From b049ebaf288298f4a0f103d25f277af9b90c1d35 Mon Sep 17 00:00:00 2001
From: Abin Simon <abin.simon@rafay.co>
Date: Fri, 11 Mar 2022 14:53:31 +0530
Subject: [PATCH 1/6] Delete a duplicate entry from json data for role

---
 scripts/resourceroles/data.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scripts/resourceroles/data.json b/scripts/resourceroles/data.json
index 0dafed5..1773b1f 100644
--- a/scripts/resourceroles/data.json
+++ b/scripts/resourceroles/data.json
@@ -729,7 +729,6 @@
             "project.aggregate.status.read",
             "project.data.protection.read",
             "project.data.protection.policy.read",
-            "project.data.protection.location.read",
             "hub.namespace.read",
             "hub.namespace.write",
             "hub.openapi.explorer.read",

From 8184c23a8f54c6fa707802833d88dce75ca73faa Mon Sep 17 00:00:00 2001
From: Abin Simon <abin.simon@rafay.co>
Date: Fri, 11 Mar 2022 14:54:17 +0530
Subject: [PATCH 2/6] Initialize script to create org, partner and roles

We should probably have the role creation moved into adminsrv, but
since we are only creating new orgs like this as of now let us
continue with this.
---
 .../resourcepermissions/createresources.go    |   2 +-
 scripts/resourceroles/createresourceroles.go  | 125 ------------------
 scripts/resourceroles/initialize.go           | 101 ++++++++++++++
 3 files changed, 102 insertions(+), 126 deletions(-)
 delete mode 100644 scripts/resourceroles/createresourceroles.go
 create mode 100644 scripts/resourceroles/initialize.go

diff --git a/scripts/resourcepermissions/createresources.go b/scripts/resourcepermissions/createresources.go
index 6ec071f..dcff5c2 100644
--- a/scripts/resourcepermissions/createresources.go
+++ b/scripts/resourcepermissions/createresources.go
@@ -40,7 +40,7 @@ func addResourcePermissions(dao pg.EntityDAO, basePath string) error {
 		}
 	}
 
-	fmt.Println("Adding", len(items), "resouces permissions")
+	fmt.Println("Adding", len(items), "resource permissions")
 	_, err = dao.Create(context.Background(), &items)
 	return err
 }
diff --git a/scripts/resourceroles/createresourceroles.go b/scripts/resourceroles/createresourceroles.go
deleted file mode 100644
index fce438d..0000000
--- a/scripts/resourceroles/createresourceroles.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package main
-
-import (
-	"context"
-	"database/sql"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"os"
-	"path"
-
-	"github.com/RafaySystems/rcloud-base/internal/models"
-	"github.com/RafaySystems/rcloud-base/internal/persistence/provider/pg"
-	"github.com/google/uuid"
-	"github.com/uptrace/bun"
-	"github.com/uptrace/bun/dialect/pgdialect"
-	"github.com/uptrace/bun/driver/pgdriver"
-)
-
-func addRole(dao pg.EntityDAO, name string, scope string, orgId uuid.UUID, partnerId uuid.UUID, permissions []string) error {
-	entity, err := dao.GetM(context.Background(), map[string]interface{}{"name": name, "scope": scope, "organization_id": orgId, "partner_id": partnerId}, &models.Role{})
-	if err != nil && err.Error() != "sql: no rows in result set" {
-		return err
-	}
-
-	role := models.Role{
-		Name:           name,
-		OrganizationId: orgId,
-		PartnerId:      partnerId,
-		Scope:          scope,
-	}
-	if r, ok := entity.(*models.Role); ok {
-		// I could technically do an update, but just to make it simpler
-		fmt.Printf("%v alrady exists, deleting and adding again\n", name)
-		err := dao.DeleteX(context.Background(), "resource_role_id", r.ID, &models.ResourceRolePermission{})
-		if err != nil {
-			log.Fatalf("unable to delete permissions for '%v'", name)
-		}
-
-		err = dao.Delete(context.Background(), r.ID, &models.Role{})
-		if err != nil {
-			log.Fatalf("unable to delete '%v'", name)
-		}
-	}
-
-	createdRole, err := dao.Create(context.Background(), &role)
-	if err != nil {
-		return err
-	}
-
-	if r, ok := createdRole.(*models.Role); ok {
-		for _, p := range permissions {
-			entity, err := dao.GetByName(context.Background(), p, &models.ResourcePermission{})
-			if err != nil {
-				log.Fatalf("unable to get rolepermission '%v'", p)
-			}
-
-			if rlp, ok := entity.(*models.ResourcePermission); ok {
-				rolepermissionmapping := models.ResourceRolePermission{
-					ResourceRoleId:       r.ID,
-					ResourcePermissionId: rlp.ID,
-				}
-				_, err := dao.Create(context.Background(), &rolepermissionmapping)
-				if err != nil {
-					return err
-				}
-			} else {
-				log.Fatalf("unable to get rolepermission '%v'", p)
-			}
-		}
-	} else {
-		return fmt.Errorf("unable to create role")
-	}
-
-	return nil
-}
-
-func main() {
-	dsn := "postgres://admindbuser:admindbpassword@localhost:5432/admindb?sslmode=disable"
-	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn)))
-	db := bun.NewDB(sqldb, pgdialect.New())
-
-	// db.AddQueryHook(bundebug.NewQueryHook(
-	// 	bundebug.WithVerbose(true),
-	// 	bundebug.FromEnv("BUNDEBUG"),
-	// ))
-	dao := pg.NewEntityDAO(db)
-
-	if len(os.Args) != 3 {
-		// this step happens after org creation and so we will have org and partner id
-		log.Fatal("Usage: ", os.Args[0], " <organizatin_id> ", " <partner_id>")
-	}
-
-	content, err := ioutil.ReadFile(path.Join("scripts", "resourceroles", "data.json"))
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	orgId, err := uuid.Parse(os.Args[1])
-	if err != nil {
-		log.Fatal(err)
-	}
-	partnerId, err := uuid.Parse(os.Args[2])
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	var data map[string]map[string][]string
-	err = json.Unmarshal(content, &data)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for scope := range data {
-		for name := range data[scope] {
-			perms := data[scope][name]
-			fmt.Println(scope, name, len(perms))
-			err := addRole(dao, name, scope, orgId, partnerId, perms)
-			if err != nil {
-				log.Fatal(err)
-			}
-		}
-	}
-}
diff --git a/scripts/resourceroles/initialize.go b/scripts/resourceroles/initialize.go
new file mode 100644
index 0000000..d32fa8d
--- /dev/null
+++ b/scripts/resourceroles/initialize.go
@@ -0,0 +1,101 @@
+package main
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	"path"
+
+	"github.com/RafaySystems/rcloud-base/pkg/enforcer"
+	"github.com/RafaySystems/rcloud-base/pkg/service"
+	commonv3 "github.com/RafaySystems/rcloud-base/proto/types/commonpb/v3"
+	rolev3 "github.com/RafaySystems/rcloud-base/proto/types/rolepb/v3"
+	systemv3 "github.com/RafaySystems/rcloud-base/proto/types/systempb/v3"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/dialect/pgdialect"
+	"github.com/uptrace/bun/driver/pgdriver"
+	"gorm.io/driver/postgres"
+	"gorm.io/gorm"
+)
+
+// This script will be run in an init container after we crate all the
+// permissions. It will take care of the initialization, namely:
+// - creating partner
+// - creating org
+// - creating roles in org
+//
+// We make use of service instead of just insserting to db as that way
+// all the dependent items will be taken care of automatically.
+
+func main() {
+	if len(os.Args) != 3 {
+		// this step happens after org creation and so we will have org and partner id
+		log.Fatal("Usage: ", os.Args[0], " <organizatin_id> ", " <partner_id>")
+	}
+
+	org := os.Args[1]
+	partner := os.Args[2]
+
+	content, err := ioutil.ReadFile(path.Join("scripts", "resourceroles", "data.json"))
+	if err != nil {
+		log.Fatal("unable to read file: ", err)
+	}
+
+	var data map[string]map[string][]string
+	err = json.Unmarshal(content, &data)
+	if err != nil {
+		log.Fatal("unable to parse data file", err)
+	}
+
+	dsn := "postgres://admindbuser:admindbpassword@localhost:5432/admindb?sslmode=disable"
+	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn)))
+	db := bun.NewDB(sqldb, pgdialect.New())
+
+	// authz services
+	gormDb, err := gorm.Open(postgres.Open(dsn), &gorm.Config{})
+	if err != nil {
+		log.Fatal("unable to create db connection", "error", err)
+	}
+	enforcer, err := enforcer.NewCasbinEnforcer(gormDb).Init()
+	if err != nil {
+		log.Fatal("unable to init enforcer", "error", err)
+	}
+	as := service.NewAuthzService(gormDb, enforcer)
+
+	ps := service.NewPartnerService(db)
+	os := service.NewOrganizationService(db)
+	rs := service.NewRoleService(db, as)
+
+	_, err = ps.Create(context.Background(), &systemv3.Partner{
+		Metadata: &commonv3.Metadata{Name: partner, Description: "..."},
+		Spec:     &systemv3.PartnerSpec{Host: ""},
+	})
+	if err != nil {
+		log.Fatal("unable to create partner", err)
+	}
+	_, err = os.Create(context.Background(), &systemv3.Organization{
+		Metadata: &commonv3.Metadata{Name: org, Partner: partner, Description: "..."},
+		Spec:     &systemv3.OrganizationSpec{Active: true},
+	})
+	if err != nil {
+		log.Fatal("unable to create organization", err)
+	}
+
+	for scope := range data {
+		for name := range data[scope] {
+			perms := data[scope][name]
+			fmt.Println(scope, name, len(perms))
+			_, err := rs.Create(context.Background(), &rolev3.Role{
+				Metadata: &commonv3.Metadata{Name: name, Partner: partner, Organization: org, Description: "..."},
+				Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster", Rolepermissions: perms}, // TODO: look into scope
+			})
+			if err != nil {
+				log.Fatal(err)
+			}
+		}
+	}
+}

From 3aedac32014347fcefcf8b14b677b007b58be429 Mon Sep 17 00:00:00 2001
From: Abin Simon <abin.simon@rafay.co>
Date: Mon, 14 Mar 2022 11:47:03 +0530
Subject: [PATCH 3/6] Fix scope for roles

This might not really be necessary but a good check
---
 pkg/service/role.go                 | 11 ++++++++++-
 pkg/service/role_test.go            | 10 +++++-----
 pkg/service/utils.go                |  9 +++++++++
 scripts/resourceroles/initialize.go |  2 +-
 4 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/pkg/service/role.go b/pkg/service/role.go
index 4d767ce..9ae4023 100644
--- a/pkg/service/role.go
+++ b/pkg/service/role.go
@@ -3,6 +3,7 @@ package service
 import (
 	"context"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/RafaySystems/rcloud-base/internal/dao"
@@ -138,6 +139,14 @@ func (s *roleService) Create(ctx context.Context, role *rolev3.Role) (*rolev3.Ro
 		return nil, fmt.Errorf("role '%v' already exists", role.GetMetadata().GetName())
 	}
 
