to scripts/initialize/permissions/project_v2_namespace_write.json diff --git a/scripts/resourcepermissions/data/project_workload_customer_read.json b/scripts/initialize/permissions/project_workload_customer_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_workload_customer_read.json rename to scripts/initialize/permissions/project_workload_customer_read.json diff --git a/scripts/resourcepermissions/data/project_workload_customer_write.json b/scripts/initialize/permissions/project_workload_customer_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_workload_customer_write.json rename to scripts/initialize/permissions/project_workload_customer_write.json diff --git a/scripts/resourcepermissions/data/project_workload_publish.json b/scripts/initialize/permissions/project_workload_publish.json similarity index 100% rename from scripts/resourcepermissions/data/project_workload_publish.json rename to scripts/initialize/permissions/project_workload_publish.json diff --git a/scripts/resourcepermissions/data/project_workload_read.json b/scripts/initialize/permissions/project_workload_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_workload_read.json rename to scripts/initialize/permissions/project_workload_read.json diff --git a/scripts/resourcepermissions/data/project_workload_write.json b/scripts/initialize/permissions/project_workload_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_workload_write.json rename to scripts/initialize/permissions/project_workload_write.json diff --git a/scripts/resourcepermissions/data/project_workloadtemplatev2_read.json b/scripts/initialize/permissions/project_workloadtemplatev2_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_workloadtemplatev2_read.json rename to scripts/initialize/permissions/project_workloadtemplatev2_read.json diff --git a/scripts/resourcepermissions/data/project_workloadtemplatev2_write.json b/scripts/initialize/permissions/project_workloadtemplatev2_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_workloadtemplatev2_write.json rename to scripts/initialize/permissions/project_workloadtemplatev2_write.json diff --git a/scripts/resourcepermissions/data/project_workloadv2_read.json b/scripts/initialize/permissions/project_workloadv2_read.json similarity index 100% rename from scripts/resourcepermissions/data/project_workloadv2_read.json rename to scripts/initialize/permissions/project_workloadv2_read.json diff --git a/scripts/resourcepermissions/data/project_workloadv2_write.json b/scripts/initialize/permissions/project_workloadv2_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_workloadv2_write.json rename to scripts/initialize/permissions/project_workloadv2_write.json diff --git a/scripts/resourcepermissions/data/project_write.json b/scripts/initialize/permissions/project_write.json similarity index 100% rename from scripts/resourcepermissions/data/project_write.json rename to scripts/initialize/permissions/project_write.json diff --git a/scripts/resourcepermissions/data/registry_read.json b/scripts/initialize/permissions/registry_read.json similarity index 100% rename from scripts/resourcepermissions/data/registry_read.json rename to scripts/initialize/permissions/registry_read.json diff --git a/scripts/resourcepermissions/data/registry_write.json b/scripts/initialize/permissions/registry_write.json similarity index 100% rename from scripts/resourcepermissions/data/registry_write.json rename to scripts/initialize/permissions/registry_write.json diff --git a/scripts/resourcepermissions/data/registryauthkey_read.json b/scripts/initialize/permissions/registryauthkey_read.json similarity index 100% rename from scripts/resourcepermissions/data/registryauthkey_read.json rename to scripts/initialize/permissions/registryauthkey_read.json diff --git a/scripts/resourcepermissions/data/registryauthkey_write.json b/scripts/initialize/permissions/registryauthkey_write.json similarity index 100% rename from scripts/resourcepermissions/data/registryauthkey_write.json rename to scripts/initialize/permissions/registryauthkey_write.json diff --git a/scripts/resourcepermissions/data/registryimage_read.json b/scripts/initialize/permissions/registryimage_read.json similarity index 100% rename from scripts/resourcepermissions/data/registryimage_read.json rename to scripts/initialize/permissions/registryimage_read.json diff --git a/scripts/resourcepermissions/data/registryimage_write.json b/scripts/initialize/permissions/registryimage_write.json similarity index 100% rename from scripts/resourcepermissions/data/registryimage_write.json rename to scripts/initialize/permissions/registryimage_write.json diff --git a/scripts/resourcepermissions/data/relaynetwork_read.json b/scripts/initialize/permissions/relaynetwork_read.json similarity index 100% rename from scripts/resourcepermissions/data/relaynetwork_read.json rename to scripts/initialize/permissions/relaynetwork_read.json diff --git a/scripts/resourcepermissions/data/relaynetwork_write.json b/scripts/initialize/permissions/relaynetwork_write.json similarity index 100% rename from scripts/resourcepermissions/data/relaynetwork_write.json