diff --git a/.github/workflows/kutegen_submodule_check.yml b/.github/workflows/kutegen_submodule_check.yml new file mode 100644 index 00000000..1ada04f8 --- /dev/null +++ b/.github/workflows/kutegen_submodule_check.yml @@ -0,0 +1,37 @@ +name: Kutegen submodule check + +on: + pull_request: + branches: + - master + - main +permissions: + contents: read + pull-requests: read + +jobs: + submodule-check: + runs-on: "docker" + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + submodules: recursive + token: ${{ secrets.GIT_HUB_ACCESS_TOKEN }} + fetch-depth: 0 + fetch-tags: true + - name: Submodule update + run: git submodule update --init --recursive --depth 0 + - name: Check submodule + run: | + cd kutegen + git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*" + git fetch origin main + BEHIND=$(git rev-list origin/main ^HEAD --count) + AHEAD=$(git rev-list HEAD ^origin/main --count) + if [ $AHEAD -ne 0 ] || [ $BEHIND -ne 0 ]; then + echo "Submodule is not up to date with main branch." + exit 1 + fi + echo "Submodule is up to date with main branch." \ No newline at end of file diff --git a/.gitignore b/.gitignore index 400c3cbb..2c58a867 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,4 @@ pipelines pipeline_manifests user-mapping.yaml **/vendor/ +bin/ diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..51c3de6f --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "kutegen"] + path = kutegen + url = ../kutegen diff --git a/Dockerfile b/Dockerfile index 85152941..3fc9454f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,18 @@ ARG BUILDER_CACHE_TARGET=193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/spring-boot-maven:1.0 + +FROM 193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/golang:1.21.1 as golang_builder +WORKDIR /app +COPY ./kutegen/go.mod ./kutegen/go.sum ./ +RUN go mod download +COPY ./kutegen ./ +RUN CGO_ENABLED=0 go build -o kutegen cmd/main.go + FROM ${BUILDER_CACHE_TARGET} as builder ARG ARTIFACT_VERSION=0.0.1-SNAPSHOT RUN rm -rf /build && mkdir -p /build WORKDIR /build COPY src /build/src COPY pom.xml /build -COPY templates /build/src/templates -COPY gocd-templates /build/src/gocd-templates -COPY scripts /build/src/scripts COPY entrypoint.sh /build/entrypoint.sh RUN wget -O elastic-apm.jar https://repo1.maven.org/maven2/co/elastic/apm/elastic-apm-agent/1.42.0/elastic-apm-agent-1.42.0.jar RUN mvn -Dhttps.protocols=TLSv1.2 -B dependency:resolve dependency:resolve-plugins @@ -20,10 +25,8 @@ WORKDIR /usr/local/ COPY --from=builder /build/elastic-apm.jar /usr/local/elastic-apm.jar COPY --from=builder /build/src/main/resources/elasticapm.properties /usr/local/elasticapm.properties COPY --from=builder /build/target/deployment-portal-backend-${ARTIFACT_VERSION}.jar /usr/local/deployment-portal-backend.jar -COPY --from=builder /build/src/templates /usr/local/templates -COPY --from=builder /build/src/gocd-templates /usr/local/gocd-templates -COPY --from=builder /build/src/scripts /usr/local/scripts COPY --from=builder /build/entrypoint.sh /usr/local/entrypoint.sh +COPY --from=golang_builder /app/kutegen /usr/local/bin/kutegen RUN apt-get update && \ apt-get install telnet curl dnsutils kafkacat -y && \ adduser --system --uid 4000 --disabled-password non-root-user && \ diff --git a/README.md b/README.md index b0cefc3f..135eee5f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # Deployment Portal Backend +- Run `git submodule update --init --recursive` to pull the kutegen submodule. - Use `export ENVIRONMENT=test` to avoid applying changes to the cluster. - Docker Setup - To run the application just do `docker-compose up` diff --git a/deployment_manifest.json b/deployment_manifest.json index c688ed05..78b6c86f 100644 --- a/deployment_manifest.json +++ b/deployment_manifest.json @@ -1,4 +1,5 @@ { + "name": "deployment-portal-backend", "environment": "$ENVIRONMENT", "metadata": { "repo": "navi-infra/deployment-portal-backend", @@ -8,125 +9,135 @@ "disasterRecovery": "True" }, "cluster": "$CLUSTER", + "environmentVariables": [ + { + "name": "ENVIRONMENT", + "value": "$ENVIRONMENT" + }, + { + "name": "DATASOURCE_URL", + "value": "$DATASOURCE_URL" + }, + { + "name": "DATASOURCE_PASSWORD", + "value": "$DATASOURCE_PASSWORD" + }, + { + "name": "DATASOURCE_USERNAME", + "value": "$DATASOURCE_USERNAME" + }, + { + "name": "OKTA_CLIENT_ID", + "value": "$OKTA_CLIENT_ID" + }, + { + "name": "OKTA_CLIENT_SECRET", + "value": "$OKTA_CLIENT_SECRET" + }, + { + "name": "JVM_OPTS", + "value": "$JVM_OPTS" + }, + { + "name": "OKTA_URL", + "value": "$OKTA_URL" + }, + { + "name": "ALLOWED_ORIGINS", + "value": "$ALLOWED_ORIGINS" + }, + { + "name": "VAULT_ADDRESS", + "value": "$VAULT_ADDRESS" + }, + { + "name": "VAULT_METATOKEN", + "value": "$VAULT_METATOKEN" + }, + { + "name": "DDL_AUTO", + "value": "$DDL_AUTO" + }, + { + "name": "KUBE_CONFIG", + "value": "$KUBE_CONFIG" + }, + { + "name": "VAULT_AUTH_METHOD", + "value": "$VAULT_AUTH_METHOD" + }, + { + "name": "VAULT_KUBE_PROVIDER", + "value": "$VAULT_KUBE_PROVIDER" + }, + { + "name": "VAULT_KUBE_ROLE", + "value": "$VAULT_KUBE_ROLE" + }, + { + "name": "VAULT_KUBE_TOKEN_CRON", + "value": "$VAULT_KUBE_TOKEN_CRON" + }, + { + "name": "PORTAL_VERTICAL", + "value": "$PORTAL_VERTICAL" + }, + { + "name": "SLACK_WEBHOOK_URL", + "value": "$SLACK_WEBHOOK_URL" + }, + { + "name": "DOCKER_REGISTRY_NAMESPACE", + "value": "$DOCKER_REGISTRY_NAMESPACE" + }, + { + "name": "JWT_SECRET_KEY", + "value": "$JWT_SECRET_KEY" + }, + { + "name": "TEAMS_LIST_VAULT", + "value": "$TEAMS_LIST_VAULT" + }, + { + "name": "ELASTIC_APM_SERVER_URLS", + "value": "$ELASTIC_APM_SERVER_URLS" + }, + { + "name": "ELASTIC_APM_ENVIRONMENT", + "value": "$ELASTIC_APM_ENVIRONMENT" + }, + { + "name": "AIRFLOW_URL", + "value": "$AIRFLOW_URL" + }, + { + "name": "AIRFLOW_AUTH_TOKEN", + "value": "$AIRFLOW_AUTH_TOKEN" + }, + { + "name": "SERVICE_DUMP_DAG_ID", + "value": "$SERVICE_DUMP_DAG_ID" + }, + { + "name": "SLACK_BOT_TOKEN", + "value": "$SLACK_BOT_TOKEN" + }, + { + "name": "JIT_DAG_ID", + "value": "$JIT_DAG_ID" + }, + { + "name": "JIT_COMMON_CHANNEL", + "value": "$JIT_COMMON_CHANNEL" + } + ], "deployment": { - "cluster": "$CLUSTER", "serviceAccount": true, - "name": "deployment-portal-backend", "instance": { "count": 2, "cpu": 1, "memory": "3Gi" }, - "environmentVariables": [ - { - "name": "ENVIRONMENT", - "value": "$ENVIRONMENT" - }, - { - "name": "DATASOURCE_URL", - "value": "$DATASOURCE_URL" - }, - { - "name": "DATASOURCE_PASSWORD", - "value": "$DATASOURCE_PASSWORD" - }, - { - "name": "DATASOURCE_USERNAME", - "value": "$DATASOURCE_USERNAME" - }, - { - "name": "OKTA_CLIENT_ID", - "value": "$OKTA_CLIENT_ID" - }, - { - "name": "OKTA_CLIENT_SECRET", - "value": "$OKTA_CLIENT_SECRET" - }, - { - "name": "JVM_OPTS", - "value": "$JVM_OPTS" - }, - { - "name": "OKTA_URL", - "value": "$OKTA_URL" - }, - { - "name": "ALLOWED_ORIGINS", - "value": "$ALLOWED_ORIGINS" - }, - { - "name": "VAULT_ADDRESS", - "value": "$VAULT_ADDRESS" - }, - { - "name": "VAULT_METATOKEN", - "value": "$VAULT_METATOKEN" - }, - { - "name": "DDL_AUTO", - "value": "$DDL_AUTO" - }, - { - "name": "KUBE_CONFIG", - "value": "$KUBE_CONFIG" - }, - { - "name": "VAULT_AUTH_METHOD", - "value": "$VAULT_AUTH_METHOD" - }, - { - "name": "VAULT_KUBE_PROVIDER", - "value": "$VAULT_KUBE_PROVIDER" - }, - { - "name": "VAULT_KUBE_ROLE", - "value": "$VAULT_KUBE_ROLE" - }, - { - "name": "VAULT_KUBE_TOKEN_CRON", - "value": "$VAULT_KUBE_TOKEN_CRON" - }, - { - "name": "PORTAL_VERTICAL", - "value": "$PORTAL_VERTICAL" - }, - { - "name": "SLACK_WEBHOOK_URL", - "value": "$SLACK_WEBHOOK_URL" - }, - { - "name": "DOCKER_REGISTRY_NAMESPACE", - "value": "$DOCKER_REGISTRY_NAMESPACE" - }, - { - "name": "JWT_SECRET_KEY", - "value": "$JWT_SECRET_KEY" - }, - { - "name": "TEAMS_LIST_VAULT", - "value": "$TEAMS_LIST_VAULT" - }, - { - "name": "ELASTIC_APM_SERVER_URLS", - "value": "$ELASTIC_APM_SERVER_URLS" - }, - { - "name": "ELASTIC_APM_ENVIRONMENT", - "value": "$ELASTIC_APM_ENVIRONMENT" - }, - { - "name": "AIRFLOW_URL", - "value": "$AIRFLOW_URL" - }, - { - "name": "AIRFLOW_AUTH_TOKEN", - "value": "$AIRFLOW_AUTH_TOKEN" - }, - { - "name": "SERVICE_DUMP_DAG_ID", - "value": "$SERVICE_DUMP_DAG_ID" - } - ], "namespace": "$NAMESPACE", "exposedPorts": [ { @@ -145,7 +156,8 @@ } ], "allowEgress": [ - "*.elastic-stack.svc.cluster.local" + "*.elastic-stack.svc.cluster.local", + "*.slack.com" ], "healthChecks": { "readinessCheck": { @@ -237,5 +249,5 @@ "labels": { "micrometer-prometheus": "enabled" }, - "version": "v1" + "infraVertical": "lending" } diff --git a/gi_deployment_manifest.json b/gi_deployment_manifest.json index 3974a287..4d488715 100644 --- a/gi_deployment_manifest.json +++ b/gi_deployment_manifest.json @@ -88,6 +88,18 @@ { "name": "DOCKER_REGISTRY_NAMESPACE", "value": "$DOCKER_REGISTRY_NAMESPACE" + }, + { + "name": "SLACK_BOT_TOKEN", + "value": "$SLACK_BOT_TOKEN" + }, + { + "name": "JIT_DAG_ID", + "value": "$JIT_DAG_ID" + }, + { + "name": "JIT_COMMON_CHANNEL", + "value": "$JIT_COMMON_CHANNEL" } ], "namespace": "$NAMESPACE", diff --git a/go.work b/go.work new file mode 100644 index 00000000..a5674b64 --- /dev/null +++ b/go.work @@ -0,0 +1,3 @@ +go 1.21 + +use ./kutegen diff --git a/go.work.sum b/go.work.sum new file mode 100644 index 00000000..6c2412aa --- /dev/null +++ b/go.work.sum @@ -0,0 +1,19 @@ +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= +github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc= +github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= +github.com/godbus/dbus/v5 v5.0.4 h1:9349emZab16e7zQvpmsbtjc18ykshndd8y2PG3sgJbA= +github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/gocd-templates/main.jsonnet b/gocd-templates/main.jsonnet deleted file mode 100644 index f68ad27a..00000000 --- a/gocd-templates/main.jsonnet +++ /dev/null @@ -1,5 +0,0 @@ -local pipelines = import 'pipelines.jsonnet'; - -{ - 'pipelines.json': pipelines, -} diff --git a/gocd-templates/material.jsonnet b/gocd-templates/material.jsonnet deleted file mode 100644 index 8b04f5fc..00000000 --- a/gocd-templates/material.jsonnet +++ /dev/null @@ -1,156 +0,0 @@ -local pipeline_helper = import 'pipeline_helper.jsonnet'; -local pipeline_manifest = import 'pipeline_manifest.json'; -local pipelines = pipeline_manifest.pipelines; -local name = pipeline_manifest.name; -local infraVertical = pipeline_manifest.infraVertical; - -local githubOrgMap = { - lending:: { - default:: 'git@github.com:navi-medici/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - 'data-platform-prod':: 'git@github.com:navi-data/', - 'data-platform-nonprod':: 'git@github.com:navi-data/', - }, - insurance:: { - default:: 'git@github.com:navi-gi/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - }, - infra:: { - default: 'git@github.com:navi-infra/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - }, - amc:: { - default: 'git@github.com:navi-amc/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - }, - sa:: { - default: 'git@github.com:navi-sa/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - }, - colending:: { - default: 'git@github.com:navi-co-lending/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - }, - 'navi-pay':: { - default: 'git@github.com:navi-pay/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - }, - 'navi-saas':: { - default: 'git@github.com:navi-saas/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - }, - 'navi-ppl':: { - default: 'git@github.com:navi-ppl/', - prod:: self.default, - qa:: self.default, - dev:: self.default, - uat:: self.default, - perf:: self.default, - test:: self.default, - build:: self.default, - }, -}; - -{ - getMaterial(name, env):: { - test:: { - plugin_configuration: { - id: 'github.pr', - version: '1.4.0-RC2', - }, - options: { - url: githubOrgMap[infraVertical][env] + name + '.git', - branch: 'master', - }, - destination: 'test', - }, - build:: { - git: { - git: githubOrgMap[infraVertical][env] + name + '.git', - shallow_clone: true, - branch: 'master', - }, - }, - 'rds-deploy':: { - mygit: { - git: githubOrgMap[infraVertical][env] + name + '.git', - shallow_clone: true, - branch: 'master', - }, - }, - 's3-deploy':: self['rds-deploy'], - 'iam-deploy':: self['rds-deploy'], - 'redis-deploy':: self['rds-deploy'], - 'docdb-deploy':: self['rds-deploy'], - 'migrate-deploy':: { - git: { - git: githubOrgMap[infraVertical][env] + name + '.git', - shallow_clone: true, - branch: 'master', - }, - }, - }, - getUpstreamMaterial(name, pipeline):: - (if pipeline.type == 'migrate-deploy' then { - code: { - pipeline: pipeline_helper.getUpstreamPipelineName(pipeline), - stage: pipeline_helper.getUpstreamPipelineStage(pipeline), - }, - } else {}), - material(name, pipeline):: $.getMaterial(name, pipeline.env)[pipeline.type] + $.getUpstreamMaterial(name, pipeline), - pipelineName(name, pipeline):: $.getPipelineName(name, pipeline.type, pipeline.env), - getPipelineName(name, type, env):: - if type == 'test' || type == 'build' then - (name + '-' + type) - else if type == 'rds-deploy' || type == 's3-deploy' || type == 'redis-deploy' || type == 'docdb-deploy' || type == 'iam-deploy' then - (name + '-' + env + '-all-resource-deploy') - else (name + '-' + env + '-' + type), -} diff --git a/gocd-templates/pipeline_helper.jsonnet b/gocd-templates/pipeline_helper.jsonnet deleted file mode 100644 index b40e0ca0..00000000 --- a/gocd-templates/pipeline_helper.jsonnet +++ /dev/null @@ -1,70 +0,0 @@ -local pipeline_manifest = import 'pipeline_manifest.json'; -local pipelines = pipeline_manifest.pipelines; -local name = pipeline_manifest.name; -local buildPipelineName = name + '-build'; -local devPipelineName = name + '-dev-migrate-deploy'; -local qaPipelineName = name + '-qa-migrate-deploy'; -local uatPipelineName = name + '-uat-migrate-deploy'; -local prodPipelineName = name + '-prod-migrate-deploy'; -local pipelineMap = { - [pipeline.env]: true - for pipeline in pipelines -}; -local approvalTypeMap(stages) = { -[stage.type]: stage.approvalType -for stage in stages -}; -local hasDevPipeline = std.objectHas(pipelineMap, 'dev'); -local hasQaPipeline = std.objectHas(pipelineMap, 'qa'); -local hasUatPipeline = std.objectHas(pipelineMap, 'uat'); -local hasProdPipeline = std.objectHas(pipelineMap, 'prod'); - -{ - getUpstreamPipelineName(pipeline):: ( - if pipeline.env == 'dev' then buildPipelineName - else if pipeline.env == 'qa' then ( - if hasDevPipeline then devPipelineName - else buildPipelineName - ) - else if pipeline.env == 'uat' then ( - if hasQaPipeline then qaPipelineName - else if hasDevPipeline then devPipelineName - else buildPipelineName - ) - else if pipeline.env == 'prod' then ( - if hasUatPipeline then uatPipelineName - else if hasQaPipeline then qaPipelineName - else if hasDevPipeline then devPipelineName - else buildPipelineName - ) - ), - getUpstreamPipelineStage(pipeline):: ( - if pipeline.env == 'dev' then 'build' - else if pipeline.env == 'qa' then (if hasDevPipeline then 'deploy' else 'build') - else if pipeline.env == 'uat' then (if (hasQaPipeline || hasDevPipeline) then 'deploy' else 'build') - else if pipeline.env == 'prod' then (if (hasQaPipeline || hasDevPipeline || hasUatPipeline) then 'deploy' else 'build') - ), - getUpstreamPipelineJob(pipeline):: $.getUpstreamPipelineStage(pipeline), - stageMap(pipeline):: { - [stage.type]: true - for stage in pipeline.stages - }, - artifactPipeline(pipeline):: - if pipeline.env == 'dev' then buildPipelineName - else if pipeline.env == 'qa' then ( - if hasDevPipeline then (buildPipelineName + '/' + devPipelineName) - else buildPipelineName - ) - else if pipeline.env == 'uat' then ( - buildPipelineName + - (if hasDevPipeline then ('/' + devPipelineName) else '') + - (if hasQaPipeline then ('/' + qaPipelineName) else '') - ) - else if pipeline.env == 'prod' then ( - buildPipelineName + - (if hasDevPipeline then ('/' + devPipelineName) else '') + - (if hasQaPipeline then ('/' + qaPipelineName) else '') + - (if hasUatPipeline then ('/' + uatPipelineName) else '') - ), - getApprovalType(allStages,stageType):: approvalTypeMap(allStages)[stageType] -} diff --git a/gocd-templates/pipelines.jsonnet b/gocd-templates/pipelines.jsonnet deleted file mode 100644 index 832b0a4a..00000000 --- a/gocd-templates/pipelines.jsonnet +++ /dev/null @@ -1,92 +0,0 @@ -local pipeline_manifest = import 'pipeline_manifest.json'; -local pipelines = pipeline_manifest.pipelines; -local name = pipeline_manifest.name; -local util = import 'material.jsonnet'; -local stage_util = import 'stages.jsonnet'; -local infraVertical = pipeline_manifest.infraVertical; - -local groupMap = { - lending: { - test: 'Medici-test', - build: 'Medici', - dev: 'Medici-deploy-dev', - qa: 'Medici-deploy-qa', - uat: 'Medici-deploy-uat', - prod: 'Medici-deploy-prod', - cmd: 'Infrastructure', - 'data-platform-prod': 'Data', - 'data-platform-nonprod': 'Data', - }, - insurance:: { - test:: 'GI-test', - build: 'GI', - dev: 'GI-deploy-dev', - qa: 'GI-deploy-qa', - uat: 'GI-deploy-uat', - prod: 'GI-deploy-prod', - }, - amc:: { - test:: 'amc-test', - build: 'amc', - dev: 'amc-deploy-dev', - qa: 'amc-deploy-qa', - prod: 'amc-deploy-prod', - }, - sa:: { - test:: 'SA-test', - build: 'SA', - dev: 'SA-deploy-dev', - qa: 'SA-deploy-qa', - uat: 'SA-deploy-uat', - prod: 'SA-deploy-prod', - }, - infra:: {}, - colending::{ - test:: 'Co-Lending-test', - build: 'Co-Lending', - dev: 'Co-Lending-deploy-dev', - qa: 'Co-Lending-deploy-qa', - prod: 'Co-Lending-deploy-prod', - }, - 'navi-pay'::{ - test:: 'Navi-Pay-deploy-dev', - build: 'Navi-Pay', - dev: 'Navi-Pay-deploy-dev', - qa: 'Navi-Pay-deploy-qa', - uat: 'Navi-Pay-deploy-uat', - prod: 'Navi-Pay-deploy-prod', - }, - 'navi-saas'::{ - test:: 'Navi-Saas-deploy-dev', - build: 'Navi-Saas', - dev: 'Navi-Saas-deploy-dev', - qa: 'Navi-Saas-deploy-qa', - prod: 'Navi-Saas-deploy-prod', - }, - 'navi-ppl'::{ - test:: 'Navi-PPL-deploy-dev', - build: 'Navi-PPL', - dev: 'Navi-PPL-deploy-dev', - qa: 'Navi-PPL-deploy-qa', - prod: 'Navi-PPL-deploy-prod', - }, -}; - - -{ - format_version: 3, - pipelines: { - [util.pipelineName(name, pipeline)]: { - group: groupMap[infraVertical][pipeline.env], - materials: (if pipeline.type == 'test' then { - [util.pipelineName(name, pipeline)]: util.material(name, pipeline), - } else util.material(name, pipeline)), - environment_variables: { - ENVIRONMENT: pipeline.env, - APP_NAME: name, - }, - stages: stage_util.getStages(pipeline), - }, - for pipeline in pipelines - }, -} diff --git a/gocd-templates/sample-manifest/pipeline_manifest.json b/gocd-templates/sample-manifest/pipeline_manifest.json deleted file mode 100644 index 325d21c5..00000000 --- a/gocd-templates/sample-manifest/pipeline_manifest.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "name": "spring-boot-demo", - "pipelines": [ - { - "type": "test", - "env": "test", - "stages": [ - { - "type": "test" - } - ] - }, - { - "type": "build", - "env": "build", - "stages": [ - { - "type": "build" - } - ] - }, - { - "type": "migrate-deploy", - "env": "dev", - "stages": [ - { - "type": "migrate", - "approvalType":"auto" - }, - { - "type": "deploy", - "approvalType":"auto" - } - ] - }, - { - "type": "migrate-deploy", - "env": "qa", - "stages": [ - { - "type": "migrate", - "approvalType":"auto" - }, - { - "type": "deploy", - "approvalType":"auto" - } - ] - }, - { - "type": "migrate-deploy", - "env": "prod", - "stages": [ - { - "type": "migrate", - "approvalType":"manual" - }, - { - "type": "deploy", - "approvalType":"manual" - } - ] - } - ], - "infraVertical": "medici" -} \ No newline at end of file diff --git a/gocd-templates/stages.jsonnet b/gocd-templates/stages.jsonnet deleted file mode 100644 index 960231cd..00000000 --- a/gocd-templates/stages.jsonnet +++ /dev/null @@ -1,243 +0,0 @@ -local materialUtil = import 'material.jsonnet'; -local helpers = import 'pipeline_helper.jsonnet'; -local pipeline_manifest = import 'pipeline_manifest.json'; -local name = pipeline_manifest.name; -local pipelines = pipeline_manifest.pipelines; - -local elastic_profile_map = { - build: { - build: 'prod-default', - }, - test: { - test: 'prod-default', - }, - dev: { - migrate: 'prod-default', - deploy: 'nonprod-infra', - }, - qa: { - migrate: 'prod-default', - deploy: 'nonprod-infra', - }, - uat: { - migrate: 'prod-default', - deploy: 'nonprod-infra', - }, - prod: { - migrate: 'prod-default', - deploy: 'prod-infra', - }, -}; - -local infra_provisioner_arg = { - 'rds-deploy': 'database', - 's3-deploy': 's3-buckets', - 'iam-deploy': 'iam-roles', - 'redis-deploy': 'redis', - 'docdb-deploy': 'docdb', -}; - -{ - test(pipeline):: [ - { - test:{ - fetch_materials: true, - approval: { - type: 'success', - allow_only_on_success: false, - }, - jobs: { - test: { - timeout: 0, - elastic_profile_id: elastic_profile_map[pipeline.env].test, - tasks: [ - { - exec: { - command: 'bash', - arguments: [ - '-c', - 'git submodule update --remote --init', - ], - working_directory: 'test', - run_if: 'passed', - }, - }, - { - exec: { - arguments: [ - '-c', - 'eval $(aws ecr get-login --no-include-email --region ap-south-1 --registry-id 193044292705) && docker-compose up --abort-on-container-exit', - ], - command: 'bash', - run_if: 'passed', - working_directory: 'test', - }, - }, - ], - }, - }, - } - }, - ], - build(pipeline):: [ - { - build: { - fetch_materials: true, - jobs: { - build: { - timeout: 0, - elastic_profile_id: elastic_profile_map[pipeline.env].build, - tasks: [ - { - exec: { - arguments: [ - '-c', - 'docker-build' + ' ' + pipeline_manifest.name, - ], - command: 'bash', - run_if: 'passed', - }, - }, - ], - artifacts: [ - { - build: { - source: 'image_version', - destination: '', - }, - }, - ], - }, - }, - }, - }, - ], - migrate(pipeline):: [ - { - migration: { - fetch_materials: true, - approval: { - type: helpers.getApprovalType(pipeline.stages,'migrate'), - allow_only_on_success: false, - }, - jobs: { - migration: { - elastic_profile_id: elastic_profile_map[pipeline.env].migrate, - tasks: [ - { - fetch: { - is_file: true, - source: 'image_version', - destination: 'deployment', - pipeline: helpers.artifactPipeline(pipeline), - stage: 'build', - job: 'build', - run_if: 'passed', - }, - }, - { - script: ' cd deployment \n . fetch_config_portal \n eval $(aws ecr get-login --no-include-email --region ap-south-1 --registry-id 193044292705)\n docker run -w /usr/local \\ \n -e DATASOURCE_URL=${DATASOURCE_URL} -e DATASOURCE_USERNAME=${DATASOURCE_USERNAME} \\ \n -e DATASOURCE_PASSWORD=${DATASOURCE_PASSWORD} `cat image_version` java -jar database.jar', - }, - ], - }, - }, - }, - }, - ], - deploy(pipeline):: [ - { - deploy: { - fetch_materials: true, - approval: { - type: helpers.getApprovalType(pipeline.stages,'deploy'), - allow_only_on_success: false, - }, - jobs: { - deploy: { - timeout: 0, - elastic_profile_id: elastic_profile_map[pipeline.env].deploy, - tasks: [ - { - fetch: { - is_file: true, - source: 'image_version', - destination: 'deployment', - pipeline: helpers.artifactPipeline(pipeline), - stage: 'build', - job: 'build', - run_if: 'passed', - }, - }, - { - exec: { - arguments: [ - '-c', - 'portal_deploy ${ENVIRONMENT} `cat image_version`', - ], - command: 'bash', - run_if: 'passed', - working_directory: 'deployment', - }, - }, - ], - }, - }, - }, - }, - ], - deployAwsResourcesWithPlan(pipeline, type):: [ - { - plan: { - approval: { - type: "manual", - allow_only_on_success: false - }, - environment_variables: { - "ADDITIONAL_OPTIONS": "--plan" - }, - jobs: { - "deploy": { - elastic_profile_id: 'prod-infra', - tasks: [ - { - script: '. fetch_manifest\n infra-provisioner-v2 -m $MANIFEST ${ADDITIONAL_OPTIONS} all\n' - } - ] - } - } - } - }, - { - deploy: { - approval: { - type: "manual", - allow_only_on_success: false - }, - environment_variables: { - "ADDITIONAL_OPTIONS": "" - }, - jobs: { - "deploy": { - elastic_profile_id: 'prod-infra', - tasks: [ - { - script: ". fetch_manifest\n infra-provisioner-v2 -m $MANIFEST ${ADDITIONAL_OPTIONS} all\n" - } - ] - } - } - } - }, - ], - getStages(pipeline):: - if pipeline.type == 'test' then $.test(pipeline) - else if pipeline.type == 'build' then $.build(pipeline) - else if pipeline.type == 'migrate-deploy' then ( - (if std.objectHas(helpers.stageMap(pipeline), 'migrate') then $.migrate(pipeline) else []) + - (if std.objectHas(helpers.stageMap(pipeline), 'deploy') then $.deploy(pipeline) else []) - ) else if pipeline.type == 'rds-deploy' || - pipeline.type == 's3-deploy' || - pipeline.type == 'redis-deploy' || - pipeline.type == 'docdb-deploy' || - pipeline.type == 'iam-deploy' then $.deployAwsResourcesWithPlan(pipeline, infra_provisioner_arg[pipeline.type]) -} diff --git a/kutegen b/kutegen new file mode 160000 index 00000000..c5f45680 --- /dev/null +++ b/kutegen @@ -0,0 +1 @@ +Subproject commit c5f456804ceea1d8c40412794f856a91602477bf diff --git a/pom.xml b/pom.xml index addd4e55..362fc40d 100644 --- a/pom.xml +++ b/pom.xml @@ -35,6 +35,11 @@ + + com.slack.api + slack-api-client + 1.38.3 + com.flipkart.zjsonpatch zjsonpatch @@ -325,6 +330,25 @@ + + maven-clean-plugin + + + + ${project.basedir}/kubernetes_manifests + + + ${project.basedir}/manifests + + + ${project.basedir}/pipeline_manifests + + + ${project.basedir}/pipelines + + + + diff --git a/scripts/amc_manifest_migration.py b/scripts/amc_manifest_migration.py new file mode 100644 index 00000000..76193906 --- /dev/null +++ b/scripts/amc_manifest_migration.py @@ -0,0 +1,64 @@ +#!/usr/bin/python3 + +import requests + +url_to_fetch = "" # FILL ME +url_to_post = "" # FILL ME +get_cookie = "" # FILL ME +get_x_xsrf_token = "" # FILL ME +post_cookie = "" # FILL ME +post_x_xsrf_token = "" # FILL ME +get_manifest = requests.Session() +get_manifest.headers.update({'cookie': get_cookie, 'x-xsrf-token': get_x_xsrf_token}) +post_manifest = requests.Session() +post_manifest.headers.update({'cookie': post_cookie, 'x-xsrf-token': post_x_xsrf_token}) + +ids = [] # FILL ME + + +def remove_version_id_keys(data): + if isinstance(data, dict): + return {key: remove_version_id_keys(value) for key, value in data.items() if + key not in ['version', 'id']} + elif isinstance(data, list): + return [remove_version_id_keys(item) for item in data] + else: + return data + + +def replace_key(data, key_to_replace, value_to_replace, replace_with): + if isinstance(data, dict): + return { + key: replace_key(value, key_to_replace, value_to_replace, replace_with) if isinstance( + value, (dict, list)) + else ( + value.replace(value_to_replace, replace_with) if isinstance(value, + str) and key == key_to_replace + else replace_with if value == value_to_replace and key == key_to_replace and isinstance( + value, type(value_to_replace)) + else value + ) + for key, value in data.items() + } + elif isinstance(data, list): + return [replace_key(item, key_to_replace, value_to_replace, replace_with) for item in data] + else: + return data + + +replacements = [ + ('product', 'lending', 'amc'), + ('infraVertical', 'lending', 'amc'), + ('cluster', 'nonprod.np.navi-tech.in', 'aps1.np.navi-amc.in'), + ('endpoint', 'np.navi-tech.in', 'np.navi-amc.in'), + ('isDeployed', True, False) +] + +for id in ids: + r = get_manifest.get(url_to_fetch + id) + get_manifest_response = r.json() + manifest_data_to_post = remove_version_id_keys(get_manifest_response) + for key, old_value, new_value in replacements: + manifest_data_to_post = replace_key(manifest_data_to_post, key, old_value, new_value) + post_manifest_response = post_manifest.post(f"{url_to_post}", json=manifest_data_to_post) + print(f'manifestId:{id} status code {post_manifest_response.status_code}') diff --git a/src/main/java/com/navi/infra/portal/configuration/TeamConfiguration.java b/src/main/java/com/navi/infra/portal/configuration/TeamConfiguration.java index 0010f80b..c68eb31f 100644 --- a/src/main/java/com/navi/infra/portal/configuration/TeamConfiguration.java +++ b/src/main/java/com/navi/infra/portal/configuration/TeamConfiguration.java @@ -21,6 +21,8 @@ import java.util.function.Function; import java.util.function.Supplier; import java.util.stream.Stream; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -31,7 +33,8 @@ import org.springframework.transaction.annotation.Transactional; public class TeamConfiguration { private final TeamRepository teamRepository; - + @Autowired + @Qualifier(value = "DefaultRoleService") private final RoleService roleService; private final PrivilegeService privilegeService; diff --git a/src/main/java/com/navi/infra/portal/controller/ManifestController.java b/src/main/java/com/navi/infra/portal/controller/ManifestController.java index f9eca45c..68a6cebb 100644 --- a/src/main/java/com/navi/infra/portal/controller/ManifestController.java +++ b/src/main/java/com/navi/infra/portal/controller/ManifestController.java @@ -6,12 +6,10 @@ import static org.springframework.http.HttpStatus.FORBIDDEN; import com.navi.infra.portal.domain.manifest.Manifest; import com.navi.infra.portal.domain.manifest.ManifestAudit; import com.navi.infra.portal.dto.manifest.CloneManifestRequest; -import com.navi.infra.portal.v2.grafanadashboard.dto.CreateDashboardRequest; -import com.navi.infra.portal.v2.grafanadashboard.dto.GrafanaDashboardResponse; import com.navi.infra.portal.dto.manifest.ManifestResponse; import com.navi.infra.portal.repository.ManifestName; import com.navi.infra.portal.service.manifest.ManifestService; -import com.navi.infra.portal.v2.grafanadashboard.entity.GrafanaDashboard; +import com.navi.infra.portal.v2.grafanadashboard.dto.GrafanaDashboardResponse; import com.navi.infra.portal.v2.grafanadashboard.service.GrafanaDashboardService; import com.navi.infra.portal.v2.manifest.dto.DeploymentStatusRequestDto; import java.util.List; @@ -82,6 +80,11 @@ public class ManifestController { return manifestService.fetchById(id); } + @GetMapping("/{id}/export") + public Map exportManifest(@PathVariable Long id) { + return manifestService.exportManifestById(id); + } + @GetMapping("/env/{environment}/name/{name}/kube") public String fetchKubeObjectByName( @PathVariable String name, @PathVariable String environment, @@ -158,5 +161,5 @@ public class ManifestController { ) { return grafanaDashboardService.findGrafanaDashboardByManifest(id); } - + } diff --git a/src/main/java/com/navi/infra/portal/domain/user/User.java b/src/main/java/com/navi/infra/portal/domain/user/User.java index d4a72342..cbfa48fa 100644 --- a/src/main/java/com/navi/infra/portal/domain/user/User.java +++ b/src/main/java/com/navi/infra/portal/domain/user/User.java @@ -38,6 +38,8 @@ public class User extends BaseEntity implements AuthenticatedUser { private String email; + private String slackId; + @OneToOne(mappedBy = "user") private Token token; diff --git a/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageBlockType.java b/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageBlockType.java index bfc57860..8f8d7832 100644 --- a/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageBlockType.java +++ b/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageBlockType.java @@ -5,7 +5,8 @@ public enum SlackMessageBlockType { CONTEXT("context"), DIVIDER("divider"), HEADER("header"), - SECTION("section"); + SECTION("section"), + ACTIONS("actions"); public final String type; diff --git a/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageText.java b/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageText.java index 590b7f9c..4e63e909 100644 --- a/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageText.java +++ b/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageText.java @@ -13,4 +13,17 @@ public class SlackMessageText { private String type; private String text; + + public SlackMessageText(SlackMessageTextType type, String text) { + this.type = type.type; + this.text = text; + } + + /* + "text": { + "type": "plain_text", + "text": "Reject", + "emoji": true + } + */ } diff --git a/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageTextType.java b/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageTextType.java new file mode 100644 index 00000000..dbdf13bb --- /dev/null +++ b/src/main/java/com/navi/infra/portal/dto/slack/SlackMessageTextType.java @@ -0,0 +1,14 @@ +package com.navi.infra.portal.dto.slack; + +public enum SlackMessageTextType { + + MARKDOWN("mrkdwn"), + PLAINTEXT("plain_text"); + + public final String type; + + SlackMessageTextType(String type) { + this.type = type; + } + +} diff --git a/src/main/java/com/navi/infra/portal/events/PortalEventListener.java b/src/main/java/com/navi/infra/portal/events/PortalEventListener.java index d9c70109..512a7532 100644 --- a/src/main/java/com/navi/infra/portal/events/PortalEventListener.java +++ b/src/main/java/com/navi/infra/portal/events/PortalEventListener.java @@ -15,6 +15,7 @@ import com.navi.infra.portal.dto.slack.SlackMessage; import com.navi.infra.portal.dto.slack.SlackMessageBlock; import com.navi.infra.portal.dto.slack.SlackMessageBlockType; import com.navi.infra.portal.dto.slack.SlackMessageText; +import com.navi.infra.portal.dto.slack.SlackMessageTextType; import com.navi.infra.portal.util.MapDiffUtil; import java.util.ArrayList; import java.util.List; @@ -89,7 +90,7 @@ public class PortalEventListener { ArrayList list = new ArrayList<>(); SlackMessageText majorText = new SlackMessageText(); - majorText.setType("plain_text"); + majorText.setType(SlackMessageTextType.PLAINTEXT.type); majorText.setText(format(vaultUpdateEvent.getMessage())); SlackMessageBlock majorTextBlock = new SlackMessageBlock(); majorTextBlock.setType(SlackMessageBlockType.HEADER.type); @@ -195,9 +196,9 @@ public class PortalEventListener { private SlackMessageBlock getSlackMessageBlock(SlackMessageBlockType blockType, String message) { SlackMessageText slackMessageText = new SlackMessageText(); - String textType = "mrkdwn"; + String textType = SlackMessageTextType.MARKDOWN.type; if (blockType.type.equals(SlackMessageBlockType.HEADER.type)) { - textType = "plain_text"; + textType = SlackMessageTextType.PLAINTEXT.type; } slackMessageText.setType(textType); slackMessageText.setText(message); diff --git a/src/main/java/com/navi/infra/portal/repository/UserRepository.java b/src/main/java/com/navi/infra/portal/repository/UserRepository.java index 5aaf3e35..b2b1a7e1 100644 --- a/src/main/java/com/navi/infra/portal/repository/UserRepository.java +++ b/src/main/java/com/navi/infra/portal/repository/UserRepository.java @@ -13,6 +13,9 @@ public interface UserRepository extends JpaRepository { @Query("SELECT u FROM User u WHERE lower(u.email) = :email") Optional findByEmail(String email); + @Query("SELECT u.id FROM User u WHERE lower(u.email) = :email") + Long findIdByEmail(String email); + @Query("SELECT u FROM User u WHERE lower(u.email) in (:emailList)") List> findAllByEmail(List emailList); } diff --git a/src/main/java/com/navi/infra/portal/service/gocd/PipelineManifestService.java b/src/main/java/com/navi/infra/portal/service/gocd/PipelineManifestService.java index 159e3bde..ab8034e8 100644 --- a/src/main/java/com/navi/infra/portal/service/gocd/PipelineManifestService.java +++ b/src/main/java/com/navi/infra/portal/service/gocd/PipelineManifestService.java @@ -3,7 +3,7 @@ package com.navi.infra.portal.service.gocd; import com.fasterxml.jackson.databind.ObjectMapper; import com.navi.infra.portal.domain.gocd.PipelineManifest; import com.navi.infra.portal.repository.PipelineManifestRepository; -import com.navi.infra.portal.util.JsonnetUtil; +import com.navi.infra.portal.util.KubernetesManifestGenerator; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileReader; @@ -30,8 +30,6 @@ import org.springframework.web.server.ResponseStatusException; public class PipelineManifestService { private final String PIPELINE_MANIFEST_PATH = "pipeline_manifests"; - private final String PIPELINE_TEMPLATES_FOLDER = "gocd-templates"; - private final String mainJsonnet = "main.jsonnet"; private final String PIPELINE_YAML_PATH = "pipelines"; private final String PIPELINE_MANIFEST_FILE_NAME = "pipeline_manifest.json"; private final String PIPELINE_YAML_FILE_NAME = "pipelines.json"; @@ -40,7 +38,7 @@ public class PipelineManifestService { private final PipelineManifestRepository pipelineManifestRepository; - private final JsonnetUtil jsonnetUtil; + private final KubernetesManifestGenerator kubernetesManifestGenerator; public List pipelineManifestList() { return pipelineManifestRepository @@ -88,9 +86,12 @@ public class PipelineManifestService { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); PrintStream printStream = new PrintStream(byteArrayOutputStream, false, StandardCharsets.UTF_8); - var exitCode = jsonnetUtil.generateKManifests(getPipelinesManifestPath(pipelineManifest), - getPipelinesPath(pipelineManifest), printStream, new String[]{}, mainJsonnet, - PIPELINE_TEMPLATES_FOLDER); + var exitCode = kubernetesManifestGenerator.generate( + printStream, new String[]{"gocd-pipeline", + "-f", getPipelinesManifestPath(pipelineManifest) + PIPELINE_MANIFEST_FILE_NAME, + "-o", getPipelinesPath(pipelineManifest) + } + ); if (exitCode != 0) { throw new RuntimeException(String.format("Could not generate manifests %s", diff --git a/src/main/java/com/navi/infra/portal/service/kubernetes/KubernetesManifestService.java b/src/main/java/com/navi/infra/portal/service/kubernetes/KubernetesManifestService.java index 41e55c73..d7ed6fcf 100644 --- a/src/main/java/com/navi/infra/portal/service/kubernetes/KubernetesManifestService.java +++ b/src/main/java/com/navi/infra/portal/service/kubernetes/KubernetesManifestService.java @@ -31,7 +31,7 @@ import com.navi.infra.portal.domain.manifest.StatusMarker; import com.navi.infra.portal.dto.manifest.SecurityGroup; import com.navi.infra.portal.exceptions.KubernetesManifestException; import com.navi.infra.portal.service.manifest.DeploymentService; -import com.navi.infra.portal.util.JsonnetUtil; +import com.navi.infra.portal.util.KubernetesManifestGenerator; import com.navi.infra.portal.util.MapDiffUtil; import com.navi.infra.portal.util.kubernetes.KubernetesManifestUtils; import io.kubernetes.client.openapi.ApiException; @@ -71,8 +71,6 @@ import org.springframework.stereotype.Service; @Slf4j public class KubernetesManifestService { - private static final String JSONNET_TEMPLATES_FOLDER = "templates"; - private static final String GENERATED_KUBERNETES_MANIFEST_FOLDER = "kubernetes_manifests"; private static final String MANIFEST_INPUT_FILE_PATH = "manifests"; @@ -93,7 +91,7 @@ public class KubernetesManifestService { private final String environment; - private final JsonnetUtil jsonnetUtil; + private final KubernetesManifestGenerator kubernetesManifestGenerator; private final KubeClient kubeClient; private final long securityGroupIdFetchRetryFixedBackoff; @@ -104,7 +102,7 @@ public class KubernetesManifestService { ObjectMapper objectMapper, Executor executor, @Value("${ENVIRONMENT:test}") String environment, - JsonnetUtil jsonnetUtil, + KubernetesManifestGenerator kubernetesManifestGenerator, KubeClient kubeClient, @Value("${kubernetes.security-group.id.fetch.fixed-backoff.interval}") long securityGroupIdFetchRetryFixedBackoff, @Value("${kubernetes.security-group.id.fetch.fixed-backoff.max-attempts}") int securityGroupIdFetchRetryMaxAttempts @@ -113,7 +111,7 @@ public class KubernetesManifestService { this.objectMapper = objectMapper; this.executor = executor; this.environment = environment; - this.jsonnetUtil = jsonnetUtil; + this.kubernetesManifestGenerator = kubernetesManifestGenerator; this.kubeClient = kubeClient; this.securityGroupIdFetchRetryFixedBackoff = securityGroupIdFetchRetryFixedBackoff; this.securityGroupIdFetchRetryMaxAttempts = securityGroupIdFetchRetryMaxAttempts; @@ -132,7 +130,7 @@ public class KubernetesManifestService { public void generateManifestsAndApply(Manifest manifest) { if (manifest.getDeployment() != null) { - final String kManifestPath = generateManifests(manifest, null); + final String kManifestPath = generateManifests(manifest, "null"); log.info("Generated kubernetes manifests at {}", kManifestPath); if (environment.equals("test")) { log.info( @@ -340,8 +338,10 @@ public class KubernetesManifestService { PrintStream printStream = new PrintStream(byteArrayOutputStream, false, StandardCharsets.UTF_8); String writePath = getKubernetesManifestPath(manifest); - int exitCode = generateKManifests(getManifestPath(manifest), writePath, printStream, - new String[]{"--ext-str", "IMAGE=" + image }, mainJsonnet); + int exitCode = generateKManifests(printStream, + new String[]{"generate", "--image", image, + "--file", getManifestPath(manifest) + MANIFEST_INPUT_FILE_NAME, + "--output", writePath}); if (exitCode > 0) { throw new KubernetesManifestException( format("Not able to generate kubernetes manifests: %s", @@ -501,15 +501,8 @@ public class KubernetesManifestService { return jsonObject; } - private int generateKManifests( - String readPath, - String writePath, - PrintStream ps, - String[] jsonnetAdditionalOptions, - String mainJsonnet - ) { - return jsonnetUtil.generateKManifests(readPath, writePath, ps, jsonnetAdditionalOptions, - mainJsonnet, JSONNET_TEMPLATES_FOLDER); + private int generateKManifests(PrintStream ps, String[] jsonnetAdditionalOptions) { + return kubernetesManifestGenerator.generate(ps, jsonnetAdditionalOptions); } /** diff --git a/src/main/java/com/navi/infra/portal/service/manifest/ManifestService.java b/src/main/java/com/navi/infra/portal/service/manifest/ManifestService.java index c5550a9b..b918c088 100644 --- a/src/main/java/com/navi/infra/portal/service/manifest/ManifestService.java +++ b/src/main/java/com/navi/infra/portal/service/manifest/ManifestService.java @@ -39,6 +39,7 @@ import com.navi.infra.portal.service.kubernetes.KubernetesManifestService; import com.navi.infra.portal.service.user.PrivilegeUtilService; import com.navi.infra.portal.service.user.UserService; import com.navi.infra.portal.util.MapDiffUtil; +import com.navi.infra.portal.util.ObjectTransformationUtil; import com.navi.infra.portal.util.manifest.ValidationUtils; import com.navi.infra.portal.v2.loadbalancer.FindGroupNameRequest; import com.navi.infra.portal.v2.loadbalancer.LoadBalancerService; @@ -55,6 +56,7 @@ import java.util.List; import java.util.Map; import java.util.Optional; import java.util.Set; +import java.util.stream.Collectors; import lombok.extern.slf4j.Slf4j; import org.apache.commons.io.IOUtils; import org.apache.commons.text.StringSubstitutor; @@ -71,34 +73,20 @@ import org.springframework.transaction.annotation.Transactional; public class ManifestService { private final ObjectMapper objectMapper; - private final ManifestRepository manifestRepository; - private final ManifestAuditRepository manifestAuditRepository; - private final ValidationUtils manifestValidationUtil; - private final VaultService vaultService; - private final KubernetesManifestService kubernetesManifestService; - private final PortalEventPublisher portalEventPublisher; - private final PrivilegeUtilService privilegeUtilService; - private final ManifestAuditService manifestAuditService; - private final UserService userService; - private final MapDiffUtil mapDiffUtil; - private final AuthorizationService authorizationFilter; - private final LoadBalancerService loadBalancerService; - private final List extraResourceList; - ManifestService( ObjectMapper objectMapper, ManifestRepository manifestRepository, @@ -212,7 +200,6 @@ public class ManifestService { final Manifest newManifest; if (hasDifference(difference)) { logManifestDifference(manifest, oldManifest); - processLoadBalancers(manifest, oldManifest); newManifest = saveManifestWithoutSecrets(manifest); newManifest.addRedactedValuesToSuperSecrets(); @@ -239,7 +226,6 @@ public class ManifestService { log.info("Manifest does not have deployment or flink"); return; } - final var findGroupNameRequest = FindGroupNameRequest.builder() .newLbs(newLbs) .oldLbs(oldLbs) @@ -497,6 +483,45 @@ public class ManifestService { return addGivenSecrets(savedManifest, secrets); } + private List getEndpointsFromCurrentManifest(Manifest manifest) { + return manifest.getDeployment() + .getLoadBalancers() + .stream() + .map(LoadBalancer::getEndpoint) + .collect(Collectors.toList()); + } + + private void checkForExternalEndpointsDuplicates( + Manifest manifest, List allEndpointsInCurrentManifest + ) { + Set allEndpointsExceptInParentManifest = getAllEndpointsNotIn(manifest.getId()); + List externalDuplicates = allEndpointsInCurrentManifest.stream() + .filter(allEndpointsExceptInParentManifest::contains) + .collect(Collectors.toList()); + + if (!externalDuplicates.isEmpty()) { + log.error("Duplicate