+	scope := role.GetSpec().GetScope()
+	// since this is purely additional metadata at this point, we
+	// can kinda treat it as optional, and so we are allowing empty
+	// TODO: check if "" is valid
+	if !contains([]string{"system", "organization", "project", ""}, strings.ToLower(scope)) {
+		return nil, fmt.Errorf("unknown scope '%v'", scope)
+	}
+
 	// convert v3 spec to internal models
 	rle := models.Role{
 		Name:           role.GetMetadata().GetName(),
@@ -148,7 +157,7 @@ func (s *roleService) Create(ctx context.Context, role *rolev3.Role) (*rolev3.Ro
 		OrganizationId: organizationId,
 		PartnerId:      partnerId,
 		IsGlobal:       role.GetSpec().GetIsGlobal(),
-		Scope:          role.GetSpec().GetScope(), // TODO: validate scope is SYSTEM/ORG/PROJECT?
+		Scope:          strings.ToLower(scope),
 	}
 	entity, err := s.dao.Create(ctx, &rle)
 	if err != nil {
diff --git a/pkg/service/role_test.go b/pkg/service/role_test.go
index 62f84a6..ea1e9d9 100644
--- a/pkg/service/role_test.go
+++ b/pkg/service/role_test.go
@@ -71,7 +71,7 @@ func TestCreateRole(t *testing.T) {
 
 	role := &rolev3.Role{
 		Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
-		Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster"},
+		Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "system"},
 	}
 	role, err := rs.Create(context.Background(), role)
 	if err != nil {
@@ -107,7 +107,7 @@ func TestCreateRoleWithPermissions(t *testing.T) {
 
 	role := &rolev3.Role{
 		Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
-		Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster", Rolepermissions: []string{"ops_star.all"}},
+		Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "system", Rolepermissions: []string{"ops_star.all"}},
 	}
 	role, err := rs.Create(context.Background(), role)
 	if err != nil {
@@ -141,7 +141,7 @@ func TestCreateRoleDuplicate(t *testing.T) {
 
 	role := &rolev3.Role{
 		Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
-		Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster"},
+		Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "system"},
 	}
 	_, err := rs.Create(context.Background(), role)
 	if err == nil {
@@ -168,7 +168,7 @@ func TestUpdateRole(t *testing.T) {
 	mock.ExpectQuery(`SELECT "resourcerole"."id", "resourcerole"."name", .*FROM "authsrv_resourcerole" AS "resourcerole" WHERE .organization_id = '` + ouuid + `'. AND .partner_id = '` + puuid + `'. AND .name = 'role-` + ruuid + `'.`).
 		WithArgs().WillReturnRows(sqlmock.NewRows([]string{"id", "name", "organization_id", "partner_id"}).AddRow(ruuid, "role-"+ruuid, ouuid, puuid))
 
-	mock.ExpectExec(`UPDATE "authsrv_resourcerole" AS "resourcerole" SET "name" = 'role-` + ruuid + `', .*"organization_id" = '` + ouuid + `', "partner_id" = '` + puuid + `', "is_global" = TRUE, "scope" = 'cluster' WHERE .id  = '` + ruuid + `'.`).
+	mock.ExpectExec(`UPDATE "authsrv_resourcerole" AS "resourcerole" SET "name" = 'role-` + ruuid + `', .*"organization_id" = '` + ouuid + `', "partner_id" = '` + puuid + `', "is_global" = TRUE, "scope" = 'system' WHERE .id  = '` + ruuid + `'.`).
 		WillReturnResult(sqlmock.NewResult(1, 1))
 	mock.ExpectExec(`DELETE FROM "authsrv_resourcerolepermission" AS "resourcerolepermission" WHERE ."resource_role_id" = '` + ruuid + `'.`).
 		WillReturnResult(sqlmock.NewResult(1, 1))
@@ -180,7 +180,7 @@ func TestUpdateRole(t *testing.T) {
 
 	role := &rolev3.Role{
 		Metadata: &v3.Metadata{Partner: "partner-" + puuid, Organization: "org-" + ouuid, Name: "role-" + ruuid},
-		Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster", Rolepermissions: []string{"ops_star.all"}},
+		Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "system", Rolepermissions: []string{"ops_star.all"}},
 	}
 	role, err := rs.Update(context.Background(), role)
 	if err != nil {
diff --git a/pkg/service/utils.go b/pkg/service/utils.go
index e08dbcd..55ce70e 100644
--- a/pkg/service/utils.go
+++ b/pkg/service/utils.go
@@ -11,3 +11,12 @@ func unique(items []string) []string {
 	}
 	return list
 }
+
+func contains(s []string, str string) bool {
+	for _, v := range s {
+		if v == str {
+			return true
+		}
+	}
+	return false
+}
diff --git a/scripts/resourceroles/initialize.go b/scripts/resourceroles/initialize.go
index d32fa8d..5440660 100644
--- a/scripts/resourceroles/initialize.go
+++ b/scripts/resourceroles/initialize.go
@@ -91,7 +91,7 @@ func main() {
 			fmt.Println(scope, name, len(perms))
 			_, err := rs.Create(context.Background(), &rolev3.Role{
 				Metadata: &commonv3.Metadata{Name: name, Partner: partner, Organization: org, Description: "..."},
-				Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: "cluster", Rolepermissions: perms}, // TODO: look into scope
+				Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: scope, Rolepermissions: perms},
 			})
 			if err != nil {
 				log.Fatal(err)

From bc199703956c888950a28df9474ac3e0811bad7b Mon Sep 17 00:00:00 2001
From: Abin Simon <abin.simon@rafay.co>
Date: Mon, 14 Mar 2022 12:10:45 +0530
Subject: [PATCH 4/6] Allow creation of initial org admin user

---
 scripts/resourceroles/initialize.go | 61 +++++++++++++++++++++++++++--
 1 file changed, 57 insertions(+), 4 deletions(-)

diff --git a/scripts/resourceroles/initialize.go b/scripts/resourceroles/initialize.go
index 5440660..d8fdef2 100644
--- a/scripts/resourceroles/initialize.go
+++ b/scripts/resourceroles/initialize.go
@@ -10,11 +10,15 @@ import (
 	"os"
 	"path"
 
+	providers "github.com/RafaySystems/rcloud-base/internal/persistence/provider/kratos"
 	"github.com/RafaySystems/rcloud-base/pkg/enforcer"
 	"github.com/RafaySystems/rcloud-base/pkg/service"
 	commonv3 "github.com/RafaySystems/rcloud-base/proto/types/commonpb/v3"
 	rolev3 "github.com/RafaySystems/rcloud-base/proto/types/rolepb/v3"
 	systemv3 "github.com/RafaySystems/rcloud-base/proto/types/systempb/v3"
+	userv3 "github.com/RafaySystems/rcloud-base/proto/types/userpb/v3"
+	kclient "github.com/ory/kratos-client-go"
+	"github.com/spf13/viper"
 	"github.com/uptrace/bun"
 	"github.com/uptrace/bun/dialect/pgdialect"
 	"github.com/uptrace/bun/driver/pgdriver"
@@ -31,14 +35,45 @@ import (
 // We make use of service instead of just insserting to db as that way
 // all the dependent items will be taken care of automatically.
 
+const (
+	dbAddrEnv       = "DB_ADDR"
+	dbNameEnv       = "DB_NAME"
+	dbUserEnv       = "DB_USER"
+	dbPasswordEnv   = "DB_PASSWORD"
+	kratosSchemeEnv = "KRATOS_SCHEME"
+	kratosAddrEnv   = "KRATOS_ADDR"
+)
+
 func main() {
-	if len(os.Args) != 3 {
+	if len(os.Args) != 4 {
 		// this step happens after org creation and so we will have org and partner id
-		log.Fatal("Usage: ", os.Args[0], " <organizatin_id> ", " <partner_id>")
+		log.Fatal("Usage: ", os.Args[0], " <organizatin_id> ", " <partner_id>", "<org_admin_email>")
 	}
 
+	viper.SetDefault(dbAddrEnv, "localhost:5432")
+	viper.SetDefault(dbNameEnv, "admindb")
+	viper.SetDefault(dbUserEnv, "admindbuser")
+	viper.SetDefault(dbPasswordEnv, "admindbpassword")
+	viper.SetDefault(kratosSchemeEnv, "http")
+	viper.SetDefault(kratosAddrEnv, "localhost:4433")
+
+	viper.BindEnv(dbAddrEnv)
+	viper.BindEnv(dbNameEnv)
+	viper.BindEnv(dbUserEnv)
+	viper.BindEnv(dbPasswordEnv)
+	viper.BindEnv(kratosSchemeEnv)
+	viper.BindEnv(kratosAddrEnv)
+
+	dbAddr := viper.GetString(dbAddrEnv)
+	dbName := viper.GetString(dbNameEnv)
+	dbUser := viper.GetString(dbUserEnv)
+	dbPassword := viper.GetString(dbPasswordEnv)
+	kratosScheme := viper.GetString(kratosSchemeEnv)
+	kratosAddr := viper.GetString(kratosAddrEnv)
+
 	org := os.Args[1]
 	partner := os.Args[2]
+	orgAdminEmail := os.Args[3]
 
 	content, err := ioutil.ReadFile(path.Join("scripts", "resourceroles", "data.json"))
 	if err != nil {
@@ -51,10 +86,15 @@ func main() {
 		log.Fatal("unable to parse data file", err)
 	}
 
-	dsn := "postgres://admindbuser:admindbpassword@localhost:5432/admindb?sslmode=disable"
+	dsn := "postgres://" + dbUser + ":" + dbPassword + "@" + dbAddr + "/" + dbName + "?sslmode=disable"
 	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn)))
 	db := bun.NewDB(sqldb, pgdialect.New())
 
+	kratosConfig := kclient.NewConfiguration()
+	kratosUrl := kratosScheme + "://" + kratosAddr
+	kratosConfig.Servers[0].URL = kratosUrl
+	kc := kclient.NewAPIClient(kratosConfig)
+
 	// authz services
 	gormDb, err := gorm.Open(postgres.Open(dsn), &gorm.Config{})
 	if err != nil {
@@ -69,6 +109,7 @@ func main() {
 	ps := service.NewPartnerService(db)
 	os := service.NewOrganizationService(db)
 	rs := service.NewRoleService(db, as)
+	us := service.NewUserService(providers.NewKratosAuthProvider(kc), db, as)
 
 	_, err = ps.Create(context.Background(), &systemv3.Partner{
 		Metadata: &commonv3.Metadata{Name: partner, Description: "..."},
@@ -94,8 +135,20 @@ func main() {
 				Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: scope, Rolepermissions: perms},
 			})
 			if err != nil {
-				log.Fatal(err)
+				log.Fatal("unable to create rolepermission", scope, name, err)
 			}
 		}
 	}
+
+	// TODO: should we directly interact with kratos and create a user with a password?
+	_, err = us.Create(context.Background(), &userv3.User{
+		Metadata: &commonv3.Metadata{Name: orgAdminEmail, Partner: partner, Organization: org, Description: "..."},
+		// TODO: get proper name via cli arg
+		Spec: &userv3.UserSpec{FirstName: "Org", LastName: "Admin", ProjectNamespaceRoles: []*userv3.ProjectNamespaceRole{{Role: "ADMIN"}}},
+	})
+
+	if err != nil {
+		fmt.Println("err:", err)
+		log.Fatal("unable to bind user to role", err)
+	}
 }

From 98ac0c4bbc16a4d7bb87375908b4eb31aed2b8c4 Mon Sep 17 00:00:00 2001
From: Abin Simon <abin.simon@rafay.co>
Date: Mon, 14 Mar 2022 12:26:49 +0530
Subject: [PATCH 5/6] Restructure initialization code