rename to scripts/initialize/permissions/relaynetwork_write.json diff --git a/scripts/resourcepermissions/data/role_read.json b/scripts/initialize/permissions/role_read.json similarity index 100% rename from scripts/resourcepermissions/data/role_read.json rename to scripts/initialize/permissions/role_read.json diff --git a/scripts/resourcepermissions/data/role_write.json b/scripts/initialize/permissions/role_write.json similarity index 100% rename from scripts/resourcepermissions/data/role_write.json rename to scripts/initialize/permissions/role_write.json diff --git a/scripts/resourcepermissions/data/sso_read.json b/scripts/initialize/permissions/sso_read.json similarity index 100% rename from scripts/resourcepermissions/data/sso_read.json rename to scripts/initialize/permissions/sso_read.json diff --git a/scripts/resourcepermissions/data/sso_user_read.json b/scripts/initialize/permissions/sso_user_read.json similarity index 100% rename from scripts/resourcepermissions/data/sso_user_read.json rename to scripts/initialize/permissions/sso_user_read.json diff --git a/scripts/resourcepermissions/data/sso_user_write.json b/scripts/initialize/permissions/sso_user_write.json similarity index 100% rename from scripts/resourcepermissions/data/sso_user_write.json rename to scripts/initialize/permissions/sso_user_write.json diff --git a/scripts/resourcepermissions/data/sso_write.json b/scripts/initialize/permissions/sso_write.json similarity index 100% rename from scripts/resourcepermissions/data/sso_write.json rename to scripts/initialize/permissions/sso_write.json diff --git a/scripts/resourcepermissions/data/template_read.json b/scripts/initialize/permissions/template_read.json similarity index 100% rename from scripts/resourcepermissions/data/template_read.json rename to scripts/initialize/permissions/template_read.json diff --git a/scripts/resourcepermissions/data/user_keys_write.json b/scripts/initialize/permissions/user_keys_write.json similarity index 100% rename from scripts/resourcepermissions/data/user_keys_write.json rename to scripts/initialize/permissions/user_keys_write.json diff --git a/scripts/resourcepermissions/data/user_read.json b/scripts/initialize/permissions/user_read.json similarity index 100% rename from scripts/resourcepermissions/data/user_read.json rename to scripts/initialize/permissions/user_read.json diff --git a/scripts/resourcepermissions/data/user_write.json b/scripts/initialize/permissions/user_write.json similarity index 100% rename from scripts/resourcepermissions/data/user_write.json rename to scripts/initialize/permissions/user_write.json diff --git a/scripts/resourcepermissions/data/v2account_read.json b/scripts/initialize/permissions/v2account_read.json similarity index 100% rename from scripts/resourcepermissions/data/v2account_read.json rename to scripts/initialize/permissions/v2account_read.json diff --git a/scripts/resourcepermissions/data/v2debug_read.json b/scripts/initialize/permissions/v2debug_read.json similarity index 100% rename from scripts/resourcepermissions/data/v2debug_read.json rename to scripts/initialize/permissions/v2debug_read.json diff --git a/scripts/resourcepermissions/data/v2debug_write.json b/scripts/initialize/permissions/v2debug_write.json similarity index 100% rename from scripts/resourcepermissions/data/v2debug_write.json rename to scripts/initialize/permissions/v2debug_write.json diff --git a/scripts/resourcepermissions/data/workload_publish.json b/scripts/initialize/permissions/workload_publish.json similarity index 100% rename from scripts/resourcepermissions/data/workload_publish.json rename to scripts/initialize/permissions/workload_publish.json diff --git a/scripts/resourcepermissions/data/workload_read.json b/scripts/initialize/permissions/workload_read.json similarity index 100% rename from scripts/resourcepermissions/data/workload_read.json rename to scripts/initialize/permissions/workload_read.json diff --git a/scripts/resourcepermissions/data/workload_write.json b/scripts/initialize/permissions/workload_write.json similarity index 100% rename from scripts/resourcepermissions/data/workload_write.json rename to scripts/initialize/permissions/workload_write.json diff --git a/scripts/resourceroles/data.json b/scripts/initialize/roles.json similarity index 99% rename from scripts/resourceroles/data.json rename to scripts/initialize/roles.json index 0dafed5..1773b1f 100644 --- a/scripts/resourceroles/data.json +++ b/scripts/initialize/roles.json @@ -729,7 +729,6 @@ "project.aggregate.status.read", "project.data.protection.read", "project.data.protection.policy.read", - "project.data.protection.location.read", "hub.namespace.read", "hub.namespace.write", "hub.openapi.explorer.read", diff --git a/scripts/resourcepermissions/createresources.go b/scripts/resourcepermissions/createresources.go deleted file mode 100644 index 6ec071f..0000000 --- a/scripts/resourcepermissions/createresources.go +++ /dev/null @@ -1,64 +0,0 @@ -package main - -import ( - "context" - "database/sql" - "encoding/json" - "fmt" - "io/ioutil" - "log" - "path" - - "github.com/RafaySystems/rcloud-base/internal/models" - "github.com/RafaySystems/rcloud-base/internal/persistence/provider/pg" - "github.com/uptrace/bun" - "github.com/uptrace/bun/dialect/pgdialect" - "github.com/uptrace/bun/driver/pgdriver" -) - -func addResourcePermissions(dao pg.EntityDAO, basePath string) error { - var items []models.ResourcePermission - - files, err := ioutil.ReadDir(basePath) - if err != nil { - log.Fatal(err) - } - for _, file := range files { - if !file.IsDir() { // probably not, but just in case - content, err := ioutil.ReadFile(path.Join(basePath, file.Name())) - if err != nil { - log.Fatal(err) - } - // It has ResourceRefId, but that does not seem to be used in the old implementatino - // Also, why do we need two items? - var data models.ResourcePermission - err = json.Unmarshal(content, &data) - if err != nil { - log.Fatal(err) - } - items = append(items, data) - } - } - - fmt.Println("Adding", len(items), "resouces permissions") - _, err = dao.Create(context.Background(), &items) - return err -} - -func main() { - dsn := "postgres://admindbuser:admindbpassword@localhost:5432/admindb?sslmode=disable" - sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn))) - db := bun.NewDB(sqldb, pgdialect.New()) - dao := pg.NewEntityDAO(db) - - // TODO: add option to update the existing list - err := dao.DeleteAll(context.Background(), &models.ResourcePermission{}) - if err != nil { - log.Fatal(err) - } - err = addResourcePermissions(dao, path.Join("scripts", "resourcepermissions", "data")) - if err != nil { - fmt.Println("Run from base directory") - log.Fatal(err) - } -} diff --git a/scripts/resourceroles/createresourceroles.go b/scripts/resourceroles/createresourceroles.go deleted file mode 100644 index fce438d..0000000 --- a/scripts/resourceroles/createresourceroles.go +++ /dev/null @@ -1,125 +0,0 @@ -package main - -import ( - "context" - "database/sql" - "encoding/json" - "fmt" - "io/ioutil" - "log" - "os" - "path" - - "github.com/RafaySystems/rcloud-base/internal/models" - "github.com/RafaySystems/rcloud-base/internal/persistence/provider/pg" - "github.com/google/uuid" - "github.com/uptrace/bun" - "github.com/uptrace/bun/dialect/pgdialect" - "github.com/uptrace/bun/driver/pgdriver" -) - -func addRole(dao pg.EntityDAO, name string, scope string, orgId uuid.UUID, partnerId uuid.UUID, permissions []string) error { - entity, err := dao.GetM(context.Background(), map[string]interface{}{"name": name, "scope": scope, "organization_id": orgId, "partner_id": partnerId}, &models.Role{}) - if err != nil && err.Error() != "sql: no rows in result set" { - return err - } - - role := models.Role{ - Name: name, - OrganizationId: orgId, - PartnerId: partnerId, - Scope: scope, - } - if r, ok := entity.(*models.Role); ok { - // I could technically do an update, but just to make it simpler - fmt.Printf("%v alrady exists, deleting and adding again\n", name) - err := dao.DeleteX(context.Background(), "resource_role_id", r.ID, &models.ResourceRolePermission{}) - if err != nil { - log.Fatalf("unable to delete permissions for '%v'", name) - } - - err = dao.Delete(context.Background(), r.ID, &models.Role{}) - if err != nil { - log.Fatalf("unable to delete '%v'", name) - } - } - - createdRole, err := dao.Create(context.Background(), &role) - if err != nil { - return err - } - - if r, ok := createdRole.(*models.Role); ok { - for _, p := range permissions { - entity, err := dao.GetByName(context.Background(), p, &models.ResourcePermission{}) - if err != nil { - log.Fatalf("unable to get rolepermission '%v'", p) - } - - if rlp, ok := entity.(*models.ResourcePermission); ok { - rolepermissionmapping := models.ResourceRolePermission{ - ResourceRoleId: r.ID, - ResourcePermissionId: rlp.ID, - } - _, err := dao.Create(context.Background(), &rolepermissionmapping) - if err != nil { - return err - } - } else { - log.Fatalf("unable to get rolepermission '%v'", p) - } - } - } else { - return fmt.Errorf("unable to create role") - } - - return nil -} - -func main() { - dsn := "postgres://admindbuser:admindbpassword@localhost:5432/admindb?sslmode=disable" - sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn))) - db := bun.NewDB(sqldb, pgdialect.New()) - - // db.AddQueryHook(bundebug.NewQueryHook( - // bundebug.WithVerbose(true), - // bundebug.FromEnv("BUNDEBUG"), - // )) - dao := pg.NewEntityDAO(db) - - if len(os.Args) != 3 { - // this step happens after org creation and so we will have org and partner id - log.Fatal("Usage: ", os.Args[0], " ", " ") - } - - content, err := ioutil.ReadFile(path.Join("scripts", "resourceroles", "data.json")) - if err != nil { - log.Fatal(err) - } - - orgId, err := uuid.Parse(os.Args[1]) - if err != nil { - log.Fatal(err) - } - partnerId, err := uuid.Parse(os.Args[2]) - if err != nil { - log.Fatal(err) - } - - var data map[string]map[string][]string - err = json.Unmarshal(content, &data) - if err != nil { - log.Fatal(err) - } - - for scope := range data { - for name := range data[scope] { - perms := data[scope][name] - fmt.Println(scope, name, len(perms)) - err := addRole(dao, name, scope, orgId, partnerId, perms) - if err != nil { - log.Fatal(err) - } - } - } -}