load balancer endpoints found for {} - {}", + manifest.fullName(), externalDuplicates); + throw new DuplicateLoadBalancerEndpointException(externalDuplicates); + } + } + + private void checkForInternalEndpointsDuplicates( + Manifest manifest, List allEndpointsInCurrentManifest + ) { + Set endpointSet = new HashSet<>(); + List internalDuplicates = allEndpointsInCurrentManifest.stream() + .filter(endpoint -> !endpointSet.add(endpoint)) + .distinct() + .collect(Collectors.toList()); + + if (!internalDuplicates.isEmpty()) { + log.error("Duplicate load balancer endpoints found for {} - {}", + manifest.fullName(), internalDuplicates); + throw new DuplicateLoadBalancerEndpointException(internalDuplicates); + } + } + private void validateLoadBalancer(Manifest manifest) { log.info("Validating load balancer for {}", manifest.fullName()); if (manifest.getDeployment() == null || @@ -507,19 +532,9 @@ public class ManifestService { return; } - final var allEndpointsExceptInParentManifest = getAllEndpointsNotIn(manifest.getId()); - final var manifestEndpoints = manifest.getDeployment() - .getLoadBalancers() - .stream() - .map(LoadBalancer::getEndpoint) - .filter(allEndpointsExceptInParentManifest::contains) - .collect(toList()); - - if (!manifestEndpoints.isEmpty()) { - log.error("Duplicate load balancer endpoints found for {} - {}", manifest.fullName(), - manifestEndpoints); - throw new DuplicateLoadBalancerEndpointException(manifestEndpoints); - } + List allEndpointsInCurrentManifest = getEndpointsFromCurrentManifest(manifest); + checkForExternalEndpointsDuplicates(manifest, allEndpointsInCurrentManifest); + checkForInternalEndpointsDuplicates(manifest, allEndpointsInCurrentManifest); log.info("No duplicate load balancer endpoints found for {}", manifest.fullName()); } @@ -736,5 +751,14 @@ public class ManifestService { return manifestRepository.findManifestNameById(id); } + public Map exportManifestById(Long id) { + final Set keysToExclude = Set.of("version", "id", "infraVertical", "cluster"); + final Map keysToReplace = Map.of("isDeployed", false, "ids", emptyList()); + var manifest = fetchById(id); + var manifestAsMap = manifest.convertToMap(); + ObjectTransformationUtil.removeKeys(manifestAsMap, keysToExclude); + ObjectTransformationUtil.replaceKeys(manifestAsMap, keysToReplace); + return manifestAsMap; + } } diff --git a/src/main/java/com/navi/infra/portal/service/user/UserService.java b/src/main/java/com/navi/infra/portal/service/user/UserService.java index 85d750a4..f9e89fa9 100644 --- a/src/main/java/com/navi/infra/portal/service/user/UserService.java +++ b/src/main/java/com/navi/infra/portal/service/user/UserService.java @@ -24,6 +24,7 @@ import com.navi.infra.portal.repository.TokenRepository; import com.navi.infra.portal.repository.UserRepository; import com.navi.infra.portal.security.authorization.AuthorizationContext; import com.navi.infra.portal.v2.role.RoleService; +import com.navi.infra.portal.v2.slackbotclient.SlackBotClient; import com.navi.infra.portal.v2.team.TeamService; import java.io.IOException; import java.util.List; @@ -63,6 +64,8 @@ public class UserService { private final ObjectMapper yamlMapper; + private final SlackBotClient slackBotClient; + public UserService( UserRepository userRepository, RoleService roleService, @@ -71,7 +74,8 @@ public class UserService { PasswordEncoder passwordEncoder, TeamService teamService, @Qualifier("jsonMapper") ObjectMapper objectMapper, - @Qualifier("yamlMapper") ObjectMapper yamlMapper + @Qualifier("yamlMapper") ObjectMapper yamlMapper, + SlackBotClient slackBotClient ) { this.userRepository = userRepository; this.roleService = roleService; @@ -81,6 +85,7 @@ public class UserService { this.teamService = teamService; this.objectMapper = objectMapper; this.yamlMapper = yamlMapper; + this.slackBotClient = slackBotClient; } private static boolean filterUnsavedUsers( @@ -136,15 +141,17 @@ public class UserService { public User from(OidcUser oidcUser) { final String email = oidcUser.getEmail(); final var userOptional = userRepository.findByEmail(email); - var user = userOptional.orElseThrow( - () -> new OAuth2AuthenticationException(new OAuth2Error("0", "Create your entry in https://github.com/navi-infra/user-management/blob/master/deployment-portal/user-mapping.yaml", "/")) - ); - if (user.getName() == null && oidcUser.getAttribute("name") != null) { - user.setName(oidcUser.getAttribute("name")); - log.info("User {} has no name, setting name to {}", email, user.getName()); - user = userRepository.save(user); - } - return user; + var user = userOptional.orElseThrow( + () -> new OAuth2AuthenticationException(new OAuth2Error("0", + "Create your entry in https://github.com/navi-infra/user-management/blob/master/deployment-portal/user-mapping.yaml", + "/")) + ); + if (user.getName() == null && oidcUser.getAttribute("name") != null) { + user.setName(oidcUser.getAttribute("name")); + log.info("User {} has no name, setting name to {}", email, user.getName()); + user = userRepository.save(user); + } + return user; } // if token already exist it will replace the token @@ -302,4 +309,33 @@ public class UserService { }) .collect(toList()); } + + public User findUserByEmail(String email) { + return userRepository.findByEmail(email) + .orElseThrow(() -> new UsernameNotFoundException(email + " not found")); + } + + public List getUsersWithRole(String roleName) { + return roleService.findUsersByRoleName(roleName); + } + + private void syncUserEmailAndSlackId() throws IOException { + var users = userRepository.findAll(); + Map emailSlackIdMapping = slackBotClient.fetchAndProcessSlackUsers(); + users.forEach(user -> { + if (user.getSlackId() == null || user.getSlackId().isEmpty()) { + user.setSlackId(emailSlackIdMapping.get(user.getEmail())); + } + }); + userRepository.saveAll(users); + } + + public String getUsersSlackId(User user) throws IOException { + String slackId = user.getSlackId(); + if (slackId == null || slackId.isEmpty()) { + syncUserEmailAndSlackId(); + return user.getSlackId(); + } + return slackId; + } } diff --git a/src/main/java/com/navi/infra/portal/util/JsonnetUtil.java b/src/main/java/com/navi/infra/portal/util/JsonnetUtil.java deleted file mode 100644 index ebc808b3..00000000 --- a/src/main/java/com/navi/infra/portal/util/JsonnetUtil.java +++ /dev/null @@ -1,19 +0,0 @@ -package com.navi.infra.portal.util; - -import java.io.PrintStream; - -public interface JsonnetUtil { - - int generateKManifests( - String readPath, String writePath, PrintStream ps, - String[] jsonnetAdditionalOptions, String mainJsonnet, String jsonnetTemplatesFolder - ); - - int run( - String writePath, - PrintStream ps, - String[] jsonnetAdditionalOptions, - String mainJsonnet, - String jsonnetTemplatesFolder - ); -} diff --git a/src/main/java/com/navi/infra/portal/util/JsonnetUtilImpl.java b/src/main/java/com/navi/infra/portal/util/JsonnetUtilImpl.java deleted file mode 100644 index 89010fea..00000000 --- a/src/main/java/com/navi/infra/portal/util/JsonnetUtilImpl.java +++ /dev/null @@ -1,68 +0,0 @@ -package com.navi.infra.portal.util; - -import static java.lang.System.arraycopy; -import static scala.None$.empty; - -import java.io.PrintStream; -import org.springframework.stereotype.Component; -import os.package$; -import sjsonnet.DefaultParseCache; -import sjsonnet.SjsonnetMain; - -@Component -public class JsonnetUtilImpl implements JsonnetUtil { - - @Override - public int generateKManifests( - String readPath, String writePath, PrintStream ps, - String[] jsonnetAdditionalOptions, String mainJsonnet, String jsonnetTemplatesFolder - ) { - - String[] jsonnetOptions = new String[]{jsonnetTemplatesFolder + "/" + mainJsonnet, "-J", - readPath, "-c", "-m", writePath}; - - return run(jsonnetOptions, jsonnetAdditionalOptions, ps); - } - - @Override - public int run( - String writePath, - PrintStream ps, - String[] jsonnetAdditionalOptions, - String mainJsonnet, - String jsonnetTemplatesFolder - ) { - String[] jsonnetOptions = new String[]{jsonnetTemplatesFolder + "/" + mainJsonnet, - "-c", "-m", writePath}; - - return run(jsonnetOptions, jsonnetAdditionalOptions, ps); - } - - private static int run( - String[] options, - String[] additionalOptions, - PrintStream ps - ) { - PrintStream stdErr = System.err; - System.setErr(ps); - - try { - var jsonnetCommand = new String[additionalOptions.length + options.length]; - arraycopy(options, 0, jsonnetCommand, 0, options.length); - arraycopy(additionalOptions, 0, jsonnetCommand, options.length, - additionalOptions.length); - - return SjsonnetMain.main0(jsonnetCommand, - new DefaultParseCache(), - System.in, - System.out, - System.err, - package$.MODULE$.pwd(), - empty(), - empty() - ); - } finally { - System.setErr(stdErr); - } - } -} diff --git a/src/main/java/com/navi/infra/portal/util/KubernetesManifestGenerator.java b/src/main/java/com/navi/infra/portal/util/KubernetesManifestGenerator.java new file mode 100644 index 00000000..2492fb87 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/util/KubernetesManifestGenerator.java @@ -0,0 +1,8 @@ +package com.navi.infra.portal.util; + +import java.io.PrintStream; + +public interface KubernetesManifestGenerator { + + int generate(PrintStream ps, String[] args); +} diff --git a/src/main/java/com/navi/infra/portal/util/KutegenClient.java b/src/main/java/com/navi/infra/portal/util/KutegenClient.java new file mode 100644 index 00000000..9bd73d9e --- /dev/null +++ b/src/main/java/com/navi/infra/portal/util/KutegenClient.java @@ -0,0 +1,52 @@ +package com.navi.infra.portal.util; + +import static java.lang.System.arraycopy; + +import java.io.PrintStream; +import java.util.Arrays; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; + +@Component +@Slf4j +public class KutegenClient implements KubernetesManifestGenerator { + + private final String[] kutegenPath; + + public KutegenClient(@Value("${ENVIRONMENT:test}") String environment) { + if (environment.equals("test")) { + kutegenPath = new String[]{"go", "run", "kutegen/cmd/main.go"}; + } else { + kutegenPath = new String[]{"bin/kutegen"}; + } + } + + @Override + public int generate(PrintStream ps, String[] args) { + final var exitCode = run(args, ps); + log.info("Kutegen exit code: {}", exitCode); + return exitCode; + } + + private int run(String[] args, PrintStream errorStream) { + final var stdErr = System.err; + System.setErr(errorStream); + + try { + final var command = new String[kutegenPath.length + args.length]; + + arraycopy(kutegenPath, 0, command, 0, kutegenPath.length); + arraycopy(args, 0, command, kutegenPath.length, args.length); + + log.info("Running kutegen with options: {}", Arrays.toString(command)); + final var processBuilder = new ProcessBuilder(command); + final var process = processBuilder.inheritIO().start(); + return process.waitFor(); + } catch (Exception e) { + throw new RuntimeException("Error running kutegen", e); + } finally { + System.setErr(stdErr); + } + } +} diff --git a/src/main/java/com/navi/infra/portal/util/ObjectTransformationUtil.java b/src/main/java/com/navi/infra/portal/util/ObjectTransformationUtil.java new file mode 100644 index 00000000..46545d16 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/util/ObjectTransformationUtil.java @@ -0,0 +1,75 @@ +package com.navi.infra.portal.util; + +import java.util.List; +import java.util.Map; +import java.util.Set; + +public final class ObjectTransformationUtil { + + private ObjectTransformationUtil() { + throw new AssertionError("No instances for you!"); + } + + @SuppressWarnings("unchecked") + public static void removeKeys(Map data, Set keys) { + var iterator = data.entrySet().iterator(); + while (iterator.hasNext()) { + var entry = iterator.next(); + if (keys.contains(entry.getKey())) { + iterator.remove(); + } else if (entry.getValue() instanceof Map) { + removeKeys((Map) entry.getValue(), keys); + } else if (entry.getValue() instanceof List) { + removeKeys((List) entry.getValue(), keys); + } + } + } + + @SuppressWarnings("unchecked") + public static void removeKeys(List data, Set keys) { + for (Object item : data) { + if (item instanceof Map) { + removeKeys((Map) item, keys); + } else if (item instanceof List) { + removeKeys((List) item, keys); + } + } + } + + @SuppressWarnings("unchecked") + public static void replaceKeys( + Map data, + Map replacements + ) { + for (Map.Entry entry : data.entrySet()) { + if (replacements.containsKey(entry.getKey())) { + entry.setValue(replacements.get(entry.getKey())); + } else if (entry.getValue() instanceof Map) { + replaceKeys((Map) entry.getValue(), replacements); + } else if (entry.getValue() instanceof List) { + for (Object item : (List) entry.getValue()) { + if (item instanceof Map) { + replaceKeys((Map) item, replacements); + } else if (item instanceof List) { + replaceKeys((List) item, replacements); + } + } + } + } + } + + + @SuppressWarnings("unchecked") + public static void replaceKeys( + List data, + Map replacements + ) { + for (Object item : data) { + if (item instanceof Map) { + replaceKeys((Map) item, replacements); + } else if (item instanceof List) { + replaceKeys((List) item, replacements); + } + } + } +} diff --git a/src/main/java/com/navi/infra/portal/util/ResourceReaderUtil.java b/src/main/java/com/navi/infra/portal/util/ResourceReaderUtil.java new file mode 100644 index 00000000..5777ba92 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/util/ResourceReaderUtil.java @@ -0,0 +1,44 @@ +package com.navi.infra.portal.util; + +import static java.util.Collections.emptyMap; + +import com.fasterxml.jackson.databind.ObjectMapper; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.util.List; +import java.util.Map; +import lombok.extern.slf4j.Slf4j; +import org.springframework.core.io.DefaultResourceLoader; +import org.springframework.core.io.ResourceLoader; +import org.springframework.stereotype.Component; + +@Slf4j +@Component +public class ResourceReaderUtil { + + private static final ResourceLoader resourceLoader = new DefaultResourceLoader(); + private final ObjectMapper objectMapper; + + public ResourceReaderUtil(ObjectMapper objectMapper) { + this.objectMapper = objectMapper; + } + + @SuppressWarnings("unchecked") + public Map getResourceFromPath(List path) throws FileNotFoundException { + Map map = emptyMap(); + String pathString = String.join("/", path); + try { + final var fileInputStream = resourceLoader + .getResource(pathString) + .getInputStream(); + map = objectMapper.readValue(fileInputStream, Map.class); + } catch (FileNotFoundException e) { + log.info("File is not found in path: {}", pathString); + throw e; + } catch (IOException e) { + throw new RuntimeException(e); + } + return map; + + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/changerequest/service/ManifestLimitServiceImpl.java b/src/main/java/com/navi/infra/portal/v2/changerequest/service/ManifestLimitServiceImpl.java index 4a78115b..b72dd35e 100644 --- a/src/main/java/com/navi/infra/portal/v2/changerequest/service/ManifestLimitServiceImpl.java +++ b/src/main/java/com/navi/infra/portal/v2/changerequest/service/ManifestLimitServiceImpl.java @@ -1,75 +1,52 @@ package com.navi.infra.portal.v2.changerequest.service; -import static java.lang.String.format; -import static java.util.Collections.emptyMap; import static java.util.Collections.unmodifiableMap; -import static org.slf4j.LoggerFactory.getLogger; import com.fasterxml.jackson.databind.ObjectMapper; import com.navi.infra.portal.util.MapUtil; +import com.navi.infra.portal.util.ResourceReaderUtil; import java.io.FileNotFoundException; -import java.io.IOException; +import java.util.List; import java.util.Map; -import org.slf4j.Logger; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; -import org.springframework.core.io.ResourceLoader; import org.springframework.stereotype.Service; @Service public class ManifestLimitServiceImpl implements ManifestLimitService { - private static final Logger log = getLogger(ManifestLimitServiceImpl.class); - private final ObjectMapper yamlMapper; private final String vertical; private final String changeRequestFilepath; private final MapUtil mapUtil; - private final ResourceLoader resourceLoader; + private final ResourceReaderUtil resourceReaderUtil; public ManifestLimitServiceImpl( @Qualifier("yamlMapper") ObjectMapper yamlMapper, @Value("${portal.vertical}") String vertical, @Value("${manifest.limit.config.path}") String changeRequestFilepath, - MapUtil mapUtil, - ResourceLoader resourceLoader) { - this.yamlMapper = yamlMapper; + MapUtil mapUtil + ) { this.vertical = vertical; this.changeRequestFilepath = changeRequestFilepath; this.mapUtil = mapUtil; - this.resourceLoader = resourceLoader; + this.resourceReaderUtil = new ResourceReaderUtil(yamlMapper); } @Override - @SuppressWarnings("unchecked") public Map getLimit(String env) { + Map defaultLimitMap; try { - final var defaultFileInputStream = resourceLoader - .getResource(format("%s/default.yaml", changeRequestFilepath)) - .getInputStream(); - final var defaultLimitMap = ((Map) yamlMapper.readValue( - defaultFileInputStream, Map.class)); - final var envLimitMap = getEnvironmentLimitMap(env); - return unmodifiableMap(mapUtil.override(defaultLimitMap, envLimitMap)); - } catch (IOException e) { - throw new RuntimeException(e); - } - } - - @SuppressWarnings("unchecked") - private Map getEnvironmentLimitMap(String env) { - Map map; - try { - final var envFileInputStream = resourceLoader - .getResource(format("%s/%s/%s.yaml", changeRequestFilepath, vertical, env)) - .getInputStream(); - map = ((Map) yamlMapper.readValue(envFileInputStream, Map.class)); + defaultLimitMap = resourceReaderUtil.getResourceFromPath( + List.of(changeRequestFilepath, "default.yaml")); } catch (FileNotFoundException e) { - log.info("Manifest limit file is not found for environment: {}", env); - map = emptyMap(); - } catch (IOException e) { throw new RuntimeException(e); } - return unmodifiableMap(map); + try { + var envLimitMap = resourceReaderUtil.getResourceFromPath( + List.of(changeRequestFilepath, vertical, env + ".yaml")); + return unmodifiableMap(mapUtil.override(defaultLimitMap, envLimitMap)); + } catch (RuntimeException | FileNotFoundException e) { + return unmodifiableMap(defaultLimitMap); + } } - } diff --git a/src/main/java/com/navi/infra/portal/v2/client/airflow/AirflowClient.java b/src/main/java/com/navi/infra/portal/v2/client/airflow/AirflowClient.java index 5d393ccd..6aa69295 100644 --- a/src/main/java/com/navi/infra/portal/v2/client/airflow/AirflowClient.java +++ b/src/main/java/com/navi/infra/portal/v2/client/airflow/AirflowClient.java @@ -4,11 +4,13 @@ import static java.lang.String.format; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; +import com.navi.infra.portal.v2.jit.entity.JitRequest; import com.navi.infra.portal.v2.diagnostic.DiagnosticTriggerRequest; import java.net.URI; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; +import java.time.LocalDateTime; import java.util.Map; import java.util.Optional; import lombok.extern.slf4j.Slf4j; @@ -91,6 +93,33 @@ public class AirflowClient { } } + public AirflowApiResponse triggerJitDag( + String dagId, + String runId, + String payload + ) { + try { + var client = HttpClient.newHttpClient(); + var request = HttpRequest.newBuilder() + .uri(dagRunUri(dagId)) + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .header("Authorization", "Basic " + this.authToken) + .POST(HttpRequest.BodyPublishers.ofString(payload)) + .build(); + + log.info("Triggering JIT DAG for runId: {}", runId); + var response = client.send(request, HttpResponse.BodyHandlers.ofString()); + log.info("Airflow JIT DAG response: {}", response); + + return objectMapper.readValue(response.body(), + AirflowApiResponse.class); + } catch (Exception e) { + log.error(e.getMessage()); + throw new RuntimeException("Failed to connect to airflow", e.getCause()); + } + } + private String convertMapToString(Map payloadMap) { String payload; try { diff --git a/src/main/java/com/navi/infra/portal/v2/grafanadashboard/repository/ClusterRepository.java b/src/main/java/com/navi/infra/portal/v2/grafanadashboard/repository/ClusterRepository.java index 046e18b5..81cc9f9b 100644 --- a/src/main/java/com/navi/infra/portal/v2/grafanadashboard/repository/ClusterRepository.java +++ b/src/main/java/com/navi/infra/portal/v2/grafanadashboard/repository/ClusterRepository.java @@ -3,6 +3,7 @@ package com.navi.infra.portal.v2.grafanadashboard.repository; import com.navi.infra.portal.v2.grafanadashboard.entity.Cluster; import java.util.Optional; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; diff --git a/src/main/java/com/navi/infra/portal/v2/ingress/IngressGroupApplierImpl.java b/src/main/java/com/navi/infra/portal/v2/ingress/IngressGroupApplierImpl.java index 88f92a04..c018b054 100644 --- a/src/main/java/com/navi/infra/portal/v2/ingress/IngressGroupApplierImpl.java +++ b/src/main/java/com/navi/infra/portal/v2/ingress/IngressGroupApplierImpl.java @@ -9,7 +9,7 @@ import static java.util.Objects.requireNonNull; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import com.navi.infra.portal.exceptions.KubernetesManifestException; -import com.navi.infra.portal.util.JsonnetUtil; +import com.navi.infra.portal.util.KubernetesManifestGenerator; import com.navi.infra.portal.util.kubernetes.KubernetesManifestUtils; import java.io.ByteArrayOutputStream; import java.io.File; @@ -33,7 +33,7 @@ public class IngressGroupApplierImpl implements IngressGroupApplier { private final String kubernetesManifestsPath; - private final JsonnetUtil jsonnetUtil; + private final KubernetesManifestGenerator kubernetesManifestGenerator; private final KubernetesManifestUtils kubernetesManifestUtils; private final ObjectMapper jsonMapper; @@ -41,13 +41,13 @@ public class IngressGroupApplierImpl implements IngressGroupApplier { public IngressGroupApplierImpl( @Value("templates/shared_ingress_config") String jsonnetTemplatesFolder, @Value("kubernetes_manifests") String kubernetesManifestsPath, - JsonnetUtil jsonnetUtil, + KubernetesManifestGenerator kubernetesManifestGenerator, KubernetesManifestUtils kubernetesManifestUtils, @Qualifier("jsonMapper") ObjectMapper jsonMapper ) { this.jsonnetTemplatesFolder = jsonnetTemplatesFolder; this.kubernetesManifestsPath = kubernetesManifestsPath; - this.jsonnetUtil = jsonnetUtil; + this.kubernetesManifestGenerator = kubernetesManifestGenerator; this.kubernetesManifestUtils = kubernetesManifestUtils; this.jsonMapper = jsonMapper; } @@ -72,23 +72,18 @@ public class IngressGroupApplierImpl implements IngressGroupApplier { } private String createK8sManifest(IngressGroupCreateRequest request, String writePath) { - final var jsonnetAdditionalOptions = new String[]{ - "--tla-str", "cluster=" + request.getCluster(), - "--tla-str", "namespace=" + request.getNamespace(), - "--tla-str", "group_name=" + request.getName(), - "--tla-str", "environment=" + request.getEnvironment(), - "--tla-str", "product=" + request.getProduct() + final var args = new String[]{"shared-alb-config", + "--output", writePath, + "--cluster", request.getCluster(), + "--namespace", request.getNamespace(), + "--group_name", request.getName(), + "--environment", request.getEnvironment(), + "--product", request.getProduct() }; var byteArrayOutputStream = new ByteArrayOutputStream(); var ps = new PrintStream(byteArrayOutputStream, false, UTF_8); - var exitCode = jsonnetUtil.run( - writePath, - ps, - jsonnetAdditionalOptions, - "main.jsonnet", - jsonnetTemplatesFolder - ); + var exitCode = kubernetesManifestGenerator.generate(ps, args); if (exitCode > 0) { throw new KubernetesManifestException( diff --git a/src/main/java/com/navi/infra/portal/v2/jit/controller/JitController.java b/src/main/java/com/navi/infra/portal/v2/jit/controller/JitController.java new file mode 100644 index 00000000..1d2b077f --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/controller/JitController.java @@ -0,0 +1,100 @@ +package com.navi.infra.portal.v2.jit.controller; + +import com.navi.infra.portal.v2.jit.dto.JitRequestDto; +import com.navi.infra.portal.v2.jit.dto.JitResponseDto; +import com.navi.infra.portal.v2.jit.dto.JitUserDto; +import com.navi.infra.portal.v2.jit.service.JitService; +import java.io.IOException; +import java.net.ConnectException; +import javax.validation.Valid; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.dao.DuplicateKeyException; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.CrossOrigin; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@Controller +@RestController +@CrossOrigin +@RequiredArgsConstructor +@Slf4j +@RequestMapping("/api/jit") +public class JitController { + + private final JitService jitService; + + @PostMapping + public ResponseEntity createJitRequest( + @Valid @RequestBody JitRequestDto jitRequestDto + ) { + try { + jitService.createJitRequest(jitRequestDto); + return ResponseEntity.status(HttpStatus.CREATED).build(); + } catch (IllegalArgumentException | IllegalStateException ex) { + log.error("Error creating JIT request", ex); + return ResponseEntity.status(HttpStatus.BAD_REQUEST).build(); + } catch (DuplicateKeyException ex) { + log.error("Error creating JIT request", ex); + return ResponseEntity.status(HttpStatus.CONFLICT).build(); + } catch (IOException ex) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(); + } + } + + + @PostMapping("/approve/{reviewId}") + public ResponseEntity approveJitRequest( + @Valid @RequestBody JitUserDto approver, + @PathVariable Long reviewId + ) { + try { + jitService.approveJitRequest(approver.getUser(), reviewId); + return ResponseEntity.status(HttpStatus.OK).build(); + } catch (IllegalStateException | IllegalAccessException ex) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); + } catch (ConnectException ex) { + return ResponseEntity.status(HttpStatus.SERVICE_UNAVAILABLE).build(); + } catch (Exception ex) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(); + } + } + + @PostMapping("/reject/{reviewId}") + public ResponseEntity rejectJitRequest( + @Valid @RequestBody JitUserDto rejecter, + @PathVariable Long reviewId + ) { + try { + jitService.rejectJitRequest(rejecter.getUser(), reviewId); + return ResponseEntity.status(HttpStatus.OK).build(); + } catch (IllegalStateException | IllegalAccessException ex) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); + } catch (ConnectException ex) { + return ResponseEntity.status(HttpStatus.SERVICE_UNAVAILABLE).build(); + } catch (Exception ex) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(); + } + } + + @PostMapping("/close/{id}") + public ResponseEntity closeJitRequest( + @Valid @RequestBody JitUserDto closer, + @PathVariable Long id + ) { + try { + jitService.closeRequest(closer.getUser(), id); + return ResponseEntity.status(HttpStatus.OK).build(); + } catch (IllegalStateException | IllegalAccessException ex) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); + } catch (Exception ex) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(); + } + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/dto/JitRequestDto.java b/src/main/java/com/navi/infra/portal/v2/jit/dto/JitRequestDto.java new file mode 100644 index 00000000..4e4a1523 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/dto/JitRequestDto.java @@ -0,0 +1,40 @@ +package com.navi.infra.portal.v2.jit.dto; + +import com.navi.infra.portal.v2.jit.entity.Environment; +import com.navi.infra.portal.v2.jit.entity.Vertical; +import javax.validation.constraints.Email; +import javax.validation.constraints.Positive; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Getter +@Setter +@NoArgsConstructor +@AllArgsConstructor +public class JitRequestDto { + + @Email + private String requestedFor; + + @Email + private String requestedBy; + + private Vertical vertical; + + private String team; + + private Environment environment; + + private String resourceType; + + private String resourceId; + + private String resourceAction; // read, write, master, admin ETC + + @Positive + private Long grantWindow; + + private Long grantAt; +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/dto/JitResponseDto.java b/src/main/java/com/navi/infra/portal/v2/jit/dto/JitResponseDto.java new file mode 100644 index 00000000..622a41c3 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/dto/JitResponseDto.java @@ -0,0 +1,32 @@ +package com.navi.infra.portal.v2.jit.dto; + +import com.navi.infra.portal.v2.jit.entity.JitApproval; +import com.navi.infra.portal.v2.jit.entity.JitRequestStatus; +import java.util.List; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Getter +@Setter +@NoArgsConstructor +@AllArgsConstructor +public class JitResponseDto { + + private Long id; + + private JitRequestStatus jitRequestStatus; + + private List pendingReviews; + + public JitResponseDto( + long id, + JitRequestStatus jitRequestStatus, + List pendingReviews + ) { + this.id = id; + this.jitRequestStatus = jitRequestStatus; + this.pendingReviews = pendingReviews; + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/dto/JitUserDto.java b/src/main/java/com/navi/infra/portal/v2/jit/dto/JitUserDto.java new file mode 100644 index 00000000..701d8631 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/dto/JitUserDto.java @@ -0,0 +1,17 @@ +package com.navi.infra.portal.v2.jit.dto; + +import javax.validation.constraints.Email; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Getter +@Setter +@NoArgsConstructor +@AllArgsConstructor +public class JitUserDto { + + @Email + private String user; +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/entity/Environment.java b/src/main/java/com/navi/infra/portal/v2/jit/entity/Environment.java new file mode 100644 index 00000000..55bc9dc3 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/entity/Environment.java @@ -0,0 +1,19 @@ +package com.navi.infra.portal.v2.jit.entity; + +public enum Environment { + DEV("dev"), + QA("qa"), + PROD("prod"), + NONPROD("nonprod"), + CMD("cmd"), + PERF("perf"), + UAT("uat"), + DATA_PLATFORM_NONPROD("data-platform-nonprod"), + DATA_PLATFORM_PROD("data-platform-prod"); + + public final String type; + + Environment(String type) { + this.type = type; + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/entity/JitApproval.java b/src/main/java/com/navi/infra/portal/v2/jit/entity/JitApproval.java new file mode 100644 index 00000000..e0de85f7 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/entity/JitApproval.java @@ -0,0 +1,67 @@ +package com.navi.infra.portal.v2.jit.entity; + +import static lombok.AccessLevel.PACKAGE; + +import com.navi.infra.portal.domain.BaseEntity; +import com.navi.infra.portal.domain.user.Team; +import com.navi.infra.portal.domain.user.User; +import java.time.LocalDateTime; +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.EnumType; +import javax.persistence.Enumerated; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.Table; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Entity +@NoArgsConstructor +@AllArgsConstructor(access = PACKAGE) +@Getter +@Setter +@Table(name = "jit_approvals") +public class JitApproval extends BaseEntity { + + private static final long serialVersionUID = -1852998120471377502L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + @ManyToOne + @JoinColumn(name = "jit_id", nullable = false) + private JitRequest jitRequest; + + @ManyToOne + @JoinColumn(name = "reviewer_id", nullable = false) + private User reviewer; + + @ManyToOne + @JoinColumn(name = "team_id", nullable = false) + private Team team; + + @Column(nullable = false) + private LocalDateTime reviewedAt; + + @Enumerated(EnumType.STRING) + @Column(nullable = false) + private JitRequestStatus action; + + private String reviewerSlackMessageTimestamp; + + private String botChannelId; + + public JitApproval(JitRequest jitRequest, User reviewer, Team team, JitRequestStatus action) { + this.jitRequest = jitRequest; + this.reviewer = reviewer; + this.team = team; + this.action = action; + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/entity/JitRequest.java b/src/main/java/com/navi/infra/portal/v2/jit/entity/JitRequest.java new file mode 100644 index 00000000..16ac48af --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/entity/JitRequest.java @@ -0,0 +1,98 @@ +package com.navi.infra.portal.v2.jit.entity; + +import com.navi.infra.portal.domain.BaseEntity; +import com.navi.infra.portal.domain.user.Team; +import com.navi.infra.portal.domain.user.User; +import java.time.LocalDateTime; +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.EnumType; +import javax.persistence.Enumerated; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.Table; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Entity +@Getter +@Setter +@NoArgsConstructor +@Table(name = "jit_requests") +public class JitRequest extends BaseEntity { + + private static final long serialVersionUID = -1852998120471377502L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + @ManyToOne + @JoinColumn(name = "requested_for_id", nullable = false) + private User requestedFor; + + @ManyToOne + @JoinColumn(name = "requested_by_id", nullable = false) + private User requestedBy; + + @Column(nullable = false) + @Enumerated(EnumType.STRING) + private Vertical vertical; + + @ManyToOne + @JoinColumn(name = "team_id", nullable = false) + private Team team; + + @Enumerated(EnumType.STRING) + private Environment environment; + + private String resourceType; + + private String resourceId; + + private String resourceAction; + + @Enumerated(EnumType.STRING) + private JitRequestStatus status; + + @Column(nullable = false) + private Long grantWindow; + + private LocalDateTime grantAt; + + private String requestorSlackMessageTimestamp; + + private String channelSlackMessageTimestamp; + + private String botChannelId; + + public JitRequest( + User requestedFor, + User requestedBy, + Vertical vertical, + Team team, + Environment environment, + String resourceType, + String resourceId, + String resourceAction, + JitRequestStatus status, + Long grantWindow, + LocalDateTime grantAt + ) { + this.requestedFor = requestedFor; + this.requestedBy = requestedBy; + this.vertical = vertical; + this.team = team; + this.environment = environment; + this.resourceType = resourceType; + this.resourceId = resourceId; + this.resourceAction = resourceAction; + this.status = status; + this.grantWindow = grantWindow; + this.grantAt = grantAt; + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/entity/JitRequestStatus.java b/src/main/java/com/navi/infra/portal/v2/jit/entity/JitRequestStatus.java new file mode 100644 index 00000000..a753f0f7 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/entity/JitRequestStatus.java @@ -0,0 +1,8 @@ +package com.navi.infra.portal.v2.jit.entity; + +public enum JitRequestStatus { + PENDING, + APPROVED, + REJECTED, + CANCELLED +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/entity/Vertical.java b/src/main/java/com/navi/infra/portal/v2/jit/entity/Vertical.java new file mode 100644 index 00000000..54cc1c78 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/entity/Vertical.java @@ -0,0 +1,16 @@ +package com.navi.infra.portal.v2.jit.entity; + +public enum Vertical { + INSURANCE("insurance"), + NAVIPAY("navi-pay"), + SA("sa"), + LENDING("lending"), + NAVIPPL("navi-ppl"), + AMC("lending"); // intentional mapping + + public final String type; + + Vertical(String type) { + this.type = type; + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/repository/JitApprovalsRepository.java b/src/main/java/com/navi/infra/portal/v2/jit/repository/JitApprovalsRepository.java new file mode 100644 index 00000000..6ceb8b41 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/repository/JitApprovalsRepository.java @@ -0,0 +1,34 @@ +package com.navi.infra.portal.v2.jit.repository; + +import com.navi.infra.portal.v2.jit.entity.JitApproval; +import java.util.List; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; +import org.springframework.stereotype.Repository; + +@Repository +public interface JitApprovalsRepository extends JpaRepository { + + @Query(value = "SELECT ja.reviewer_id FROM jit_approvals ja WHERE ja.id = :id", + nativeQuery = true) + String findReviewerId(Long id); + + @Query(value = "SELECT ja.* FROM jit_approvals ja WHERE ja.jit_id = :jitId", + nativeQuery = true) + List findAllReviewsByJitId(Long jitId); + + @Query(value = "SELECT COUNT(ja.reviewer_id) FROM jit_approvals ja WHERE " + + "ja.jit_id = :jitId AND ja.action = 'APPROVED'", + nativeQuery = true) + Long findApprovedRequestsCount(Long jitId); + + @Query(value = "SELECT COUNT(CASE WHEN ja.action = 'APPROVED' THEN 1 END) " + + "FROM jit_approvals ja WHERE ja.jit_id = :jitId " + + "GROUP BY ja.team_id", + nativeQuery = true) + List countApprovedInEachTeam(Long jitId); + + @Query(value = "SELECT DISTINCT ja.team_id FROM jit_approvals ja " + + "WHERE ja.jit_id = :jitId and ja.action = :action", nativeQuery = true) + List findReviewerTeamsByAction(Long jitId, String action); +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/repository/JitRequestsRepository.java b/src/main/java/com/navi/infra/portal/v2/jit/repository/JitRequestsRepository.java new file mode 100644 index 00000000..a38d31d1 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/repository/JitRequestsRepository.java @@ -0,0 +1,26 @@ +package com.navi.infra.portal.v2.jit.repository; + +import com.navi.infra.portal.v2.jit.entity.JitRequest; +import java.time.LocalDateTime; +import java.util.List; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; +import org.springframework.stereotype.Repository; + +@Repository +public interface JitRequestsRepository extends JpaRepository { + + @Query(value = "SELECT * FROM jit_requests WHERE requested_for_id = :requestedForId " + + "AND resource_type = :resourceType AND environment = :env " + + "AND resource_action = :resourceAction " + + "AND :grantAt BETWEEN grant_at AND grant_at + interval '1 hour' * grant_window " + + "AND status='PENDING'", + nativeQuery = true) + List findDuplicateRequestsByUser( + Long requestedForId, + String resourceType, + String env, + String resourceAction, + LocalDateTime grantAt + ); +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/service/JitService.java b/src/main/java/com/navi/infra/portal/v2/jit/service/JitService.java new file mode 100644 index 00000000..d4142522 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/service/JitService.java @@ -0,0 +1,18 @@ +package com.navi.infra.portal.v2.jit.service; + +import com.navi.infra.portal.v2.jit.dto.JitRequestDto; +import com.navi.infra.portal.v2.jit.dto.JitResponseDto; +import java.io.IOException; + +public interface JitService { + + void createJitRequest(JitRequestDto jitRequestDto) throws IOException; + + void approveJitRequest(String approver, Long requestId) + throws IOException, IllegalAccessException; + + void rejectJitRequest(String rejecter, Long requestId) + throws IOException, IllegalAccessException; + + void closeRequest(String closer, Long requestId) throws IllegalAccessException; +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/service/JitServiceImpl.java b/src/main/java/com/navi/infra/portal/v2/jit/service/JitServiceImpl.java new file mode 100644 index 00000000..8a6865db --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/service/JitServiceImpl.java @@ -0,0 +1,560 @@ +package com.navi.infra.portal.v2.jit.service; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.navi.infra.portal.domain.user.Team; +import com.navi.infra.portal.domain.user.User; +import com.navi.infra.portal.service.user.UserService; +import com.navi.infra.portal.util.MapUtil; +import com.navi.infra.portal.v2.client.airflow.AirflowClient; +import com.navi.infra.portal.v2.jit.dto.JitRequestDto; +import com.navi.infra.portal.v2.jit.entity.JitApproval; +import com.navi.infra.portal.v2.jit.entity.JitRequest; +import com.navi.infra.portal.v2.jit.entity.JitRequestStatus; +import com.navi.infra.portal.v2.jit.repository.JitApprovalsRepository; +import com.navi.infra.portal.v2.jit.repository.JitRequestsRepository; +import com.navi.infra.portal.v2.jit.utils.AuthUtil; +import com.navi.infra.portal.v2.jit.utils.SlackBotUtil; +import com.navi.infra.portal.v2.jit.utils.SlackColor; +import com.navi.infra.portal.v2.role.RoleService; +import com.navi.infra.portal.v2.slackbotclient.SlackBotAttachment; +import com.navi.infra.portal.v2.slackbotclient.SlackBotClient; +import com.navi.infra.portal.v2.team.TeamService; +import java.io.IOException; +import java.net.ConnectException; +import java.time.Instant; +import java.time.LocalDateTime; +import java.time.ZoneId; +import java.time.format.DateTimeFormatter; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.stream.Collectors; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.dao.DuplicateKeyException; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +@Service +@Slf4j +class JitServiceImpl implements JitService { + + private static final String ExceptionAirflowOrDb = + "Failed to connect to airflow or failed to flush to DB"; + private final JitRequestsRepository jitRequestRepository; + private final JitApprovalsRepository jitApprovalsRepository; + private final SlackBotUtil slackBotUtil; + private final MapUtil mapUtil; + private final AuthUtil authUtil; + + private final Map> additionalApprovalMap; + private final AirflowClient airflowClient; + private final SlackBotClient slackBotClient; + private final ObjectMapper objectMapper; + private final UserService userService; + private final RoleService roleService; + private final TeamService teamService; + private final String dagId; + @Value("${jit.slack.common.channel.id}") + private final String commonChannelId; + + + public JitServiceImpl( + JitRequestsRepository jitRequestRepository, + JitApprovalsRepository jitApprovalsRepository, + SlackBotUtil slackBotUtil, + MapUtil mapUtil, + AuthUtil authUtil, + AirflowClient airflowClient, + SlackBotClient slackBotClient, + ObjectMapper objectMapper, + UserService userService, + RoleService roleService, + TeamService teamService, + @Qualifier("additionalApprovalMap") + Map> additionalApprovalMap, + @Value("${jit.dag.id}") String dagId, + @Value("${jit.slack.common.channel.id}") String commonChannelId + + ) { + this.jitRequestRepository = jitRequestRepository; + this.jitApprovalsRepository = jitApprovalsRepository; + this.slackBotUtil = slackBotUtil; + this.mapUtil = mapUtil; + this.authUtil = authUtil; + this.airflowClient = airflowClient; + this.slackBotClient = slackBotClient; + this.objectMapper = objectMapper; + this.userService = userService; + this.roleService = roleService; + this.teamService = teamService; + this.additionalApprovalMap = additionalApprovalMap; + this.dagId = dagId; + this.commonChannelId = commonChannelId; + } + + + private boolean duplicateRequest(JitRequest jitRequest) { + List existingDuplicates = jitRequestRepository.findDuplicateRequestsByUser( + jitRequest.getRequestedFor().getId(), jitRequest.getResourceType(), + jitRequest.getEnvironment().toString(), jitRequest.getResourceAction(), + jitRequest.getGrantAt()); + return !existingDuplicates.isEmpty(); + } + + private void postReviewerDmOnSlack( + User reviewer, + JitApproval jitApproval, + SlackBotAttachment reviewMessage + ) throws IOException { + var result = slackBotClient.postMessage(userService.getUsersSlackId(reviewer), + reviewMessage); + + jitApproval.setReviewerSlackMessageTimestamp(result.getTs()); + jitApproval.setBotChannelId(result.getChannel()); + jitApprovalsRepository.save(jitApproval); + } + + private void updateReviewerDmOnSlack( + JitApproval jitApproval, + SlackBotAttachment reviewMessage + ) throws IOException { + slackBotClient.updateMessage(jitApproval.getBotChannelId(), reviewMessage, + jitApproval.getReviewerSlackMessageTimestamp()); + } + + private void postRequestorDmOnSlack( + JitRequest jitRequest, + SlackBotAttachment personalMessage + ) throws IOException { + var result = slackBotClient.postMessage( + userService.getUsersSlackId(jitRequest.getRequestedFor()), personalMessage); + + jitRequest.setRequestorSlackMessageTimestamp(result.getTs()); + jitRequest.setBotChannelId(result.getChannel()); + } + + private void updateRequestorDmOnSlack( + JitRequest jitRequest, + SlackBotAttachment requestorMessage + ) throws IOException { + slackBotClient.updateMessage(jitRequest.getBotChannelId(), requestorMessage, + jitRequest.getRequestorSlackMessageTimestamp()); + } + + private void updateRequestorNoReviewersDmOnSlack( + JitRequest jitRequest, + List missingTeams + ) throws IOException { + SlackBotAttachment personalMessage = slackBotUtil.getRequestorNoReviewerDm(missingTeams); + slackBotClient.postMessage( + userService.getUsersSlackId(jitRequest.getRequestedFor()), personalMessage); + } + + private void updateRequestorRequestNotAllowed(JitRequest jitRequest) throws IOException { + SlackBotAttachment personalMessage = slackBotUtil.getRequestorRequestNotAllowedDm( + jitRequest); + slackBotClient.postMessage( + userService.getUsersSlackId(jitRequest.getRequestedFor()), personalMessage); + } + + private void postChannelOnSlack( + JitRequest jitRequest, + SlackBotAttachment commonChannelMessage + ) throws IOException { + var result = slackBotClient.postMessage(commonChannelId, commonChannelMessage); + jitRequest.setChannelSlackMessageTimestamp(result.getTs()); + } + + private void updateChannelOnSlack( + JitRequest jitRequest, + SlackBotAttachment commonChannelMessage + ) throws IOException { + slackBotClient.updateMessage(commonChannelId, commonChannelMessage, + jitRequest.getChannelSlackMessageTimestamp()); + } + + private void validateGrantTime(JitRequest jitRequest) { + jitRequest.setGrantAt(jitRequest.getGrantAt() == null + ? LocalDateTime.now() + : jitRequest.getGrantAt()); + jitRequest.setGrantAt(jitRequest.getGrantAt().isBefore(LocalDateTime.now()) + ? LocalDateTime.now() + : jitRequest.getGrantAt()); + } + + private String createAirflowDagPayload( + JitRequest jitRequest, + String runId, + String action + ) { + LocalDateTime executionDate = action.equals("grant") ? jitRequest.getGrantAt() + : jitRequest.getGrantAt().plusHours(jitRequest.getGrantWindow()); + + DateTimeFormatter iso8601Format = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss'Z'"); + String apacheTimeFormat = executionDate.format(iso8601Format); + + var payloadMap = Map.of("dag_run_id", runId, + "execution_date", apacheTimeFormat, + "conf", Map.of( + "vertical", jitRequest.getVertical().toString(), + "team", jitRequest.getTeam().getName(), + "env", jitRequest.getEnvironment().toString(), + "resource_type", jitRequest.getResourceType(), + "user", jitRequest.getRequestedFor().getEmail(), + "resource_action", jitRequest.getResourceAction(), + "action", action + )); + + try { + return objectMapper.writeValueAsString(payloadMap); + } catch (JsonProcessingException e) { + throw new RuntimeException(e); + } + } + + @Transactional + private void processJitRequest( + String reviewerEmail, + Long requestId, + JitRequestStatus jitRequestStatus, + JitFlowFunction flowFunction + ) throws IOException, IllegalAccessException { + Optional optionalJitApproval = jitApprovalsRepository.findById(requestId); + + final JitApproval jitApproval = optionalJitApproval.orElseThrow( + () -> new IllegalArgumentException( + "Invalid request. Could not be processed. Reviewer is invalid")); + JitRequest jitRequest = jitApproval.getJitRequest(); + if (jitApproval.getReviewedAt() != null + || !jitRequest.getStatus().equals(JitRequestStatus.PENDING)) { + log.error("Request already reviewed"); + throw new IllegalStateException("Request already reviewed"); + } + jitApproval.setReviewedAt(LocalDateTime.now()); + + if (!authUtil.isAuthorized(jitApproval, reviewerEmail, jitRequest.getEnvironment().type) + || reviewerEmail.equals(jitRequest.getRequestedFor().getEmail())) { + log.error("User {} not allowed to perform action", reviewerEmail); + throw new IllegalAccessException("User not allowed to perform action"); + } + + jitApproval.setReviewer(userService.findUserByEmail(reviewerEmail)); + jitApproval.setAction(jitRequestStatus); + + jitApprovalsRepository.save(jitApproval); + // reviewer lists(pending, approved, rejected) and count of approvals depends on above + + List pendingTeams = authUtil.getReviewerTeamsByAction( + jitRequest.getId(), + JitRequestStatus.PENDING); + List approvedTeams = authUtil.getReviewerTeamsByAction( + jitRequest.getId(), + JitRequestStatus.APPROVED); + List rejectedTeams = authUtil.getReviewerTeamsByAction( + jitRequest.getId(), + JitRequestStatus.REJECTED); + + pendingTeams.removeAll(approvedTeams); + pendingTeams.removeAll(rejectedTeams); + + flowFunction.apply(reviewerEmail, jitApproval, jitRequest, pendingTeams, + approvedTeams, rejectedTeams); + } + + private void jitApprovedFlow( + String reviewerEmail, + JitApproval jitApproval, + JitRequest jitRequest, + List pendingTeams, + List approvedTeams, + List rejectedTeams + ) throws IOException { + + try { + boolean actionEnabled = true; + if (authUtil.haveRequiredApprovals(jitRequest)) { + // if required number of approvals are met, + // 1. schedule JIT(just in time) DAGs - one for grant and another for grant, + // 2. inform user on slack that request is approved, + // 3. update the status in jit_approvals and jit_requests, + String runId = String.join("-", jitRequest.getId().toString(), + jitRequest.getTeam().getName(), jitRequest.getEnvironment().toString(), + jitRequest.getRequestedFor().getEmail(), jitRequest.getResourceType(), + jitRequest.getResourceAction()); + validateGrantTime(jitRequest); + airflowClient.triggerJitDag(dagId, runId + "-grant", + createAirflowDagPayload(jitRequest, runId + "-grant", "grant")); + airflowClient.triggerJitDag(dagId, runId + "-revoke", + createAirflowDagPayload(jitRequest, runId + "-revoke", "revoke")); + + jitRequest.setStatus(JitRequestStatus.APPROVED); + + actionEnabled = false; + } + // inform reviewer on slack that request is approved and remove action buttons + updateReviewerDmOnSlack(jitApproval, + slackBotUtil.getReviewerDm(jitRequest.getRequestedFor().getEmail(), jitRequest, + jitApproval, false, SlackColor.APPROVED)); + + // send group message to common channel with details on pending and approved reviewers + updateChannelOnSlack(jitRequest, + slackBotUtil.getChannelMessage(jitRequest, pendingTeams, approvedTeams, + rejectedTeams, SlackColor.APPROVED)); + updateRequestorDmOnSlack(jitRequest, + slackBotUtil.getRequestorDm(jitRequest, actionEnabled, pendingTeams, approvedTeams, + rejectedTeams, SlackColor.APPROVED)); + + jitRequestRepository.save(jitRequest); + jitApprovalsRepository.save(jitApproval); + } catch (Exception e) { + log.error(ExceptionAirflowOrDb, e.getCause()); + throw new ConnectException(ExceptionAirflowOrDb); + } + } + + private void jitRejectedFlow( + String reviewerEmail, + JitApproval jitApproval, + JitRequest jitRequest, + List pendingTeams, + List approvedTeams, + List rejectedTeams + ) throws ConnectException { + try { + jitApproval.setAction(JitRequestStatus.REJECTED); + jitRequest.setStatus(JitRequestStatus.REJECTED); + + updateReviewerDmOnSlack(jitApproval, + slackBotUtil.getReviewerDm(jitRequest.getRequestedFor().getEmail(), jitRequest, + jitApproval, false, SlackColor.REJECTED)); + updateRequestorDmOnSlack(jitRequest, + slackBotUtil.getRequestorDm(jitRequest, false, pendingTeams, + approvedTeams, rejectedTeams, SlackColor.REJECTED)); + updateChannelOnSlack(jitRequest, + slackBotUtil.getChannelMessage(jitRequest, pendingTeams, approvedTeams, + rejectedTeams, SlackColor.REJECTED)); + + jitApprovalsRepository.save(jitApproval); + jitRequestRepository.save(jitRequest); + } catch (Exception e) { + log.error(ExceptionAirflowOrDb, e.getCause()); + throw new ConnectException(ExceptionAirflowOrDb); + } + } + + @Transactional + private void jitCancelledFlow(JitRequest jitRequest) { + try { + jitRequest.setStatus(JitRequestStatus.CANCELLED); + List jitApprovals = jitApprovalsRepository.findAllReviewsByJitId( + jitRequest.getId()); + for (JitApproval jitApproval : jitApprovals) { + jitApproval.setReviewedAt(LocalDateTime.now()); + jitApproval.setAction(JitRequestStatus.CANCELLED); + jitApprovalsRepository.save(jitApproval); + updateReviewerDmOnSlack(jitApproval, + slackBotUtil.getReviewerDm(jitRequest.getRequestedFor().getEmail(), jitRequest, + jitApproval, false, SlackColor.REJECTED)); + } + updateChannelOnSlack(jitRequest, + slackBotUtil.getChannelMessage(jitRequest, new ArrayList<>(), new ArrayList<>(), + new ArrayList<>(), SlackColor.REJECTED)); + updateRequestorDmOnSlack(jitRequest, + slackBotUtil.getRequestorDm(jitRequest, false, new ArrayList<>(), + new ArrayList<>(), new ArrayList<>(), SlackColor.REJECTED)); + jitRequestRepository.save(jitRequest); + } catch (Exception e) { + log.error(ExceptionAirflowOrDb, e.getCause()); + } + } + + @SuppressWarnings("unchecked") + public List getAdditionalApprovalTeams( + String env, + String resourceType, + String resourceAction + ) { + String jsonPath = String.format("/resources/%s/%s/approvalFrom", resourceType, + resourceAction); + try { + return Optional.ofNullable( + mapUtil.getValueAtPath(additionalApprovalMap.get(env), jsonPath)) + .filter(List.class::isInstance) + .map(result -> (List) result) + .orElseGet(ArrayList::new); + } catch (NullPointerException | IllegalStateException e) { + log.warn( + "Can't fetch additional approval list for : {}/{}/{}, error: {}", + env, resourceAction, resourceAction, e.getMessage()); + return new ArrayList<>(); + } + } + + private Map> getAdditionalTeamsAndReviewer( + List teams, + String env, + String userEmail + ) { + return teams.stream().collect(Collectors.toMap( + teamService::findByName, + team -> authUtil.getReviewers(team, env).stream().filter( + user -> !user.getEmail().equals(userEmail)).collect(Collectors.toList() + ))); + } + + private JitRequest mapToJitRequest(JitRequestDto jitRequestDto) { + return new JitRequest(userService.findUserByEmail(jitRequestDto.getRequestedFor()), + userService.findUserByEmail(jitRequestDto.getRequestedBy()), + jitRequestDto.getVertical(), teamService.findByName(jitRequestDto.getTeam()), + jitRequestDto.getEnvironment(), jitRequestDto.getResourceType(), + jitRequestDto.getResourceId(), jitRequestDto.getResourceAction(), + JitRequestStatus.PENDING, jitRequestDto.getGrantWindow(), + jitRequestDto.getGrantAt() == null ? LocalDateTime.now() : + Instant.ofEpochSecond(jitRequestDto.getGrantAt()).atZone(ZoneId.systemDefault()) + .toLocalDateTime()); + } + + @Override + public void createJitRequest(JitRequestDto jitRequestDto) throws IOException { + // Map request DTO to JitRequest Entity and save in DB + JitRequest jitRequest = mapToJitRequest(jitRequestDto); + + if (duplicateRequest(jitRequest)) { + updateRequestorRequestNotAllowed(jitRequest); + throw new DuplicateKeyException("Repeat request not allowed"); + } + + // Determine the reviewers based on REQUEST + List reviewers = authUtil.getReviewers(jitRequest.getTeam().getName(), + jitRequest.getEnvironment().type) + .stream() + .distinct() + .filter(user -> !user.getEmail().equals(jitRequest.getRequestedFor().getEmail())) + .collect(Collectors.toList()); + + log.info("Requesting review from {}", reviewers); + + if (reviewers.size() == 0) { + // no reviewers found, inform user + updateRequestorNoReviewersDmOnSlack(jitRequest, + List.of(jitRequest.getTeam().getName())); + throw new IllegalStateException("No reviewers found"); + } + + var additionalTeams = getAdditionalApprovalTeams( + jitRequestDto.getEnvironment().type, jitRequestDto.getResourceType(), + jitRequestDto.getResourceAction()); + additionalTeams.remove(jitRequestDto.getTeam()); + + Map> additionalTeamReviewers = getAdditionalTeamsAndReviewer( + additionalTeams, + jitRequest.getEnvironment().type, + jitRequest.getRequestedFor().getEmail() + ); + var teamsWithoutReviewers = additionalTeamReviewers.entrySet().stream() + .filter(entry -> entry.getValue().isEmpty()) + .map(Map.Entry::getKey) + .collect(Collectors.toList()); + + if (!teamsWithoutReviewers.isEmpty()) { + // no reviwers found for additional teams, inform user + updateRequestorNoReviewersDmOnSlack(jitRequest, teamsWithoutReviewers.stream() + .map(Team::getName).collect(Collectors.toList())); + throw new IllegalStateException( + "No reviewers found for additional teams : " + teamsWithoutReviewers.stream() + .map(Team::getName).collect(Collectors.joining(","))); + } + + List jitApprovals = new ArrayList<>(); + List pendingTeams = new ArrayList<>(); + + for (User reviewer : reviewers) { + JitApproval jitApproval = new JitApproval(jitRequest, reviewer, + jitRequest.getTeam(), + JitRequestStatus.PENDING); + jitApprovals.add(jitApproval); + } + pendingTeams.add(jitRequest.getTeam().getName()); + + additionalTeamReviewers.forEach((team, users) -> { + users.forEach(reviewer -> { + JitApproval jitApproval = new JitApproval(jitRequest, reviewer, team, + JitRequestStatus.PENDING); + jitApprovals.add(jitApproval); + }); + pendingTeams.add(team.getName()); + }); + pendingTeams.sort(String::compareTo); + + // send personal message to user with details on pending and approved reviewers + JitRequest jitRequestWithId = jitRequestRepository.save(jitRequest); + postRequestorDmOnSlack(jitRequestWithId, + slackBotUtil.getRequestorDm(jitRequestWithId, true, pendingTeams, + new ArrayList<>(), new ArrayList<>(), SlackColor.INFO)); + + // send group message to common channel with details on pending and approved reviewers + postChannelOnSlack(jitRequest, + slackBotUtil.getChannelMessage(jitRequest, pendingTeams, new ArrayList<>(), + new ArrayList<>(), SlackColor.INFO)); + + List jitApprovalsWithId = jitApprovalsRepository.saveAll(jitApprovals); + JitRequest finalJitRequest = jitRequest; + jitApprovalsWithId.stream().forEach(jitApproval -> { + try { + postReviewerDmOnSlack(jitApproval.getReviewer(), jitApproval, + slackBotUtil.getReviewerDm(finalJitRequest.getRequestedFor().getEmail(), + finalJitRequest, jitApproval, true, SlackColor.INFO)); + } catch (IOException e) { + throw new RuntimeException(e); + } + }); + jitRequestRepository.save(jitRequest); + } + + @Override + public void approveJitRequest(String approver, Long requestId) + throws IOException, IllegalAccessException { + processJitRequest(approver, requestId, JitRequestStatus.APPROVED, + this::jitApprovedFlow); + } + + @Override + public void rejectJitRequest(String rejecter, Long requestId) + throws IOException, IllegalAccessException { + processJitRequest(rejecter, requestId, JitRequestStatus.REJECTED, + this::jitRejectedFlow); + } + + @Override + public void closeRequest(String closer, Long requestId) throws IllegalAccessException { + Optional optionalJitRequest = jitRequestRepository.findById(requestId); + + JitRequest jitRequest = optionalJitRequest.orElseThrow( + () -> new IllegalArgumentException("JIT request not found")); + if (jitRequest.getRequestedFor().getEmail().equals(closer) && jitRequest.getStatus() + .equals(JitRequestStatus.PENDING)) { + jitCancelledFlow(jitRequest); + } else { + log.error("User {} not allowed to close request", closer); + throw new IllegalAccessException("User not allowed to close the request"); + } + } + + @FunctionalInterface + interface JitFlowFunction { + + void apply( + String reviewerEmail, + JitApproval jitApproval, + JitRequest jitRequest, + List pendingTeams, + List approvedTeams, + List rejectedTeams + ) + throws IOException; + } +} \ No newline at end of file diff --git a/src/main/java/com/navi/infra/portal/v2/jit/utils/ApprovalMapProvider.java b/src/main/java/com/navi/infra/portal/v2/jit/utils/ApprovalMapProvider.java new file mode 100644 index 00000000..ccf6bac5 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/utils/ApprovalMapProvider.java @@ -0,0 +1,61 @@ +package com.navi.infra.portal.v2.jit.utils; + +import static java.util.Collections.unmodifiableMap; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.navi.infra.portal.util.MapUtil; +import com.navi.infra.portal.util.ResourceReaderUtil; +import com.navi.infra.portal.v2.jit.entity.Environment; +import java.io.FileNotFoundException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.stereotype.Component; + +@Component +public class ApprovalMapProvider { + + private final ResourceReaderUtil resourceReaderUtil; + private final MapUtil mapUtil; + private final String requestConfigPath; + + public ApprovalMapProvider( + MapUtil mapUtil, + @Qualifier("yamlMapper") ObjectMapper yamlMapper, + @Value("${jit.request.config.path}") String requestConfigPath + ) { + this.resourceReaderUtil = new ResourceReaderUtil(yamlMapper); + this.mapUtil = mapUtil; + this.requestConfigPath = requestConfigPath; + } + + public Map getAdditionalApprovalMap(String env) { + Map defaultLimitMap; + try { + defaultLimitMap = resourceReaderUtil.getResourceFromPath( + List.of(requestConfigPath, "default.yaml")); + } catch (FileNotFoundException e) { + throw new RuntimeException(e); + } + try { + var envLimitMap = resourceReaderUtil.getResourceFromPath( + List.of(requestConfigPath, env + ".yaml")); + return unmodifiableMap(mapUtil.override(defaultLimitMap, envLimitMap)); + } catch (RuntimeException | FileNotFoundException e) { + return unmodifiableMap(defaultLimitMap); + } + } + + @Bean("additionalApprovalMap") + public Map> additionalApprovalMap() { + Environment[] environments = Environment.values(); + Map> approvalMap = new HashMap<>(); + for (Environment env : environments) { + approvalMap.put(env.type, getAdditionalApprovalMap(env.type)); + } + return unmodifiableMap(approvalMap); + } +} \ No newline at end of file diff --git a/src/main/java/com/navi/infra/portal/v2/jit/utils/AuthUtil.java b/src/main/java/com/navi/infra/portal/v2/jit/utils/AuthUtil.java new file mode 100644 index 00000000..e81b0ab9 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/utils/AuthUtil.java @@ -0,0 +1,110 @@ +package com.navi.infra.portal.v2.jit.utils; + +import static com.navi.infra.portal.v2.role.Actor.JITREVIEWER; + +import com.navi.infra.portal.domain.user.Role; +import com.navi.infra.portal.domain.user.Team; +import com.navi.infra.portal.domain.user.User; +import com.navi.infra.portal.service.user.UserService; +import com.navi.infra.portal.v2.jit.entity.JitApproval; +import com.navi.infra.portal.v2.jit.entity.JitRequest; +import com.navi.infra.portal.v2.jit.entity.JitRequestStatus; +import com.navi.infra.portal.v2.jit.repository.JitApprovalsRepository; +import com.navi.infra.portal.v2.team.TeamService; +import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; + +@Component +@RequiredArgsConstructor +@Slf4j +public class AuthUtil { + + private final UserService userService; + private final TeamService teamService; + private final JitApprovalsRepository jitApprovalsRepository; + + @Value("${jit.number_of_prod_approvals}") + private Long prodJitApprovalsCount; + @Value("${jit.number_of_nonprod_approvals}") + private Long nonprodJitApprovalsCount; + + + public boolean hasTeamApprovalAccess( + List userRoles, + String teamName, + String environmentType + ) { + return userRoles.stream() + .filter(role -> role.contains(JITREVIEWER.toString()) && role.contains(teamName)) + .anyMatch(role -> role.contains(environmentType) || role.contains("ALL")); + } + + public boolean hasPortalApprovalAccess(List userRoles) { + return userRoles.stream() + .anyMatch(role -> role.contains(JITREVIEWER.toString()) && role.contains("PORTAL")); + } + + public boolean isReviewer(String userEmail, JitApproval approvalRequest) { + return approvalRequest.getReviewer().getEmail().equals(userEmail); + } + + public boolean isAuthorized( + JitApproval approvalRequest, + String userEmail, + String environmentType + ) { + User user = userService.findUserByEmail(userEmail); + List userRoles = user.getRoles().stream().map(Role::getName) + .collect(Collectors.toList()); + return isReviewer(userEmail, approvalRequest) && hasTeamApprovalAccess(userRoles, + approvalRequest.getTeam().getName(), environmentType) + || hasPortalApprovalAccess(userRoles); + } + + public List getReviewerTeamsByAction( + Long jitId, JitRequestStatus jitRequestStatus + ) { + return teamService.findAllByIds( + jitApprovalsRepository + .findReviewerTeamsByAction(jitId, jitRequestStatus.toString())) + .parallelStream() + .map(Team::getName) + .sorted() + .collect(Collectors.toList()); + } + + boolean hasApprovalsFromAllRequiredTeams(Long jitId) { + List approvalList = jitApprovalsRepository.countApprovedInEachTeam(jitId); + return approvalList.stream().allMatch(approval -> approval >= 1); + } + + public boolean haveRequiredApprovals(JitRequest jitRequest) { + return hasApprovalsFromAllRequiredTeams(jitRequest.getId()); + // is atleast one approval from each required team obtained based on the mapping in yaml + // and required approval type (master or something) + } + + public List getReviewersFromRole(String teamName, String reviewerRoleType) { + Role reviewerRole = new Role(String.join("_", teamName, + reviewerRoleType, JITREVIEWER.toString())); + return userService.getUsersWithRole(reviewerRole.getName()); + } + + public List getReviewers(String teamName, String environmentType) { + // Determine the reviewers based on REQUEST + List environmentSpecificReviewers = getReviewersFromRole(teamName, environmentType); + List allEnvironmentReviewers = getReviewersFromRole(teamName, "ALL"); + + return Stream.concat(environmentSpecificReviewers.stream(), + allEnvironmentReviewers.stream()) + .distinct() + .collect(Collectors.toList()); + // TODO Add exception in case no reviewers found + // TODO reduce number of userService calls thereby reducing DB calls + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/utils/SlackBotUtil.java b/src/main/java/com/navi/infra/portal/v2/jit/utils/SlackBotUtil.java new file mode 100644 index 00000000..c87f4a39 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/utils/SlackBotUtil.java @@ -0,0 +1,196 @@ +package com.navi.infra.portal.v2.jit.utils; + +import com.navi.infra.portal.dto.slack.SlackMessageBlockType; +import com.navi.infra.portal.dto.slack.SlackMessageText; +import com.navi.infra.portal.dto.slack.SlackMessageTextType; +import com.navi.infra.portal.v2.jit.entity.JitApproval; +import com.navi.infra.portal.v2.jit.entity.JitRequest; +import com.navi.infra.portal.v2.slackbotclient.SlackBotAttachment; +import com.navi.infra.portal.v2.slackbotclient.SlackBotMessageBlock; +import com.navi.infra.portal.v2.slackbotclient.SlackElementStyle; +import com.navi.infra.portal.v2.slackbotclient.SlackElementType; +import com.navi.infra.portal.v2.slackbotclient.SlackMessageElement; +import java.time.temporal.ChronoUnit; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import org.springframework.stereotype.Component; + +@Component +public class SlackBotUtil { + + private ArrayList createInfoFields( + String userEmail, + JitRequest jitRequest, + JitApproval jitApproval + ) { + return new ArrayList<>(Arrays.asList( + createField("ID", + String.join("-", jitRequest.getId().toString(), + jitApproval.getId().toString())), + createField("User", userEmail), + createField("Environment", jitRequest.getEnvironment().toString()), + createField("Resource", jitRequest.getResourceType()), + createField("Action", jitRequest.getResourceAction()), + createField("Review as", jitApproval.getTeam().getName()), + createField("Grant At/On", + jitRequest.getGrantAt().truncatedTo(ChronoUnit.MINUTES).toString()), + createField("Status", jitApproval.getAction().toString()) + )); + } + + private ArrayList createActionButtons(JitApproval jitApproval) { + return new ArrayList<>(Arrays.asList( + createButton("Approve", jitApproval.getId().toString(), "actionApprove", + SlackElementStyle.PRIMARY), + createButton("Reject", jitApproval.getId().toString(), "actionReject", + SlackElementStyle.DANGER) + )); + } + + private SlackMessageText createField(String title, String text) { + return new SlackMessageText(SlackMessageTextType.MARKDOWN, + String.format("*%s*\n%s", title, text)); + } + + private SlackMessageElement createButton( + String text, + String value, + String actionId, + SlackElementStyle style + ) { + return new SlackMessageElement(SlackElementType.BUTTON, + new SlackMessageText(SlackMessageTextType.PLAINTEXT, text), + style, value, actionId); + } + + public SlackBotAttachment getReviewerDm( + String userEmail, JitRequest jitRequest, JitApproval jitApproval, + boolean actionEnabled, SlackColor color + ) { + + ArrayList infoFields = createInfoFields(userEmail, jitRequest, + jitApproval); + ArrayList actionButtons = + actionEnabled ? createActionButtons(jitApproval) : null; + + SlackBotMessageBlock reviewRequestSection = new SlackBotMessageBlock( + SlackMessageBlockType.SECTION, null, null, infoFields); + + SlackBotMessageBlock reviewRequestAction = actionButtons != null ? new SlackBotMessageBlock( + SlackMessageBlockType.ACTIONS, null, actionButtons, null) : null; + + ArrayList blocks = new ArrayList<>(); + blocks.add(reviewRequestSection); + if (reviewRequestAction != null) { + blocks.add(reviewRequestAction); + } + + return new SlackBotAttachment(color.color, blocks); + } + + public SlackBotAttachment getRequestorDm( + JitRequest jitRequest, + Boolean actionEnabled, + List pendingTeams, + List approvedTeams, + List rejectedTeams, + SlackColor color + ) { + SlackMessageText reviewRequestText = new SlackMessageText(SlackMessageTextType.MARKDOWN, + String.format("Access request *#%s* raised for user %s\n" + + "\tReviews pending from: %s\n" + + "\tApproved by: %s\n" + + "\tRejected by: %s\n" + + "\tCurrent Status: %s\n", + jitRequest.getId().toString(), jitRequest.getRequestedFor().getEmail(), + String.join(", ", pendingTeams), + String.join(", ", approvedTeams), + String.join(", ", rejectedTeams), + jitRequest.getStatus().toString())); + + SlackBotMessageBlock reviewRequestSection = new SlackBotMessageBlock( + SlackMessageBlockType.SECTION, reviewRequestText, null, null); + + ArrayList blocks = new ArrayList<>(); + blocks.add(reviewRequestSection); + + if (actionEnabled) { + ArrayList elements = new ArrayList<>(); + + SlackMessageText closeText = new SlackMessageText(SlackMessageTextType.PLAINTEXT, + "Close"); + SlackMessageElement closeButton = new SlackMessageElement(SlackElementType.BUTTON, + closeText, SlackElementStyle.DANGER, jitRequest.getId().toString(), "actionClose"); + elements.add(closeButton); + SlackBotMessageBlock reviewRequestAction = new SlackBotMessageBlock( + SlackMessageBlockType.ACTIONS, null, elements, null); + blocks.add(reviewRequestAction); + } + + return new SlackBotAttachment(color.color, blocks); + } + + public SlackBotAttachment getRequestorNoReviewerDm( + List missingTeams + ) { + SlackMessageText reviewRequestText = new SlackMessageText(SlackMessageTextType.MARKDOWN, + String.format( + "No Reviewers present for team(s): %s. Kindly get notify team to have reviewers. " + + "Contact Cloud Platform oncall if issue persists", + String.join(", ", missingTeams))); + + SlackBotMessageBlock reviewRequestSection = new SlackBotMessageBlock( + SlackMessageBlockType.SECTION, reviewRequestText, null, null); + + ArrayList blocks = new ArrayList<>(); + blocks.add(reviewRequestSection); + + return new SlackBotAttachment(SlackColor.REJECTED.color, blocks); + } + + public SlackBotAttachment getRequestorRequestNotAllowedDm( + JitRequest jitRequest + ) { + SlackMessageText reviewRequestText = new SlackMessageText(SlackMessageTextType.MARKDOWN, + String.format( + "Request for same resource in the specified window already exists. " + + "Contact Cloud Platform oncall if issue persists", + jitRequest.getTeam().getName())); + + SlackBotMessageBlock reviewRequestSection = new SlackBotMessageBlock( + SlackMessageBlockType.SECTION, reviewRequestText, null, null); + + ArrayList blocks = new ArrayList<>(); + blocks.add(reviewRequestSection); + + return new SlackBotAttachment(SlackColor.REJECTED.color, blocks); + } + + public SlackBotAttachment getChannelMessage( + JitRequest jitRequest, + List pendingTeams, + List approvedTeams, + List rejectedTeams, + SlackColor color + ) { + SlackMessageText reviewRequestText = new SlackMessageText(SlackMessageTextType.MARKDOWN, + String.format("Access request *#%s* raised for user %s\n" + + "\tReviews pending from: %s\n" + + "\tApproved by: %s\n" + + "\tRejected by: %s\n" + + "\tCurrent status: %s", + jitRequest.getId().toString(), jitRequest.getRequestedFor().getEmail(), + String.join(", ", pendingTeams), + String.join(", ", approvedTeams), + String.join(", ", rejectedTeams), + jitRequest.getStatus().toString())); + + SlackBotMessageBlock reviewRequestSection = new SlackBotMessageBlock( + SlackMessageBlockType.SECTION, reviewRequestText, null, null); + + ArrayList blocks = new ArrayList<>(); + blocks.add(reviewRequestSection); + return new SlackBotAttachment(color.color, blocks); + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/jit/utils/SlackColor.java b/src/main/java/com/navi/infra/portal/v2/jit/utils/SlackColor.java new file mode 100644 index 00000000..fd8ac222 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/jit/utils/SlackColor.java @@ -0,0 +1,14 @@ +package com.navi.infra.portal.v2.jit.utils; + +public enum SlackColor { + OPEN("#f2c744"), + APPROVED("#3ce336"), + REJECTED("#e03a48"), + INFO("#44c0db"); + + public final String color; + + SlackColor(String color) { + this.color = color; + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/privilege/Action.java b/src/main/java/com/navi/infra/portal/v2/privilege/Action.java index 9a96d641..db72b89e 100644 --- a/src/main/java/com/navi/infra/portal/v2/privilege/Action.java +++ b/src/main/java/com/navi/infra/portal/v2/privilege/Action.java @@ -16,6 +16,8 @@ public enum Action { APPROVAL_WRITE("approval_write"), MANIFEST_SUBSTITUTE_SECRETS("substitute_secrets"), PORTAL_MANAGE_USERS("manage_users"), + JIT_READERS("read"), + JIT_REVIEWERS("review") ; private final String name; diff --git a/src/main/java/com/navi/infra/portal/v2/privilege/PrivilegeServiceImpl.java b/src/main/java/com/navi/infra/portal/v2/privilege/PrivilegeServiceImpl.java index b20a4762..97b7fb0f 100644 --- a/src/main/java/com/navi/infra/portal/v2/privilege/PrivilegeServiceImpl.java +++ b/src/main/java/com/navi/infra/portal/v2/privilege/PrivilegeServiceImpl.java @@ -44,7 +44,9 @@ public class PrivilegeServiceImpl implements PrivilegeService { format("manifest:%s:%s:.*:approval_read", teamName, env), format("manifest:%s:%s:.*:delete", teamName, env), format("manifest:%s:%s:.*:manage", teamName, env), - format("manifest:%s:%s:.*:approval_write", teamName, env) + format("manifest:%s:%s:.*:approval_write", teamName, env), + format("jit:%s:%s:.*:read", teamName, env), + format("jit:%s:%s:.*:review", teamName, env) )), Stream.of( format("manifest:%s:.*:.*:read", teamName), format("manifest:%s:.*:.*:write", teamName), @@ -58,7 +60,9 @@ public class PrivilegeServiceImpl implements PrivilegeService { format("manifest:%s:.*:.*:approval_read", teamName), format("manifest:%s:.*:.*:delete", teamName), format("manifest:%s:.*:.*:manage", teamName), - format("manifest:%s:.*:.*:approval_write", teamName) + format("manifest:%s:.*:.*:approval_write", teamName), + format("jit:%s:.*:.*:read", teamName), + format("jit:%s:.*:.*:review", teamName) )); } diff --git a/src/main/java/com/navi/infra/portal/v2/privilege/ResourceType.java b/src/main/java/com/navi/infra/portal/v2/privilege/ResourceType.java index fe5f780f..8ca79711 100644 --- a/src/main/java/com/navi/infra/portal/v2/privilege/ResourceType.java +++ b/src/main/java/com/navi/infra/portal/v2/privilege/ResourceType.java @@ -2,7 +2,8 @@ package com.navi.infra.portal.v2.privilege; public enum ResourceType { MANIFEST, - KUBE; + KUBE, + JIT; @Override public String toString() { diff --git a/src/main/java/com/navi/infra/portal/v2/role/Actor.java b/src/main/java/com/navi/infra/portal/v2/role/Actor.java index a3882f70..197b32fc 100644 --- a/src/main/java/com/navi/infra/portal/v2/role/Actor.java +++ b/src/main/java/com/navi/infra/portal/v2/role/Actor.java @@ -1,9 +1,11 @@ package com.navi.infra.portal.v2.role; -enum Actor { +public enum Actor { VIEWER, MAINTAINER, - MANAGER; + MANAGER, + JITREADER, + JITREVIEWER; @Override public String toString() { diff --git a/src/main/java/com/navi/infra/portal/v2/role/RoleRepository.java b/src/main/java/com/navi/infra/portal/v2/role/RoleRepository.java index f3e9afde..aa92dce3 100644 --- a/src/main/java/com/navi/infra/portal/v2/role/RoleRepository.java +++ b/src/main/java/com/navi/infra/portal/v2/role/RoleRepository.java @@ -1,8 +1,11 @@ package com.navi.infra.portal.v2.role; import com.navi.infra.portal.domain.user.Role; +import com.navi.infra.portal.domain.user.User; import java.util.List; +import java.util.Optional; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; @Repository @@ -11,4 +14,11 @@ interface RoleRepository extends JpaRepository { Role findByName(String name); List findByNameIn(List name); + + @Query(value = "SELECT u.id, u.email, u.name, u.slack_id FROM users u " + + "JOIN users_roles ur ON u.id = ur.user_id " + + "JOIN role r ON ur.role_id = r.id " + + "WHERE r.name = :roleName", + nativeQuery = true) + List findUsersByRoleName(String roleName); } diff --git a/src/main/java/com/navi/infra/portal/v2/role/RoleService.java b/src/main/java/com/navi/infra/portal/v2/role/RoleService.java index 63f8aca2..6990cdf9 100644 --- a/src/main/java/com/navi/infra/portal/v2/role/RoleService.java +++ b/src/main/java/com/navi/infra/portal/v2/role/RoleService.java @@ -2,6 +2,7 @@ package com.navi.infra.portal.v2.role; import com.navi.infra.portal.domain.user.Privilege; import com.navi.infra.portal.domain.user.Role; +import com.navi.infra.portal.domain.user.User; import java.util.List; import java.util.stream.Stream; @@ -17,4 +18,6 @@ public interface RoleService { Stream mapPrivilegesToRoles(String teamName, List roles, List privileges); + + List findUsersByRoleName(String roleName); } diff --git a/src/main/java/com/navi/infra/portal/v2/role/RoleServiceImpl.java b/src/main/java/com/navi/infra/portal/v2/role/RoleServiceImpl.java index e7da3db1..abe38a98 100644 --- a/src/main/java/com/navi/infra/portal/v2/role/RoleServiceImpl.java +++ b/src/main/java/com/navi/infra/portal/v2/role/RoleServiceImpl.java @@ -2,6 +2,8 @@ package com.navi.infra.portal.v2.role; import static com.navi.infra.portal.v2.privilege.Action.APPROVAL_READ; import static com.navi.infra.portal.v2.privilege.Action.APPROVAL_WRITE; +import static com.navi.infra.portal.v2.privilege.Action.JIT_READERS; +import static com.navi.infra.portal.v2.privilege.Action.JIT_REVIEWERS; import static com.navi.infra.portal.v2.privilege.Action.KUBE_DELETE; import static com.navi.infra.portal.v2.privilege.Action.KUBE_RESTART; import static com.navi.infra.portal.v2.privilege.Action.MANIFEST_CLONE; @@ -13,8 +15,11 @@ import static com.navi.infra.portal.v2.privilege.Action.MANIFEST_SECRET_WRITE; import static com.navi.infra.portal.v2.privilege.Action.MANIFEST_SUPERSECRET_WRITE; import static com.navi.infra.portal.v2.privilege.Action.MANIFEST_WRITE; import static com.navi.infra.portal.v2.privilege.PrivilegeService.ALL; +import static com.navi.infra.portal.v2.privilege.ResourceType.JIT; import static com.navi.infra.portal.v2.privilege.ResourceType.KUBE; import static com.navi.infra.portal.v2.privilege.ResourceType.MANIFEST; +import static com.navi.infra.portal.v2.role.Actor.JITREADER; +import static com.navi.infra.portal.v2.role.Actor.JITREVIEWER; import static com.navi.infra.portal.v2.role.Actor.MAINTAINER; import static com.navi.infra.portal.v2.role.Actor.MANAGER; import static com.navi.infra.portal.v2.role.Actor.VIEWER; @@ -28,7 +33,9 @@ import static org.apache.logging.log4j.util.Strings.join; import com.navi.infra.portal.domain.user.Privilege; import com.navi.infra.portal.domain.user.Role; +import com.navi.infra.portal.domain.user.User; import com.navi.infra.portal.v2.privilege.PrivilegeService; +import java.math.BigInteger; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -36,11 +43,16 @@ import java.util.Map; import java.util.Objects; import java.util.Optional; import java.util.stream.Stream; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections4.CollectionUtils; import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Primary; +import org.springframework.stereotype.Component; import org.springframework.stereotype.Service; @Service +@Primary +@Component("DefaultRoleService") class RoleServiceImpl implements RoleService { private static final String ALL_ENV = "ALL"; @@ -67,6 +79,21 @@ class RoleServiceImpl implements RoleService { return repository.findByNameIn(roles); } + @Override + public List findUsersByRoleName(String roleName) { + var userObjectList = repository.findUsersByRoleName(roleName); + return userObjectList.stream() + .map(objects -> { + var user = new User(); + user.setId(((BigInteger) objects[0]).longValue()); + user.setEmail((String) objects[1]); + user.setName((String) objects[2]); + user.setSlackId((String) objects[3]); + return user; + }) + .collect(toList()); + } + @Override public List saveAll(List roles) { return repository.saveAll(roles); @@ -78,11 +105,15 @@ class RoleServiceImpl implements RoleService { .flatMap(env -> Stream.of( generateName(teamName, env, VIEWER), generateName(teamName, env, MAINTAINER), - generateName(teamName, env, MANAGER) + generateName(teamName, env, MANAGER), + generateName(teamName, env, JITREADER), + generateName(teamName, env, JITREVIEWER) )), Stream.of( generateName(teamName, ALL_ENV, VIEWER), generateName(teamName, ALL_ENV, MAINTAINER), - generateName(teamName, ALL_ENV, MANAGER) + generateName(teamName, ALL_ENV, MANAGER), + generateName(teamName, ALL_ENV, JITREADER), + generateName(teamName, ALL_ENV, JITREVIEWER) )); } @@ -113,6 +144,7 @@ class RoleServiceImpl implements RoleService { .flatMap(List::stream); } + private List mapPrivilegesToRoles( String teamName, String env, @@ -136,9 +168,16 @@ class RoleServiceImpl implements RoleService { private Map> mapWithPrivileges(String teamName, String env) { return Map.of( - generateName(teamName, env, VIEWER), viewerPrivileges(teamName, rolesPrivilegesEnvironmentMap.get(env)), - generateName(teamName, env, MAINTAINER), maintainerPrivileges(teamName, rolesPrivilegesEnvironmentMap.get(env)), - generateName(teamName, env, MANAGER), managerPrivileges(teamName, rolesPrivilegesEnvironmentMap.get(env)) + generateName(teamName, env, VIEWER), + viewerPrivileges(teamName, rolesPrivilegesEnvironmentMap.get(env)), + generateName(teamName, env, MAINTAINER), + maintainerPrivileges(teamName, rolesPrivilegesEnvironmentMap.get(env)), + generateName(teamName, env, MANAGER), + managerPrivileges(teamName, rolesPrivilegesEnvironmentMap.get(env)), + generateName(teamName, env, JITREADER), + jitViewerPrivileges(teamName, rolesPrivilegesEnvironmentMap.get(env)), + generateName(teamName, env, JITREVIEWER), + jitReviewerPrivileges(teamName, rolesPrivilegesEnvironmentMap.get(env)) ); } @@ -173,6 +212,20 @@ class RoleServiceImpl implements RoleService { privilegeService.generateName(MANIFEST, teamName, env, ALL, MANIFEST_READ)); } + private List jitViewerPrivileges(String teamName, String env) { + return List.of( + privilegeService.generateName(JIT, teamName, env, ALL, JIT_READERS)); + } + + private List jitReviewerPrivileges(String teamName, String env) { + final var privileges = new ArrayList<>(jitViewerPrivileges(teamName, env)); + privileges.add( + privilegeService.generateName(JIT, teamName, env, ALL, JIT_REVIEWERS) + ); + return unmodifiableList(privileges); + } + + private String generateName(String teamName, String env, Actor actor) { return join(List.of(teamName, env, actor), '_'); } diff --git a/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotAttachment.java b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotAttachment.java new file mode 100644 index 00000000..2cb97bc2 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotAttachment.java @@ -0,0 +1,23 @@ +package com.navi.infra.portal.v2.slackbotclient; + + +import com.fasterxml.jackson.annotation.JsonAutoDetect; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.google.gson.JsonElement; +import java.io.Serializable; +import java.util.ArrayList; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.Setter; + +@AllArgsConstructor +@Builder(builderClassName = "Builder") +@Getter +@Setter +@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY) +@JsonInclude(JsonInclude.Include.NON_NULL) +public class SlackBotAttachment implements Serializable { + private String color; + private ArrayList blocks; +} diff --git a/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotClient.java b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotClient.java new file mode 100644 index 00000000..0a830d4f --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotClient.java @@ -0,0 +1,101 @@ +package com.navi.infra.portal.v2.slackbotclient; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.slack.api.methods.MethodsClient; +import com.slack.api.methods.SlackApiException; +import com.slack.api.methods.response.chat.ChatPostMessageResponse; +import com.slack.api.model.User; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; + + +@Component +@RequiredArgsConstructor +@Slf4j +public class SlackBotClient { + + private static final String SLACK_API_URL = "https://api.slack.com/methods/"; + private static final String postMessage = "chat.postMessage"; + @Value("${slackbot.token}") + private String slackBotToken; + + @Autowired + private MethodsClient client; + + public Map fetchAndProcessSlackUsers() throws IOException { + Map userSlackIdMap = new HashMap<>(); + // Slack client reference: https://api.slack.com/methods/users.list/code + + try { + var result = client.usersList(r -> r + .token(slackBotToken) + ); + return updateUserSlackIdMap(result.getMembers(), userSlackIdMap); + } catch (IOException | SlackApiException e) { + log.error("error: {}", e.getMessage(), e); + } + return userSlackIdMap; + } + + private Map updateUserSlackIdMap( + List members, + Map userSlackIdMap + ) { + for (User member : members) { + userSlackIdMap.put(member.getProfile().getEmail(), member.getId()); + } + return userSlackIdMap; + } + + public ChatPostMessageResponse postMessage( + String channelId, + SlackBotAttachment slackBotAttachment + ) + throws IOException { + // Slack client reference: https://api.slack.com/methods/chat.postMessage/code + ChatPostMessageResponse result = new ChatPostMessageResponse(); + try { + ObjectMapper objectMapper = new ObjectMapper(); + String textJson = "[" + objectMapper.writeValueAsString(slackBotAttachment) + "]"; + result = client.chatPostMessage(r -> r + .token(slackBotToken) + .channel(channelId) + .text("Just In Time Access Manager") + .attachmentsAsString(textJson) + ); + if (!result.isOk()) { + log.error("Unable to process Slack API request: {}", result.getError()); + } + } catch (IOException | SlackApiException e) { + log.error("error: {}", e.getMessage(), e); + } + return result; + } + + public void updateMessage(String channelId, SlackBotAttachment slackBotAttachment, String ts) + throws IOException { + try { + ObjectMapper objectMapper = new ObjectMapper(); + String textJson = "[" + objectMapper.writeValueAsString(slackBotAttachment) + "]"; + var result = client.chatUpdate(r -> r + .token(slackBotToken) + .channel(channelId) + .ts(ts) + .text("Just In Time Access Manager") + .attachmentsAsString(textJson) + ); + if (!result.isOk()) { + log.error("Unable to process Slack API request: {}", result.getError()); + } + } catch (IOException | SlackApiException e) { + log.error("error: {}", e.getMessage(), e); + } + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotMessage.java b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotMessage.java new file mode 100644 index 00000000..e3ed5bb1 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotMessage.java @@ -0,0 +1,22 @@ +package com.navi.infra.portal.v2.slackbotclient; + + +import com.fasterxml.jackson.annotation.JsonAutoDetect; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.navi.infra.portal.dto.slack.SlackMessageBlock; +import java.io.Serializable; +import java.util.ArrayList; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.Setter; + +@AllArgsConstructor +@Builder(builderClassName = "Builder") +@Getter +@Setter +@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY) +@JsonInclude(JsonInclude.Include.NON_NULL) +public class SlackBotMessage implements Serializable { + private ArrayList blocks; +} diff --git a/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotMessageBlock.java b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotMessageBlock.java new file mode 100644 index 00000000..ab760daa --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackBotMessageBlock.java @@ -0,0 +1,63 @@ +package com.navi.infra.portal.v2.slackbotclient; + +import com.fasterxml.jackson.annotation.JsonAutoDetect; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.navi.infra.portal.dto.slack.SlackMessageBlockType; +import com.navi.infra.portal.dto.slack.SlackMessageText; +import java.util.ArrayList; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +@NoArgsConstructor +@Data +@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY) +@JsonInclude(JsonInclude.Include.NON_NULL) +public class SlackBotMessageBlock { + + private String type; // Example: button + private SlackMessageText text; // Should constitute of SlackBotMessageText + private ArrayList elements; + private ArrayList fields; + + public SlackBotMessageBlock( + SlackMessageBlockType type, + SlackMessageText text, + ArrayList elements, + ArrayList fields + ) { + this.type = type.type; + this.text = text; + this.elements = elements; + this.fields = fields; + } + /* + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Status", + "emoji": true + }, + "style": "primary", + "value": "click_me_78", + "action_id": "actionId-2" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Close", + "emoji": true + }, + "style": "danger", + "value": "click_me_910", + "action_id": "actionId-3" + } + ] + } + */ +} diff --git a/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackConfiguration.java b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackConfiguration.java new file mode 100644 index 00000000..d24fd298 --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackConfiguration.java @@ -0,0 +1,14 @@ +package com.navi.infra.portal.v2.slackbotclient; + +import com.slack.api.Slack; +import com.slack.api.methods.MethodsClient; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +@Configuration +public class SlackConfiguration { + @Bean + public MethodsClient client() { + return Slack.getInstance().methods(); + } +} diff --git a/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackElementStyle.java b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackElementStyle.java new file mode 100644 index 00000000..0e2e059c --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackElementStyle.java @@ -0,0 +1,14 @@ +package com.navi.infra.portal.v2.slackbotclient; + +public enum SlackElementStyle { + + PRIMARY("primary"), + DANGER("danger"); + + public final String type; + + SlackElementStyle(String type) { + this.type = type; + } + +} \ No newline at end of file diff --git a/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackElementType.java b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackElementType.java new file mode 100644 index 00000000..bb4c17ac --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackElementType.java @@ -0,0 +1,13 @@ +package com.navi.infra.portal.v2.slackbotclient; + +public enum SlackElementType { + + BUTTON("button"); + + public final String type; + + SlackElementType(String type) { + this.type = type; + } + +} \ No newline at end of file diff --git a/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackMessageElement.java b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackMessageElement.java new file mode 100644 index 00000000..b85e72ff --- /dev/null +++ b/src/main/java/com/navi/infra/portal/v2/slackbotclient/SlackMessageElement.java @@ -0,0 +1,51 @@ +package com.navi.infra.portal.v2.slackbotclient; + +import com.fasterxml.jackson.annotation.JsonAutoDetect; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.navi.infra.portal.dto.slack.SlackMessageText; +import lombok.Data; +import lombok.NoArgsConstructor; + +@NoArgsConstructor +@Data +@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY) +@JsonInclude(JsonInclude.Include.NON_NULL) +public class SlackMessageElement { + + private String type; // Example: button + private SlackMessageText text; // Should constitute of SlackMessageText + private String style; // Example: primary, danger + private String value; + @JsonProperty("action_id") + private String actionId; // Refers to slackbotclient's internal action_id + + public SlackMessageElement( + SlackElementType type, + SlackMessageText text, + SlackElementStyle style, + String value, + String actionId + ) { + this.type = type.type; + this.text = text; + this.style = style.type; + this.value = value; + this.actionId = actionId; + } + /* + elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Approve", + "emoji": true + }, + "style": "primary", + "value": "click_me_123", + "action_id": "actionId-0" + } + ] + */ +} diff --git a/src/main/resources/application-dev.properties b/src/main/resources/application-dev.properties index d139e73a..bef8b5d9 100644 --- a/src/main/resources/application-dev.properties +++ b/src/main/resources/application-dev.properties @@ -19,13 +19,10 @@ management.metrics.export.prometheus.enabled=true management.server.port=4001 config.manifestAudit.maxAuditCount=${MANIFEST_AUDIT_COUNT:10} spring.main.allow-bean-definition-overriding=true - #JWT token generation jwt.secret.key=${JWT_SECRET_KEY} - #Teams List from Vault - Single source of truth for teams in vault teams.list.vault=${TEAMS_LIST_VAULT} - #AWS Profile aws.region=ap-south-1 aws.profile=${AWS_PROFILE:default} @@ -33,3 +30,8 @@ airflow.url=${AIRFLOW_URL} airflow.token=${AIRFLOW_AUTH_TOKEN} service-dump.dag.id=${SERVICE_DUMP_DAG_ID:kubectl_get_pod} service-dump.image.name=${SERVICE_DUMP_IMAGE_NAME:193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/openjdk:11.0.16-user4k} +#Just In Time Access +slackbot.token=${SLACK_BOT_TOKEN:xoxb-format-12345} +jit.dag.id=${JIT_DAG_ID:jit_dag} +jit.slack.common.channel.id=${JIT_COMMON_CHANNEL:C06NDTBFA1G} +jit.request.config.path=classpath:jit diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 2e206ec0..8452da9d 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -53,6 +53,7 @@ ecr.dockerRegistryNamespace=${DOCKER_REGISTRY_NAMESPACE:medici} config.deployment.strategyNameMapping={'rollingUpdateWithCanary': 'rollingUpdateWithCanaryMixIn', 'canary': 'canary', 'rollingUpdate': 'rollingUpdate'} config.manifestAudit.maxAuditCount=${MANIFEST_AUDIT_COUNT:10} spring.main.allow-bean-definition-overriding=true +jit.request.config.path=classpath:jit manifest.limit.config.path=classpath:changerequest environment.list=cmd,prod,dev,qa,perf,uat,data-platform-prod,data-platform-nonprod,local environment.role.privileges.map={'cmd': 'cmd', 'prod': 'prod', 'dev': 'dev', 'qa': 'qa', 'perf': 'perf', 'uat': 'uat', 'data-platform-prod': 'data-platform-prod', 'data-platform-nonprod': 'data-platform-nonprod', 'local': 'local', 'ALL': '.