---
 .../initialize.go => initialize/main.go}      | 53 +++++++++++++--
 .../permissions}/account_read.json            |  0
 .../permissions}/accountrole_read.json        |  0
 .../permissions}/accountrole_write.json       |  0
 .../permissions}/audit_read.json              |  0
 .../permissions}/certificate_read.json        |  0
 .../permissions}/certificate_write.json       |  0
 .../permissions}/cluster_scheduler_read.json  |  0
 .../permissions}/cluster_scheduler_write.json |  0
 .../permissions}/clusterctl_read.json         |  0
 .../permissions}/clusterctl_write.json        |  0
 .../permissions}/console_all.json             |  0
 .../permissions}/credential_read.json         |  0
 .../permissions}/credential_write.json        |  0
 .../permissions}/group_read.json              |  0
 .../permissions}/group_write.json             |  0
 .../permissions}/hub_agent_read.json          |  0
 .../permissions}/hub_agent_write.json         |  0
 .../permissions}/hub_cluster_read.json        |  0
 .../permissions}/hub_cluster_write.json       |  0
 .../hub_infraprovisioner_read.json            |  0
 .../hub_infraprovisioner_write.json           |  0
 .../permissions}/hub_namespace_read.json      |  0
 .../permissions}/hub_namespace_write.json     |  0
 .../hub_openapi_explorer.read.json            |  0
 .../permissions}/hub_organization_read.json   |  0
 .../permissions}/hub_organization_write.json  |  0
 .../permissions}/hub_partner_read.json        |  0
 .../permissions}/hub_partner_write.json       |  0
 .../permissions}/hub_pipeline_read.json       |  0
 .../permissions}/hub_pipeline_write.json      |  0
 .../permissions}/hub_project_read.json        |  0
 .../permissions}/hub_project_write.json       |  0
 .../permissions}/hub_repository_read.json     |  0
 .../permissions}/hub_repository_write.json    |  0
 .../permissions}/hub_wellknown_read.json      |  0
 .../permissions}/hub_workload_read.json       |  0
 .../permissions}/hub_workload_write.json      |  0
 .../hub_workloadtemplate_read.json            |  0
 .../hub_workloadtemplate_write.json           |  0
 .../idle_timeout_settings_read.json           |  0
 .../idle_timeout_settings_write.json          |  0
 .../permissions}/kubeconfig_read.json         |  0
 .../permissions}/kubeconfig_write.json        |  0
 .../permissions}/kubectl_cluster_read.json    |  0
 .../permissions}/kubectl_cluster_write.json   |  0
 .../kubectl_clustersettings_read.json         |  0
 .../kubectl_clustersettings_write.json        |  0
 .../permissions}/kubectl_full_access.json     |  0
 .../permissions}/kubectl_namespace_read.json  |  0
 .../permissions}/kubectl_namespace_write.json |  0
 .../permissions}/lockout_settings_read.json   |  0
 .../permissions}/lockout_settings_write.json  |  0
 .../permissions}/namespace_read.json          |  0
 .../permissions}/namespace_write.json         |  0
 .../permissions}/ops_star_all.json            |  0
 .../permissions}/org_alert_read.json          |  0
 .../permissions}/org_alertconfig_read.json    |  0
 .../permissions}/org_alertconfig_write.json   |  0
 .../permissions}/org_auditLog_read.json       |  0
 .../permissions}/org_relayAudit_read.json     |  0
 .../permissions}/organization_read.json       |  0
 .../permissions}/organization_write.json      |  0
 .../partner_alertconfig_read.json             |  0
 .../partner_alertconfig_write.json            |  0
 .../permissions}/partner_read.json            |  0
 .../permissions}/partner_write.json           |  0
 .../permissions}/partnerdetalis_read.json     |  0
 .../project_activityjobs_read.json            |  0
 .../project_activityjobs_write.json           |  0
 .../project_activityplans_read.json           |  0
 .../project_activityplans_write.json          |  0
 .../permissions}/project_admin_write.json     |  0
 .../permissions}/project_agent_read.json      |  0
 .../project_agent_version_read.json           |  0
 .../permissions}/project_agent_write.json     |  0
 .../project_aggregate_status_read.json        |  0
 .../permissions}/project_alert_read.json      |  0
 .../project_alertconfig_read.json             |  0
 .../project_alertconfig_write.json            |  0
 .../project_approval_customer_read.json       |  0
 .../project_approval_customer_write.json      |  0
 .../permissions}/project_approval_read.json   |  0
 .../permissions}/project_approval_write.json  |  0
 .../project_approvalsummary_read.json         |  0
 .../permissions}/project_auditLog_read.json   |  0
 .../permissions}/project_audit_read.json      |  0
 .../project_certificate_read.json             |  0
 .../project_certificate_write.json            |  0
 ...roject_cluster_override_read_workload.json |  0
 ...oject_cluster_override_write_workload.json |  0
 .../project_cluster_scheduler_read.json       |  0
 .../project_cluster_scheduler_write.json      |  0
 .../permissions}/project_clusterctl_read.json |  0
 .../project_clusterctl_write.json             |  0
 .../project_container_registry_read.json      |  0
 .../project_container_registry_write.json     |  0
 .../permissions}/project_credential_read.json |  0
 .../project_credential_write.json             |  0
 .../project_customer_clusters_read.json       |  0
 .../project_customer_clusters_write.json      |  0
 .../project_customer_providers_read.json      |  0
 .../project_customer_providers_write.json     |  0
 .../permissions}/project_customer_read.json   |  0
 .../permissions}/project_customer_write.json  |  0
 .../project_dashboard_workload_read.json      |  0
 ...project_data_protection_location_read.json |  0
 ...roject_data_protection_location_write.json |  0
 .../project_data_protection_policy_read.json  |  0
 .../project_data_protection_policy_write.json |  0
 .../project_data_protection_read.json         |  0
 .../project_data_protection_write.json        |  0
 .../project_infra_overrides_read.json         |  0
 .../project_infra_provisioner_read.json       |  0
 ...roject_infra_provisioner_runtime_read.json |  0
 .../project_infra_provisioner_write.json      |  0
 .../project_integrationEndpoint_read.json     |  0
 .../project_integrationEndpoint_write.json    |  0
 .../permissions}/project_myapproval_read.json |  0
 .../project_myapprovalsummary_read.json       |  0
 .../project_namespace_customer_read.json      |  0
 .../project_namespace_customer_write.json     |  0
 .../permissions}/project_namespace_read.json  |  0
 .../permissions}/project_namespace_write.json |  0
 .../permissions}/project_override_read.json   |  0
 .../permissions}/project_override_write.json  |  0
 .../project_pipeline_customer_read.json       |  0
 .../project_pipeline_customer_write.json      |  0
 .../project_pipeline_org_admin_write.json     |  0
 .../permissions}/project_pipeline_read.json   |  0
 .../project_pipeline_variable_read.json       |  0
 .../project_pipeline_variable_write.json      |  0
 .../permissions}/project_pipeline_write.json  |  0
 ...project_pipelinesummary_customer_read.json |  0
 .../project_pipelinesummary_read.json         |  0
 .../permissions}/project_placement_read.json  |  0
 .../permissions}/project_placement_write.json |  0
 .../project_providers_org_admin_write.json    |  0
 .../permissions}/project_providers_read.json  |  0
 .../permissions}/project_providers_write.json |  0
 .../permissions}/project_read.json            |  0
 .../permissions}/project_registry_read.json   |  0
 .../permissions}/project_registry_write.json  |  0
 .../permissions}/project_relayAudit_read.json |  0
 .../permissions}/project_repository_read.json |  0
 .../project_repository_write.json             |  0
 .../project_schedulerplacement_read.json      |  0
 .../project_schedulerplacement_write.json     |  0
 .../project_secretStore_read.json             |  0
 .../project_secretStore_write.json            |  0
 .../permissions}/project_systemsync_read.json |  0
 .../project_systemsync_write.json             |  0
 .../permissions}/project_taskset_read.json    |  0
 .../permissions}/project_taskset_write.json   |  0
 .../project_trigger_customer_read.json        |  0
 .../project_trigger_customer_write.json       |  0
 .../permissions}/project_trigger_read.json    |  0
 .../permissions}/project_trigger_write.json   |  0
 .../project_v2_namespace_read.json            |  0
 .../project_v2_namespace_write.json           |  0
 .../project_workload_customer_read.json       |  0
 .../project_workload_customer_write.json      |  0
 .../project_workload_publish.json             |  0
 .../permissions}/project_workload_read.json   |  0
 .../permissions}/project_workload_write.json  |  0
 .../project_workloadtemplatev2_read.json      |  0
 .../project_workloadtemplatev2_write.json     |  0
 .../permissions}/project_workloadv2_read.json |  0
 .../project_workloadv2_write.json             |  0
 .../permissions}/project_write.json           |  0
 .../permissions}/registry_read.json           |  0
 .../permissions}/registry_write.json          |  0
 .../permissions}/registryauthkey_read.json    |  0
 .../permissions}/registryauthkey_write.json   |  0
 .../permissions}/registryimage_read.json      |  0
 .../permissions}/registryimage_write.json     |  0
 .../permissions}/relaynetwork_read.json       |  0
 .../permissions}/relaynetwork_write.json      |  0
 .../permissions}/role_read.json               |  0
 .../permissions}/role_write.json              |  0
 .../permissions}/sso_read.json                |  0
 .../permissions}/sso_user_read.json           |  0
 .../permissions}/sso_user_write.json          |  0
 .../permissions}/sso_write.json               |  0
 .../permissions}/template_read.json           |  0
 .../permissions}/user_keys_write.json         |  0
 .../permissions}/user_read.json               |  0
 .../permissions}/user_write.json              |  0
 .../permissions}/v2account_read.json          |  0
 .../permissions}/v2debug_read.json            |  0
 .../permissions}/v2debug_write.json           |  0
 .../permissions}/workload_publish.json        |  0
 .../permissions}/workload_read.json           |  0
 .../permissions}/workload_write.json          |  0
 .../data.json => initialize/roles.json}       |  0
 .../resourcepermissions/createresources.go    | 64 -------------------
 196 files changed, 48 insertions(+), 69 deletions(-)
 rename scripts/{resourceroles/initialize.go => initialize/main.go} (76%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/account_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/accountrole_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/accountrole_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/audit_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/certificate_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/certificate_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/cluster_scheduler_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/cluster_scheduler_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/clusterctl_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/clusterctl_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/console_all.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/credential_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/credential_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/group_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/group_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_agent_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_agent_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_cluster_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_cluster_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_infraprovisioner_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_infraprovisioner_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_namespace_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_namespace_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_openapi_explorer.read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_organization_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_organization_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_partner_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_partner_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_pipeline_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_pipeline_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_project_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_project_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_repository_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_repository_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_wellknown_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_workload_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_workload_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_workloadtemplate_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/hub_workloadtemplate_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/idle_timeout_settings_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/idle_timeout_settings_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubeconfig_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubeconfig_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubectl_cluster_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubectl_cluster_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubectl_clustersettings_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubectl_clustersettings_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubectl_full_access.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubectl_namespace_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/kubectl_namespace_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/lockout_settings_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/lockout_settings_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/namespace_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/namespace_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/ops_star_all.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/org_alert_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/org_alertconfig_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/org_alertconfig_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/org_auditLog_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/org_relayAudit_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/organization_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/organization_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/partner_alertconfig_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/partner_alertconfig_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/partner_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/partner_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/partnerdetalis_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_activityjobs_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_activityjobs_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_activityplans_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_activityplans_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_admin_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_agent_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_agent_version_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_agent_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_aggregate_status_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_alert_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_alertconfig_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_alertconfig_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_approval_customer_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_approval_customer_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_approval_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_approval_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_approvalsummary_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_auditLog_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_audit_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_certificate_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_certificate_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_cluster_override_read_workload.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_cluster_override_write_workload.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_cluster_scheduler_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_cluster_scheduler_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_clusterctl_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_clusterctl_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_container_registry_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_container_registry_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_credential_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_credential_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_customer_clusters_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_customer_clusters_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_customer_providers_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_customer_providers_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_customer_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_customer_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_dashboard_workload_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_data_protection_location_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_data_protection_location_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_data_protection_policy_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_data_protection_policy_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_data_protection_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_data_protection_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_infra_overrides_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_infra_provisioner_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_infra_provisioner_runtime_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_infra_provisioner_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_integrationEndpoint_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_integrationEndpoint_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_myapproval_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_myapprovalsummary_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_namespace_customer_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_namespace_customer_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_namespace_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_namespace_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_override_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_override_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipeline_customer_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipeline_customer_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipeline_org_admin_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipeline_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipeline_variable_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipeline_variable_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipeline_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipelinesummary_customer_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_pipelinesummary_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_placement_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_placement_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_providers_org_admin_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_providers_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_providers_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_registry_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_registry_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_relayAudit_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_repository_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_repository_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_schedulerplacement_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_schedulerplacement_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_secretStore_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_secretStore_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_systemsync_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_systemsync_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_taskset_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_taskset_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_trigger_customer_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_trigger_customer_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_trigger_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_trigger_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_v2_namespace_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_v2_namespace_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workload_customer_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workload_customer_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workload_publish.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workload_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workload_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workloadtemplatev2_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workloadtemplatev2_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workloadv2_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_workloadv2_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/project_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/registry_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/registry_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/registryauthkey_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/registryauthkey_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/registryimage_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/registryimage_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/relaynetwork_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/relaynetwork_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/role_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/role_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/sso_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/sso_user_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/sso_user_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/sso_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/template_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/user_keys_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/user_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/user_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/v2account_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/v2debug_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/v2debug_write.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/workload_publish.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/workload_read.json (100%)
 rename scripts/{resourcepermissions/data => initialize/permissions}/workload_write.json (100%)
 rename scripts/{resourceroles/data.json => initialize/roles.json} (100%)
 delete mode 100644 scripts/resourcepermissions/createresources.go

diff --git a/scripts/resourceroles/initialize.go b/scripts/initialize/main.go
similarity index 76%
rename from scripts/resourceroles/initialize.go
rename to scripts/initialize/main.go
index d8fdef2..6756bd9 100644
--- a/scripts/resourceroles/initialize.go
+++ b/scripts/initialize/main.go
@@ -10,7 +10,9 @@ import (
 	"os"
 	"path"
 
+	"github.com/RafaySystems/rcloud-base/internal/models"
 	providers "github.com/RafaySystems/rcloud-base/internal/persistence/provider/kratos"
+	"github.com/RafaySystems/rcloud-base/internal/persistence/provider/pg"
 	"github.com/RafaySystems/rcloud-base/pkg/enforcer"
 	"github.com/RafaySystems/rcloud-base/pkg/service"
 	commonv3 "github.com/RafaySystems/rcloud-base/proto/types/commonpb/v3"
@@ -44,10 +46,39 @@ const (
 	kratosAddrEnv   = "KRATOS_ADDR"
 )
 
+func addResourcePermissions(dao pg.EntityDAO, basePath string) error {
+	var items []models.ResourcePermission
+
+	files, err := ioutil.ReadDir(basePath)
+	if err != nil {
+		log.Fatal(err)
+	}
+	for _, file := range files {
+		if !file.IsDir() { // probably not, but just in case
+			content, err := ioutil.ReadFile(path.Join(basePath, file.Name()))
+			if err != nil {
+				log.Fatal(err)
+			}
+			// It has ResourceRefId, but that does not seem to be used in the old implementation
+			// Also, why do we need two items?
+			var data models.ResourcePermission
+			err = json.Unmarshal(content, &data)
+			if err != nil {
+				log.Fatal(err)
+			}
+			items = append(items, data)
+		}
+	}
+
+	fmt.Println("Adding", len(items), "resource permissions")
+	_, err = dao.Create(context.Background(), &items)
+	return err
+}
+
 func main() {
 	if len(os.Args) != 4 {
-		// this step happens after org creation and so we will have org and partner id
-		log.Fatal("Usage: ", os.Args[0], " <organizatin_id> ", " <partner_id>", "<org_admin_email>")
+		// this step happens after org creation and so we will have org and partner
+		log.Fatal("Usage: ", os.Args[0], " <partner> ", " <organizatin>", "<org_admin_email>")
 	}
 
 	viper.SetDefault(dbAddrEnv, "localhost:5432")
@@ -71,11 +102,11 @@ func main() {
 	kratosScheme := viper.GetString(kratosSchemeEnv)
 	kratosAddr := viper.GetString(kratosAddrEnv)
 
-	org := os.Args[1]
-	partner := os.Args[2]
+	partner := os.Args[1]
+	org := os.Args[2]
 	orgAdminEmail := os.Args[3]
 
-	content, err := ioutil.ReadFile(path.Join("scripts", "resourceroles", "data.json"))
+	content, err := ioutil.ReadFile(path.Join("scripts", "initialize", "roles.json"))
 	if err != nil {
 		log.Fatal("unable to read file: ", err)
 	}
@@ -89,6 +120,7 @@ func main() {
 	dsn := "postgres://" + dbUser + ":" + dbPassword + "@" + dbAddr + "/" + dbName + "?sslmode=disable"
 	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn)))
 	db := bun.NewDB(sqldb, pgdialect.New())
+	dao := pg.NewEntityDAO(db)
 
 	kratosConfig := kclient.NewConfiguration()
 	kratosUrl := kratosScheme + "://" + kratosAddr
@@ -111,6 +143,17 @@ func main() {
 	rs := service.NewRoleService(db, as)
 	us := service.NewUserService(providers.NewKratosAuthProvider(kc), db, as)
 