*'} @@ -70,4 +71,9 @@ airflow.token=${AIRFLOW_AUTH_TOKEN} service-dump.dag.id=${SERVICE_DUMP_DAG_ID} service-dump.image.name=${SERVICE_DUMP_IMAGE_NAME:193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/jdk11-diagnostic:va39edbc8ebfbe68aedb776566e11b88cb4920d75} aws.profile=${AWS_PROFILE:default} -spring.mvc.async.request-timeout=1800000 \ No newline at end of file +spring.mvc.async.request-timeout=1800000 +jit.number_of_prod_approvals=2 +jit.number_of_nonprod_approvals=1 +slackbot.token=${SLACK_BOT_TOKEN:xoxb-format-12345} +jit.dag.id=${JIT_DAG_ID:jit_dag} +jit.slack.common.channel.id=${JIT_COMMON_CHANNEL:C0000000000} \ No newline at end of file diff --git a/src/main/resources/db/migration/V1.70__Add_just_in_time_requests_table.sql b/src/main/resources/db/migration/V1.70__Add_just_in_time_requests_table.sql new file mode 100644 index 00000000..9aec8e93 --- /dev/null +++ b/src/main/resources/db/migration/V1.70__Add_just_in_time_requests_table.sql @@ -0,0 +1,18 @@ +CREATE TABLE jit_requests ( + id BIGSERIAL PRIMARY KEY, + created_at timestamp without time zone NOT NULL, + updated_at timestamp without time zone NOT NULL, + requested_for_id BIGINT NOT NULL REFERENCES users(id), + requested_by_id BIGINT NOT NULL REFERENCES users(id), + vertical character varying(255), + team_id BIGINT NOT NULL REFERENCES team(id), + environment character varying(255), + resource_type character varying(255), + resource_id character varying(255), + resource_action character varying(255), + status character varying(255) NOT NULL, + grant_window BIGINT NOT NULL, + grant_at timestamp without time zone, + requestor_slack_message_timestamp character varying(255), + channel_slack_message_timestamp character varying(255) +); \ No newline at end of file diff --git a/src/main/resources/db/migration/V1.71__Add_just_in_time_approvals_table.sql b/src/main/resources/db/migration/V1.71__Add_just_in_time_approvals_table.sql new file mode 100644 index 00000000..9a51ed13 --- /dev/null +++ b/src/main/resources/db/migration/V1.71__Add_just_in_time_approvals_table.sql @@ -0,0 +1,10 @@ +CREATE TABLE jit_approvals ( + id BIGSERIAL PRIMARY KEY, + created_at timestamp without time zone NOT NULL, + updated_at timestamp without time zone NOT NULL, + jit_id BIGINT NOT NULL REFERENCES jit_requests(id), + reviewer_id BIGINT NOT NULL REFERENCES users(id), + reviewed_at timestamp without time zone, + action character varying(255) NOT NULL, + reviewer_slack_message_timestamp character varying(255) +); \ No newline at end of file diff --git a/src/main/resources/db/migration/V1.72__Alter_user_table_add_slack_user_id.sql b/src/main/resources/db/migration/V1.72__Alter_user_table_add_slack_user_id.sql new file mode 100644 index 00000000..edd6ba24 --- /dev/null +++ b/src/main/resources/db/migration/V1.72__Alter_user_table_add_slack_user_id.sql @@ -0,0 +1 @@ +ALTER TABLE users ADD COLUMN slack_id character varying(255); diff --git a/src/main/resources/db/migration/V1.73__Add_jit_roles_privileges.sql b/src/main/resources/db/migration/V1.73__Add_jit_roles_privileges.sql new file mode 100644 index 00000000..009371a2 --- /dev/null +++ b/src/main/resources/db/migration/V1.73__Add_jit_roles_privileges.sql @@ -0,0 +1,2188 @@ +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:cmd:.*:read'), (now(), now(), 'jit:AMC:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_cmd_JITVIEWER'), (now(), now(), 'AMC_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_cmd_JITVIEWER' AND privilege.name IN ( 'jit:AMC:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:cmd:.*:read', 'jit:AMC:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:prod:.*:read'), (now(), now(), 'jit:AMC:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_prod_JITVIEWER'), (now(), now(), 'AMC_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_prod_JITVIEWER' AND privilege.name IN ( 'jit:AMC:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_prod_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:prod:.*:read', 'jit:AMC:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:dev:.*:read'), (now(), now(), 'jit:AMC:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_dev_JITVIEWER'), (now(), now(), 'AMC_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_dev_JITVIEWER' AND privilege.name IN ( 'jit:AMC:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_dev_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:dev:.*:read', 'jit:AMC:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:qa:.*:read'), (now(), now(), 'jit:AMC:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_qa_JITVIEWER'), (now(), now(), 'AMC_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_qa_JITVIEWER' AND privilege.name IN ( 'jit:AMC:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_qa_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:qa:.*:read', 'jit:AMC:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:perf:.*:read'), (now(), now(), 'jit:AMC:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_perf_JITVIEWER'), (now(), now(), 'AMC_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_perf_JITVIEWER' AND privilege.name IN ( 'jit:AMC:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_perf_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:perf:.*:read', 'jit:AMC:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:uat:.*:read'), (now(), now(), 'jit:AMC:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_uat_JITVIEWER'), (now(), now(), 'AMC_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_uat_JITVIEWER' AND privilege.name IN ( 'jit:AMC:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_uat_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:uat:.*:read', 'jit:AMC:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:data-platform-prod:.*:read'), (now(), now(), 'jit:AMC:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_data-platform-prod_JITVIEWER'), (now(), now(), 'AMC_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:AMC:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:data-platform-prod:.*:read', 'jit:AMC:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:data-platform-nonprod:.*:read'), (now(), now(), 'jit:AMC:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_data-platform-nonprod_JITVIEWER'), (now(), now(), 'AMC_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:AMC:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:data-platform-nonprod:.*:read', 'jit:AMC:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:local:.*:read'), (now(), now(), 'jit:AMC:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_local_JITVIEWER'), (now(), now(), 'AMC_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_local_JITVIEWER' AND privilege.name IN ( 'jit:AMC:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_local_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:local:.*:read', 'jit:AMC:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AMC:.*:.*:read'), (now(), now(), 'jit:AMC:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AMC_ALL_JITVIEWER'), (now(), now(), 'AMC_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_ALL_JITVIEWER' AND privilege.name IN ( 'jit:AMC:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AMC_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:AMC:.*:.*:read', 'jit:AMC:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:cmd:.*:read'), (now(), now(), 'jit:App:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_cmd_JITVIEWER'), (now(), now(), 'App_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_cmd_JITVIEWER' AND privilege.name IN ( 'jit:App:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:App:cmd:.*:read', 'jit:App:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:prod:.*:read'), (now(), now(), 'jit:App:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_prod_JITVIEWER'), (now(), now(), 'App_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_prod_JITVIEWER' AND privilege.name IN ( 'jit:App:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_prod_JITREVIEWER' AND privilege.name IN ( 'jit:App:prod:.*:read', 'jit:App:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:dev:.*:read'), (now(), now(), 'jit:App:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_dev_JITVIEWER'), (now(), now(), 'App_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_dev_JITVIEWER' AND privilege.name IN ( 'jit:App:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_dev_JITREVIEWER' AND privilege.name IN ( 'jit:App:dev:.*:read', 'jit:App:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:qa:.*:read'), (now(), now(), 'jit:App:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_qa_JITVIEWER'), (now(), now(), 'App_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_qa_JITVIEWER' AND privilege.name IN ( 'jit:App:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_qa_JITREVIEWER' AND privilege.name IN ( 'jit:App:qa:.*:read', 'jit:App:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:perf:.*:read'), (now(), now(), 'jit:App:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_perf_JITVIEWER'), (now(), now(), 'App_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_perf_JITVIEWER' AND privilege.name IN ( 'jit:App:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_perf_JITREVIEWER' AND privilege.name IN ( 'jit:App:perf:.*:read', 'jit:App:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:uat:.*:read'), (now(), now(), 'jit:App:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_uat_JITVIEWER'), (now(), now(), 'App_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_uat_JITVIEWER' AND privilege.name IN ( 'jit:App:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_uat_JITREVIEWER' AND privilege.name IN ( 'jit:App:uat:.*:read', 'jit:App:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:data-platform-prod:.*:read'), (now(), now(), 'jit:App:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_data-platform-prod_JITVIEWER'), (now(), now(), 'App_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:App:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:App:data-platform-prod:.*:read', 'jit:App:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:data-platform-nonprod:.*:read'), (now(), now(), 'jit:App:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_data-platform-nonprod_JITVIEWER'), (now(), now(), 'App_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:App:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:App:data-platform-nonprod:.*:read', 'jit:App:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:local:.*:read'), (now(), now(), 'jit:App:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_local_JITVIEWER'), (now(), now(), 'App_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_local_JITVIEWER' AND privilege.name IN ( 'jit:App:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_local_JITREVIEWER' AND privilege.name IN ( 'jit:App:local:.*:read', 'jit:App:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:App:.*:.*:read'), (now(), now(), 'jit:App:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'App_ALL_JITVIEWER'), (now(), now(), 'App_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_ALL_JITVIEWER' AND privilege.name IN ( 'jit:App:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'App_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:App:.*:.*:read', 'jit:App:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:cmd:.*:read'), (now(), now(), 'jit:AppX-Bridge:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_cmd_JITVIEWER'), (now(), now(), 'AppX-Bridge_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_cmd_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:cmd:.*:read', 'jit:AppX-Bridge:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:prod:.*:read'), (now(), now(), 'jit:AppX-Bridge:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_prod_JITVIEWER'), (now(), now(), 'AppX-Bridge_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_prod_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_prod_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:prod:.*:read', 'jit:AppX-Bridge:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:dev:.*:read'), (now(), now(), 'jit:AppX-Bridge:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_dev_JITVIEWER'), (now(), now(), 'AppX-Bridge_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_dev_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_dev_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:dev:.*:read', 'jit:AppX-Bridge:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:qa:.*:read'), (now(), now(), 'jit:AppX-Bridge:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_qa_JITVIEWER'), (now(), now(), 'AppX-Bridge_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_qa_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_qa_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:qa:.*:read', 'jit:AppX-Bridge:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:perf:.*:read'), (now(), now(), 'jit:AppX-Bridge:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_perf_JITVIEWER'), (now(), now(), 'AppX-Bridge_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_perf_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_perf_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:perf:.*:read', 'jit:AppX-Bridge:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:uat:.*:read'), (now(), now(), 'jit:AppX-Bridge:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_uat_JITVIEWER'), (now(), now(), 'AppX-Bridge_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_uat_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_uat_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:uat:.*:read', 'jit:AppX-Bridge:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:data-platform-prod:.*:read'), (now(), now(), 'jit:AppX-Bridge:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_data-platform-prod_JITVIEWER'), (now(), now(), 'AppX-Bridge_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:data-platform-prod:.*:read', 'jit:AppX-Bridge:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:data-platform-nonprod:.*:read'), (now(), now(), 'jit:AppX-Bridge:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_data-platform-nonprod_JITVIEWER'), (now(), now(), 'AppX-Bridge_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:data-platform-nonprod:.*:read', 'jit:AppX-Bridge:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:local:.*:read'), (now(), now(), 'jit:AppX-Bridge:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_local_JITVIEWER'), (now(), now(), 'AppX-Bridge_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_local_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_local_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:local:.*:read', 'jit:AppX-Bridge:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:AppX-Bridge:.*:.*:read'), (now(), now(), 'jit:AppX-Bridge:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'AppX-Bridge_ALL_JITVIEWER'), (now(), now(), 'AppX-Bridge_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_ALL_JITVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'AppX-Bridge_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:AppX-Bridge:.*:.*:read', 'jit:AppX-Bridge:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:cmd:.*:read'), (now(), now(), 'jit:Architect:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_cmd_JITVIEWER'), (now(), now(), 'Architect_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Architect:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:cmd:.*:read', 'jit:Architect:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:prod:.*:read'), (now(), now(), 'jit:Architect:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_prod_JITVIEWER'), (now(), now(), 'Architect_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_prod_JITVIEWER' AND privilege.name IN ( 'jit:Architect:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:prod:.*:read', 'jit:Architect:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:dev:.*:read'), (now(), now(), 'jit:Architect:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_dev_JITVIEWER'), (now(), now(), 'Architect_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_dev_JITVIEWER' AND privilege.name IN ( 'jit:Architect:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:dev:.*:read', 'jit:Architect:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:qa:.*:read'), (now(), now(), 'jit:Architect:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_qa_JITVIEWER'), (now(), now(), 'Architect_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_qa_JITVIEWER' AND privilege.name IN ( 'jit:Architect:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:qa:.*:read', 'jit:Architect:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:perf:.*:read'), (now(), now(), 'jit:Architect:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_perf_JITVIEWER'), (now(), now(), 'Architect_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_perf_JITVIEWER' AND privilege.name IN ( 'jit:Architect:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:perf:.*:read', 'jit:Architect:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:uat:.*:read'), (now(), now(), 'jit:Architect:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_uat_JITVIEWER'), (now(), now(), 'Architect_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_uat_JITVIEWER' AND privilege.name IN ( 'jit:Architect:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:uat:.*:read', 'jit:Architect:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:data-platform-prod:.*:read'), (now(), now(), 'jit:Architect:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_data-platform-prod_JITVIEWER'), (now(), now(), 'Architect_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Architect:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:data-platform-prod:.*:read', 'jit:Architect:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Architect:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Architect_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Architect:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:data-platform-nonprod:.*:read', 'jit:Architect:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:local:.*:read'), (now(), now(), 'jit:Architect:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_local_JITVIEWER'), (now(), now(), 'Architect_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_local_JITVIEWER' AND privilege.name IN ( 'jit:Architect:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_local_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:local:.*:read', 'jit:Architect:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Architect:.*:.*:read'), (now(), now(), 'jit:Architect:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Architect_ALL_JITVIEWER'), (now(), now(), 'Architect_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Architect:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Architect_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Architect:.*:.*:read', 'jit:Architect:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:cmd:.*:read'), (now(), now(), 'jit:Bootcamp:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_cmd_JITVIEWER'), (now(), now(), 'Bootcamp_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:cmd:.*:read', 'jit:Bootcamp:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:prod:.*:read'), (now(), now(), 'jit:Bootcamp:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_prod_JITVIEWER'), (now(), now(), 'Bootcamp_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_prod_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:prod:.*:read', 'jit:Bootcamp:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:dev:.*:read'), (now(), now(), 'jit:Bootcamp:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_dev_JITVIEWER'), (now(), now(), 'Bootcamp_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_dev_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:dev:.*:read', 'jit:Bootcamp:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:qa:.*:read'), (now(), now(), 'jit:Bootcamp:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_qa_JITVIEWER'), (now(), now(), 'Bootcamp_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_qa_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:qa:.*:read', 'jit:Bootcamp:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:perf:.*:read'), (now(), now(), 'jit:Bootcamp:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_perf_JITVIEWER'), (now(), now(), 'Bootcamp_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_perf_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:perf:.*:read', 'jit:Bootcamp:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:uat:.*:read'), (now(), now(), 'jit:Bootcamp:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_uat_JITVIEWER'), (now(), now(), 'Bootcamp_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_uat_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:uat:.*:read', 'jit:Bootcamp:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:data-platform-prod:.*:read'), (now(), now(), 'jit:Bootcamp:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_data-platform-prod_JITVIEWER'), (now(), now(), 'Bootcamp_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:data-platform-prod:.*:read', 'jit:Bootcamp:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Bootcamp:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Bootcamp_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:data-platform-nonprod:.*:read', 'jit:Bootcamp:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:local:.*:read'), (now(), now(), 'jit:Bootcamp:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_local_JITVIEWER'), (now(), now(), 'Bootcamp_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_local_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_local_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:local:.*:read', 'jit:Bootcamp:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Bootcamp:.*:.*:read'), (now(), now(), 'jit:Bootcamp:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Bootcamp_ALL_JITVIEWER'), (now(), now(), 'Bootcamp_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Bootcamp:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Bootcamp_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Bootcamp:.*:.*:read', 'jit:Bootcamp:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:cmd:.*:read'), (now(), now(), 'jit:Borrowings:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_cmd_JITVIEWER'), (now(), now(), 'Borrowings_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:cmd:.*:read', 'jit:Borrowings:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:prod:.*:read'), (now(), now(), 'jit:Borrowings:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_prod_JITVIEWER'), (now(), now(), 'Borrowings_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_prod_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:prod:.*:read', 'jit:Borrowings:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:dev:.*:read'), (now(), now(), 'jit:Borrowings:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_dev_JITVIEWER'), (now(), now(), 'Borrowings_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_dev_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:dev:.*:read', 'jit:Borrowings:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:qa:.*:read'), (now(), now(), 'jit:Borrowings:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_qa_JITVIEWER'), (now(), now(), 'Borrowings_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_qa_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:qa:.*:read', 'jit:Borrowings:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:perf:.*:read'), (now(), now(), 'jit:Borrowings:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_perf_JITVIEWER'), (now(), now(), 'Borrowings_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_perf_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:perf:.*:read', 'jit:Borrowings:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:uat:.*:read'), (now(), now(), 'jit:Borrowings:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_uat_JITVIEWER'), (now(), now(), 'Borrowings_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_uat_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:uat:.*:read', 'jit:Borrowings:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:data-platform-prod:.*:read'), (now(), now(), 'jit:Borrowings:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_data-platform-prod_JITVIEWER'), (now(), now(), 'Borrowings_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:data-platform-prod:.*:read', 'jit:Borrowings:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Borrowings:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Borrowings_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:data-platform-nonprod:.*:read', 'jit:Borrowings:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:local:.*:read'), (now(), now(), 'jit:Borrowings:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_local_JITVIEWER'), (now(), now(), 'Borrowings_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_local_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_local_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:local:.*:read', 'jit:Borrowings:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Borrowings:.*:.*:read'), (now(), now(), 'jit:Borrowings:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Borrowings_ALL_JITVIEWER'), (now(), now(), 'Borrowings_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Borrowings:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Borrowings_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Borrowings:.*:.*:read', 'jit:Borrowings:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:cmd:.*:read'), (now(), now(), 'jit:CBP:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_cmd_JITVIEWER'), (now(), now(), 'CBP_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_cmd_JITVIEWER' AND privilege.name IN ( 'jit:CBP:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:cmd:.*:read', 'jit:CBP:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:prod:.*:read'), (now(), now(), 'jit:CBP:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_prod_JITVIEWER'), (now(), now(), 'CBP_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_prod_JITVIEWER' AND privilege.name IN ( 'jit:CBP:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_prod_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:prod:.*:read', 'jit:CBP:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:dev:.*:read'), (now(), now(), 'jit:CBP:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_dev_JITVIEWER'), (now(), now(), 'CBP_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_dev_JITVIEWER' AND privilege.name IN ( 'jit:CBP:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_dev_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:dev:.*:read', 'jit:CBP:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:qa:.*:read'), (now(), now(), 'jit:CBP:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_qa_JITVIEWER'), (now(), now(), 'CBP_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_qa_JITVIEWER' AND privilege.name IN ( 'jit:CBP:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_qa_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:qa:.*:read', 'jit:CBP:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:perf:.*:read'), (now(), now(), 'jit:CBP:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_perf_JITVIEWER'), (now(), now(), 'CBP_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_perf_JITVIEWER' AND privilege.name IN ( 'jit:CBP:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_perf_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:perf:.*:read', 'jit:CBP:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:uat:.*:read'), (now(), now(), 'jit:CBP:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_uat_JITVIEWER'), (now(), now(), 'CBP_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_uat_JITVIEWER' AND privilege.name IN ( 'jit:CBP:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_uat_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:uat:.*:read', 'jit:CBP:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:data-platform-prod:.*:read'), (now(), now(), 'jit:CBP:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_data-platform-prod_JITVIEWER'), (now(), now(), 'CBP_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:CBP:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:data-platform-prod:.*:read', 'jit:CBP:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:data-platform-nonprod:.*:read'), (now(), now(), 'jit:CBP:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_data-platform-nonprod_JITVIEWER'), (now(), now(), 'CBP_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:CBP:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:data-platform-nonprod:.*:read', 'jit:CBP:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:local:.*:read'), (now(), now(), 'jit:CBP:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_local_JITVIEWER'), (now(), now(), 'CBP_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_local_JITVIEWER' AND privilege.name IN ( 'jit:CBP:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_local_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:local:.*:read', 'jit:CBP:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CBP:.*:.*:read'), (now(), now(), 'jit:CBP:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CBP_ALL_JITVIEWER'), (now(), now(), 'CBP_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_ALL_JITVIEWER' AND privilege.name IN ( 'jit:CBP:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CBP_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:CBP:.*:.*:read', 'jit:CBP:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:cmd:.*:read'), (now(), now(), 'jit:Claims:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_cmd_JITVIEWER'), (now(), now(), 'Claims_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Claims:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:cmd:.*:read', 'jit:Claims:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:prod:.*:read'), (now(), now(), 'jit:Claims:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_prod_JITVIEWER'), (now(), now(), 'Claims_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_prod_JITVIEWER' AND privilege.name IN ( 'jit:Claims:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:prod:.*:read', 'jit:Claims:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:dev:.*:read'), (now(), now(), 'jit:Claims:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_dev_JITVIEWER'), (now(), now(), 'Claims_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_dev_JITVIEWER' AND privilege.name IN ( 'jit:Claims:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:dev:.*:read', 'jit:Claims:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:qa:.*:read'), (now(), now(), 'jit:Claims:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_qa_JITVIEWER'), (now(), now(), 'Claims_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_qa_JITVIEWER' AND privilege.name IN ( 'jit:Claims:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:qa:.*:read', 'jit:Claims:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:perf:.*:read'), (now(), now(), 'jit:Claims:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_perf_JITVIEWER'), (now(), now(), 'Claims_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_perf_JITVIEWER' AND privilege.name IN ( 'jit:Claims:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:perf:.*:read', 'jit:Claims:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:uat:.*:read'), (now(), now(), 'jit:Claims:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_uat_JITVIEWER'), (now(), now(), 'Claims_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_uat_JITVIEWER' AND privilege.name IN ( 'jit:Claims:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:uat:.*:read', 'jit:Claims:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:data-platform-prod:.*:read'), (now(), now(), 'jit:Claims:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_data-platform-prod_JITVIEWER'), (now(), now(), 'Claims_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Claims:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:data-platform-prod:.*:read', 'jit:Claims:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Claims:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Claims_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Claims:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:data-platform-nonprod:.*:read', 'jit:Claims:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:local:.*:read'), (now(), now(), 'jit:Claims:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_local_JITVIEWER'), (now(), now(), 'Claims_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_local_JITVIEWER' AND privilege.name IN ( 'jit:Claims:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_local_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:local:.*:read', 'jit:Claims:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Claims:.*:.*:read'), (now(), now(), 'jit:Claims:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Claims_ALL_JITVIEWER'), (now(), now(), 'Claims_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Claims:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Claims_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Claims:.*:.*:read', 'jit:Claims:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:cmd:.*:read'), (now(), now(), 'jit:Co-Lending:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_cmd_JITVIEWER'), (now(), now(), 'Co-Lending_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:cmd:.*:read', 'jit:Co-Lending:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:prod:.*:read'), (now(), now(), 'jit:Co-Lending:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_prod_JITVIEWER'), (now(), now(), 'Co-Lending_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_prod_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:prod:.*:read', 'jit:Co-Lending:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:dev:.*:read'), (now(), now(), 'jit:Co-Lending:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_dev_JITVIEWER'), (now(), now(), 'Co-Lending_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_dev_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:dev:.*:read', 'jit:Co-Lending:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:qa:.*:read'), (now(), now(), 'jit:Co-Lending:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_qa_JITVIEWER'), (now(), now(), 'Co-Lending_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_qa_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:qa:.*:read', 'jit:Co-Lending:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:perf:.*:read'), (now(), now(), 'jit:Co-Lending:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_perf_JITVIEWER'), (now(), now(), 'Co-Lending_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_perf_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:perf:.*:read', 'jit:Co-Lending:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:uat:.*:read'), (now(), now(), 'jit:Co-Lending:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_uat_JITVIEWER'), (now(), now(), 'Co-Lending_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_uat_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:uat:.*:read', 'jit:Co-Lending:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:data-platform-prod:.*:read'), (now(), now(), 'jit:Co-Lending:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_data-platform-prod_JITVIEWER'), (now(), now(), 'Co-Lending_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:data-platform-prod:.*:read', 'jit:Co-Lending:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Co-Lending:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Co-Lending_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:data-platform-nonprod:.*:read', 'jit:Co-Lending:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:local:.*:read'), (now(), now(), 'jit:Co-Lending:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_local_JITVIEWER'), (now(), now(), 'Co-Lending_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_local_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_local_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:local:.*:read', 'jit:Co-Lending:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Co-Lending:.*:.*:read'), (now(), now(), 'jit:Co-Lending:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Co-Lending_ALL_JITVIEWER'), (now(), now(), 'Co-Lending_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Co-Lending:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Co-Lending_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Co-Lending:.*:.*:read', 'jit:Co-Lending:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:cmd:.*:read'), (now(), now(), 'jit:Collections:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_cmd_JITVIEWER'), (now(), now(), 'Collections_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Collections:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:cmd:.*:read', 'jit:Collections:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:prod:.*:read'), (now(), now(), 'jit:Collections:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_prod_JITVIEWER'), (now(), now(), 'Collections_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_prod_JITVIEWER' AND privilege.name IN ( 'jit:Collections:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:prod:.*:read', 'jit:Collections:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:dev:.*:read'), (now(), now(), 'jit:Collections:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_dev_JITVIEWER'), (now(), now(), 'Collections_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_dev_JITVIEWER' AND privilege.name IN ( 'jit:Collections:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:dev:.*:read', 'jit:Collections:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:qa:.