+	err = dao.DeleteAll(context.Background(), &models.ResourcePermission{})
+	if err != nil {
+		log.Fatal(err)
+	}
+	err = addResourcePermissions(dao, path.Join("scripts", "initialize", "permissions"))
+	if err != nil {
+		fmt.Println("Run from base directory")
+		log.Fatal(err)
+	}
+
+	// Create partner
 	_, err = ps.Create(context.Background(), &systemv3.Partner{
 		Metadata: &commonv3.Metadata{Name: partner, Description: "..."},
 		Spec:     &systemv3.PartnerSpec{Host: ""},
diff --git a/scripts/resourcepermissions/data/account_read.json b/scripts/initialize/permissions/account_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/account_read.json
rename to scripts/initialize/permissions/account_read.json
diff --git a/scripts/resourcepermissions/data/accountrole_read.json b/scripts/initialize/permissions/accountrole_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/accountrole_read.json
rename to scripts/initialize/permissions/accountrole_read.json
diff --git a/scripts/resourcepermissions/data/accountrole_write.json b/scripts/initialize/permissions/accountrole_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/accountrole_write.json
rename to scripts/initialize/permissions/accountrole_write.json
diff --git a/scripts/resourcepermissions/data/audit_read.json b/scripts/initialize/permissions/audit_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/audit_read.json
rename to scripts/initialize/permissions/audit_read.json
diff --git a/scripts/resourcepermissions/data/certificate_read.json b/scripts/initialize/permissions/certificate_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/certificate_read.json
rename to scripts/initialize/permissions/certificate_read.json
diff --git a/scripts/resourcepermissions/data/certificate_write.json b/scripts/initialize/permissions/certificate_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/certificate_write.json
rename to scripts/initialize/permissions/certificate_write.json
diff --git a/scripts/resourcepermissions/data/cluster_scheduler_read.json b/scripts/initialize/permissions/cluster_scheduler_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/cluster_scheduler_read.json
rename to scripts/initialize/permissions/cluster_scheduler_read.json
diff --git a/scripts/resourcepermissions/data/cluster_scheduler_write.json b/scripts/initialize/permissions/cluster_scheduler_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/cluster_scheduler_write.json
rename to scripts/initialize/permissions/cluster_scheduler_write.json
diff --git a/scripts/resourcepermissions/data/clusterctl_read.json b/scripts/initialize/permissions/clusterctl_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/clusterctl_read.json
rename to scripts/initialize/permissions/clusterctl_read.json
diff --git a/scripts/resourcepermissions/data/clusterctl_write.json b/scripts/initialize/permissions/clusterctl_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/clusterctl_write.json
rename to scripts/initialize/permissions/clusterctl_write.json
diff --git a/scripts/resourcepermissions/data/console_all.json b/scripts/initialize/permissions/console_all.json
similarity index 100%
rename from scripts/resourcepermissions/data/console_all.json
rename to scripts/initialize/permissions/console_all.json
diff --git a/scripts/resourcepermissions/data/credential_read.json b/scripts/initialize/permissions/credential_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/credential_read.json
rename to scripts/initialize/permissions/credential_read.json
diff --git a/scripts/resourcepermissions/data/credential_write.json b/scripts/initialize/permissions/credential_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/credential_write.json
rename to scripts/initialize/permissions/credential_write.json
diff --git a/scripts/resourcepermissions/data/group_read.json b/scripts/initialize/permissions/group_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/group_read.json
rename to scripts/initialize/permissions/group_read.json
diff --git a/scripts/resourcepermissions/data/group_write.json b/scripts/initialize/permissions/group_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/group_write.json
rename to scripts/initialize/permissions/group_write.json
diff --git a/scripts/resourcepermissions/data/hub_agent_read.json b/scripts/initialize/permissions/hub_agent_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_agent_read.json
rename to scripts/initialize/permissions/hub_agent_read.json
diff --git a/scripts/resourcepermissions/data/hub_agent_write.json b/scripts/initialize/permissions/hub_agent_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_agent_write.json
rename to scripts/initialize/permissions/hub_agent_write.json
diff --git a/scripts/resourcepermissions/data/hub_cluster_read.json b/scripts/initialize/permissions/hub_cluster_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_cluster_read.json
rename to scripts/initialize/permissions/hub_cluster_read.json
diff --git a/scripts/resourcepermissions/data/hub_cluster_write.json b/scripts/initialize/permissions/hub_cluster_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_cluster_write.json
rename to scripts/initialize/permissions/hub_cluster_write.json
diff --git a/scripts/resourcepermissions/data/hub_infraprovisioner_read.json b/scripts/initialize/permissions/hub_infraprovisioner_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_infraprovisioner_read.json
rename to scripts/initialize/permissions/hub_infraprovisioner_read.json
diff --git a/scripts/resourcepermissions/data/hub_infraprovisioner_write.json b/scripts/initialize/permissions/hub_infraprovisioner_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_infraprovisioner_write.json
rename to scripts/initialize/permissions/hub_infraprovisioner_write.json
diff --git a/scripts/resourcepermissions/data/hub_namespace_read.json b/scripts/initialize/permissions/hub_namespace_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_namespace_read.json
rename to scripts/initialize/permissions/hub_namespace_read.json
diff --git a/scripts/resourcepermissions/data/hub_namespace_write.json b/scripts/initialize/permissions/hub_namespace_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_namespace_write.json
rename to scripts/initialize/permissions/hub_namespace_write.json
diff --git a/scripts/resourcepermissions/data/hub_openapi_explorer.read.json b/scripts/initialize/permissions/hub_openapi_explorer.read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_openapi_explorer.read.json
rename to scripts/initialize/permissions/hub_openapi_explorer.read.json
diff --git a/scripts/resourcepermissions/data/hub_organization_read.json b/scripts/initialize/permissions/hub_organization_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_organization_read.json
rename to scripts/initialize/permissions/hub_organization_read.json
diff --git a/scripts/resourcepermissions/data/hub_organization_write.json b/scripts/initialize/permissions/hub_organization_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_organization_write.json
rename to scripts/initialize/permissions/hub_organization_write.json
diff --git a/scripts/resourcepermissions/data/hub_partner_read.json b/scripts/initialize/permissions/hub_partner_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_partner_read.json
rename to scripts/initialize/permissions/hub_partner_read.json
diff --git a/scripts/resourcepermissions/data/hub_partner_write.json b/scripts/initialize/permissions/hub_partner_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_partner_write.json
rename to scripts/initialize/permissions/hub_partner_write.json
diff --git a/scripts/resourcepermissions/data/hub_pipeline_read.json b/scripts/initialize/permissions/hub_pipeline_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_pipeline_read.json
rename to scripts/initialize/permissions/hub_pipeline_read.json
diff --git a/scripts/resourcepermissions/data/hub_pipeline_write.json b/scripts/initialize/permissions/hub_pipeline_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_pipeline_write.json
rename to scripts/initialize/permissions/hub_pipeline_write.json
diff --git a/scripts/resourcepermissions/data/hub_project_read.json b/scripts/initialize/permissions/hub_project_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_project_read.json
rename to scripts/initialize/permissions/hub_project_read.json
diff --git a/scripts/resourcepermissions/data/hub_project_write.json b/scripts/initialize/permissions/hub_project_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_project_write.json
rename to scripts/initialize/permissions/hub_project_write.json
diff --git a/scripts/resourcepermissions/data/hub_repository_read.json b/scripts/initialize/permissions/hub_repository_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_repository_read.json
rename to scripts/initialize/permissions/hub_repository_read.json
diff --git a/scripts/resourcepermissions/data/hub_repository_write.json b/scripts/initialize/permissions/hub_repository_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_repository_write.json
rename to scripts/initialize/permissions/hub_repository_write.json
diff --git a/scripts/resourcepermissions/data/hub_wellknown_read.json b/scripts/initialize/permissions/hub_wellknown_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_wellknown_read.json
rename to scripts/initialize/permissions/hub_wellknown_read.json
diff --git a/scripts/resourcepermissions/data/hub_workload_read.json b/scripts/initialize/permissions/hub_workload_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_workload_read.json
rename to scripts/initialize/permissions/hub_workload_read.json
diff --git a/scripts/resourcepermissions/data/hub_workload_write.json b/scripts/initialize/permissions/hub_workload_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_workload_write.json
rename to scripts/initialize/permissions/hub_workload_write.json
diff --git a/scripts/resourcepermissions/data/hub_workloadtemplate_read.json b/scripts/initialize/permissions/hub_workloadtemplate_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_workloadtemplate_read.json
rename to scripts/initialize/permissions/hub_workloadtemplate_read.json
diff --git a/scripts/resourcepermissions/data/hub_workloadtemplate_write.json b/scripts/initialize/permissions/hub_workloadtemplate_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/hub_workloadtemplate_write.json
rename to scripts/initialize/permissions/hub_workloadtemplate_write.json
diff --git a/scripts/resourcepermissions/data/idle_timeout_settings_read.json b/scripts/initialize/permissions/idle_timeout_settings_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/idle_timeout_settings_read.json
rename to scripts/initialize/permissions/idle_timeout_settings_read.json
diff --git a/scripts/resourcepermissions/data/idle_timeout_settings_write.json b/scripts/initialize/permissions/idle_timeout_settings_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/idle_timeout_settings_write.json
rename to scripts/initialize/permissions/idle_timeout_settings_write.json
diff --git a/scripts/resourcepermissions/data/kubeconfig_read.json b/scripts/initialize/permissions/kubeconfig_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubeconfig_read.json
rename to scripts/initialize/permissions/kubeconfig_read.json
diff --git a/scripts/resourcepermissions/data/kubeconfig_write.json b/scripts/initialize/permissions/kubeconfig_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubeconfig_write.json
rename to scripts/initialize/permissions/kubeconfig_write.json
diff --git a/scripts/resourcepermissions/data/kubectl_cluster_read.json b/scripts/initialize/permissions/kubectl_cluster_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubectl_cluster_read.json
rename to scripts/initialize/permissions/kubectl_cluster_read.json
diff --git a/scripts/resourcepermissions/data/kubectl_cluster_write.json b/scripts/initialize/permissions/kubectl_cluster_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubectl_cluster_write.json
rename to scripts/initialize/permissions/kubectl_cluster_write.json
diff --git a/scripts/resourcepermissions/data/kubectl_clustersettings_read.json b/scripts/initialize/permissions/kubectl_clustersettings_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubectl_clustersettings_read.json
rename to scripts/initialize/permissions/kubectl_clustersettings_read.json
diff --git a/scripts/resourcepermissions/data/kubectl_clustersettings_write.json b/scripts/initialize/permissions/kubectl_clustersettings_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubectl_clustersettings_write.json
rename to scripts/initialize/permissions/kubectl_clustersettings_write.json
diff --git a/scripts/resourcepermissions/data/kubectl_full_access.json b/scripts/initialize/permissions/kubectl_full_access.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubectl_full_access.json
rename to scripts/initialize/permissions/kubectl_full_access.json
diff --git a/scripts/resourcepermissions/data/kubectl_namespace_read.json b/scripts/initialize/permissions/kubectl_namespace_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubectl_namespace_read.json
rename to scripts/initialize/permissions/kubectl_namespace_read.json
diff --git a/scripts/resourcepermissions/data/kubectl_namespace_write.json b/scripts/initialize/permissions/kubectl_namespace_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/kubectl_namespace_write.json
rename to scripts/initialize/permissions/kubectl_namespace_write.json
diff --git a/scripts/resourcepermissions/data/lockout_settings_read.json b/scripts/initialize/permissions/lockout_settings_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/lockout_settings_read.json
rename to scripts/initialize/permissions/lockout_settings_read.json
diff --git a/scripts/resourcepermissions/data/lockout_settings_write.json b/scripts/initialize/permissions/lockout_settings_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/lockout_settings_write.json
rename to scripts/initialize/permissions/lockout_settings_write.json
diff --git a/scripts/resourcepermissions/data/namespace_read.json b/scripts/initialize/permissions/namespace_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/namespace_read.json
rename to scripts/initialize/permissions/namespace_read.json
diff --git a/scripts/resourcepermissions/data/namespace_write.json b/scripts/initialize/permissions/namespace_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/namespace_write.json
rename to scripts/initialize/permissions/namespace_write.json
diff --git a/scripts/resourcepermissions/data/ops_star_all.json b/scripts/initialize/permissions/ops_star_all.json
similarity index 100%
rename from scripts/resourcepermissions/data/ops_star_all.json
rename to scripts/initialize/permissions/ops_star_all.json
diff --git a/scripts/resourcepermissions/data/org_alert_read.json b/scripts/initialize/permissions/org_alert_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/org_alert_read.json
rename to scripts/initialize/permissions/org_alert_read.json
diff --git a/scripts/resourcepermissions/data/org_alertconfig_read.json b/scripts/initialize/permissions/org_alertconfig_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/org_alertconfig_read.json
rename to scripts/initialize/permissions/org_alertconfig_read.json
diff --git a/scripts/resourcepermissions/data/org_alertconfig_write.json b/scripts/initialize/permissions/org_alertconfig_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/org_alertconfig_write.json
rename to scripts/initialize/permissions/org_alertconfig_write.json
diff --git a/scripts/resourcepermissions/data/org_auditLog_read.json b/scripts/initialize/permissions/org_auditLog_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/org_auditLog_read.json
rename to scripts/initialize/permissions/org_auditLog_read.json
diff --git a/scripts/resourcepermissions/data/org_relayAudit_read.json b/scripts/initialize/permissions/org_relayAudit_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/org_relayAudit_read.json
rename to scripts/initialize/permissions/org_relayAudit_read.json
diff --git a/scripts/resourcepermissions/data/organization_read.json b/scripts/initialize/permissions/organization_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/organization_read.json
rename to scripts/initialize/permissions/organization_read.json
diff --git a/scripts/resourcepermissions/data/organization_write.json b/scripts/initialize/permissions/organization_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/organization_write.json
rename to scripts/initialize/permissions/organization_write.json
diff --git a/scripts/resourcepermissions/data/partner_alertconfig_read.json b/scripts/initialize/permissions/partner_alertconfig_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/partner_alertconfig_read.json
rename to scripts/initialize/permissions/partner_alertconfig_read.json
diff --git a/scripts/resourcepermissions/data/partner_alertconfig_write.json b/scripts/initialize/permissions/partner_alertconfig_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/partner_alertconfig_write.json
rename to scripts/initialize/permissions/partner_alertconfig_write.json
diff --git a/scripts/resourcepermissions/data/partner_read.json b/scripts/initialize/permissions/partner_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/partner_read.json
rename to scripts/initialize/permissions/partner_read.json
diff --git a/scripts/resourcepermissions/data/partner_write.json b/scripts/initialize/permissions/partner_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/partner_write.json
rename to scripts/initialize/permissions/partner_write.json
diff --git a/scripts/resourcepermissions/data/partnerdetalis_read.json b/scripts/initialize/permissions/partnerdetalis_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/partnerdetalis_read.json
rename to scripts/initialize/permissions/partnerdetalis_read.json
diff --git a/scripts/resourcepermissions/data/project_activityjobs_read.json b/scripts/initialize/permissions/project_activityjobs_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_activityjobs_read.json
rename to scripts/initialize/permissions/project_activityjobs_read.json
diff --git a/scripts/resourcepermissions/data/project_activityjobs_write.json b/scripts/initialize/permissions/project_activityjobs_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_activityjobs_write.json
rename to scripts/initialize/permissions/project_activityjobs_write.json
diff --git a/scripts/resourcepermissions/data/project_activityplans_read.json b/scripts/initialize/permissions/project_activityplans_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_activityplans_read.json
rename to scripts/initialize/permissions/project_activityplans_read.json
diff --git a/scripts/resourcepermissions/data/project_activityplans_write.json b/scripts/initialize/permissions/project_activityplans_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_activityplans_write.json
rename to scripts/initialize/permissions/project_activityplans_write.json
diff --git a/scripts/resourcepermissions/data/project_admin_write.json b/scripts/initialize/permissions/project_admin_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_admin_write.json
rename to scripts/initialize/permissions/project_admin_write.json
diff --git a/scripts/resourcepermissions/data/project_agent_read.json b/scripts/initialize/permissions/project_agent_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_agent_read.json
rename to scripts/initialize/permissions/project_agent_read.json
diff --git a/scripts/resourcepermissions/data/project_agent_version_read.json b/scripts/initialize/permissions/project_agent_version_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_agent_version_read.json
rename to scripts/initialize/permissions/project_agent_version_read.json
diff --git a/scripts/resourcepermissions/data/project_agent_write.json b/scripts/initialize/permissions/project_agent_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_agent_write.json
rename to scripts/initialize/permissions/project_agent_write.json
diff --git a/scripts/resourcepermissions/data/project_aggregate_status_read.json b/scripts/initialize/permissions/project_aggregate_status_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_aggregate_status_read.json
rename to scripts/initialize/permissions/project_aggregate_status_read.json
diff --git a/scripts/resourcepermissions/data/project_alert_read.json b/scripts/initialize/permissions/project_alert_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_alert_read.json
rename to scripts/initialize/permissions/project_alert_read.json
diff --git a/scripts/resourcepermissions/data/project_alertconfig_read.json b/scripts/initialize/permissions/project_alertconfig_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_alertconfig_read.json
rename to scripts/initialize/permissions/project_alertconfig_read.json
diff --git a/scripts/resourcepermissions/data/project_alertconfig_write.json b/scripts/initialize/permissions/project_alertconfig_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_alertconfig_write.json
rename to scripts/initialize/permissions/project_alertconfig_write.json
diff --git a/scripts/resourcepermissions/data/project_approval_customer_read.json b/scripts/initialize/permissions/project_approval_customer_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_approval_customer_read.json
rename to scripts/initialize/permissions/project_approval_customer_read.json
diff --git a/scripts/resourcepermissions/data/project_approval_customer_write.json b/scripts/initialize/permissions/project_approval_customer_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_approval_customer_write.json
rename to scripts/initialize/permissions/project_approval_customer_write.json
diff --git a/scripts/resourcepermissions/data/project_approval_read.json b/scripts/initialize/permissions/project_approval_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_approval_read.json
rename to scripts/initialize/permissions/project_approval_read.json
diff --git a/scripts/resourcepermissions/data/project_approval_write.json b/scripts/initialize/permissions/project_approval_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_approval_write.json
rename to scripts/initialize/permissions/project_approval_write.json
diff --git a/scripts/resourcepermissions/data/project_approvalsummary_read.json b/scripts/initialize/permissions/project_approvalsummary_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_approvalsummary_read.json
rename to scripts/initialize/permissions/project_approvalsummary_read.json
diff --git a/scripts/resourcepermissions/data/project_auditLog_read.json b/scripts/initialize/permissions/project_auditLog_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_auditLog_read.json
rename to scripts/initialize/permissions/project_auditLog_read.json
diff --git a/scripts/resourcepermissions/data/project_audit_read.json b/scripts/initialize/permissions/project_audit_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_audit_read.json
rename to scripts/initialize/permissions/project_audit_read.json
diff --git a/scripts/resourcepermissions/data/project_certificate_read.json b/scripts/initialize/permissions/project_certificate_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_certificate_read.json
rename to scripts/initialize/permissions/project_certificate_read.json
diff --git a/scripts/resourcepermissions/data/project_certificate_write.json b/scripts/initialize/permissions/project_certificate_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_certificate_write.json
rename to scripts/initialize/permissions/project_certificate_write.json
diff --git a/scripts/resourcepermissions/data/project_cluster_override_read_workload.json b/scripts/initialize/permissions/project_cluster_override_read_workload.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_cluster_override_read_workload.json
rename to scripts/initialize/permissions/project_cluster_override_read_workload.json
diff --git a/scripts/resourcepermissions/data/project_cluster_override_write_workload.json b/scripts/initialize/permissions/project_cluster_override_write_workload.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_cluster_override_write_workload.json
rename to scripts/initialize/permissions/project_cluster_override_write_workload.json
diff --git a/scripts/resourcepermissions/data/project_cluster_scheduler_read.json b/scripts/initialize/permissions/project_cluster_scheduler_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_cluster_scheduler_read.json
rename to scripts/initialize/permissions/project_cluster_scheduler_read.json
diff --git a/scripts/resourcepermissions/data/project_cluster_scheduler_write.json b/scripts/initialize/permissions/project_cluster_scheduler_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_cluster_scheduler_write.json
rename to scripts/initialize/permissions/project_cluster_scheduler_write.json
diff --git a/scripts/resourcepermissions/data/project_clusterctl_read.json b/scripts/initialize/permissions/project_clusterctl_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_clusterctl_read.json
rename to scripts/initialize/permissions/project_clusterctl_read.json
diff --git a/scripts/resourcepermissions/data/project_clusterctl_write.json b/scripts/initialize/permissions/project_clusterctl_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_clusterctl_write.json
rename to scripts/initialize/permissions/project_clusterctl_write.json
diff --git a/scripts/resourcepermissions/data/project_container_registry_read.json b/scripts/initialize/permissions/project_container_registry_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_container_registry_read.json
rename to scripts/initialize/permissions/project_container_registry_read.json
diff --git a/scripts/resourcepermissions/data/project_container_registry_write.json b/scripts/initialize/permissions/project_container_registry_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_container_registry_write.json
rename to scripts/initialize/permissions/project_container_registry_write.json
diff --git a/scripts/resourcepermissions/data/project_credential_read.json b/scripts/initialize/permissions/project_credential_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_credential_read.json
rename to scripts/initialize/permissions/project_credential_read.json
diff --git a/scripts/resourcepermissions/data/project_credential_write.json b/scripts/initialize/permissions/project_credential_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_credential_write.json
rename to scripts/initialize/permissions/project_credential_write.json
diff --git a/scripts/resourcepermissions/data/project_customer_clusters_read.json b/scripts/initialize/permissions/project_customer_clusters_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_customer_clusters_read.json
rename to scripts/initialize/permissions/project_customer_clusters_read.json
diff --git a/scripts/resourcepermissions/data/project_customer_clusters_write.json b/scripts/initialize/permissions/project_customer_clusters_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_customer_clusters_write.json
rename to scripts/initialize/permissions/project_customer_clusters_write.json
diff --git a/scripts/resourcepermissions/data/project_customer_providers_read.json b/scripts/initialize/permissions/project_customer_providers_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_customer_providers_read.json
rename to scripts/initialize/permissions/project_customer_providers_read.json
diff --git a/scripts/resourcepermissions/data/project_customer_providers_write.json b/scripts/initialize/permissions/project_customer_providers_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_customer_providers_write.json
rename to scripts/initialize/permissions/project_customer_providers_write.json
diff --git a/scripts/resourcepermissions/data/project_customer_read.json b/scripts/initialize/permissions/project_customer_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_customer_read.json
rename to scripts/initialize/permissions/project_customer_read.json
diff --git a/scripts/resourcepermissions/data/project_customer_write.json b/scripts/initialize/permissions/project_customer_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_customer_write.json
rename to scripts/initialize/permissions/project_customer_write.json
diff --git a/scripts/resourcepermissions/data/project_dashboard_workload_read.json b/scripts/initialize/permissions/project_dashboard_workload_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_dashboard_workload_read.json
rename to scripts/initialize/permissions/project_dashboard_workload_read.json
diff --git a/scripts/resourcepermissions/data/project_data_protection_location_read.json b/scripts/initialize/permissions/project_data_protection_location_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_data_protection_location_read.json
rename to scripts/initialize/permissions/project_data_protection_location_read.json
diff --git a/scripts/resourcepermissions/data/project_data_protection_location_write.json b/scripts/initialize/permissions/project_data_protection_location_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_data_protection_location_write.json
rename to scripts/initialize/permissions/project_data_protection_location_write.json
diff --git a/scripts/resourcepermissions/data/project_data_protection_policy_read.json b/scripts/initialize/permissions/project_data_protection_policy_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_data_protection_policy_read.json
rename to scripts/initialize/permissions/project_data_protection_policy_read.json
diff --git a/scripts/resourcepermissions/data/project_data_protection_policy_write.json b/scripts/initialize/permissions/project_data_protection_policy_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_data_protection_policy_write.json
rename to scripts/initialize/permissions/project_data_protection_policy_write.json
diff --git a/scripts/resourcepermissions/data/project_data_protection_read.json b/scripts/initialize/permissions/project_data_protection_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_data_protection_read.json
rename to scripts/initialize/permissions/project_data_protection_read.json
diff --git a/scripts/resourcepermissions/data/project_data_protection_write.json b/scripts/initialize/permissions/project_data_protection_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_data_protection_write.json
rename to scripts/initialize/permissions/project_data_protection_write.json
diff --git a/scripts/resourcepermissions/data/project_infra_overrides_read.json b/scripts/initialize/permissions/project_infra_overrides_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_infra_overrides_read.json
rename to scripts/initialize/permissions/project_infra_overrides_read.json
diff --git a/scripts/resourcepermissions/data/project_infra_provisioner_read.json b/scripts/initialize/permissions/project_infra_provisioner_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_infra_provisioner_read.json
rename to scripts/initialize/permissions/project_infra_provisioner_read.json
diff --git a/scripts/resourcepermissions/data/project_infra_provisioner_runtime_read.json b/scripts/initialize/permissions/project_infra_provisioner_runtime_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_infra_provisioner_runtime_read.json
rename to scripts/initialize/permissions/project_infra_provisioner_runtime_read.json
diff --git a/scripts/resourcepermissions/data/project_infra_provisioner_write.json b/scripts/initialize/permissions/project_infra_provisioner_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_infra_provisioner_write.json
rename to scripts/initialize/permissions/project_infra_provisioner_write.json
diff --git a/scripts/resourcepermissions/data/project_integrationEndpoint_read.json b/scripts/initialize/permissions/project_integrationEndpoint_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_integrationEndpoint_read.json
rename to scripts/initialize/permissions/project_integrationEndpoint_read.json
diff --git a/scripts/resourcepermissions/data/project_integrationEndpoint_write.json b/scripts/initialize/permissions/project_integrationEndpoint_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_integrationEndpoint_write.json
rename to scripts/initialize/permissions/project_integrationEndpoint_write.json
diff --git a/scripts/resourcepermissions/data/project_myapproval_read.json b/scripts/initialize/permissions/project_myapproval_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_myapproval_read.json
rename to scripts/initialize/permissions/project_myapproval_read.json
diff --git a/scripts/resourcepermissions/data/project_myapprovalsummary_read.json b/scripts/initialize/permissions/project_myapprovalsummary_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_myapprovalsummary_read.json
rename to scripts/initialize/permissions/project_myapprovalsummary_read.json
diff --git a/scripts/resourcepermissions/data/project_namespace_customer_read.json b/scripts/initialize/permissions/project_namespace_customer_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_namespace_customer_read.json
rename to scripts/initialize/permissions/project_namespace_customer_read.json
diff --git a/scripts/resourcepermissions/data/project_namespace_customer_write.json b/scripts/initialize/permissions/project_namespace_customer_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_namespace_customer_write.json
rename to scripts/initialize/permissions/project_namespace_customer_write.json
diff --git a/scripts/resourcepermissions/data/project_namespace_read.json b/scripts/initialize/permissions/project_namespace_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_namespace_read.json
rename to scripts/initialize/permissions/project_namespace_read.json
diff --git a/scripts/resourcepermissions/data/project_namespace_write.json b/scripts/initialize/permissions/project_namespace_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_namespace_write.json
rename to scripts/initialize/permissions/project_namespace_write.json
diff --git a/scripts/resourcepermissions/data/project_override_read.json b/scripts/initialize/permissions/project_override_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_override_read.json
rename to scripts/initialize/permissions/project_override_read.json
diff --git a/scripts/resourcepermissions/data/project_override_write.json b/scripts/initialize/permissions/project_override_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_override_write.json
rename to scripts/initialize/permissions/project_override_write.json
diff --git a/scripts/resourcepermissions/data/project_pipeline_customer_read.json b/scripts/initialize/permissions/project_pipeline_customer_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipeline_customer_read.json
rename to scripts/initialize/permissions/project_pipeline_customer_read.json
diff --git a/scripts/resourcepermissions/data/project_pipeline_customer_write.json b/scripts/initialize/permissions/project_pipeline_customer_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipeline_customer_write.json
rename to scripts/initialize/permissions/project_pipeline_customer_write.json
diff --git a/scripts/resourcepermissions/data/project_pipeline_org_admin_write.json b/scripts/initialize/permissions/project_pipeline_org_admin_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipeline_org_admin_write.json
rename to scripts/initialize/permissions/project_pipeline_org_admin_write.json
diff --git a/scripts/resourcepermissions/data/project_pipeline_read.json b/scripts/initialize/permissions/project_pipeline_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipeline_read.json
rename to scripts/initialize/permissions/project_pipeline_read.json
diff --git a/scripts/resourcepermissions/data/project_pipeline_variable_read.json b/scripts/initialize/permissions/project_pipeline_variable_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipeline_variable_read.json
rename to scripts/initialize/permissions/project_pipeline_variable_read.json
diff --git a/scripts/resourcepermissions/data/project_pipeline_variable_write.json b/scripts/initialize/permissions/project_pipeline_variable_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipeline_variable_write.json
rename to scripts/initialize/permissions/project_pipeline_variable_write.json
diff --git a/scripts/resourcepermissions/data/project_pipeline_write.json b/scripts/initialize/permissions/project_pipeline_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipeline_write.json
rename to scripts/initialize/permissions/project_pipeline_write.json