*:read'), (now(), now(), 'jit:Collections:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_qa_JITVIEWER'), (now(), now(), 'Collections_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_qa_JITVIEWER' AND privilege.name IN ( 'jit:Collections:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:qa:.*:read', 'jit:Collections:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:perf:.*:read'), (now(), now(), 'jit:Collections:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_perf_JITVIEWER'), (now(), now(), 'Collections_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_perf_JITVIEWER' AND privilege.name IN ( 'jit:Collections:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:perf:.*:read', 'jit:Collections:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:uat:.*:read'), (now(), now(), 'jit:Collections:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_uat_JITVIEWER'), (now(), now(), 'Collections_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_uat_JITVIEWER' AND privilege.name IN ( 'jit:Collections:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:uat:.*:read', 'jit:Collections:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:data-platform-prod:.*:read'), (now(), now(), 'jit:Collections:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_data-platform-prod_JITVIEWER'), (now(), now(), 'Collections_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Collections:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:data-platform-prod:.*:read', 'jit:Collections:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Collections:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Collections_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Collections:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:data-platform-nonprod:.*:read', 'jit:Collections:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:local:.*:read'), (now(), now(), 'jit:Collections:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_local_JITVIEWER'), (now(), now(), 'Collections_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_local_JITVIEWER' AND privilege.name IN ( 'jit:Collections:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_local_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:local:.*:read', 'jit:Collections:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Collections:.*:.*:read'), (now(), now(), 'jit:Collections:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Collections_ALL_JITVIEWER'), (now(), now(), 'Collections_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Collections:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Collections_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Collections:.*:.*:read', 'jit:Collections:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:cmd:.*:read'), (now(), now(), 'jit:Communication:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_cmd_JITVIEWER'), (now(), now(), 'Communication_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Communication:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:cmd:.*:read', 'jit:Communication:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:prod:.*:read'), (now(), now(), 'jit:Communication:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_prod_JITVIEWER'), (now(), now(), 'Communication_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_prod_JITVIEWER' AND privilege.name IN ( 'jit:Communication:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:prod:.*:read', 'jit:Communication:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:dev:.*:read'), (now(), now(), 'jit:Communication:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_dev_JITVIEWER'), (now(), now(), 'Communication_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_dev_JITVIEWER' AND privilege.name IN ( 'jit:Communication:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:dev:.*:read', 'jit:Communication:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:qa:.*:read'), (now(), now(), 'jit:Communication:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_qa_JITVIEWER'), (now(), now(), 'Communication_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_qa_JITVIEWER' AND privilege.name IN ( 'jit:Communication:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:qa:.*:read', 'jit:Communication:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:perf:.*:read'), (now(), now(), 'jit:Communication:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_perf_JITVIEWER'), (now(), now(), 'Communication_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_perf_JITVIEWER' AND privilege.name IN ( 'jit:Communication:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:perf:.*:read', 'jit:Communication:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:uat:.*:read'), (now(), now(), 'jit:Communication:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_uat_JITVIEWER'), (now(), now(), 'Communication_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_uat_JITVIEWER' AND privilege.name IN ( 'jit:Communication:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:uat:.*:read', 'jit:Communication:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:data-platform-prod:.*:read'), (now(), now(), 'jit:Communication:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_data-platform-prod_JITVIEWER'), (now(), now(), 'Communication_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Communication:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:data-platform-prod:.*:read', 'jit:Communication:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Communication:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Communication_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Communication:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:data-platform-nonprod:.*:read', 'jit:Communication:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:local:.*:read'), (now(), now(), 'jit:Communication:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_local_JITVIEWER'), (now(), now(), 'Communication_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_local_JITVIEWER' AND privilege.name IN ( 'jit:Communication:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_local_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:local:.*:read', 'jit:Communication:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Communication:.*:.*:read'), (now(), now(), 'jit:Communication:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Communication_ALL_JITVIEWER'), (now(), now(), 'Communication_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Communication:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Communication_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Communication:.*:.*:read', 'jit:Communication:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:cmd:.*:read'), (now(), now(), 'jit:Cosmos:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_cmd_JITVIEWER'), (now(), now(), 'Cosmos_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:cmd:.*:read', 'jit:Cosmos:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:prod:.*:read'), (now(), now(), 'jit:Cosmos:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_prod_JITVIEWER'), (now(), now(), 'Cosmos_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_prod_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:prod:.*:read', 'jit:Cosmos:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:dev:.*:read'), (now(), now(), 'jit:Cosmos:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_dev_JITVIEWER'), (now(), now(), 'Cosmos_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_dev_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:dev:.*:read', 'jit:Cosmos:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:qa:.*:read'), (now(), now(), 'jit:Cosmos:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_qa_JITVIEWER'), (now(), now(), 'Cosmos_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_qa_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:qa:.*:read', 'jit:Cosmos:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:perf:.*:read'), (now(), now(), 'jit:Cosmos:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_perf_JITVIEWER'), (now(), now(), 'Cosmos_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_perf_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:perf:.*:read', 'jit:Cosmos:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:uat:.*:read'), (now(), now(), 'jit:Cosmos:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_uat_JITVIEWER'), (now(), now(), 'Cosmos_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_uat_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:uat:.*:read', 'jit:Cosmos:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:data-platform-prod:.*:read'), (now(), now(), 'jit:Cosmos:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_data-platform-prod_JITVIEWER'), (now(), now(), 'Cosmos_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:data-platform-prod:.*:read', 'jit:Cosmos:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Cosmos:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Cosmos_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:data-platform-nonprod:.*:read', 'jit:Cosmos:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:local:.*:read'), (now(), now(), 'jit:Cosmos:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_local_JITVIEWER'), (now(), now(), 'Cosmos_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_local_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_local_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:local:.*:read', 'jit:Cosmos:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Cosmos:.*:.*:read'), (now(), now(), 'jit:Cosmos:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Cosmos_ALL_JITVIEWER'), (now(), now(), 'Cosmos_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Cosmos:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Cosmos_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Cosmos:.*:.*:read', 'jit:Cosmos:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:cmd:.*:read'), (now(), now(), 'jit:CRM:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_cmd_JITVIEWER'), (now(), now(), 'CRM_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_cmd_JITVIEWER' AND privilege.name IN ( 'jit:CRM:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:cmd:.*:read', 'jit:CRM:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:prod:.*:read'), (now(), now(), 'jit:CRM:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_prod_JITVIEWER'), (now(), now(), 'CRM_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_prod_JITVIEWER' AND privilege.name IN ( 'jit:CRM:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_prod_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:prod:.*:read', 'jit:CRM:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:dev:.*:read'), (now(), now(), 'jit:CRM:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_dev_JITVIEWER'), (now(), now(), 'CRM_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_dev_JITVIEWER' AND privilege.name IN ( 'jit:CRM:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_dev_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:dev:.*:read', 'jit:CRM:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:qa:.*:read'), (now(), now(), 'jit:CRM:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_qa_JITVIEWER'), (now(), now(), 'CRM_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_qa_JITVIEWER' AND privilege.name IN ( 'jit:CRM:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_qa_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:qa:.*:read', 'jit:CRM:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:perf:.*:read'), (now(), now(), 'jit:CRM:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_perf_JITVIEWER'), (now(), now(), 'CRM_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_perf_JITVIEWER' AND privilege.name IN ( 'jit:CRM:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_perf_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:perf:.*:read', 'jit:CRM:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:uat:.*:read'), (now(), now(), 'jit:CRM:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_uat_JITVIEWER'), (now(), now(), 'CRM_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_uat_JITVIEWER' AND privilege.name IN ( 'jit:CRM:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_uat_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:uat:.*:read', 'jit:CRM:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:data-platform-prod:.*:read'), (now(), now(), 'jit:CRM:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_data-platform-prod_JITVIEWER'), (now(), now(), 'CRM_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:CRM:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:data-platform-prod:.*:read', 'jit:CRM:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:data-platform-nonprod:.*:read'), (now(), now(), 'jit:CRM:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_data-platform-nonprod_JITVIEWER'), (now(), now(), 'CRM_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:CRM:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:data-platform-nonprod:.*:read', 'jit:CRM:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:local:.*:read'), (now(), now(), 'jit:CRM:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_local_JITVIEWER'), (now(), now(), 'CRM_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_local_JITVIEWER' AND privilege.name IN ( 'jit:CRM:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_local_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:local:.*:read', 'jit:CRM:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:CRM:.*:.*:read'), (now(), now(), 'jit:CRM:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'CRM_ALL_JITVIEWER'), (now(), now(), 'CRM_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_ALL_JITVIEWER' AND privilege.name IN ( 'jit:CRM:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'CRM_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:CRM:.*:.*:read', 'jit:CRM:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:cmd:.*:read'), (now(), now(), 'jit:DataPlatform:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_cmd_JITVIEWER'), (now(), now(), 'DataPlatform_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_cmd_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:cmd:.*:read', 'jit:DataPlatform:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:prod:.*:read'), (now(), now(), 'jit:DataPlatform:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_prod_JITVIEWER'), (now(), now(), 'DataPlatform_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_prod_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_prod_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:prod:.*:read', 'jit:DataPlatform:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:dev:.*:read'), (now(), now(), 'jit:DataPlatform:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_dev_JITVIEWER'), (now(), now(), 'DataPlatform_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_dev_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_dev_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:dev:.*:read', 'jit:DataPlatform:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:qa:.*:read'), (now(), now(), 'jit:DataPlatform:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_qa_JITVIEWER'), (now(), now(), 'DataPlatform_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_qa_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_qa_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:qa:.*:read', 'jit:DataPlatform:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:perf:.*:read'), (now(), now(), 'jit:DataPlatform:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_perf_JITVIEWER'), (now(), now(), 'DataPlatform_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_perf_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_perf_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:perf:.*:read', 'jit:DataPlatform:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:uat:.*:read'), (now(), now(), 'jit:DataPlatform:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_uat_JITVIEWER'), (now(), now(), 'DataPlatform_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_uat_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_uat_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:uat:.*:read', 'jit:DataPlatform:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:data-platform-prod:.*:read'), (now(), now(), 'jit:DataPlatform:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_data-platform-prod_JITVIEWER'), (now(), now(), 'DataPlatform_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:data-platform-prod:.*:read', 'jit:DataPlatform:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:data-platform-nonprod:.*:read'), (now(), now(), 'jit:DataPlatform:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_data-platform-nonprod_JITVIEWER'), (now(), now(), 'DataPlatform_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:data-platform-nonprod:.*:read', 'jit:DataPlatform:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:local:.*:read'), (now(), now(), 'jit:DataPlatform:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_local_JITVIEWER'), (now(), now(), 'DataPlatform_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_local_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_local_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:local:.*:read', 'jit:DataPlatform:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataPlatform:.*:.*:read'), (now(), now(), 'jit:DataPlatform:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataPlatform_ALL_JITVIEWER'), (now(), now(), 'DataPlatform_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_ALL_JITVIEWER' AND privilege.name IN ( 'jit:DataPlatform:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataPlatform_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:DataPlatform:.*:.*:read', 'jit:DataPlatform:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:cmd:.*:read'), (now(), now(), 'jit:DataScience:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_cmd_JITVIEWER'), (now(), now(), 'DataScience_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_cmd_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:cmd:.*:read', 'jit:DataScience:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:prod:.*:read'), (now(), now(), 'jit:DataScience:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_prod_JITVIEWER'), (now(), now(), 'DataScience_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_prod_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_prod_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:prod:.*:read', 'jit:DataScience:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:dev:.*:read'), (now(), now(), 'jit:DataScience:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_dev_JITVIEWER'), (now(), now(), 'DataScience_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_dev_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_dev_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:dev:.*:read', 'jit:DataScience:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:qa:.*:read'), (now(), now(), 'jit:DataScience:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_qa_JITVIEWER'), (now(), now(), 'DataScience_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_qa_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_qa_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:qa:.*:read', 'jit:DataScience:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:perf:.*:read'), (now(), now(), 'jit:DataScience:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_perf_JITVIEWER'), (now(), now(), 'DataScience_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_perf_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_perf_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:perf:.*:read', 'jit:DataScience:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:uat:.*:read'), (now(), now(), 'jit:DataScience:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_uat_JITVIEWER'), (now(), now(), 'DataScience_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_uat_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_uat_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:uat:.*:read', 'jit:DataScience:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:data-platform-prod:.*:read'), (now(), now(), 'jit:DataScience:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_data-platform-prod_JITVIEWER'), (now(), now(), 'DataScience_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:data-platform-prod:.*:read', 'jit:DataScience:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:data-platform-nonprod:.*:read'), (now(), now(), 'jit:DataScience:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_data-platform-nonprod_JITVIEWER'), (now(), now(), 'DataScience_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:data-platform-nonprod:.*:read', 'jit:DataScience:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:local:.*:read'), (now(), now(), 'jit:DataScience:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_local_JITVIEWER'), (now(), now(), 'DataScience_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_local_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_local_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:local:.*:read', 'jit:DataScience:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:DataScience:.*:.*:read'), (now(), now(), 'jit:DataScience:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'DataScience_ALL_JITVIEWER'), (now(), now(), 'DataScience_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_ALL_JITVIEWER' AND privilege.name IN ( 'jit:DataScience:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'DataScience_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:DataScience:.*:.*:read', 'jit:DataScience:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:cmd:.*:read'), (now(), now(), 'jit:Digital-Gold:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_cmd_JITVIEWER'), (now(), now(), 'Digital-Gold_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:cmd:.*:read', 'jit:Digital-Gold:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:prod:.*:read'), (now(), now(), 'jit:Digital-Gold:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_prod_JITVIEWER'), (now(), now(), 'Digital-Gold_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_prod_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:prod:.*:read', 'jit:Digital-Gold:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:dev:.*:read'), (now(), now(), 'jit:Digital-Gold:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_dev_JITVIEWER'), (now(), now(), 'Digital-Gold_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_dev_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:dev:.*:read', 'jit:Digital-Gold:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:qa:.*:read'), (now(), now(), 'jit:Digital-Gold:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_qa_JITVIEWER'), (now(), now(), 'Digital-Gold_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_qa_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:qa:.*:read', 'jit:Digital-Gold:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:perf:.*:read'), (now(), now(), 'jit:Digital-Gold:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_perf_JITVIEWER'), (now(), now(), 'Digital-Gold_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_perf_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:perf:.*:read', 'jit:Digital-Gold:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:uat:.*:read'), (now(), now(), 'jit:Digital-Gold:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_uat_JITVIEWER'), (now(), now(), 'Digital-Gold_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_uat_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:uat:.*:read', 'jit:Digital-Gold:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:data-platform-prod:.*:read'), (now(), now(), 'jit:Digital-Gold:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_data-platform-prod_JITVIEWER'), (now(), now(), 'Digital-Gold_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:data-platform-prod:.*:read', 'jit:Digital-Gold:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Digital-Gold:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Digital-Gold_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:data-platform-nonprod:.*:read', 'jit:Digital-Gold:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:local:.*:read'), (now(), now(), 'jit:Digital-Gold:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_local_JITVIEWER'), (now(), now(), 'Digital-Gold_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_local_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_local_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:local:.*:read', 'jit:Digital-Gold:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Digital-Gold:.*:.*:read'), (now(), now(), 'jit:Digital-Gold:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Digital-Gold_ALL_JITVIEWER'), (now(), now(), 'Digital-Gold_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Digital-Gold_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Digital-Gold:.*:.*:read', 'jit:Digital-Gold:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:cmd:.*:read'), (now(), now(), 'jit:Edge:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_cmd_JITVIEWER'), (now(), now(), 'Edge_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Edge:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:cmd:.*:read', 'jit:Edge:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:prod:.*:read'), (now(), now(), 'jit:Edge:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_prod_JITVIEWER'), (now(), now(), 'Edge_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_prod_JITVIEWER' AND privilege.name IN ( 'jit:Edge:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:prod:.*:read', 'jit:Edge:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:dev:.*:read'), (now(), now(), 'jit:Edge:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_dev_JITVIEWER'), (now(), now(), 'Edge_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_dev_JITVIEWER' AND privilege.name IN ( 'jit:Edge:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:dev:.*:read', 'jit:Edge:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:qa:.*:read'), (now(), now(), 'jit:Edge:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_qa_JITVIEWER'), (now(), now(), 'Edge_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_qa_JITVIEWER' AND privilege.name IN ( 'jit:Edge:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:qa:.*:read', 'jit:Edge:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:perf:.*:read'), (now(), now(), 'jit:Edge:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_perf_JITVIEWER'), (now(), now(), 'Edge_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_perf_JITVIEWER' AND privilege.name IN ( 'jit:Edge:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:perf:.*:read', 'jit:Edge:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:uat:.*:read'), (now(), now(), 'jit:Edge:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_uat_JITVIEWER'), (now(), now(), 'Edge_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_uat_JITVIEWER' AND privilege.name IN ( 'jit:Edge:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:uat:.*:read', 'jit:Edge:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:data-platform-prod:.*:read'), (now(), now(), 'jit:Edge:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_data-platform-prod_JITVIEWER'), (now(), now(), 'Edge_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Edge:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:data-platform-prod:.*:read', 'jit:Edge:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Edge:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Edge_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Edge:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:data-platform-nonprod:.*:read', 'jit:Edge:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:local:.*:read'), (now(), now(), 'jit:Edge:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_local_JITVIEWER'), (now(), now(), 'Edge_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_local_JITVIEWER' AND privilege.name IN ( 'jit:Edge:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_local_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:local:.*:read', 'jit:Edge:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Edge:.*:.*:read'), (now(), now(), 'jit:Edge:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Edge_ALL_JITVIEWER'), (now(), now(), 'Edge_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Edge:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Edge_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Edge:.*:.*:read', 'jit:Edge:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:cmd:.*:read'), (now(), now(), 'jit:Frameworks:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_cmd_JITVIEWER'), (now(), now(), 'Frameworks_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:cmd:.*:read', 'jit:Frameworks:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:prod:.*:read'), (now(), now(), 'jit:Frameworks:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_prod_JITVIEWER'), (now(), now(), 'Frameworks_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_prod_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:prod:.*:read', 'jit:Frameworks:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:dev:.*:read'), (now(), now(), 'jit:Frameworks:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_dev_JITVIEWER'), (now(), now(), 'Frameworks_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_dev_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:dev:.*:read', 'jit:Frameworks:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:qa:.*:read'), (now(), now(), 'jit:Frameworks:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_qa_JITVIEWER'), (now(), now(), 'Frameworks_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_qa_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:qa:.*:read', 'jit:Frameworks:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:perf:.*:read'), (now(), now(), 'jit:Frameworks:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_perf_JITVIEWER'), (now(), now(), 'Frameworks_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_perf_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:perf:.*:read', 'jit:Frameworks:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:uat:.*:read'), (now(), now(), 'jit:Frameworks:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_uat_JITVIEWER'), (now(), now(), 'Frameworks_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_uat_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:uat:.*:read', 'jit:Frameworks:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:data-platform-prod:.*:read'), (now(), now(), 'jit:Frameworks:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_data-platform-prod_JITVIEWER'), (now(), now(), 'Frameworks_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:data-platform-prod:.*:read', 'jit:Frameworks:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Frameworks:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Frameworks_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:data-platform-nonprod:.*:read', 'jit:Frameworks:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:local:.*:read'), (now(), now(), 'jit:Frameworks:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_local_JITVIEWER'), (now(), now(), 'Frameworks_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_local_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_local_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:local:.*:read', 'jit:Frameworks:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Frameworks:.*:.*:read'), (now(), now(), 'jit:Frameworks:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Frameworks_ALL_JITVIEWER'), (now(), now(), 'Frameworks_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Frameworks:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Frameworks_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Frameworks:.*:.*:read', 'jit:Frameworks:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:cmd:.*:read'), (now(), now(), 'jit:Generative-AI:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_cmd_JITVIEWER'), (now(), now(), 'Generative-AI_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:cmd:.*:read', 'jit:Generative-AI:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:prod:.*:read'), (now(), now(), 'jit:Generative-AI:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_prod_JITVIEWER'), (now(), now(), 'Generative-AI_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_prod_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:prod:.*:read', 'jit:Generative-AI:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:dev:.*:read'), (now(), now(), 'jit:Generative-AI:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_dev_JITVIEWER'), (now(), now(), 'Generative-AI_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_dev_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:dev:.*:read', 'jit:Generative-AI:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:qa:.*:read'), (now(), now(), 'jit:Generative-AI:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_qa_JITVIEWER'), (now(), now(), 'Generative-AI_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_qa_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:qa:.*:read', 'jit:Generative-AI:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:perf:.*:read'), (now(), now(), 'jit:Generative-AI:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_perf_JITVIEWER'), (now(), now(), 'Generative-AI_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_perf_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:perf:.*:read', 'jit:Generative-AI:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:uat:.*:read'), (now(), now(), 'jit:Generative-AI:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_uat_JITVIEWER'), (now(), now(), 'Generative-AI_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_uat_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:uat:.*:read', 'jit:Generative-AI:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:data-platform-prod:.*:read'), (now(), now(), 'jit:Generative-AI:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_data-platform-prod_JITVIEWER'), (now(), now(), 'Generative-AI_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:data-platform-prod:.*:read', 'jit:Generative-AI:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Generative-AI:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Generative-AI_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:data-platform-nonprod:.*:read', 'jit:Generative-AI:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:local:.*:read'), (now(), now(), 'jit:Generative-AI:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_local_JITVIEWER'), (now(), now(), 'Generative-AI_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_local_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_local_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:local:.*:read', 'jit:Generative-AI:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Generative-AI:.*:.*:read'), (now(), now(), 'jit:Generative-AI:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Generative-AI_ALL_JITVIEWER'), (now(), now(), 'Generative-AI_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Generative-AI:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Generative-AI_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Generative-AI:.*:.*:read', 'jit:Generative-AI:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:cmd:.*:read'), (now(), now(), 'jit:GI-Conversions:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_cmd_JITVIEWER'), (now(), now(), 'GI-Conversions_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_cmd_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:cmd:.*:read', 'jit:GI-Conversions:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:prod:.*:read'), (now(), now(), 'jit:GI-Conversions:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_prod_JITVIEWER'), (now(), now(), 'GI-Conversions_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_prod_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_prod_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:prod:.*:read', 'jit:GI-Conversions:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:dev:.*:read'), (now(), now(), 'jit:GI-Conversions:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_dev_JITVIEWER'), (now(), now(), 'GI-Conversions_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_dev_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_dev_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:dev:.*:read', 'jit:GI-Conversions:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:qa:.*:read'), (now(), now(), 'jit:GI-Conversions:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_qa_JITVIEWER'), (now(), now(), 'GI-Conversions_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_qa_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_qa_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:qa:.*:read', 'jit:GI-Conversions:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:perf:.*:read'), (now(), now(), 'jit:GI-Conversions:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_perf_JITVIEWER'), (now(), now(), 'GI-Conversions_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_perf_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_perf_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:perf:.*:read', 'jit:GI-Conversions:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:uat:.*:read'), (now(), now(), 'jit:GI-Conversions:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_uat_JITVIEWER'), (now(), now(), 'GI-Conversions_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_uat_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_uat_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:uat:.*:read', 'jit:GI-Conversions:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:data-platform-prod:.*:read'), (now(), now(), 'jit:GI-Conversions:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_data-platform-prod_JITVIEWER'), (now(), now(), 'GI-Conversions_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:data-platform-prod:.*:read', 'jit:GI-Conversions:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:data-platform-nonprod:.*:read'), (now(), now(), 'jit:GI-Conversions:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_data-platform-nonprod_JITVIEWER'), (now(), now(), 'GI-Conversions_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:data-platform-nonprod:.*:read', 'jit:GI-Conversions:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:local:.*:read'), (now(), now(), 'jit:GI-Conversions:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_local_JITVIEWER'), (now(), now(), 'GI-Conversions_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_local_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_local_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:local:.*:read', 'jit:GI-Conversions:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Conversions:.*:.*:read'), (now(), now(), 'jit:GI-Conversions:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Conversions_ALL_JITVIEWER'), (now(), now(), 'GI-Conversions_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_ALL_JITVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Conversions_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Conversions:.*:.*:read', 'jit:GI-Conversions:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:cmd:.*:read'), (now(), now(), 'jit:GI-Operations:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_cmd_JITVIEWER'), (now(), now(), 'GI-Operations_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_cmd_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:cmd:.*:read', 'jit:GI-Operations:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:prod:.*:read'), (now(), now(), 'jit:GI-Operations:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_prod_JITVIEWER'), (now(), now(), 'GI-Operations_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_prod_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_prod_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:prod:.*:read', 'jit:GI-Operations:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:dev:.*:read'), (now(), now(), 'jit:GI-Operations:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_dev_JITVIEWER'), (now(), now(), 'GI-Operations_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_dev_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_dev_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:dev:.*:read', 'jit:GI-Operations:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:qa:.*:read'), (now(), now(), 'jit:GI-Operations:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_qa_JITVIEWER'), (now(), now(), 'GI-Operations_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_qa_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_qa_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:qa:.*:read', 'jit:GI-Operations:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:perf:.*:read'), (now(), now(), 'jit:GI-Operations:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_perf_JITVIEWER'), (now(), now(), 'GI-Operations_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_perf_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_perf_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:perf:.*:read', 'jit:GI-Operations:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:uat:.*:read'), (now(), now(), 'jit:GI-Operations:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_uat_JITVIEWER'), (now(), now(), 'GI-Operations_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_uat_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_uat_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:uat:.*:read', 'jit:GI-Operations:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:data-platform-prod:.*:read'), (now(), now(), 'jit:GI-Operations:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_data-platform-prod_JITVIEWER'), (now(), now(), 'GI-Operations_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:data-platform-prod:.*:read', 'jit:GI-Operations:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:data-platform-nonprod:.*:read'), (now(), now(), 'jit:GI-Operations:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_data-platform-nonprod_JITVIEWER'), (now(), now(), 'GI-Operations_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:data-platform-nonprod:.*:read', 'jit:GI-Operations:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:local:.*:read'), (now(), now(), 'jit:GI-Operations:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_local_JITVIEWER'), (now(), now(), 'GI-Operations_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_local_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_local_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:local:.*:read', 'jit:GI-Operations:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GI-Operations:.*:.*:read'), (now(), now(), 'jit:GI-Operations:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GI-Operations_ALL_JITVIEWER'), (now(), now(), 'GI-Operations_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_ALL_JITVIEWER' AND privilege.name IN ( 'jit:GI-Operations:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GI-Operations_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:GI-Operations:.*:.*:read', 'jit:GI-Operations:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:cmd:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_cmd_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_cmd_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:cmd:.*:read', 'jit:GrowthAndEngagement:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:prod:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_prod_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_prod_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_prod_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:prod:.*:read', 'jit:GrowthAndEngagement:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:dev:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_dev_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_dev_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_dev_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:dev:.