diff --git a/scripts/resourcepermissions/data/project_pipelinesummary_customer_read.json b/scripts/initialize/permissions/project_pipelinesummary_customer_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipelinesummary_customer_read.json
rename to scripts/initialize/permissions/project_pipelinesummary_customer_read.json
diff --git a/scripts/resourcepermissions/data/project_pipelinesummary_read.json b/scripts/initialize/permissions/project_pipelinesummary_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_pipelinesummary_read.json
rename to scripts/initialize/permissions/project_pipelinesummary_read.json
diff --git a/scripts/resourcepermissions/data/project_placement_read.json b/scripts/initialize/permissions/project_placement_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_placement_read.json
rename to scripts/initialize/permissions/project_placement_read.json
diff --git a/scripts/resourcepermissions/data/project_placement_write.json b/scripts/initialize/permissions/project_placement_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_placement_write.json
rename to scripts/initialize/permissions/project_placement_write.json
diff --git a/scripts/resourcepermissions/data/project_providers_org_admin_write.json b/scripts/initialize/permissions/project_providers_org_admin_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_providers_org_admin_write.json
rename to scripts/initialize/permissions/project_providers_org_admin_write.json
diff --git a/scripts/resourcepermissions/data/project_providers_read.json b/scripts/initialize/permissions/project_providers_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_providers_read.json
rename to scripts/initialize/permissions/project_providers_read.json
diff --git a/scripts/resourcepermissions/data/project_providers_write.json b/scripts/initialize/permissions/project_providers_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_providers_write.json
rename to scripts/initialize/permissions/project_providers_write.json
diff --git a/scripts/resourcepermissions/data/project_read.json b/scripts/initialize/permissions/project_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_read.json
rename to scripts/initialize/permissions/project_read.json
diff --git a/scripts/resourcepermissions/data/project_registry_read.json b/scripts/initialize/permissions/project_registry_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_registry_read.json
rename to scripts/initialize/permissions/project_registry_read.json
diff --git a/scripts/resourcepermissions/data/project_registry_write.json b/scripts/initialize/permissions/project_registry_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_registry_write.json
rename to scripts/initialize/permissions/project_registry_write.json
diff --git a/scripts/resourcepermissions/data/project_relayAudit_read.json b/scripts/initialize/permissions/project_relayAudit_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_relayAudit_read.json
rename to scripts/initialize/permissions/project_relayAudit_read.json
diff --git a/scripts/resourcepermissions/data/project_repository_read.json b/scripts/initialize/permissions/project_repository_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_repository_read.json
rename to scripts/initialize/permissions/project_repository_read.json
diff --git a/scripts/resourcepermissions/data/project_repository_write.json b/scripts/initialize/permissions/project_repository_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_repository_write.json
rename to scripts/initialize/permissions/project_repository_write.json
diff --git a/scripts/resourcepermissions/data/project_schedulerplacement_read.json b/scripts/initialize/permissions/project_schedulerplacement_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_schedulerplacement_read.json
rename to scripts/initialize/permissions/project_schedulerplacement_read.json
diff --git a/scripts/resourcepermissions/data/project_schedulerplacement_write.json b/scripts/initialize/permissions/project_schedulerplacement_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_schedulerplacement_write.json
rename to scripts/initialize/permissions/project_schedulerplacement_write.json
diff --git a/scripts/resourcepermissions/data/project_secretStore_read.json b/scripts/initialize/permissions/project_secretStore_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_secretStore_read.json
rename to scripts/initialize/permissions/project_secretStore_read.json
diff --git a/scripts/resourcepermissions/data/project_secretStore_write.json b/scripts/initialize/permissions/project_secretStore_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_secretStore_write.json
rename to scripts/initialize/permissions/project_secretStore_write.json
diff --git a/scripts/resourcepermissions/data/project_systemsync_read.json b/scripts/initialize/permissions/project_systemsync_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_systemsync_read.json
rename to scripts/initialize/permissions/project_systemsync_read.json
diff --git a/scripts/resourcepermissions/data/project_systemsync_write.json b/scripts/initialize/permissions/project_systemsync_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_systemsync_write.json
rename to scripts/initialize/permissions/project_systemsync_write.json
diff --git a/scripts/resourcepermissions/data/project_taskset_read.json b/scripts/initialize/permissions/project_taskset_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_taskset_read.json
rename to scripts/initialize/permissions/project_taskset_read.json
diff --git a/scripts/resourcepermissions/data/project_taskset_write.json b/scripts/initialize/permissions/project_taskset_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_taskset_write.json
rename to scripts/initialize/permissions/project_taskset_write.json
diff --git a/scripts/resourcepermissions/data/project_trigger_customer_read.json b/scripts/initialize/permissions/project_trigger_customer_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_trigger_customer_read.json
rename to scripts/initialize/permissions/project_trigger_customer_read.json
diff --git a/scripts/resourcepermissions/data/project_trigger_customer_write.json b/scripts/initialize/permissions/project_trigger_customer_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_trigger_customer_write.json
rename to scripts/initialize/permissions/project_trigger_customer_write.json
diff --git a/scripts/resourcepermissions/data/project_trigger_read.json b/scripts/initialize/permissions/project_trigger_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_trigger_read.json
rename to scripts/initialize/permissions/project_trigger_read.json
diff --git a/scripts/resourcepermissions/data/project_trigger_write.json b/scripts/initialize/permissions/project_trigger_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_trigger_write.json
rename to scripts/initialize/permissions/project_trigger_write.json
diff --git a/scripts/resourcepermissions/data/project_v2_namespace_read.json b/scripts/initialize/permissions/project_v2_namespace_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_v2_namespace_read.json
rename to scripts/initialize/permissions/project_v2_namespace_read.json
diff --git a/scripts/resourcepermissions/data/project_v2_namespace_write.json b/scripts/initialize/permissions/project_v2_namespace_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_v2_namespace_write.json
rename to scripts/initialize/permissions/project_v2_namespace_write.json
diff --git a/scripts/resourcepermissions/data/project_workload_customer_read.json b/scripts/initialize/permissions/project_workload_customer_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workload_customer_read.json
rename to scripts/initialize/permissions/project_workload_customer_read.json
diff --git a/scripts/resourcepermissions/data/project_workload_customer_write.json b/scripts/initialize/permissions/project_workload_customer_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workload_customer_write.json
rename to scripts/initialize/permissions/project_workload_customer_write.json
diff --git a/scripts/resourcepermissions/data/project_workload_publish.json b/scripts/initialize/permissions/project_workload_publish.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workload_publish.json
rename to scripts/initialize/permissions/project_workload_publish.json
diff --git a/scripts/resourcepermissions/data/project_workload_read.json b/scripts/initialize/permissions/project_workload_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workload_read.json
rename to scripts/initialize/permissions/project_workload_read.json
diff --git a/scripts/resourcepermissions/data/project_workload_write.json b/scripts/initialize/permissions/project_workload_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workload_write.json
rename to scripts/initialize/permissions/project_workload_write.json
diff --git a/scripts/resourcepermissions/data/project_workloadtemplatev2_read.json b/scripts/initialize/permissions/project_workloadtemplatev2_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workloadtemplatev2_read.json
rename to scripts/initialize/permissions/project_workloadtemplatev2_read.json
diff --git a/scripts/resourcepermissions/data/project_workloadtemplatev2_write.json b/scripts/initialize/permissions/project_workloadtemplatev2_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workloadtemplatev2_write.json
rename to scripts/initialize/permissions/project_workloadtemplatev2_write.json
diff --git a/scripts/resourcepermissions/data/project_workloadv2_read.json b/scripts/initialize/permissions/project_workloadv2_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workloadv2_read.json
rename to scripts/initialize/permissions/project_workloadv2_read.json
diff --git a/scripts/resourcepermissions/data/project_workloadv2_write.json b/scripts/initialize/permissions/project_workloadv2_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_workloadv2_write.json
rename to scripts/initialize/permissions/project_workloadv2_write.json
diff --git a/scripts/resourcepermissions/data/project_write.json b/scripts/initialize/permissions/project_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/project_write.json
rename to scripts/initialize/permissions/project_write.json
diff --git a/scripts/resourcepermissions/data/registry_read.json b/scripts/initialize/permissions/registry_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/registry_read.json
rename to scripts/initialize/permissions/registry_read.json
diff --git a/scripts/resourcepermissions/data/registry_write.json b/scripts/initialize/permissions/registry_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/registry_write.json
rename to scripts/initialize/permissions/registry_write.json
diff --git a/scripts/resourcepermissions/data/registryauthkey_read.json b/scripts/initialize/permissions/registryauthkey_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/registryauthkey_read.json
rename to scripts/initialize/permissions/registryauthkey_read.json
diff --git a/scripts/resourcepermissions/data/registryauthkey_write.json b/scripts/initialize/permissions/registryauthkey_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/registryauthkey_write.json
rename to scripts/initialize/permissions/registryauthkey_write.json
diff --git a/scripts/resourcepermissions/data/registryimage_read.json b/scripts/initialize/permissions/registryimage_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/registryimage_read.json
rename to scripts/initialize/permissions/registryimage_read.json
diff --git a/scripts/resourcepermissions/data/registryimage_write.json b/scripts/initialize/permissions/registryimage_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/registryimage_write.json
rename to scripts/initialize/permissions/registryimage_write.json
diff --git a/scripts/resourcepermissions/data/relaynetwork_read.json b/scripts/initialize/permissions/relaynetwork_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/relaynetwork_read.json
rename to scripts/initialize/permissions/relaynetwork_read.json
diff --git a/scripts/resourcepermissions/data/relaynetwork_write.json b/scripts/initialize/permissions/relaynetwork_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/relaynetwork_write.json
rename to scripts/initialize/permissions/relaynetwork_write.json
diff --git a/scripts/resourcepermissions/data/role_read.json b/scripts/initialize/permissions/role_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/role_read.json
rename to scripts/initialize/permissions/role_read.json
diff --git a/scripts/resourcepermissions/data/role_write.json b/scripts/initialize/permissions/role_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/role_write.json
rename to scripts/initialize/permissions/role_write.json
diff --git a/scripts/resourcepermissions/data/sso_read.json b/scripts/initialize/permissions/sso_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/sso_read.json
rename to scripts/initialize/permissions/sso_read.json
diff --git a/scripts/resourcepermissions/data/sso_user_read.json b/scripts/initialize/permissions/sso_user_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/sso_user_read.json
rename to scripts/initialize/permissions/sso_user_read.json
diff --git a/scripts/resourcepermissions/data/sso_user_write.json b/scripts/initialize/permissions/sso_user_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/sso_user_write.json
rename to scripts/initialize/permissions/sso_user_write.json
diff --git a/scripts/resourcepermissions/data/sso_write.json b/scripts/initialize/permissions/sso_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/sso_write.json
rename to scripts/initialize/permissions/sso_write.json
diff --git a/scripts/resourcepermissions/data/template_read.json b/scripts/initialize/permissions/template_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/template_read.json
rename to scripts/initialize/permissions/template_read.json
diff --git a/scripts/resourcepermissions/data/user_keys_write.json b/scripts/initialize/permissions/user_keys_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/user_keys_write.json
rename to scripts/initialize/permissions/user_keys_write.json
diff --git a/scripts/resourcepermissions/data/user_read.json b/scripts/initialize/permissions/user_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/user_read.json
rename to scripts/initialize/permissions/user_read.json
diff --git a/scripts/resourcepermissions/data/user_write.json b/scripts/initialize/permissions/user_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/user_write.json
rename to scripts/initialize/permissions/user_write.json
diff --git a/scripts/resourcepermissions/data/v2account_read.json b/scripts/initialize/permissions/v2account_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/v2account_read.json
rename to scripts/initialize/permissions/v2account_read.json
diff --git a/scripts/resourcepermissions/data/v2debug_read.json b/scripts/initialize/permissions/v2debug_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/v2debug_read.json
rename to scripts/initialize/permissions/v2debug_read.json
diff --git a/scripts/resourcepermissions/data/v2debug_write.json b/scripts/initialize/permissions/v2debug_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/v2debug_write.json
rename to scripts/initialize/permissions/v2debug_write.json
diff --git a/scripts/resourcepermissions/data/workload_publish.json b/scripts/initialize/permissions/workload_publish.json
similarity index 100%
rename from scripts/resourcepermissions/data/workload_publish.json
rename to scripts/initialize/permissions/workload_publish.json
diff --git a/scripts/resourcepermissions/data/workload_read.json b/scripts/initialize/permissions/workload_read.json
similarity index 100%
rename from scripts/resourcepermissions/data/workload_read.json
rename to scripts/initialize/permissions/workload_read.json
diff --git a/scripts/resourcepermissions/data/workload_write.json b/scripts/initialize/permissions/workload_write.json
similarity index 100%
rename from scripts/resourcepermissions/data/workload_write.json
rename to scripts/initialize/permissions/workload_write.json
diff --git a/scripts/resourceroles/data.json b/scripts/initialize/roles.json
similarity index 100%
rename from scripts/resourceroles/data.json
rename to scripts/initialize/roles.json
diff --git a/scripts/resourcepermissions/createresources.go b/scripts/resourcepermissions/createresources.go
deleted file mode 100644
index dcff5c2..0000000
--- a/scripts/resourcepermissions/createresources.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package main
-
-import (
-	"context"
-	"database/sql"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"path"
-
-	"github.com/RafaySystems/rcloud-base/internal/models"
-	"github.com/RafaySystems/rcloud-base/internal/persistence/provider/pg"
-	"github.com/uptrace/bun"
-	"github.com/uptrace/bun/dialect/pgdialect"
-	"github.com/uptrace/bun/driver/pgdriver"
-)
-
-func addResourcePermissions(dao pg.EntityDAO, basePath string) error {
-	var items []models.ResourcePermission
-
-	files, err := ioutil.ReadDir(basePath)
-	if err != nil {
-		log.Fatal(err)
-	}
-	for _, file := range files {
-		if !file.IsDir() { // probably not, but just in case
-			content, err := ioutil.ReadFile(path.Join(basePath, file.Name()))
-			if err != nil {
-				log.Fatal(err)
-			}
-			// It has ResourceRefId, but that does not seem to be used in the old implementatino
-			// Also, why do we need two items?
-			var data models.ResourcePermission
-			err = json.Unmarshal(content, &data)
-			if err != nil {
-				log.Fatal(err)
-			}
-			items = append(items, data)
-		}
-	}
-
-	fmt.Println("Adding", len(items), "resource permissions")
-	_, err = dao.Create(context.Background(), &items)
-	return err
-}
-
-func main() {
-	dsn := "postgres://admindbuser:admindbpassword@localhost:5432/admindb?sslmode=disable"
-	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn)))
-	db := bun.NewDB(sqldb, pgdialect.New())
-	dao := pg.NewEntityDAO(db)
-
-	// TODO: add option to update the existing list
-	err := dao.DeleteAll(context.Background(), &models.ResourcePermission{})
-	if err != nil {
-		log.Fatal(err)
-	}
-	err = addResourcePermissions(dao, path.Join("scripts", "resourcepermissions", "data"))
-	if err != nil {
-		fmt.Println("Run from base directory")
-		log.Fatal(err)
-	}
-}