*:read', 'jit:GrowthAndEngagement:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:qa:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_qa_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_qa_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_qa_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:qa:.*:read', 'jit:GrowthAndEngagement:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:perf:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_perf_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_perf_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_perf_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:perf:.*:read', 'jit:GrowthAndEngagement:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:uat:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_uat_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_uat_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_uat_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:uat:.*:read', 'jit:GrowthAndEngagement:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:data-platform-prod:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_data-platform-prod_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:data-platform-prod:.*:read', 'jit:GrowthAndEngagement:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:data-platform-nonprod:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_data-platform-nonprod_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:data-platform-nonprod:.*:read', 'jit:GrowthAndEngagement:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:local:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_local_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_local_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_local_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:local:.*:read', 'jit:GrowthAndEngagement:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:GrowthAndEngagement:.*:.*:read'), (now(), now(), 'jit:GrowthAndEngagement:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'GrowthAndEngagement_ALL_JITVIEWER'), (now(), now(), 'GrowthAndEngagement_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_ALL_JITVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'GrowthAndEngagement_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:GrowthAndEngagement:.*:.*:read', 'jit:GrowthAndEngagement:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:cmd:.*:read'), (now(), now(), 'jit:HL-Conversions:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_cmd_JITVIEWER'), (now(), now(), 'HL-Conversions_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_cmd_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:cmd:.*:read', 'jit:HL-Conversions:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:prod:.*:read'), (now(), now(), 'jit:HL-Conversions:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_prod_JITVIEWER'), (now(), now(), 'HL-Conversions_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_prod_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_prod_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:prod:.*:read', 'jit:HL-Conversions:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:dev:.*:read'), (now(), now(), 'jit:HL-Conversions:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_dev_JITVIEWER'), (now(), now(), 'HL-Conversions_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_dev_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_dev_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:dev:.*:read', 'jit:HL-Conversions:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:qa:.*:read'), (now(), now(), 'jit:HL-Conversions:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_qa_JITVIEWER'), (now(), now(), 'HL-Conversions_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_qa_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_qa_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:qa:.*:read', 'jit:HL-Conversions:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:perf:.*:read'), (now(), now(), 'jit:HL-Conversions:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_perf_JITVIEWER'), (now(), now(), 'HL-Conversions_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_perf_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_perf_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:perf:.*:read', 'jit:HL-Conversions:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:uat:.*:read'), (now(), now(), 'jit:HL-Conversions:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_uat_JITVIEWER'), (now(), now(), 'HL-Conversions_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_uat_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_uat_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:uat:.*:read', 'jit:HL-Conversions:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:data-platform-prod:.*:read'), (now(), now(), 'jit:HL-Conversions:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_data-platform-prod_JITVIEWER'), (now(), now(), 'HL-Conversions_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:data-platform-prod:.*:read', 'jit:HL-Conversions:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:data-platform-nonprod:.*:read'), (now(), now(), 'jit:HL-Conversions:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_data-platform-nonprod_JITVIEWER'), (now(), now(), 'HL-Conversions_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:data-platform-nonprod:.*:read', 'jit:HL-Conversions:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:local:.*:read'), (now(), now(), 'jit:HL-Conversions:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_local_JITVIEWER'), (now(), now(), 'HL-Conversions_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_local_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_local_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:local:.*:read', 'jit:HL-Conversions:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Conversions:.*:.*:read'), (now(), now(), 'jit:HL-Conversions:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Conversions_ALL_JITVIEWER'), (now(), now(), 'HL-Conversions_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_ALL_JITVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Conversions_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Conversions:.*:.*:read', 'jit:HL-Conversions:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:cmd:.*:read'), (now(), now(), 'jit:HL-Operations:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_cmd_JITVIEWER'), (now(), now(), 'HL-Operations_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_cmd_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:cmd:.*:read', 'jit:HL-Operations:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:prod:.*:read'), (now(), now(), 'jit:HL-Operations:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_prod_JITVIEWER'), (now(), now(), 'HL-Operations_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_prod_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_prod_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:prod:.*:read', 'jit:HL-Operations:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:dev:.*:read'), (now(), now(), 'jit:HL-Operations:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_dev_JITVIEWER'), (now(), now(), 'HL-Operations_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_dev_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_dev_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:dev:.*:read', 'jit:HL-Operations:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:qa:.*:read'), (now(), now(), 'jit:HL-Operations:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_qa_JITVIEWER'), (now(), now(), 'HL-Operations_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_qa_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_qa_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:qa:.*:read', 'jit:HL-Operations:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:perf:.*:read'), (now(), now(), 'jit:HL-Operations:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_perf_JITVIEWER'), (now(), now(), 'HL-Operations_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_perf_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_perf_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:perf:.*:read', 'jit:HL-Operations:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:uat:.*:read'), (now(), now(), 'jit:HL-Operations:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_uat_JITVIEWER'), (now(), now(), 'HL-Operations_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_uat_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_uat_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:uat:.*:read', 'jit:HL-Operations:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:data-platform-prod:.*:read'), (now(), now(), 'jit:HL-Operations:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_data-platform-prod_JITVIEWER'), (now(), now(), 'HL-Operations_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:data-platform-prod:.*:read', 'jit:HL-Operations:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:data-platform-nonprod:.*:read'), (now(), now(), 'jit:HL-Operations:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_data-platform-nonprod_JITVIEWER'), (now(), now(), 'HL-Operations_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:data-platform-nonprod:.*:read', 'jit:HL-Operations:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:local:.*:read'), (now(), now(), 'jit:HL-Operations:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_local_JITVIEWER'), (now(), now(), 'HL-Operations_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_local_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_local_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:local:.*:read', 'jit:HL-Operations:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:HL-Operations:.*:.*:read'), (now(), now(), 'jit:HL-Operations:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'HL-Operations_ALL_JITVIEWER'), (now(), now(), 'HL-Operations_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_ALL_JITVIEWER' AND privilege.name IN ( 'jit:HL-Operations:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'HL-Operations_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:HL-Operations:.*:.*:read', 'jit:HL-Operations:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:cmd:.*:read'), (now(), now(), 'jit:Infra:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_cmd_JITVIEWER'), (now(), now(), 'Infra_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Infra:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:cmd:.*:read', 'jit:Infra:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:prod:.*:read'), (now(), now(), 'jit:Infra:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_prod_JITVIEWER'), (now(), now(), 'Infra_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_prod_JITVIEWER' AND privilege.name IN ( 'jit:Infra:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:prod:.*:read', 'jit:Infra:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:dev:.*:read'), (now(), now(), 'jit:Infra:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_dev_JITVIEWER'), (now(), now(), 'Infra_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_dev_JITVIEWER' AND privilege.name IN ( 'jit:Infra:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:dev:.*:read', 'jit:Infra:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:qa:.*:read'), (now(), now(), 'jit:Infra:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_qa_JITVIEWER'), (now(), now(), 'Infra_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_qa_JITVIEWER' AND privilege.name IN ( 'jit:Infra:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:qa:.*:read', 'jit:Infra:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:perf:.*:read'), (now(), now(), 'jit:Infra:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_perf_JITVIEWER'), (now(), now(), 'Infra_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_perf_JITVIEWER' AND privilege.name IN ( 'jit:Infra:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:perf:.*:read', 'jit:Infra:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:uat:.*:read'), (now(), now(), 'jit:Infra:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_uat_JITVIEWER'), (now(), now(), 'Infra_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_uat_JITVIEWER' AND privilege.name IN ( 'jit:Infra:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:uat:.*:read', 'jit:Infra:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:data-platform-prod:.*:read'), (now(), now(), 'jit:Infra:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_data-platform-prod_JITVIEWER'), (now(), now(), 'Infra_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Infra:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:data-platform-prod:.*:read', 'jit:Infra:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Infra:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Infra_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Infra:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:data-platform-nonprod:.*:read', 'jit:Infra:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:local:.*:read'), (now(), now(), 'jit:Infra:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_local_JITVIEWER'), (now(), now(), 'Infra_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_local_JITVIEWER' AND privilege.name IN ( 'jit:Infra:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_local_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:local:.*:read', 'jit:Infra:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Infra:.*:.*:read'), (now(), now(), 'jit:Infra:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Infra_ALL_JITVIEWER'), (now(), now(), 'Infra_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Infra:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Infra_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Infra:.*:.*:read', 'jit:Infra:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:cmd:.*:read'), (now(), now(), 'jit:insurance-operations:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_cmd_JITVIEWER'), (now(), now(), 'insurance-operations_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_cmd_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:cmd:.*:read', 'jit:insurance-operations:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:prod:.*:read'), (now(), now(), 'jit:insurance-operations:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_prod_JITVIEWER'), (now(), now(), 'insurance-operations_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_prod_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_prod_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:prod:.*:read', 'jit:insurance-operations:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:dev:.*:read'), (now(), now(), 'jit:insurance-operations:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_dev_JITVIEWER'), (now(), now(), 'insurance-operations_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_dev_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_dev_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:dev:.*:read', 'jit:insurance-operations:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:qa:.*:read'), (now(), now(), 'jit:insurance-operations:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_qa_JITVIEWER'), (now(), now(), 'insurance-operations_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_qa_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_qa_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:qa:.*:read', 'jit:insurance-operations:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:perf:.*:read'), (now(), now(), 'jit:insurance-operations:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_perf_JITVIEWER'), (now(), now(), 'insurance-operations_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_perf_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_perf_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:perf:.*:read', 'jit:insurance-operations:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:uat:.*:read'), (now(), now(), 'jit:insurance-operations:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_uat_JITVIEWER'), (now(), now(), 'insurance-operations_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_uat_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_uat_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:uat:.*:read', 'jit:insurance-operations:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:data-platform-prod:.*:read'), (now(), now(), 'jit:insurance-operations:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_data-platform-prod_JITVIEWER'), (now(), now(), 'insurance-operations_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:data-platform-prod:.*:read', 'jit:insurance-operations:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:data-platform-nonprod:.*:read'), (now(), now(), 'jit:insurance-operations:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_data-platform-nonprod_JITVIEWER'), (now(), now(), 'insurance-operations_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:data-platform-nonprod:.*:read', 'jit:insurance-operations:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:local:.*:read'), (now(), now(), 'jit:insurance-operations:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_local_JITVIEWER'), (now(), now(), 'insurance-operations_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_local_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_local_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:local:.*:read', 'jit:insurance-operations:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:insurance-operations:.*:.*:read'), (now(), now(), 'jit:insurance-operations:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'insurance-operations_ALL_JITVIEWER'), (now(), now(), 'insurance-operations_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_ALL_JITVIEWER' AND privilege.name IN ( 'jit:insurance-operations:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'insurance-operations_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:insurance-operations:.*:.*:read', 'jit:insurance-operations:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:cmd:.*:read'), (now(), now(), 'jit:InsurancePlatform:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_cmd_JITVIEWER'), (now(), now(), 'InsurancePlatform_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_cmd_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:cmd:.*:read', 'jit:InsurancePlatform:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:prod:.*:read'), (now(), now(), 'jit:InsurancePlatform:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_prod_JITVIEWER'), (now(), now(), 'InsurancePlatform_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_prod_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_prod_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:prod:.*:read', 'jit:InsurancePlatform:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:dev:.*:read'), (now(), now(), 'jit:InsurancePlatform:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_dev_JITVIEWER'), (now(), now(), 'InsurancePlatform_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_dev_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_dev_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:dev:.*:read', 'jit:InsurancePlatform:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:qa:.*:read'), (now(), now(), 'jit:InsurancePlatform:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_qa_JITVIEWER'), (now(), now(), 'InsurancePlatform_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_qa_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_qa_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:qa:.*:read', 'jit:InsurancePlatform:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:perf:.*:read'), (now(), now(), 'jit:InsurancePlatform:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_perf_JITVIEWER'), (now(), now(), 'InsurancePlatform_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_perf_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_perf_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:perf:.*:read', 'jit:InsurancePlatform:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:uat:.*:read'), (now(), now(), 'jit:InsurancePlatform:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_uat_JITVIEWER'), (now(), now(), 'InsurancePlatform_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_uat_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_uat_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:uat:.*:read', 'jit:InsurancePlatform:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:data-platform-prod:.*:read'), (now(), now(), 'jit:InsurancePlatform:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_data-platform-prod_JITVIEWER'), (now(), now(), 'InsurancePlatform_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:data-platform-prod:.*:read', 'jit:InsurancePlatform:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:data-platform-nonprod:.*:read'), (now(), now(), 'jit:InsurancePlatform:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_data-platform-nonprod_JITVIEWER'), (now(), now(), 'InsurancePlatform_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:data-platform-nonprod:.*:read', 'jit:InsurancePlatform:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:local:.*:read'), (now(), now(), 'jit:InsurancePlatform:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_local_JITVIEWER'), (now(), now(), 'InsurancePlatform_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_local_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_local_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:local:.*:read', 'jit:InsurancePlatform:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:InsurancePlatform:.*:.*:read'), (now(), now(), 'jit:InsurancePlatform:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'InsurancePlatform_ALL_JITVIEWER'), (now(), now(), 'InsurancePlatform_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_ALL_JITVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'InsurancePlatform_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:InsurancePlatform:.*:.*:read', 'jit:InsurancePlatform:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:cmd:.*:read'), (now(), now(), 'jit:KYC:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_cmd_JITVIEWER'), (now(), now(), 'KYC_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_cmd_JITVIEWER' AND privilege.name IN ( 'jit:KYC:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:cmd:.*:read', 'jit:KYC:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:prod:.*:read'), (now(), now(), 'jit:KYC:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_prod_JITVIEWER'), (now(), now(), 'KYC_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_prod_JITVIEWER' AND privilege.name IN ( 'jit:KYC:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_prod_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:prod:.*:read', 'jit:KYC:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:dev:.*:read'), (now(), now(), 'jit:KYC:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_dev_JITVIEWER'), (now(), now(), 'KYC_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_dev_JITVIEWER' AND privilege.name IN ( 'jit:KYC:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_dev_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:dev:.*:read', 'jit:KYC:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:qa:.*:read'), (now(), now(), 'jit:KYC:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_qa_JITVIEWER'), (now(), now(), 'KYC_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_qa_JITVIEWER' AND privilege.name IN ( 'jit:KYC:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_qa_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:qa:.*:read', 'jit:KYC:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:perf:.*:read'), (now(), now(), 'jit:KYC:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_perf_JITVIEWER'), (now(), now(), 'KYC_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_perf_JITVIEWER' AND privilege.name IN ( 'jit:KYC:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_perf_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:perf:.*:read', 'jit:KYC:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:uat:.*:read'), (now(), now(), 'jit:KYC:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_uat_JITVIEWER'), (now(), now(), 'KYC_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_uat_JITVIEWER' AND privilege.name IN ( 'jit:KYC:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_uat_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:uat:.*:read', 'jit:KYC:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:data-platform-prod:.*:read'), (now(), now(), 'jit:KYC:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_data-platform-prod_JITVIEWER'), (now(), now(), 'KYC_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:KYC:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:data-platform-prod:.*:read', 'jit:KYC:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:data-platform-nonprod:.*:read'), (now(), now(), 'jit:KYC:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_data-platform-nonprod_JITVIEWER'), (now(), now(), 'KYC_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:KYC:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:data-platform-nonprod:.*:read', 'jit:KYC:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:local:.*:read'), (now(), now(), 'jit:KYC:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_local_JITVIEWER'), (now(), now(), 'KYC_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_local_JITVIEWER' AND privilege.name IN ( 'jit:KYC:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_local_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:local:.*:read', 'jit:KYC:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:KYC:.*:.*:read'), (now(), now(), 'jit:KYC:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'KYC_ALL_JITVIEWER'), (now(), now(), 'KYC_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_ALL_JITVIEWER' AND privilege.name IN ( 'jit:KYC:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'KYC_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:KYC:.*:.*:read', 'jit:KYC:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:cmd:.*:read'), (now(), now(), 'jit:lending-operations:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_cmd_JITVIEWER'), (now(), now(), 'lending-operations_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_cmd_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:cmd:.*:read', 'jit:lending-operations:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:prod:.*:read'), (now(), now(), 'jit:lending-operations:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_prod_JITVIEWER'), (now(), now(), 'lending-operations_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_prod_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_prod_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:prod:.*:read', 'jit:lending-operations:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:dev:.*:read'), (now(), now(), 'jit:lending-operations:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_dev_JITVIEWER'), (now(), now(), 'lending-operations_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_dev_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_dev_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:dev:.*:read', 'jit:lending-operations:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:qa:.*:read'), (now(), now(), 'jit:lending-operations:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_qa_JITVIEWER'), (now(), now(), 'lending-operations_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_qa_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_qa_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:qa:.*:read', 'jit:lending-operations:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:perf:.*:read'), (now(), now(), 'jit:lending-operations:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_perf_JITVIEWER'), (now(), now(), 'lending-operations_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_perf_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_perf_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:perf:.*:read', 'jit:lending-operations:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:uat:.*:read'), (now(), now(), 'jit:lending-operations:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_uat_JITVIEWER'), (now(), now(), 'lending-operations_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_uat_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_uat_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:uat:.*:read', 'jit:lending-operations:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:data-platform-prod:.*:read'), (now(), now(), 'jit:lending-operations:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_data-platform-prod_JITVIEWER'), (now(), now(), 'lending-operations_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:data-platform-prod:.*:read', 'jit:lending-operations:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:data-platform-nonprod:.*:read'), (now(), now(), 'jit:lending-operations:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_data-platform-nonprod_JITVIEWER'), (now(), now(), 'lending-operations_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:data-platform-nonprod:.*:read', 'jit:lending-operations:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:local:.*:read'), (now(), now(), 'jit:lending-operations:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_local_JITVIEWER'), (now(), now(), 'lending-operations_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_local_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_local_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:local:.*:read', 'jit:lending-operations:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:lending-operations:.*:.*:read'), (now(), now(), 'jit:lending-operations:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'lending-operations_ALL_JITVIEWER'), (now(), now(), 'lending-operations_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_ALL_JITVIEWER' AND privilege.name IN ( 'jit:lending-operations:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'lending-operations_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:lending-operations:.*:.*:read', 'jit:lending-operations:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:cmd:.*:read'), (now(), now(), 'jit:LMSAndAccounting:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_cmd_JITVIEWER'), (now(), now(), 'LMSAndAccounting_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_cmd_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:cmd:.*:read', 'jit:LMSAndAccounting:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:prod:.*:read'), (now(), now(), 'jit:LMSAndAccounting:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_prod_JITVIEWER'), (now(), now(), 'LMSAndAccounting_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_prod_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_prod_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:prod:.*:read', 'jit:LMSAndAccounting:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:dev:.*:read'), (now(), now(), 'jit:LMSAndAccounting:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_dev_JITVIEWER'), (now(), now(), 'LMSAndAccounting_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_dev_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_dev_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:dev:.*:read', 'jit:LMSAndAccounting:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:qa:.*:read'), (now(), now(), 'jit:LMSAndAccounting:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_qa_JITVIEWER'), (now(), now(), 'LMSAndAccounting_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_qa_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_qa_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:qa:.*:read', 'jit:LMSAndAccounting:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:perf:.*:read'), (now(), now(), 'jit:LMSAndAccounting:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_perf_JITVIEWER'), (now(), now(), 'LMSAndAccounting_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_perf_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_perf_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:perf:.*:read', 'jit:LMSAndAccounting:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:uat:.*:read'), (now(), now(), 'jit:LMSAndAccounting:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_uat_JITVIEWER'), (now(), now(), 'LMSAndAccounting_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_uat_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_uat_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:uat:.*:read', 'jit:LMSAndAccounting:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:data-platform-prod:.*:read'), (now(), now(), 'jit:LMSAndAccounting:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_data-platform-prod_JITVIEWER'), (now(), now(), 'LMSAndAccounting_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:data-platform-prod:.*:read', 'jit:LMSAndAccounting:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:data-platform-nonprod:.*:read'), (now(), now(), 'jit:LMSAndAccounting:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_data-platform-nonprod_JITVIEWER'), (now(), now(), 'LMSAndAccounting_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:data-platform-nonprod:.*:read', 'jit:LMSAndAccounting:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:local:.*:read'), (now(), now(), 'jit:LMSAndAccounting:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_local_JITVIEWER'), (now(), now(), 'LMSAndAccounting_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_local_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_local_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:local:.*:read', 'jit:LMSAndAccounting:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:LMSAndAccounting:.*:.*:read'), (now(), now(), 'jit:LMSAndAccounting:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'LMSAndAccounting_ALL_JITVIEWER'), (now(), now(), 'LMSAndAccounting_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_ALL_JITVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'LMSAndAccounting_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:LMSAndAccounting:.*:.*:read', 'jit:LMSAndAccounting:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:cmd:.*:read'), (now(), now(), 'jit:Navi-Pay:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_cmd_JITVIEWER'), (now(), now(), 'Navi-Pay_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:cmd:.*:read', 'jit:Navi-Pay:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:prod:.*:read'), (now(), now(), 'jit:Navi-Pay:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_prod_JITVIEWER'), (now(), now(), 'Navi-Pay_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_prod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:prod:.*:read', 'jit:Navi-Pay:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:dev:.*:read'), (now(), now(), 'jit:Navi-Pay:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_dev_JITVIEWER'), (now(), now(), 'Navi-Pay_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_dev_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:dev:.*:read', 'jit:Navi-Pay:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:qa:.*:read'), (now(), now(), 'jit:Navi-Pay:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_qa_JITVIEWER'), (now(), now(), 'Navi-Pay_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_qa_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:qa:.*:read', 'jit:Navi-Pay:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:perf:.*:read'), (now(), now(), 'jit:Navi-Pay:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_perf_JITVIEWER'), (now(), now(), 'Navi-Pay_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_perf_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:perf:.*:read', 'jit:Navi-Pay:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:uat:.*:read'), (now(), now(), 'jit:Navi-Pay:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_uat_JITVIEWER'), (now(), now(), 'Navi-Pay_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_uat_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:uat:.*:read', 'jit:Navi-Pay:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:data-platform-prod:.*:read'), (now(), now(), 'jit:Navi-Pay:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_data-platform-prod_JITVIEWER'), (now(), now(), 'Navi-Pay_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:data-platform-prod:.*:read', 'jit:Navi-Pay:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Navi-Pay:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Navi-Pay_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:data-platform-nonprod:.*:read', 'jit:Navi-Pay:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:local:.*:read'), (now(), now(), 'jit:Navi-Pay:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_local_JITVIEWER'), (now(), now(), 'Navi-Pay_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_local_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_local_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:local:.*:read', 'jit:Navi-Pay:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Pay:.*:.*:read'), (now(), now(), 'jit:Navi-Pay:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Pay_ALL_JITVIEWER'), (now(), now(), 'Navi-Pay_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Pay_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Pay:.*:.*:read', 'jit:Navi-Pay:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:cmd:.*:read'), (now(), now(), 'jit:Navi-Saas:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_cmd_JITVIEWER'), (now(), now(), 'Navi-Saas_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:cmd:.*:read', 'jit:Navi-Saas:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:prod:.*:read'), (now(), now(), 'jit:Navi-Saas:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_prod_JITVIEWER'), (now(), now(), 'Navi-Saas_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_prod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:prod:.*:read', 'jit:Navi-Saas:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:dev:.*:read'), (now(), now(), 'jit:Navi-Saas:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_dev_JITVIEWER'), (now(), now(), 'Navi-Saas_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_dev_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:dev:.*:read', 'jit:Navi-Saas:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:qa:.*:read'), (now(), now(), 'jit:Navi-Saas:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_qa_JITVIEWER'), (now(), now(), 'Navi-Saas_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_qa_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:qa:.*:read', 'jit:Navi-Saas:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:perf:.*:read'), (now(), now(), 'jit:Navi-Saas:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_perf_JITVIEWER'), (now(), now(), 'Navi-Saas_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_perf_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:perf:.*:read', 'jit:Navi-Saas:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:uat:.*:read'), (now(), now(), 'jit:Navi-Saas:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_uat_JITVIEWER'), (now(), now(), 'Navi-Saas_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_uat_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:uat:.*:read', 'jit:Navi-Saas:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:data-platform-prod:.*:read'), (now(), now(), 'jit:Navi-Saas:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_data-platform-prod_JITVIEWER'), (now(), now(), 'Navi-Saas_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:data-platform-prod:.*:read', 'jit:Navi-Saas:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Navi-Saas:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Navi-Saas_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:data-platform-nonprod:.*:read', 'jit:Navi-Saas:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:local:.*:read'), (now(), now(), 'jit:Navi-Saas:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_local_JITVIEWER'), (now(), now(), 'Navi-Saas_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_local_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_local_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:local:.*:read', 'jit:Navi-Saas:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Saas:.*:.*:read'), (now(), now(), 'jit:Navi-Saas:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Saas_ALL_JITVIEWER'), (now(), now(), 'Navi-Saas_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Saas_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Saas:.*:.*:read', 'jit:Navi-Saas:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:cmd:.*:read'), (now(), now(), 'jit:Navi-Website:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_cmd_JITVIEWER'), (now(), now(), 'Navi-Website_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:cmd:.*:read', 'jit:Navi-Website:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:prod:.*:read'), (now(), now(), 'jit:Navi-Website:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_prod_JITVIEWER'), (now(), now(), 'Navi-Website_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_prod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:prod:.*:read', 'jit:Navi-Website:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:dev:.*:read'), (now(), now(), 'jit:Navi-Website:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_dev_JITVIEWER'), (now(), now(), 'Navi-Website_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_dev_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:dev:.*:read', 'jit:Navi-Website:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:qa:.*:read'), (now(), now(), 'jit:Navi-Website:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_qa_JITVIEWER'), (now(), now(), 'Navi-Website_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_qa_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:qa:.*:read', 'jit:Navi-Website:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:perf:.*:read'), (now(), now(), 'jit:Navi-Website:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_perf_JITVIEWER'), (now(), now(), 'Navi-Website_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_perf_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:perf:.*:read', 'jit:Navi-Website:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:uat:.*:read'), (now(), now(), 'jit:Navi-Website:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_uat_JITVIEWER'), (now(), now(), 'Navi-Website_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_uat_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:uat:.*:read', 'jit:Navi-Website:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:data-platform-prod:.*:read'), (now(), now(), 'jit:Navi-Website:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_data-platform-prod_JITVIEWER'), (now(), now(), 'Navi-Website_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:data-platform-prod:.*:read', 'jit:Navi-Website:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Navi-Website:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Navi-Website_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:data-platform-nonprod:.*:read', 'jit:Navi-Website:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:local:.*:read'), (now(), now(), 'jit:Navi-Website:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_local_JITVIEWER'), (now(), now(), 'Navi-Website_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_local_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_local_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:local:.*:read', 'jit:Navi-Website:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Navi-Website:.*:.*:read'), (now(), now(), 'jit:Navi-Website:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Navi-Website_ALL_JITVIEWER'), (now(), now(), 'Navi-Website_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Navi-Website:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Navi-Website_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Navi-Website:.*:.*:read', 'jit:Navi-Website:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:cmd:.*:read'), (now(), now(), 'jit:PAXCore:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_cmd_JITVIEWER'), (now(), now(), 'PAXCore_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_cmd_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:cmd:.*:read', 'jit:PAXCore:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:prod:.*:read'), (now(), now(), 'jit:PAXCore:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_prod_JITVIEWER'), (now(), now(), 'PAXCore_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_prod_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_prod_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:prod:.*:read', 'jit:PAXCore:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:dev:.*:read'), (now(), now(), 'jit:PAXCore:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_dev_JITVIEWER'), (now(), now(), 'PAXCore_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_dev_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_dev_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:dev:.*:read', 'jit:PAXCore:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:qa:.*:read'), (now(), now(), 'jit:PAXCore:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_qa_JITVIEWER'), (now(), now(), 'PAXCore_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_qa_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_qa_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:qa:.*:read', 'jit:PAXCore:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:perf:.*:read'), (now(), now(), 'jit:PAXCore:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_perf_JITVIEWER'), (now(), now(), 'PAXCore_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_perf_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_perf_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:perf:.*:read', 'jit:PAXCore:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:uat:.*:read'), (now(), now(), 'jit:PAXCore:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_uat_JITVIEWER'), (now(), now(), 'PAXCore_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_uat_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_uat_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:uat:.*:read', 'jit:PAXCore:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:data-platform-prod:.*:read'), (now(), now(), 'jit:PAXCore:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_data-platform-prod_JITVIEWER'), (now(), now(), 'PAXCore_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:data-platform-prod:.*:read', 'jit:PAXCore:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:data-platform-nonprod:.*:read'), (now(), now(), 'jit:PAXCore:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_data-platform-nonprod_JITVIEWER'), (now(), now(), 'PAXCore_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:data-platform-nonprod:.*:read', 'jit:PAXCore:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:local:.*:read'), (now(), now(), 'jit:PAXCore:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_local_JITVIEWER'), (now(), now(), 'PAXCore_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_local_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_local_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:local:.*:read', 'jit:PAXCore:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PAXCore:.*:.*:read'), (now(), now(), 'jit:PAXCore:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PAXCore_ALL_JITVIEWER'), (now(), now(), 'PAXCore_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_ALL_JITVIEWER' AND privilege.name IN ( 'jit:PAXCore:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PAXCore_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:PAXCore:.*:.*:read', 'jit:PAXCore:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:cmd:.*:read'), (now(), now(), 'jit:Payments:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_cmd_JITVIEWER'), (now(), now(), 'Payments_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Payments:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:cmd:.*:read', 'jit:Payments:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:prod:.*:read'), (now(), now(), 'jit:Payments:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_prod_JITVIEWER'), (now(), now(), 'Payments_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_prod_JITVIEWER' AND privilege.name IN ( 'jit:Payments:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:prod:.*:read', 'jit:Payments:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:dev:.*:read'), (now(), now(), 'jit:Payments:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_dev_JITVIEWER'), (now(), now(), 'Payments_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_dev_JITVIEWER' AND privilege.name IN ( 'jit:Payments:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:dev:.*:read', 'jit:Payments:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:qa:.*:read'), (now(), now(), 'jit:Payments:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_qa_JITVIEWER'), (now(), now(), 'Payments_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_qa_JITVIEWER' AND privilege.name IN ( 'jit:Payments:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:qa:.*:read', 'jit:Payments:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:perf:.*:read'), (now(), now(), 'jit:Payments:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_perf_JITVIEWER'), (now(), now(), 'Payments_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_perf_JITVIEWER' AND privilege.name IN ( 'jit:Payments:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:perf:.*:read', 'jit:Payments:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:uat:.*:read'), (now(), now(), 'jit:Payments:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_uat_JITVIEWER'), (now(), now(), 'Payments_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_uat_JITVIEWER' AND privilege.name IN ( 'jit:Payments:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:uat:.*:read', 'jit:Payments:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:data-platform-prod:.*:read'), (now(), now(), 'jit:Payments:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_data-platform-prod_JITVIEWER'), (now(), now(), 'Payments_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Payments:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:data-platform-prod:.*:read', 'jit:Payments:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Payments:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Payments_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Payments:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:data-platform-nonprod:.*:read', 'jit:Payments:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:local:.*:read'), (now(), now(), 'jit:Payments:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_local_JITVIEWER'), (now(), now(), 'Payments_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_local_JITVIEWER' AND privilege.name IN ( 'jit:Payments:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_local_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:local:.*:read', 'jit:Payments:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Payments:.*:.*:read'), (now(), now(), 'jit:Payments:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Payments_ALL_JITVIEWER'), (now(), now(), 'Payments_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Payments:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Payments_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Payments:.*:.*:read', 'jit:Payments:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:cmd:.*:read'), (now(), now(), 'jit:PL-Conversions:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_cmd_JITVIEWER'), (now(), now(), 'PL-Conversions_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_cmd_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:cmd:.*:read', 'jit:PL-Conversions:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:prod:.*:read'), (now(), now(), 'jit:PL-Conversions:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_prod_JITVIEWER'), (now(), now(), 'PL-Conversions_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_prod_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_prod_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:prod:.*:read', 'jit:PL-Conversions:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:dev:.*:read'), (now(), now(), 'jit:PL-Conversions:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_dev_JITVIEWER'), (now(), now(), 'PL-Conversions_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_dev_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_dev_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:dev:.*:read', 'jit:PL-Conversions:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:qa:.*:read'), (now(), now(), 'jit:PL-Conversions:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_qa_JITVIEWER'), (now(), now(), 'PL-Conversions_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_qa_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_qa_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:qa:.*:read', 'jit:PL-Conversions:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:perf:.*:read'), (now(), now(), 'jit:PL-Conversions:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_perf_JITVIEWER'), (now(), now(), 'PL-Conversions_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_perf_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_perf_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:perf:.*:read', 'jit:PL-Conversions:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:uat:.*:read'), (now(), now(), 'jit:PL-Conversions:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_uat_JITVIEWER'), (now(), now(), 'PL-Conversions_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_uat_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_uat_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:uat:.*:read', 'jit:PL-Conversions:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:data-platform-prod:.*:read'), (now(), now(), 'jit:PL-Conversions:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_data-platform-prod_JITVIEWER'), (now(), now(), 'PL-Conversions_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:data-platform-prod:.*:read', 'jit:PL-Conversions:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:data-platform-nonprod:.*:read'), (now(), now(), 'jit:PL-Conversions:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_data-platform-nonprod_JITVIEWER'), (now(), now(), 'PL-Conversions_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:data-platform-nonprod:.*:read', 'jit:PL-Conversions:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:local:.*:read'), (now(), now(), 'jit:PL-Conversions:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_local_JITVIEWER'), (now(), now(), 'PL-Conversions_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_local_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_local_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:local:.*:read', 'jit:PL-Conversions:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Conversions:.*:.*:read'), (now(), now(), 'jit:PL-Conversions:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Conversions_ALL_JITVIEWER'), (now(), now(), 'PL-Conversions_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_ALL_JITVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Conversions_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Conversions:.*:.*:read', 'jit:PL-Conversions:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:cmd:.*:read'), (now(), now(), 'jit:PL-Operations:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_cmd_JITVIEWER'), (now(), now(), 'PL-Operations_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_cmd_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:cmd:.*:read', 'jit:PL-Operations:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:prod:.*:read'), (now(), now(), 'jit:PL-Operations:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_prod_JITVIEWER'), (now(), now(), 'PL-Operations_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_prod_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_prod_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:prod:.*:read', 'jit:PL-Operations:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:dev:.*:read'), (now(), now(), 'jit:PL-Operations:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_dev_JITVIEWER'), (now(), now(), 'PL-Operations_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_dev_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_dev_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:dev:.*:read', 'jit:PL-Operations:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:qa:.*:read'), (now(), now(), 'jit:PL-Operations:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_qa_JITVIEWER'), (now(), now(), 'PL-Operations_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_qa_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_qa_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:qa:.*:read', 'jit:PL-Operations:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:perf:.*:read'), (now(), now(), 'jit:PL-Operations:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_perf_JITVIEWER'), (now(), now(), 'PL-Operations_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_perf_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_perf_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:perf:.*:read', 'jit:PL-Operations:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:uat:.*:read'), (now(), now(), 'jit:PL-Operations:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_uat_JITVIEWER'), (now(), now(), 'PL-Operations_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_uat_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_uat_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:uat:.*:read', 'jit:PL-Operations:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:data-platform-prod:.*:read'), (now(), now(), 'jit:PL-Operations:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_data-platform-prod_JITVIEWER'), (now(), now(), 'PL-Operations_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:data-platform-prod:.*:read', 'jit:PL-Operations:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:data-platform-nonprod:.*:read'), (now(), now(), 'jit:PL-Operations:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_data-platform-nonprod_JITVIEWER'), (now(), now(), 'PL-Operations_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:data-platform-nonprod:.*:read', 'jit:PL-Operations:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:local:.*:read'), (now(), now(), 'jit:PL-Operations:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_local_JITVIEWER'), (now(), now(), 'PL-Operations_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_local_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_local_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:local:.*:read', 'jit:PL-Operations:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:PL-Operations:.*:.*:read'), (now(), now(), 'jit:PL-Operations:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PL-Operations_ALL_JITVIEWER'), (now(), now(), 'PL-Operations_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_ALL_JITVIEWER' AND privilege.name IN ( 'jit:PL-Operations:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PL-Operations_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:PL-Operations:.*:.*:read', 'jit:PL-Operations:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:cmd:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_cmd_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:cmd:.*:read', 'jit:Post-Purchase-Experience:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:prod:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_prod_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_prod_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:prod:.*:read', 'jit:Post-Purchase-Experience:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:dev:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_dev_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_dev_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:dev:.*:read', 'jit:Post-Purchase-Experience:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:qa:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_qa_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_qa_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:qa:.*:read', 'jit:Post-Purchase-Experience:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:perf:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_perf_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_perf_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:perf:.*:read', 'jit:Post-Purchase-Experience:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:uat:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_uat_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_uat_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:uat:.*:read', 'jit:Post-Purchase-Experience:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:data-platform-prod:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_data-platform-prod_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:data-platform-prod:.*:read', 'jit:Post-Purchase-Experience:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:data-platform-nonprod:.*:read', 'jit:Post-Purchase-Experience:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:local:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_local_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_local_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_local_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:local:.*:read', 'jit:Post-Purchase-Experience:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Post-Purchase-Experience:.*:.*:read'), (now(), now(), 'jit:Post-Purchase-Experience:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Post-Purchase-Experience_ALL_JITVIEWER'), (now(), now(), 'Post-Purchase-Experience_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Post-Purchase-Experience_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Post-Purchase-Experience:.*:.*:read', 'jit:Post-Purchase-Experience:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:cmd:.*:read'), (now(), now(), 'jit:RAndR:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_cmd_JITVIEWER'), (now(), now(), 'RAndR_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_cmd_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:cmd:.*:read', 'jit:RAndR:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:prod:.*:read'), (now(), now(), 'jit:RAndR:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_prod_JITVIEWER'), (now(), now(), 'RAndR_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_prod_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_prod_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:prod:.*:read', 'jit:RAndR:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:dev:.*:read'), (now(), now(), 'jit:RAndR:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_dev_JITVIEWER'), (now(), now(), 'RAndR_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_dev_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_dev_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:dev:.*:read', 'jit:RAndR:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:qa:.*:read'), (now(), now(), 'jit:RAndR:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_qa_JITVIEWER'), (now(), now(), 'RAndR_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_qa_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_qa_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:qa:.*:read', 'jit:RAndR:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:perf:.*:read'), (now(), now(), 'jit:RAndR:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_perf_JITVIEWER'), (now(), now(), 'RAndR_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_perf_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_perf_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:perf:.*:read', 'jit:RAndR:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:uat:.*:read'), (now(), now(), 'jit:RAndR:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_uat_JITVIEWER'), (now(), now(), 'RAndR_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_uat_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_uat_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:uat:.*:read', 'jit:RAndR:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:data-platform-prod:.*:read'), (now(), now(), 'jit:RAndR:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_data-platform-prod_JITVIEWER'), (now(), now(), 'RAndR_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:data-platform-prod:.*:read', 'jit:RAndR:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:data-platform-nonprod:.*:read'), (now(), now(), 'jit:RAndR:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_data-platform-nonprod_JITVIEWER'), (now(), now(), 'RAndR_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:data-platform-nonprod:.*:read', 'jit:RAndR:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:local:.*:read'), (now(), now(), 'jit:RAndR:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_local_JITVIEWER'), (now(), now(), 'RAndR_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_local_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_local_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:local:.*:read', 'jit:RAndR:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:RAndR:.*:.*:read'), (now(), now(), 'jit:RAndR:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'RAndR_ALL_JITVIEWER'), (now(), now(), 'RAndR_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_ALL_JITVIEWER' AND privilege.name IN ( 'jit:RAndR:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'RAndR_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:RAndR:.*:.*:read', 'jit:RAndR:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:cmd:.*:read'), (now(), now(), 'jit:SDET-Frameworks:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_cmd_JITVIEWER'), (now(), now(), 'SDET-Frameworks_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_cmd_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:cmd:.*:read', 'jit:SDET-Frameworks:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:prod:.*:read'), (now(), now(), 'jit:SDET-Frameworks:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_prod_JITVIEWER'), (now(), now(), 'SDET-Frameworks_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_prod_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_prod_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:prod:.*:read', 'jit:SDET-Frameworks:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:dev:.*:read'), (now(), now(), 'jit:SDET-Frameworks:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_dev_JITVIEWER'), (now(), now(), 'SDET-Frameworks_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_dev_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_dev_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:dev:.*:read', 'jit:SDET-Frameworks:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:qa:.*:read'), (now(), now(), 'jit:SDET-Frameworks:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_qa_JITVIEWER'), (now(), now(), 'SDET-Frameworks_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_qa_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_qa_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:qa:.*:read', 'jit:SDET-Frameworks:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:perf:.*:read'), (now(), now(), 'jit:SDET-Frameworks:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_perf_JITVIEWER'), (now(), now(), 'SDET-Frameworks_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_perf_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_perf_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:perf:.*:read', 'jit:SDET-Frameworks:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:uat:.*:read'), (now(), now(), 'jit:SDET-Frameworks:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_uat_JITVIEWER'), (now(), now(), 'SDET-Frameworks_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_uat_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_uat_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:uat:.*:read', 'jit:SDET-Frameworks:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:data-platform-prod:.*:read'), (now(), now(), 'jit:SDET-Frameworks:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_data-platform-prod_JITVIEWER'), (now(), now(), 'SDET-Frameworks_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:data-platform-prod:.*:read', 'jit:SDET-Frameworks:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:data-platform-nonprod:.*:read'), (now(), now(), 'jit:SDET-Frameworks:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_data-platform-nonprod_JITVIEWER'), (now(), now(), 'SDET-Frameworks_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:data-platform-nonprod:.*:read', 'jit:SDET-Frameworks:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:local:.*:read'), (now(), now(), 'jit:SDET-Frameworks:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_local_JITVIEWER'), (now(), now(), 'SDET-Frameworks_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_local_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_local_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:local:.*:read', 'jit:SDET-Frameworks:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:SDET-Frameworks:.*:.*:read'), (now(), now(), 'jit:SDET-Frameworks:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'SDET-Frameworks_ALL_JITVIEWER'), (now(), now(), 'SDET-Frameworks_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_ALL_JITVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'SDET-Frameworks_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:SDET-Frameworks:.*:.*:read', 'jit:SDET-Frameworks:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:cmd:.*:read'), (now(), now(), 'jit:Security:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_cmd_JITVIEWER'), (now(), now(), 'Security_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_cmd_JITVIEWER' AND privilege.name IN ( 'jit:Security:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:Security:cmd:.*:read', 'jit:Security:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:prod:.*:read'), (now(), now(), 'jit:Security:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_prod_JITVIEWER'), (now(), now(), 'Security_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_prod_JITVIEWER' AND privilege.name IN ( 'jit:Security:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_prod_JITREVIEWER' AND privilege.name IN ( 'jit:Security:prod:.*:read', 'jit:Security:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:dev:.*:read'), (now(), now(), 'jit:Security:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_dev_JITVIEWER'), (now(), now(), 'Security_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_dev_JITVIEWER' AND privilege.name IN ( 'jit:Security:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_dev_JITREVIEWER' AND privilege.name IN ( 'jit:Security:dev:.*:read', 'jit:Security:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:qa:.*:read'), (now(), now(), 'jit:Security:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_qa_JITVIEWER'), (now(), now(), 'Security_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_qa_JITVIEWER' AND privilege.name IN ( 'jit:Security:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_qa_JITREVIEWER' AND privilege.name IN ( 'jit:Security:qa:.*:read', 'jit:Security:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:perf:.*:read'), (now(), now(), 'jit:Security:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_perf_JITVIEWER'), (now(), now(), 'Security_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_perf_JITVIEWER' AND privilege.name IN ( 'jit:Security:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_perf_JITREVIEWER' AND privilege.name IN ( 'jit:Security:perf:.*:read', 'jit:Security:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:uat:.*:read'), (now(), now(), 'jit:Security:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_uat_JITVIEWER'), (now(), now(), 'Security_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_uat_JITVIEWER' AND privilege.name IN ( 'jit:Security:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_uat_JITREVIEWER' AND privilege.name IN ( 'jit:Security:uat:.*:read', 'jit:Security:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:data-platform-prod:.*:read'), (now(), now(), 'jit:Security:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_data-platform-prod_JITVIEWER'), (now(), now(), 'Security_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:Security:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:Security:data-platform-prod:.*:read', 'jit:Security:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:data-platform-nonprod:.*:read'), (now(), now(), 'jit:Security:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_data-platform-nonprod_JITVIEWER'), (now(), now(), 'Security_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:Security:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:Security:data-platform-nonprod:.*:read', 'jit:Security:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:local:.*:read'), (now(), now(), 'jit:Security:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_local_JITVIEWER'), (now(), now(), 'Security_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_local_JITVIEWER' AND privilege.name IN ( 'jit:Security:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_local_JITREVIEWER' AND privilege.name IN ( 'jit:Security:local:.*:read', 'jit:Security:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:Security:.*:.*:read'), (now(), now(), 'jit:Security:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'Security_ALL_JITVIEWER'), (now(), now(), 'Security_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_ALL_JITVIEWER' AND privilege.name IN ( 'jit:Security:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'Security_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:Security:.*:.*:read', 'jit:Security:.*:.*:review'); + + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:cmd:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:cmd:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_cmd_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_cmd_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_cmd_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:cmd:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_cmd_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:cmd:.*:read', 'jit:UnderwritingAndFraudDetection:cmd:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:prod:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_prod_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_prod_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_prod_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:prod:.*:read', 'jit:UnderwritingAndFraudDetection:prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:dev:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:dev:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_dev_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_dev_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_dev_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:dev:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_dev_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:dev:.*:read', 'jit:UnderwritingAndFraudDetection:dev:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:qa:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:qa:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_qa_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_qa_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_qa_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:qa:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_qa_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:qa:.*:read', 'jit:UnderwritingAndFraudDetection:qa:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:perf:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:perf:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_perf_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_perf_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_perf_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:perf:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_perf_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:perf:.*:read', 'jit:UnderwritingAndFraudDetection:perf:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:uat:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:uat:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_uat_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_uat_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_uat_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:uat:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_uat_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:uat:.*:read', 'jit:UnderwritingAndFraudDetection:uat:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:data-platform-prod:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:data-platform-prod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_data-platform-prod_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_data-platform-prod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_data-platform-prod_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:data-platform-prod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_data-platform-prod_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:data-platform-prod:.*:read', 'jit:UnderwritingAndFraudDetection:data-platform-prod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:data-platform-nonprod:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:data-platform-nonprod:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_data-platform-nonprod_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_data-platform-nonprod_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_data-platform-nonprod_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:data-platform-nonprod:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_data-platform-nonprod_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:data-platform-nonprod:.*:read', 'jit:UnderwritingAndFraudDetection:data-platform-nonprod:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:local:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:local:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_local_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_local_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_local_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:local:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_local_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:local:.*:read', 'jit:UnderwritingAndFraudDetection:local:.*:review'); + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:UnderwritingAndFraudDetection:.*:.*:read'), (now(), now(), 'jit:UnderwritingAndFraudDetection:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'UnderwritingAndFraudDetection_ALL_JITVIEWER'), (now(), now(), 'UnderwritingAndFraudDetection_ALL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_ALL_JITVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'UnderwritingAndFraudDetection_ALL_JITREVIEWER' AND privilege.name IN ( 'jit:UnderwritingAndFraudDetection:.*:.*:read', 'jit:UnderwritingAndFraudDetection:.*:.*:review'); + + +INSERT INTO privilege (created_at, updated_at, name) VALUES (now(), now(), 'jit:.*:.*:.*:read'), (now(), now(), 'jit:.*:.*:.*:review'); +INSERT INTO role (created_at, updated_at, name) VALUES (now(), now(), 'PORTAL_JITVIEWER'), (now(), now(), 'PORTAL_JITREVIEWER'); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PORTAL_JITVIEWER' AND privilege.name IN ( 'jit:.*:.*:.*:read' ); +INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = 'PORTAL_JITREVIEWER' AND privilege.name IN ( 'jit:.*:.*:.*:read', 'jit:.*:.*:.*:review'); + diff --git a/src/main/resources/db/migration/V1.74__Add_jit_slackbot_user_and_token.sql b/src/main/resources/db/migration/V1.74__Add_jit_slackbot_user_and_token.sql new file mode 100644 index 00000000..b9408a8a --- /dev/null +++ b/src/main/resources/db/migration/V1.74__Add_jit_slackbot_user_and_token.sql @@ -0,0 +1 @@ +INSERT INTO users values(default, now(), now(), 'jit-slackbot@jit.com', 'Just In Time Access Slackbot User'); \ No newline at end of file diff --git a/src/main/resources/db/migration/V1.75__Add_type_field_to_manifest.sql b/src/main/resources/db/migration/V1.75__Add_type_field_to_manifest.sql new file mode 100644 index 00000000..33dd0562 --- /dev/null +++ b/src/main/resources/db/migration/V1.75__Add_type_field_to_manifest.sql @@ -0,0 +1,12 @@ +-- Adds type field to all the manifests +-- type = flink if flink is present in the manifest +-- type = deployment if deployment is present in the manifest +-- type = deployment if type is not present in the manifest + +UPDATE manifest +SET data = jsonb_set(data, '{type}', + CASE + WHEN EXISTS (SELECT 1 FROM flink f WHERE f.manifest_id = manifest.id) THEN '"flink"'::jsonb + WHEN EXISTS (SELECT 1 FROM deployment d WHERE d.manifest_id = manifest.id) THEN '"deployment"'::jsonb + ELSE '"deployment"'::jsonb + END, TRUE); diff --git a/src/main/resources/db/migration/V1.76__Add_team_in_jit_approval_table.sql b/src/main/resources/db/migration/V1.76__Add_team_in_jit_approval_table.sql new file mode 100644 index 00000000..406b6dbd --- /dev/null +++ b/src/main/resources/db/migration/V1.76__Add_team_in_jit_approval_table.sql @@ -0,0 +1,10 @@ +ALTER TABLE jit_approvals ADD COLUMN team_id BIGINT references team(id); + +UPDATE jit_approvals ja +SET team_id = ( + SELECT team_id + FROM jit_requests jr + WHERE ja.jit_id = jr.id +); + +ALTER TABLE jit_approvals ALTER COLUMN team_id SET NOT NULL; diff --git a/src/main/resources/db/migration/V1.77__Add_bot_channel_id_in_jit_tables.sql b/src/main/resources/db/migration/V1.77__Add_bot_channel_id_in_jit_tables.sql new file mode 100644 index 00000000..5f87e088 --- /dev/null +++ b/src/main/resources/db/migration/V1.77__Add_bot_channel_id_in_jit_tables.sql @@ -0,0 +1,2 @@ +ALTER TABLE jit_requests ADD COLUMN bot_channel_id character varying(255); +ALTER TABLE jit_approvals ADD COLUMN bot_channel_id character varying(255); diff --git a/src/main/resources/jit/cmd.yaml b/src/main/resources/jit/cmd.yaml new file mode 100644 index 00000000..33cd2e55 --- /dev/null +++ b/src/main/resources/jit/cmd.yaml @@ -0,0 +1,44 @@ +resources: + AWS: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + manager: + approvalFrom: + - Security + KUBERNETES: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + - Architect + manager: + approvalFrom: + - Security + - Architect + DB: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + - Architect + manager: + approvalFrom: + - Security + - Architect \ No newline at end of file diff --git a/src/main/resources/jit/data-platform-prod.yaml b/src/main/resources/jit/data-platform-prod.yaml new file mode 100644 index 00000000..33cd2e55 --- /dev/null +++ b/src/main/resources/jit/data-platform-prod.yaml @@ -0,0 +1,44 @@ +resources: + AWS: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + manager: + approvalFrom: + - Security + KUBERNETES: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + - Architect + manager: + approvalFrom: + - Security + - Architect + DB: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + - Architect + manager: + approvalFrom: + - Security + - Architect \ No newline at end of file diff --git a/src/main/resources/jit/default.yaml b/src/main/resources/jit/default.yaml new file mode 100644 index 00000000..346bd5d3 --- /dev/null +++ b/src/main/resources/jit/default.yaml @@ -0,0 +1,28 @@ +resources: + AWS: + read: + approvalFrom: + write: + approvalFrom: + master: + approvalFrom: + manager: + approvalFrom: + KUBERNETES: + read: + approvalFrom: + write: + approvalFrom: + master: + approvalFrom: + manager: + approvalFrom: + DB: + read: + approvalFrom: + write: + approvalFrom: + master: + approvalFrom: + manager: + approvalFrom: diff --git a/src/main/resources/jit/prod.yaml b/src/main/resources/jit/prod.yaml new file mode 100644 index 00000000..33cd2e55 --- /dev/null +++ b/src/main/resources/jit/prod.yaml @@ -0,0 +1,44 @@ +resources: + AWS: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + manager: + approvalFrom: + - Security + KUBERNETES: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + - Architect + manager: + approvalFrom: + - Security + - Architect + DB: + read: + approvalFrom: + - Security + write: + approvalFrom: + - Security + master: + approvalFrom: + - Security + - Architect + manager: + approvalFrom: + - Security + - Architect \ No newline at end of file diff --git a/src/main/resources/jsonschema/extraResources/dynamodb.json b/src/main/resources/jsonschema/extraResources/dynamodb.json index b52520a2..ab0ab646 100644 --- a/src/main/resources/jsonschema/extraResources/dynamodb.json +++ b/src/main/resources/jsonschema/extraResources/dynamodb.json @@ -8,7 +8,9 @@ "required": [ "tableName", "billingMode", - "hashKey" + "hashKey", + "dynamoDbAlertDurations", + "dynamoDbAlertThresholds" ], "properties": { "tableName": { @@ -58,6 +60,40 @@ "maxWriteCapacity": { "type": "number" }, + "dynamoDbAlertDurations": { + "type": "object", + "required": [ + "systemError", + "throttledRequest" + ], + "properties": { + "systemError": { + "type": "number", + "minimum": 0 + }, + "throttledRequest": { + "type": "number", + "minimum": 0 + } + } + }, + "dynamoDbAlertThresholds": { + "type": "object", + "required": [ + "systemError", + "throttledRequest" + ], + "properties": { + "systemError": { + "type": "number", + "minimum": 0 + }, + "throttledRequest": { + "type": "number", + "minimum": 0 + } + } + }, "ttl": { "type": "object", "required": [ diff --git a/src/main/resources/jsonschema/extraResources/elasticCache.json b/src/main/resources/jsonschema/extraResources/elasticCache.json index 28a417e8..e1e9a6e9 100644 --- a/src/main/resources/jsonschema/extraResources/elasticCache.json +++ b/src/main/resources/jsonschema/extraResources/elasticCache.json @@ -1,12 +1,85 @@ + { "type": "object", - "required": [ - "instanceName" - ], + "required": ["instanceName", "elasticCacheAlertDurations", "elasticCacheAlertThresholds"], "properties": { "instanceName": { "type": "string", "pattern": "^(?!.*--)[a-zA-Z][a-zA-Z0-9-]{0,48}[a-zA-Z0-9]$" + }, + "elasticCacheAlertDurations": { + "type": "object", + "required": [ + "memoryUsage", + "cpuUtilization", + "cpuCreditBalance", + "networkBandwidthInAllowanceExceeded", + "networkBandwidthOutAllowanceExceeded", + "networkBandwidthTrackedAllowanceExceeded" + ], + "properties": { + "memoryUsage": { + "type": "integer", + "minimum": 0 + }, + "cpuUtilization": { + "type": "integer", + "minimum": 0 + }, + "cpuCreditBalance": { + "type": "integer", + "minimum": 0 + }, + "networkBandwidthInAllowanceExceeded": { + "type": "integer", + "minimum": 0 + }, + "networkBandwidthOutAllowanceExceeded": { + "type": "integer", + "minimum": 0 + }, + "networkBandwidthTrackedAllowanceExceeded": { + "type": "integer", + "minimum": 0 + } + } + }, + "elasticCacheAlertThresholds": { + "type": "object", + "required": [ + "memoryUsage", + "cpuUtilization", + "cpuCreditBalance", + "networkBandwidthInAllowanceExceeded", + "networkBandwidthOutAllowanceExceeded", + "networkBandwidthTrackedAllowanceExceeded" + ], + "properties": { + "memoryUsage": { + "type": "integer", + "minimum": 0 + }, + "cpuUtilization": { + "type": "integer", + "minimum": 0 + }, + "cpuCreditBalance": { + "type": "integer", + "minimum": 0 + }, + "networkBandwidthInAllowanceExceeded": { + "type": "integer", + "minimum": 0 + }, + "networkBandwidthOutAllowanceExceeded": { + "type": "integer", + "minimum": 0 + }, + "networkBandwidthTrackedAllowanceExceeded": { + "type": "integer", + "minimum": 0 + } + } } } -} \ No newline at end of file +} diff --git a/src/main/resources/jsonschema/manifest.json b/src/main/resources/jsonschema/manifest.json index cba9eaf3..99205b75 100644 --- a/src/main/resources/jsonschema/manifest.json +++ b/src/main/resources/jsonschema/manifest.json @@ -41,12 +41,15 @@ "aps1.prod.ml.navi-tech.in", "aps1.np.navi-ppl.in", "aps1.prod.navi-ppl.in", - "aps1.prod.navi-amc.in" + "aps1.prod.navi-amc.in", + "aps1.np.navi-amc.in" ] }, "name": { "type": "string", - "minLength": 1 + "minLength": 1, + "maxLength": 63, + "pattern": "^[a-z][a-z0-9\\-.]