From 701ab5c5367a9c1f7ec67999ee987e9136e362ff Mon Sep 17 00:00:00 2001
From: Abin Simon <abin.simon@rafay.co>
Date: Tue, 15 Mar 2022 13:33:46 +0530
Subject: [PATCH 6/6] Switch to fetching all needed values via named cli args

---
 scripts/initialize/main.go | 47 +++++++++++++++++++++++++-------------
 1 file changed, 31 insertions(+), 16 deletions(-)

diff --git a/scripts/initialize/main.go b/scripts/initialize/main.go
index 6756bd9..852d098 100644
--- a/scripts/initialize/main.go
+++ b/scripts/initialize/main.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"database/sql"
 	"encoding/json"
+	"flag"
 	"fmt"
 	"io/ioutil"
 	"log"
@@ -13,6 +14,7 @@ import (
 	"github.com/RafaySystems/rcloud-base/internal/models"
 	providers "github.com/RafaySystems/rcloud-base/internal/persistence/provider/kratos"
 	"github.com/RafaySystems/rcloud-base/internal/persistence/provider/pg"
+	"github.com/RafaySystems/rcloud-base/pkg/common"
 	"github.com/RafaySystems/rcloud-base/pkg/enforcer"
 	"github.com/RafaySystems/rcloud-base/pkg/service"
 	commonv3 "github.com/RafaySystems/rcloud-base/proto/types/commonpb/v3"
@@ -37,6 +39,10 @@ import (
 // We make use of service instead of just insserting to db as that way
 // all the dependent items will be taken care of automatically.
 
+// Inorder to reset everything, we can do
+// truncate table authsrv_partner cascade;
+// truncate table casbin_rule;
+
 const (
 	dbAddrEnv       = "DB_ADDR"
 	dbNameEnv       = "DB_NAME"
@@ -76,9 +82,23 @@ func addResourcePermissions(dao pg.EntityDAO, basePath string) error {
 }
 
 func main() {
-	if len(os.Args) != 4 {
-		// this step happens after org creation and so we will have org and partner
-		log.Fatal("Usage: ", os.Args[0], " <partner> ", " <organizatin>", "<org_admin_email>")
+	partner := flag.String("partner", "", "Name of partner")
+	partnerDesc := flag.String("partner-desc", "", "Description of partner")
+	partnerHost := flag.String("partner-host", "", "Host of partner")
+
+	org := flag.String("org", "", "Name of org")
+	orgDesc := flag.String("org-desc", "", "Description of org")
+
+	oae := flag.String("admin-email", "", "Email of org admin")
+	oafn := flag.String("admin-first-name", "", "First name of org admin")
+	oaln := flag.String("admin-last-name", "", "Last name of org admin")
+
+	flag.Parse()
+
+	if *partner == "" || *org == "" || *oae == "" || *oafn == "" || *oaln == "" || *partnerHost == "" {
+		fmt.Println("Usage: initialize")
+		flag.PrintDefaults()
+		os.Exit(1)
 	}
 
 	viper.SetDefault(dbAddrEnv, "localhost:5432")
@@ -102,10 +122,6 @@ func main() {
 	kratosScheme := viper.GetString(kratosSchemeEnv)
 	kratosAddr := viper.GetString(kratosAddrEnv)
 
-	partner := os.Args[1]
-	org := os.Args[2]
-	orgAdminEmail := os.Args[3]
-
 	content, err := ioutil.ReadFile(path.Join("scripts", "initialize", "roles.json"))
 	if err != nil {
 		log.Fatal("unable to read file: ", err)
@@ -141,7 +157,7 @@ func main() {
 	ps := service.NewPartnerService(db)
 	os := service.NewOrganizationService(db)
 	rs := service.NewRoleService(db, as)
-	us := service.NewUserService(providers.NewKratosAuthProvider(kc), db, as)
+	us := service.NewUserService(providers.NewKratosAuthProvider(kc), db, as, nil, common.CliConfigDownloadData{})
 
 	err = dao.DeleteAll(context.Background(), &models.ResourcePermission{})
 	if err != nil {
@@ -155,14 +171,14 @@ func main() {
 
 	// Create partner
 	_, err = ps.Create(context.Background(), &systemv3.Partner{
-		Metadata: &commonv3.Metadata{Name: partner, Description: "..."},
-		Spec:     &systemv3.PartnerSpec{Host: ""},
+		Metadata: &commonv3.Metadata{Name: *partner, Description: *partnerDesc},
+		Spec:     &systemv3.PartnerSpec{Host: *partnerHost},
 	})
 	if err != nil {
 		log.Fatal("unable to create partner", err)
 	}
 	_, err = os.Create(context.Background(), &systemv3.Organization{
-		Metadata: &commonv3.Metadata{Name: org, Partner: partner, Description: "..."},
+		Metadata: &commonv3.Metadata{Name: *org, Partner: *partner, Description: *orgDesc},
 		Spec:     &systemv3.OrganizationSpec{Active: true},
 	})
 	if err != nil {
@@ -174,7 +190,7 @@ func main() {
 			perms := data[scope][name]
 			fmt.Println(scope, name, len(perms))
 			_, err := rs.Create(context.Background(), &rolev3.Role{
-				Metadata: &commonv3.Metadata{Name: name, Partner: partner, Organization: org, Description: "..."},
+				Metadata: &commonv3.Metadata{Name: name, Partner: *partner, Organization: *org, Description: "..."},
 				Spec:     &rolev3.RoleSpec{IsGlobal: true, Scope: scope, Rolepermissions: perms},
 			})
 			if err != nil {
@@ -183,11 +199,10 @@ func main() {
 		}
 	}
 
-	// TODO: should we directly interact with kratos and create a user with a password?
+	// should we directly interact with kratos and create a user with a password?
 	_, err = us.Create(context.Background(), &userv3.User{
-		Metadata: &commonv3.Metadata{Name: orgAdminEmail, Partner: partner, Organization: org, Description: "..."},
-		// TODO: get proper name via cli arg
-		Spec: &userv3.UserSpec{FirstName: "Org", LastName: "Admin", ProjectNamespaceRoles: []*userv3.ProjectNamespaceRole{{Role: "ADMIN"}}},
+		Metadata: &commonv3.Metadata{Name: *oae, Partner: *partner, Organization: *org, Description: "..."},
+		Spec: &userv3.UserSpec{FirstName: *oafn, LastName: *oaln, ProjectNamespaceRoles: []*userv3.ProjectNamespaceRole{{Role: "ADMIN"}}},
 	})
 
 	if err != nil {