*[a-z0-9]$" }, "team": { "type": "object", diff --git a/src/test/java/com/navi/infra/portal/service/KubernetesManifestServiceTest.java b/src/test/java/com/navi/infra/portal/service/KubernetesManifestServiceTest.java index dc8636de..f65a4fc7 100644 --- a/src/test/java/com/navi/infra/portal/service/KubernetesManifestServiceTest.java +++ b/src/test/java/com/navi/infra/portal/service/KubernetesManifestServiceTest.java @@ -21,8 +21,8 @@ import com.navi.infra.portal.provider.Common; import com.navi.infra.portal.service.kubernetes.BashExecute; import com.navi.infra.portal.service.kubernetes.KubernetesManifestService; import com.navi.infra.portal.service.manifest.DeploymentService; -import com.navi.infra.portal.util.JsonnetUtil; -import com.navi.infra.portal.util.JsonnetUtilImpl; +import com.navi.infra.portal.util.KubernetesManifestGenerator; +import com.navi.infra.portal.util.KutegenClient; import com.navi.infra.portal.util.MapDiffUtil; import io.kubernetes.client.openapi.ApiException; import java.io.IOException; @@ -55,7 +55,7 @@ public class KubernetesManifestServiceTest { private final BashExecute bashExecute; - private final JsonnetUtil jsonnetUtil; + private final KubernetesManifestGenerator kubernetesManifestGenerator; private final KubeClient kubeClient; @@ -67,10 +67,10 @@ public class KubernetesManifestServiceTest { deploymentService = Mockito.mock(DeploymentService.class); bashExecute = Mockito.mock(BashExecute.class); kubeClient = Mockito.mock(KubeClient.class); - jsonnetUtil = new JsonnetUtilImpl(); + kubernetesManifestGenerator = new KutegenClient("test"); kubernetesManifestService = new KubernetesManifestService(deploymentService, objectMapper, - bashExecute, "dev", jsonnetUtil, kubeClient, 2000L, + bashExecute, "dev", kubernetesManifestGenerator, kubeClient, 2000L, 5); } diff --git a/src/test/java/com/navi/infra/portal/service/ManifestServiceIntegrationTest.java b/src/test/java/com/navi/infra/portal/service/ManifestServiceIntegrationTest.java index ebad46c9..9370f624 100644 --- a/src/test/java/com/navi/infra/portal/service/ManifestServiceIntegrationTest.java +++ b/src/test/java/com/navi/infra/portal/service/ManifestServiceIntegrationTest.java @@ -8,11 +8,13 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.navi.infra.portal.domain.manifest.Manifest; import com.navi.infra.portal.domain.manifest.ManifestAudit; import com.navi.infra.portal.dto.manifest.ManifestResponse; +import com.navi.infra.portal.exceptions.DuplicateLoadBalancerEndpointException; import com.navi.infra.portal.provider.ExternalIntegrationProvider; import com.navi.infra.portal.service.manifest.ManifestService; import java.io.IOException; import java.util.ArrayList; import java.util.List; +import java.util.Map; import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; @@ -64,6 +66,21 @@ public class ManifestServiceIntegrationTest extends ExternalIntegrationProvider false)); } + @Test + @WithMockUser(value = "admin_user", username = "admin@navi.com", authorities = { + "manifest:Infra:dev:.*:secret_write", "manifest:Infra:dev:.*:secret_read", + "manifest:Infra:dev:.*:write", "manifest:Infra:dev:.*:supersecret_write", + "manifest:Infra:dev:.*:supersecret_read", "manifest:Infra:dev:.*:read", + "manifest:Infra:dev:.*:substitute_secrets"}, password = "admin") + @Transactional + @DisplayName("Test Duplicate Endpoint while Manifest Create and Update") + void shouldThrowErrorWhileCreatingManifest() throws IOException { + Manifest manifestRequest = readFileToManifest( + "fixtures/manifest/dev-testapp-duplicate-endpoint.json"); + assertThrows(DuplicateLoadBalancerEndpointException.class, + () -> manifestService.createOrUpdate(manifestRequest)); + } + @Test @WithMockUser(value = "admin_user", username = "admin@navi.com", authorities = { "manifest:Infra:dev:.*:secret_write", "manifest:Infra:dev:.*:secret_read", @@ -95,7 +112,7 @@ public class ManifestServiceIntegrationTest extends ExternalIntegrationProvider Manifest manifestRequest = readFileToManifest( "fixtures/manifest/dev-testapp-dynamicConfig.json"); manifestService.createOrUpdate(manifestRequest); - Manifest manifest = manifestService.fetchByNameAndEnvironment("testapp-dynamicConfig", + Manifest manifest = manifestService.fetchByNameAndEnvironment("testapp-dynamic-config", "dev"); String actualManifestJson = manifest.convertToString(); String expectedManifestGetOutputJson = readFile( @@ -212,7 +229,7 @@ public class ManifestServiceIntegrationTest extends ExternalIntegrationProvider @Test @WithMockUser(value = "admin_user", username = "admin@navi.com", authorities = { "manifest:Infra:dev:.*:secret_write", "manifest:Infra:dev:.*:secret_read", - "manifest:Infra:dev:.*:supersecret_write","manifest:Infra:dev:.*:supersecret_read", + "manifest:Infra:dev:.*:supersecret_write", "manifest:Infra:dev:.*:supersecret_read", "manifest:Infra:dev:.*:write", "manifest:Infra:dev:.*:substitute_secrets"}, password = "admin") @DisplayName("Test Manifest Audit Create") @@ -257,4 +274,43 @@ public class ManifestServiceIntegrationTest extends ExternalIntegrationProvider assertEquals(expected, actual, false); } + + @Test + @WithMockUser(value = "read_user", username = "admin@navi.com", authorities = { + "manifest:Infra:dev:.*:secret_write", "manifest:Infra:dev:.*:secret_read", + "manifest:Infra:dev:.*:supersecret_write", "manifest:Infra:dev:.*:read", + "manifest:Infra:dev:.*:write"}, password = "read") + @Transactional + @DisplayName("export manifest without any super secret access") + void exportManifestWithoutSuperSecretAccessTest() throws IOException { + Manifest manifestRequest = readFileToManifest("fixtures/manifest/" + + "manifest-export.json"); + String expectedManifestGetOutputJson = readFile("fixtures/manifest/expected_output/" + + "manifest-export-with-no-super-secret-access.json"); + manifestService.createOrUpdate(manifestRequest); + Manifest fetchManifest = manifestService.fetchByNameAndEnvironment("test-export", "dev"); + + Map transformedManifest = manifestService.exportManifestById( + fetchManifest.getId()); + String actualManifestJson = objectMapper.writeValueAsString(transformedManifest); + assertAll(() -> assertEquals(expectedManifestGetOutputJson, actualManifestJson, false)); + } + + @Test + @WithMockUser(value = "read_user", username = "admin@navi.com", authorities = { + "manifest:Infra:dev:.*:read"}, password = "read") + @Transactional + @DisplayName("export manifest without any secret access") + void exportManifestWithoutAnySecretAccessTest() throws IOException { + Manifest manifestRequest = readFileToManifest("fixtures/manifest/" + + "manifest-export-redacted-secret.json"); + String expectedManifestGetOutputJson = readFile("fixtures/manifest/expected_output/" + + "manifest-export-without-secret-access.json"); + testEntityManager.merge(manifestRequest); + Manifest fetchManifest = manifestService.fetchByNameAndEnvironment("test-export", "dev"); + Map transformedManifest = manifestService.exportManifestById( + fetchManifest.getId()); + String actualManifestJson = objectMapper.writeValueAsString(transformedManifest); + assertAll(() -> assertEquals(expectedManifestGetOutputJson, actualManifestJson, false)); + } } diff --git a/src/test/java/com/navi/infra/portal/service/gocd/PipelineManifestServiceTest.java b/src/test/java/com/navi/infra/portal/service/gocd/PipelineManifestServiceTest.java index 65d998c9..e46f2774 100644 --- a/src/test/java/com/navi/infra/portal/service/gocd/PipelineManifestServiceTest.java +++ b/src/test/java/com/navi/infra/portal/service/gocd/PipelineManifestServiceTest.java @@ -4,6 +4,7 @@ import com.navi.infra.portal.domain.gocd.PipelineManifest; import com.navi.infra.portal.provider.ExternalIntegrationProvider; import java.io.IOException; import org.apache.commons.io.FileUtils; +import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.junit.jupiter.MockitoExtension; @@ -19,6 +20,11 @@ public class PipelineManifestServiceTest extends ExternalIntegrationProvider { @Autowired private PipelineManifestService pipelineManifestService; + @BeforeAll + static void setUp() { + System.setProperty("ENVIRONMENT", "test"); + } + private void assertJsonEqual(String inputFile, String expectedFile) throws IOException { String pipelineManifestJson = FileUtils .readFileToString(ResourceUtils.getFile(inputFile), "UTF-8"); diff --git a/src/test/java/com/navi/infra/portal/service/user/UserServiceTest.java b/src/test/java/com/navi/infra/portal/service/user/UserServiceTest.java index 64a9d547..90ea13ff 100644 --- a/src/test/java/com/navi/infra/portal/service/user/UserServiceTest.java +++ b/src/test/java/com/navi/infra/portal/service/user/UserServiceTest.java @@ -53,7 +53,8 @@ class UserServiceTest { null, teamService, null, - yamlMapper + yamlMapper, + null ); } diff --git a/src/test/java/com/navi/infra/portal/util/ObjectTransformationUtilTest.java b/src/test/java/com/navi/infra/portal/util/ObjectTransformationUtilTest.java new file mode 100644 index 00000000..282d93a2 --- /dev/null +++ b/src/test/java/com/navi/infra/portal/util/ObjectTransformationUtilTest.java @@ -0,0 +1,97 @@ +package com.navi.infra.portal.util; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; + +class ObjectTransformationUtilTest { + + @Test + @DisplayName("should delete keys from object") + void shouldDeleteKeys() { + Map map = new HashMap<>(Map.of("test", new ArrayList<>(List.of( + new HashMap<>(Map.of("key1", "1", "key3", "test1")), + new HashMap<>(Map.of("key2", "2", "key4", "test2")) + )), + "key3", "2", "key2", "3", "key4", "4" + )); + + final var keysToRemove = Set.of("key1", "key2", "key3"); + final var expected = new HashMap<>( + Map.of("test", new ArrayList<>(List.of(Map.of(), + Map.of("key4", "test2") + )), + "key4", "4")); + + ObjectTransformationUtil.removeKeys(map, keysToRemove); + + assertEquals(expected, map); + } + + @Test + @DisplayName("should replace keys from object") + void shouldReplaceKeys() { + Map map = new HashMap<>(Map.of("test", new ArrayList<>(List.of( + new HashMap<>(Map.of("key1", "1", "key3", "test1")), + new HashMap<>(Map.of("key2", "2", "key4", "test2")) + )), + "key3", "2", "key2", "3", "key4", "4" + )); + + final Map replacements = new HashMap<>( + Map.of("key1", true, "key2", "new2", "key3", false)); + final var expected = new HashMap<>(Map.of("test", new ArrayList<>(List.of( + new HashMap<>(Map.of("key1", true, "key3", false)), + new HashMap<>(Map.of("key2", "new2", "key4", "test2")) + )), + "key3", false, "key2", "new2", "key4", "4" + )); + + ObjectTransformationUtil.replaceKeys(map, replacements); + + assertEquals(expected, map); + } + + @Test + @DisplayName("should process empty and null object on remove") + void shouldProcessNullAndEmptyOnRemove() { + Map map1 = new HashMap<>(); + Map map2 = new HashMap<>(); + map2.put("key", null); + + final var keysToRemove = Set.of("key1"); + final var expected1 = Map.of(); + final var expected2 = new HashMap(); + expected2.put("key", null); + + ObjectTransformationUtil.removeKeys(map1, keysToRemove); + ObjectTransformationUtil.removeKeys(map2, keysToRemove); + + assertEquals(expected1, map1); + assertEquals(expected2, map2); + } + + @Test + @DisplayName("should process empty and null object on replace") + void shouldProcessNullAndEmptyOnReplace() { + Map map1 = new HashMap<>(); + Map map2 = new HashMap<>(); + map2.put("key", null); + + final Map replacements = Map.of("key", true); + final var expected1 = Map.of(); + final var expected2 = Map.of("key", true); + + ObjectTransformationUtil.replaceKeys(map1, replacements); + ObjectTransformationUtil.replaceKeys(map2, replacements); + + assertEquals(expected1, map1); + assertEquals(expected2, map2); + } +} diff --git a/src/test/java/com/navi/infra/portal/v2/changerequest/service/ManifestLimitServiceImplTest.java b/src/test/java/com/navi/infra/portal/v2/changerequest/service/ManifestLimitServiceImplTest.java index f6a11d27..fe2c6cbc 100644 --- a/src/test/java/com/navi/infra/portal/v2/changerequest/service/ManifestLimitServiceImplTest.java +++ b/src/test/java/com/navi/infra/portal/v2/changerequest/service/ManifestLimitServiceImplTest.java @@ -15,8 +15,6 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.CsvSource; import org.mockito.junit.jupiter.MockitoExtension; -import org.springframework.core.io.DefaultResourceLoader; -import org.springframework.core.io.ResourceLoader; import org.springframework.util.ResourceUtils; @ExtendWith(MockitoExtension.class) @@ -26,15 +24,15 @@ public class ManifestLimitServiceImplTest { private final MapUtil mapUtil = new MapUtil(); private final String VERTICAL_LENDING = "lending"; private final String PATH_TO_LIMIT_FILES = "classpath:changerequest"; - private final ResourceLoader resourceLoader = new DefaultResourceLoader(); private ManifestLimitServiceImpl service; @Test @DisplayName("should raise exception if default file is not found") void shouldRaiseExceptionIfDefaultFileIsNotFound() { service = new ManifestLimitServiceImpl(yamlMapper, "non-existent-vertical", - "non-existent-path", null, - resourceLoader); + "non-existent-path", mapUtil + ); + final var exception = assertThrows(RuntimeException.class, () -> service.getLimit("")); assertEquals( "java.io.FileNotFoundException: class path resource [non-existent-path/default.yaml] cannot be " @@ -51,8 +49,7 @@ public class ManifestLimitServiceImplTest { }) void shouldReturnOverriddenMap(String env, String expectedFilepath) throws IOException { service = new ManifestLimitServiceImpl(yamlMapper, VERTICAL_LENDING, PATH_TO_LIMIT_FILES, - mapUtil, - resourceLoader); + mapUtil); final var actual = service.getLimit(env); final var expected = readYaml(format("%s/%s", PATH_TO_LIMIT_FILES, expectedFilepath)); assertEquals(expected, actual); diff --git a/src/test/java/com/navi/infra/portal/v2/ingress/IngressGroupApplierImplTest.java b/src/test/java/com/navi/infra/portal/v2/ingress/IngressGroupApplierImplTest.java index a2eddd6e..6fb84be5 100644 --- a/src/test/java/com/navi/infra/portal/v2/ingress/IngressGroupApplierImplTest.java +++ b/src/test/java/com/navi/infra/portal/v2/ingress/IngressGroupApplierImplTest.java @@ -7,7 +7,7 @@ import static org.mockito.Mockito.when; import com.fasterxml.jackson.databind.ObjectMapper; import com.navi.infra.portal.exceptions.KubernetesManifestException; import com.navi.infra.portal.service.kubernetes.BashExecute; -import com.navi.infra.portal.util.JsonnetUtil; +import com.navi.infra.portal.util.KubernetesManifestGenerator; import com.navi.infra.portal.util.kubernetes.KubernetesManifestUtils; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.DisplayName; @@ -20,7 +20,7 @@ import org.mockito.junit.jupiter.MockitoExtension; class IngressGroupApplierImplTest { @Mock - private JsonnetUtil jsonnetUtil; + private KubernetesManifestGenerator kubernetesManifestGenerator; private IngressGroupApplier ingressGroupApplier; @@ -28,7 +28,7 @@ class IngressGroupApplierImplTest { @BeforeEach void setup() { - ingressGroupApplier = new IngressGroupApplierImpl("", "", jsonnetUtil, + ingressGroupApplier = new IngressGroupApplierImpl("", "", kubernetesManifestGenerator, new KubernetesManifestUtils( new BashExecute(), "test"), jsonMapper); } @@ -39,7 +39,7 @@ class IngressGroupApplierImplTest { var createRequest = new IngressGroupCreateRequest("name", "namespace", "cluster", "environment", "product"); - when(jsonnetUtil.run(any(), any(), any(), any(), any())).thenReturn(1); + when(kubernetesManifestGenerator.generate(any(), any())).thenReturn(1); assertThrows(KubernetesManifestException.class, () -> ingressGroupApplier.createAndApply(createRequest)); diff --git a/src/test/java/com/navi/infra/portal/v2/jit/service/JitServiceImplTest.java b/src/test/java/com/navi/infra/portal/v2/jit/service/JitServiceImplTest.java new file mode 100644 index 00000000..f80dabe0 --- /dev/null +++ b/src/test/java/com/navi/infra/portal/v2/jit/service/JitServiceImplTest.java @@ -0,0 +1,174 @@ +package com.navi.infra.portal.v2.jit.service; + +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; +import com.navi.infra.portal.domain.user.Team; +import com.navi.infra.portal.domain.user.User; +import com.navi.infra.portal.service.user.UserService; +import com.navi.infra.portal.util.MapUtil; +import com.navi.infra.portal.v2.client.airflow.AirflowClient; +import com.navi.infra.portal.v2.jit.dto.JitRequestDto; +import com.navi.infra.portal.v2.jit.entity.Environment; +import com.navi.infra.portal.v2.jit.entity.JitApproval; +import com.navi.infra.portal.v2.jit.entity.JitRequest; +import com.navi.infra.portal.v2.jit.entity.JitRequestStatus; +import com.navi.infra.portal.v2.jit.entity.Vertical; +import com.navi.infra.portal.v2.jit.repository.JitApprovalsRepository; +import com.navi.infra.portal.v2.jit.repository.JitRequestsRepository; +import com.navi.infra.portal.v2.jit.utils.ApprovalMapProvider; +import com.navi.infra.portal.v2.jit.utils.AuthUtil; +import com.navi.infra.portal.v2.jit.utils.SlackBotUtil; +import com.navi.infra.portal.v2.role.RoleService; +import com.navi.infra.portal.v2.slackbotclient.SlackBotClient; +import com.navi.infra.portal.v2.team.TeamService; +import com.slack.api.methods.response.chat.ChatPostMessageResponse; +import java.io.IOException; +import java.time.LocalDateTime; +import java.util.List; +import java.util.Map; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; + +@ExtendWith(MockitoExtension.class) +class JitServiceImplTest { + + private final ObjectMapper objectMapper = new ObjectMapper(); + private final ObjectMapper yamlMapper = new ObjectMapper(new YAMLFactory()); + private final String requestConfigPath = "classpath:jit"; + private final MapUtil mapUtil = new MapUtil(); + private final Map> approvalMapProvider = + new ApprovalMapProvider(mapUtil, yamlMapper, requestConfigPath).additionalApprovalMap(); + JitServiceImpl jitServiceImpl; + private User requestedFor; + private User requestedBy; + private JitRequestDto jitRequestDto; + private JitRequest jitRequestWithId; + @Mock + private JitRequestsRepository jitRequestRepository; + @Mock + private JitApprovalsRepository jitApprovalsRepository; + @Mock + private SlackBotUtil slackBotUtil; + @Mock + private AuthUtil authUtil; + @Mock + private AirflowClient airflowClient; + @Mock + private SlackBotClient slackBotClient; + @Mock + private UserService userService; + @Mock + private RoleService roleService; + @Mock + private TeamService teamService; + + @BeforeEach + void setUp() { + jitServiceImpl = new JitServiceImpl(jitRequestRepository, + jitApprovalsRepository, + slackBotUtil, mapUtil, authUtil, airflowClient, slackBotClient, objectMapper, + userService, + roleService, teamService, approvalMapProvider, "null", "null"); + + requestedFor = new User(); + requestedBy = new User(); + requestedFor.setEmail("alpha@one.com"); + requestedBy.setEmail("beta@two.com"); + when(userService.findUserByEmail("alpha@one.com")).thenReturn(requestedFor); + when(userService.findUserByEmail("beta@two.com")).thenReturn(requestedBy); + when(teamService.findByName("Infra")).thenReturn(new Team("Infra")); + + jitRequestDto = new JitRequestDto("alpha@one.com", "beta@two.com", + Vertical.NAVIPAY, "Infra", Environment.PROD, "DB", "dev-db", + "read", 1L, null); + jitRequestWithId = new JitRequest(requestedFor, requestedBy, Vertical.NAVIPAY, + new Team("Infra"), Environment.PROD, "DB", "dev-db", "read", JitRequestStatus.PENDING, + 1L, LocalDateTime.now()); + jitRequestWithId.setId(1L); + } + + @Test + public void testCreateJitRequest() throws IOException { + // Arrange + User additionalUser = new User(); + List additionalUserTeams = List.of( + new Team("Security") + ); + additionalUser.setTeams(additionalUserTeams); + additionalUser.setEmail("additional@one.com"); + + when(teamService.findByName("Security")).thenReturn(additionalUserTeams.get(0)); + + User reviewerOne = new User(); + reviewerOne.setEmail("charlie@three.com"); + User reviewerTwo = new User(); + reviewerTwo.setEmail("delte@four.com"); + + List reviewers = List.of(reviewerOne, reviewerTwo); + when(authUtil.getReviewers(jitRequestWithId.getTeam().getName(), + jitRequestWithId.getEnvironment().type)).thenReturn(reviewers); + when(authUtil.getReviewers(additionalUserTeams.get(0).getName(), + jitRequestWithId.getEnvironment().type)).thenReturn(List.of(additionalUser)); + + JitRequest jitRequest = new JitRequest(requestedFor, requestedBy, Vertical.NAVIPAY, + new Team("Infra"), Environment.PROD, "DB", "dev-db", "read", JitRequestStatus.PENDING, + 1L, LocalDateTime.now()); + JitApproval jitApprovalOne = new JitApproval(jitRequest, reviewerOne, jitRequest.getTeam(), + JitRequestStatus.PENDING); + jitApprovalOne.setId(1L); + jitApprovalOne.setReviewerSlackMessageTimestamp("132413513"); + + JitApproval jitApprovalTwo = new JitApproval(jitRequest, reviewerTwo, jitRequest.getTeam(), + JitRequestStatus.PENDING); + jitApprovalTwo.setId(2L); + jitApprovalTwo.setReviewerSlackMessageTimestamp("132413513"); + + JitApproval additionalJitApproval = new JitApproval(jitRequest, additionalUser, + additionalUserTeams.get(0), JitRequestStatus.PENDING); + additionalJitApproval.setId(3L); + additionalJitApproval.setReviewerSlackMessageTimestamp("132413513"); + + List jitApprovalsWithId = List.of(jitApprovalOne, jitApprovalTwo, + additionalJitApproval); + + when(jitRequestRepository.save(any())).thenReturn(jitRequestWithId); + when(userService.getUsersSlackId(jitRequest.getRequestedFor())).thenReturn("U12314"); + when(slackBotClient.postMessage(any(), any())).thenReturn(new ChatPostMessageResponse()); + when(jitApprovalsRepository.saveAll(any())).thenReturn(jitApprovalsWithId); + + jitServiceImpl.createJitRequest(jitRequestDto); + verify(jitRequestRepository, times(2)).save(any()); + verify(jitApprovalsRepository, times(1)).saveAll(any()); + + } + + @Test + @DisplayName("Should not be able to create JIT request if no reviewer for additional teams") + public void testCreateJitRequestWithNoAdditionalReviewers() throws IOException { + JitRequest jitRequest = new JitRequest(requestedFor, requestedBy, Vertical.NAVIPAY, + new Team("Infra"), Environment.PROD, "DB", "dev-db", "read", JitRequestStatus.PENDING, + 1L, LocalDateTime.now()); + User reviewerOne = new User(); + reviewerOne.setEmail("charlie@three.com"); + when(teamService.findByName("Security")).thenReturn(new Team("Security")); + + List reviewers = List.of(reviewerOne); + when(authUtil.getReviewers(jitRequestWithId.getTeam().getName(), + jitRequestWithId.getEnvironment().type)).thenReturn(reviewers); + when(userService.getUsersSlackId(jitRequest.getRequestedFor())).thenReturn("U12314"); + when(slackBotClient.postMessage(any(), any())).thenReturn(new ChatPostMessageResponse()); + assertThrows(IllegalStateException.class, () -> { + jitServiceImpl.createJitRequest(jitRequestDto); + }); + } +} diff --git a/src/test/java/com/navi/infra/portal/v2/jit/utils/AuthUtilTest.java b/src/test/java/com/navi/infra/portal/v2/jit/utils/AuthUtilTest.java new file mode 100644 index 00000000..479311d3 --- /dev/null +++ b/src/test/java/com/navi/infra/portal/v2/jit/utils/AuthUtilTest.java @@ -0,0 +1,140 @@ +package com.navi.infra.portal.v2.jit.utils; + +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import com.navi.infra.portal.domain.user.Role; +import com.navi.infra.portal.domain.user.Team; +import com.navi.infra.portal.domain.user.User; +import com.navi.infra.portal.service.user.UserService; +import com.navi.infra.portal.v2.jit.dto.JitRequestDto; +import com.navi.infra.portal.v2.jit.entity.Environment; +import com.navi.infra.portal.v2.jit.entity.JitApproval; +import com.navi.infra.portal.v2.jit.entity.JitRequest; +import com.navi.infra.portal.v2.jit.entity.JitRequestStatus; +import com.navi.infra.portal.v2.jit.repository.JitApprovalsRepository; +import com.navi.infra.portal.v2.team.TeamService; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import org.junit.Assert; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.springframework.test.util.ReflectionTestUtils; + +public class AuthUtilTest { + + // Generate test cases for isAuthorized method + private final UserService userService = mock(UserService.class); + private final TeamService teamService = mock(TeamService.class); + private final JitApprovalsRepository jitApprovalsRepository = mock( + JitApprovalsRepository.class); + + AuthUtil authUtil = new AuthUtil(userService, teamService, jitApprovalsRepository); + + private User getTestUser() { + User testUser = new User(); + testUser.setEmail("harinder.singh@navi.com"); + testUser.setId(1L); + return testUser; + } + + @Test + @DisplayName("Check if the user authorized and has specific role") + public void testIsAuthorized() { + JitRequest jitRequest = new JitRequest(); + jitRequest.setTeam(new Team("Infra")); + jitRequest.setEnvironment(Environment.PROD); + String testEmail = "alpha@one.com"; + User testUser = new User(); + testUser.setEmail("alpha@one.com"); + List mockRoles = Collections.singletonList(new Role("Infra_prod_JITREVIEWER")); + testUser.setRoles(mockRoles); + JitApproval jitApproval = new JitApproval(); + jitApproval.setReviewer(testUser); + jitApproval.setTeam(new Team("Infra")); + jitApproval.setAction(JitRequestStatus.PENDING); + + when(userService.findUserByEmail(testEmail)).thenReturn(testUser); + assertTrue(authUtil.isAuthorized(jitApproval, testEmail, jitRequest.getEnvironment().type)); + } + + @Test + @DisplayName("Should be able to fetch reviewers who have APPROVED request") + public void testGetReviewersByAction() { + // Generate test cases for getReviewersByAction method + User testUser = getTestUser(); + Team userTeam = new Team("Infra"); + testUser.setTeams(Collections.singletonList(userTeam)); + + when(jitApprovalsRepository.findReviewerTeamsByAction(1L, "APPROVED")).thenReturn( + Collections.singletonList(1L)); + when(teamService.findAllByIds(Collections.singletonList(1L))).thenReturn( + Collections.singletonList(userTeam)); + + Assert.assertEquals(List.of("Infra"), + authUtil.getReviewerTeamsByAction(1L, JitRequestStatus.APPROVED)); + } + + @Test + @DisplayName("Should be able to check if required approvals are done. Environment PROD") + public void testCheckRequiredApprovalsProd() { + JitRequest jitRequest = new JitRequest(); + jitRequest.setEnvironment(Environment.PROD); + jitRequest.setId(1L); + + ReflectionTestUtils.setField(authUtil, "prodJitApprovalsCount", 2L); + + when(jitApprovalsRepository.countApprovedInEachTeam(jitRequest.getId())) + .thenReturn(List.of(1L, 1L)); + + boolean result = authUtil.haveRequiredApprovals(jitRequest); + Assert.assertTrue(result); + } + + @Test + @DisplayName("Should be able to check if required approvals are done. Environment NONPROD") + public void testCheckRequiredApprovalsNonprod() { + JitRequest jitRequest = new JitRequest(); + jitRequest.setEnvironment(Environment.DEV); + jitRequest.setId(1L); + + ReflectionTestUtils.setField(authUtil, "nonprodJitApprovalsCount", 1L); + + when(jitApprovalsRepository.countApprovedInEachTeam(jitRequest.getId())) + .thenReturn(List.of(1L)); + + boolean result = authUtil.haveRequiredApprovals(jitRequest); + Assert.assertTrue(result); + } + + @Test + @DisplayName("Should be able to get reviewers for certain combination of team and environment") + public void testGetReviewers() { + JitRequestDto mockRequestDto = new JitRequestDto(); + mockRequestDto.setTeam("Infra"); + mockRequestDto.setEnvironment(Environment.DEV); + + User reviewer1 = new User(); + reviewer1.setEmail("reviewer1@domain.com"); + User reviewer2 = new User(); + reviewer2.setEmail("reviewer2@domain.com"); + List specificRoleReviewers = new ArrayList<>(List.of(reviewer1)); + List allReviewers = List.of(reviewer2); + + when(userService.getUsersWithRole("Infra_dev_JITREVIEWER")) + .thenReturn(specificRoleReviewers); + when(userService.getUsersWithRole("Infra_ALL_JITREVIEWER")) + .thenReturn(allReviewers); + + List result = authUtil.getReviewers(mockRequestDto.getTeam(), + mockRequestDto.getEnvironment().type); + + Assertions.assertEquals(2, result.size()); + Assertions.assertTrue(result.contains(reviewer1)); + Assertions.assertTrue(result.contains(reviewer2)); + } + +} diff --git a/src/test/java/com/navi/infra/portal/v2/jit/utils/SlackBotUtilTest.java b/src/test/java/com/navi/infra/portal/v2/jit/utils/SlackBotUtilTest.java new file mode 100644 index 00000000..79d098cc --- /dev/null +++ b/src/test/java/com/navi/infra/portal/v2/jit/utils/SlackBotUtilTest.java @@ -0,0 +1,65 @@ +package com.navi.infra.portal.v2.jit.utils; + +import com.navi.infra.portal.domain.user.Team; +import com.navi.infra.portal.domain.user.User; +import com.navi.infra.portal.v2.jit.entity.Environment; +import com.navi.infra.portal.v2.jit.entity.JitApproval; +import com.navi.infra.portal.v2.jit.entity.JitRequest; +import com.navi.infra.portal.v2.jit.entity.JitRequestStatus; +import com.navi.infra.portal.v2.jit.entity.Vertical; +import com.navi.infra.portal.v2.slackbotclient.SlackBotAttachment; +import java.time.LocalDateTime; +import java.util.ArrayList; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +public class SlackBotUtilTest { + + private final SlackBotUtil slackBotUtil = new SlackBotUtil(); + + String userEmail = "test@domain.com"; + JitRequest jitRequest = new JitRequest(new User(), new User(), Vertical.SA, + new Team("Infra"), Environment.DEV, "RDS", "dev-db", + "read", JitRequestStatus.PENDING, 5L, LocalDateTime.now()); + JitApproval jitApproval = new JitApproval(); + User testUser = new User(); + + @Test + public void testGetReviewerMessage_ActionEnabled() { + jitApproval.setAction(JitRequestStatus.PENDING); + jitApproval.setId(1L); + jitRequest.setId(1L); + jitApproval.setTeam(new Team("Infra")); + + SlackBotAttachment result = + slackBotUtil.getReviewerDm(userEmail, jitRequest, jitApproval, true, SlackColor.INFO); + + Assertions.assertEquals(2, result.getBlocks().size()); // Section + action block + } + + @Test + public void testPersonalMessage_ActionEnabled() { + jitRequest.setId(2L); + testUser.setEmail(userEmail); + jitRequest.setRequestedFor(testUser); + + SlackBotAttachment result = + slackBotUtil.getRequestorDm(jitRequest, true, + new ArrayList<>(), new ArrayList<>(), new ArrayList<>(), + SlackColor.INFO); + + Assertions.assertEquals(2, result.getBlocks().size()); // Section + action block + } + + @Test + public void testGroupMessage() { + jitRequest.setId(1L); + testUser.setEmail(userEmail); + jitRequest.setRequestedFor(testUser); + SlackBotAttachment result = + slackBotUtil.getChannelMessage(jitRequest, new ArrayList<>(), + new ArrayList<>(), new ArrayList<>(), SlackColor.INFO); + + Assertions.assertEquals(1, result.getBlocks().size()); // Section + } +} \ No newline at end of file diff --git a/src/test/java/com/navi/infra/portal/v2/role/RoleServiceImplTest.java b/src/test/java/com/navi/infra/portal/v2/role/RoleServiceImplTest.java index 8d270ce3..214f5cea 100644 --- a/src/test/java/com/navi/infra/portal/v2/role/RoleServiceImplTest.java +++ b/src/test/java/com/navi/infra/portal/v2/role/RoleServiceImplTest.java @@ -6,6 +6,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import com.navi.infra.portal.domain.user.Privilege; import com.navi.infra.portal.domain.user.Role; import com.navi.infra.portal.v2.privilege.PrivilegeServiceImpl; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Map; import org.junit.jupiter.api.DisplayName; @@ -93,9 +95,10 @@ class RoleServiceImplTest { null); var teamName = "team"; var actual = roleServiceImpl.createTeamRoleNames(teamName).collect(toList()); - var expected = List.of("team_dev_VIEWER", "team_dev_MAINTAINER", "team_dev_MANAGER", - "team_ALL_VIEWER", "team_ALL_MAINTAINER", "team_ALL_MANAGER"); - + var expected = new ArrayList<>(Arrays.asList("team_dev_VIEWER", "team_dev_MAINTAINER", + "team_dev_MANAGER", "team_dev_JITREADER", "team_dev_JITREVIEWER", "team_ALL_VIEWER", + "team_ALL_MAINTAINER", "team_ALL_MANAGER", "team_ALL_JITREADER", + "team_ALL_JITREVIEWER")); assertEquals(expected, actual); } } diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties index 1a0f66af..a965611a 100644 --- a/src/test/resources/application.properties +++ b/src/test/resources/application.properties @@ -43,23 +43,26 @@ ecr.dockerRegistryNamespace=lending config.deployment.strategyNameMapping={'rollingUpdateWithCanary': 'rollingUpdateWithCanaryMixIn', 'canary': 'canary', 'rollingUpdate': 'rollingUpdate'} config.manifestAudit.maxAuditCount=${MANIFEST_AUDIT_COUNT:10} spring.main.allow-bean-definition-overriding=true +jit.request.config.path=classpath:jit manifest.limit.config.path=classpath:changerequest environment.list=cmd,prod,dev,qa,perf,uat,data-platform-prod,data-platform-nonprod environment.role.privileges.map={'cmd': 'cmd', 'prod': 'prod', 'dev': 'dev', 'qa': 'qa', 'perf': 'perf', 'uat': 'uat', 'data-platform-prod': 'data-platform-prod', 'data-platform-nonprod': 'data-platform-nonprod', 'local': 'local', 'ALL': '.*'} manifest.deployment.loadbalancer.groupname.threshold=60 jwt.secret.key=${JWT_SECRET_KEY:test-secret-key} - #Teams List from Vault - Single source of truth for teams in vault teams.list.vault=${TEAMS_LIST_VAULT:InsurancePlatform,Co-Lending,IT,Infra} - #AWS Profile aws.region=ap-south-1 aws.profile=${AWS_PROFILE:default} kubernetes.security-group.id.fetch.fixed-backoff.interval=${SECURITY_GROUP_ID_FETCH_FIXED_BACKOFF_INTERVAL:2000} kubernetes.security-group.id.fetch.fixed-backoff.max-attempts=${SECURITY_GROUP_ID_FETCH_FIXED_BACKOFF_MAX_ATTEMPTS:5} extraResource.list=database,docdb,elasticCache,aws_access,dynamodb,s3_buckets,deployment - airflow.url=${AIRFLOW_URL:http://localhost:9090} airflow.token=${AIRFLOW_AUTH_TOKEN:something} service-dump.dag.id=${SERVICE_DUMP_DAG_ID:kubectl_get_pod} +jit.dag.id=${JIT_DAG_ID:jit_dummy} +jit.number_of_prod_approvals=2 +jit.number_of_nonprod_approvals=1 +jit.slack.common.channel.id=C0000000000 +slackbot.token=xoxb-676123123123-123123123123-123123123123-123123123123 service-dump.image.name=${SERVICE_DUMP_IMAGE_NAME:193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/jdk11-diagnostic:va39edbc8ebfbe68aedb776566e11b88cb4920d75} diff --git a/src/test/resources/fixtures/kube_objects/kube_object_alb.json b/src/test/resources/fixtures/kube_objects/kube_object_alb.json index b6b6b502..cbe99558 100644 --- a/src/test/resources/fixtures/kube_objects/kube_object_alb.json +++ b/src/test/resources/fixtures/kube_objects/kube_object_alb.json @@ -238,27 +238,16 @@ } }, "env": [ - { - "name": "password", - "valueFrom": { - "secretKeyRef": { - "name": "test-app-navi-service-secret", - "key": "password" - } - } - }, - { - "name": "user", - "valueFrom": { - "secretKeyRef": { - "name": "test-app-navi-service-secret", - "key": "user" - } - } - }, { "name": "secretMd5", - "value": "ca5855f61008767291e629652da57dc6" + "value": "d74618e323ae5b8a83fa496eb16ef003" + } + ], + "envFrom": [ + { + "secretRef": { + "name": "test-app-navi-service-secret" + } } ], "ports": [ diff --git a/src/test/resources/fixtures/kube_objects/kube_object_alb_redirect.json b/src/test/resources/fixtures/kube_objects/kube_object_alb_redirect.json index 4d4736b9..0cd180ec 100644 --- a/src/test/resources/fixtures/kube_objects/kube_object_alb_redirect.json +++ b/src/test/resources/fixtures/kube_objects/kube_object_alb_redirect.json @@ -222,27 +222,16 @@ } }, "env": [ - { - "name": "password", - "valueFrom": { - "secretKeyRef": { - "name": "test-app-navi-service-secret", - "key": "password" - } - } - }, - { - "name": "user", - "valueFrom": { - "secretKeyRef": { - "name": "test-app-navi-service-secret", - "key": "user" - } - } - }, { "name": "secretMd5", - "value": "ca5855f61008767291e629652da57dc6" + "value": "d74618e323ae5b8a83fa496eb16ef003" + } + ], + "envFrom": [ + { + "secretRef": { + "name": "test-app-navi-service-secret" + } } ], "ports": [ diff --git a/src/test/resources/fixtures/kube_objects/kube_object_efs_pvc.json b/src/test/resources/fixtures/kube_objects/kube_object_efs_pvc.json index cde24723..d4278932 100644 --- a/src/test/resources/fixtures/kube_objects/kube_object_efs_pvc.json +++ b/src/test/resources/fixtures/kube_objects/kube_object_efs_pvc.json @@ -205,27 +205,16 @@ "containers": [ { "env": [ - { - "name": "password", - "valueFrom": { - "secretKeyRef": { - "key": "password", - "name": "test-app-navi-service-secret" - } - } - }, - { - "name": "user", - "valueFrom": { - "secretKeyRef": { - "key": "user", - "name": "test-app-navi-service-secret" - } - } - }, { "name": "secretMd5", - "value": "ca5855f61008767291e629652da57dc6" + "value": "d74618e323ae5b8a83fa496eb16ef003" + } + ], + "envFrom": [ + { + "secretRef": { + "name": "test-app-navi-service-secret" + } } ], "image": "IMAGE", diff --git a/src/test/resources/fixtures/kube_objects/kube_object_fsx.json b/src/test/resources/fixtures/kube_objects/kube_object_fsx.json index e429bc32..a18b990c 100644 --- a/src/test/resources/fixtures/kube_objects/kube_object_fsx.json +++ b/src/test/resources/fixtures/kube_objects/kube_object_fsx.json @@ -205,27 +205,16 @@ "containers": [ { "env": [ - { - "name": "password", - "valueFrom": { - "secretKeyRef": { - "key": "password", - "name": "test-app-navi-service-secret" - } - } - }, - { - "name": "user", - "valueFrom": { - "secretKeyRef": { - "key": "user", - "name": "test-app-navi-service-secret" - } - } - }, { "name": "secretMd5", - "value": "ca5855f61008767291e629652da57dc6" + "value": "d74618e323ae5b8a83fa496eb16ef003" + } + ], + "envFrom": [ + { + "secretRef": { + "name": "test-app-navi-service-secret" + } } ], "image": "IMAGE", diff --git a/src/test/resources/fixtures/kube_objects/kube_object_prod_tsc.json b/src/test/resources/fixtures/kube_objects/kube_object_prod_tsc.json index 6a9935b8..36123813 100644 --- a/src/test/resources/fixtures/kube_objects/kube_object_prod_tsc.json +++ b/src/test/resources/fixtures/kube_objects/kube_object_prod_tsc.json @@ -231,18 +231,16 @@ } }, "env": [ - { - "name": "foo", - "valueFrom": { - "secretKeyRef": { - "name": "testapp-navi-service-secret", - "key": "foo" - } - } - }, { "name": "secretMd5", - "value": "129cd9ea6fd37de0e07a8ff94467306f" + "value": "8a40bdadb732b9107fbf1eba768a302a" + } + ], + "envFrom": [ + { + "secretRef": { + "name": "testapp-navi-service-secret" + } } ], "ports": [ diff --git a/src/test/resources/fixtures/kube_objects/kube_object_prod_with_maxsurge.json b/src/test/resources/fixtures/kube_objects/kube_object_prod_with_maxsurge.json index 24259656..d7794281 100644 --- a/src/test/resources/fixtures/kube_objects/kube_object_prod_with_maxsurge.json +++ b/src/test/resources/fixtures/kube_objects/kube_object_prod_with_maxsurge.json @@ -231,18 +231,16 @@ } }, "env": [ - { - "name": "foo", - "valueFrom": { - "secretKeyRef": { - "name": "testapp-navi-service-secret", - "key": "foo" - } - } - }, { "name": "secretMd5", - "value": "129cd9ea6fd37de0e07a8ff94467306f" + "value": "8a40bdadb732b9107fbf1eba768a302a" + } + ], + "envFrom": [ + { + "secretRef": { + "name": "testapp-navi-service-secret" + } } ], "ports": [ diff --git a/src/test/resources/fixtures/manifest/dev-testapp-duplicate-endpoint.json b/src/test/resources/fixtures/manifest/dev-testapp-duplicate-endpoint.json new file mode 100644 index 00000000..9858708c --- /dev/null +++ b/src/test/resources/fixtures/manifest/dev-testapp-duplicate-endpoint.json @@ -0,0 +1,196 @@ +{ + "name": "testapp", + "environment": "dev", + "metadata": { + "repo": "navi-medici/test", + "language": "Java", + "product": "lending", + "dataSensitivity": "PII_SPI", + "logCriticality": "AccessLogs", + "disasterRecovery": "True" + }, + "extraResources": { + "aws_access": { + "policies": [ + { + "actions": [ + "s3:*" + ], + "resource": "*" + } + ] + } + }, + "notification": { + "notification": { + "slack": [ + "#test-slackgroup-alert" + ] + } + }, + "environmentVariables": [ + { + "name": "secretVar1", + "value": "secretVar1Value", + "type": "SECRET", + "sha256": "random-sha" + }, + { + "name": "configVar1", + "value": "configVar1Value", + "type": "CONFIG", + "sha256": "random-sha" + }, + { + "name": "superSecretVar1", + "value": "superSecretVar1Value", + "type": "SUPER_SECRET", + "sha256": "random-sha" + }, + { + "name": "SOME_URL", + "value": "https://google.com", + "type": "CONFIG", + "sha256": "random-sha", + "allowEgress": true + } + ], + "deployment": { + "cluster": "spike.np.navi-tech.in", + "loadBalancers": [ + { + "name": "lb-1", + "endpoint": "test-app1.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "slowStartDuration": 0, + "type": "alb" + }, + { + "name": "lb-2", + "endpoint": "test-app1.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "slowStartDuration": 60, + "type": "alb" + }, + { + "endpoint": "dev-test.spike.navi-tech.in", + "extraSecurityGroups": [ + "testapp-sg-1" + ], + "accessPolicies": [ + "internetFacing" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + } + ], + "alerts": { + "elb4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "elb5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "http4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 15 + }, + "http5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 2 + }, + "latency": { + "duration": "3m", + "severity": "warning", + "threshold": 800 + }, + "prometheusRecordingRule": [] + }, + "instance": { + "cpu": 0.3, + "memory": "300Mi" + }, + "exposedPorts": [ + { + "name": "serviceport", + "port": 8080 + }, + { + "name": "metrics", + "port": 4001 + } + ], + "allowEgress": [ + "https://wow.com", + "https://google.com" + ], + "healthCheck": { + "livenessCheck": { + "path": "/actuator/health", + "port": "metrics", + "type": "http", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + }, + "readinessCheck": { + "port": "serviceport", + "type": "tcp", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + } + }, + "hpa": { + "maxReplicas": 4, + "minReplicas": 2 + }, + "namespace": "dev", + "securityGroup": [ + { + "ids": [ + "sg-08fa3d4297d46a0f4" + ], + "name": "testapp-sg-1", + "rules": [ + { + "toPort": 443, + "fromPort": 443, + "protocol": "tcp", + "description": "Allow https traffic", + "ingressCidr": [ + "1.1.1.1/32", + "2a0a:a440::/29", + "::/32" + ] + } + ] + } + ], + "timeout": 1500 + }, + "team": { + "name": "Infra" + }, + "labels": { + "micrometer-prometheus": "disabled" + }, + "cluster": "spike.np.navi-tech.in" +} diff --git a/src/test/resources/fixtures/manifest/dev-testapp-dynamicConfig.json b/src/test/resources/fixtures/manifest/dev-testapp-dynamicConfig.json index 01aaf669..6a354224 100644 --- a/src/test/resources/fixtures/manifest/dev-testapp-dynamicConfig.json +++ b/src/test/resources/fixtures/manifest/dev-testapp-dynamicConfig.json @@ -1,5 +1,5 @@ { - "name": "testapp-dynamicConfig", + "name": "testapp-dynamic-config", "environment": "dev", "metadata": { "repo": "test", @@ -65,7 +65,7 @@ "loadBalancers": [ { "name": "lb-1", - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -75,7 +75,7 @@ }, { "name": "lb-2", - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/dev-testapp-reducted-secret.json b/src/test/resources/fixtures/manifest/dev-testapp-reducted-secret.json index 65e13bfe..61965749 100644 --- a/src/test/resources/fixtures/manifest/dev-testapp-reducted-secret.json +++ b/src/test/resources/fixtures/manifest/dev-testapp-reducted-secret.json @@ -61,7 +61,7 @@ "deployment": { "loadBalancers": [ { - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -70,7 +70,7 @@ "type": "alb" }, { - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/dev-testapp.json b/src/test/resources/fixtures/manifest/dev-testapp.json index 8e64b9eb..e61a8420 100644 --- a/src/test/resources/fixtures/manifest/dev-testapp.json +++ b/src/test/resources/fixtures/manifest/dev-testapp.json @@ -60,7 +60,7 @@ "loadBalancers": [ { "name": "lb-1", - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -71,7 +71,7 @@ }, { "name": "lb-2", - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-dynamicConfig-create-or-update.json b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-dynamicConfig-create-or-update.json index 0875402e..911ce4ba 100644 --- a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-dynamicConfig-create-or-update.json +++ b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-dynamicConfig-create-or-update.json @@ -1,5 +1,5 @@ { - "name": "testapp-dynamicConfig", + "name": "testapp-dynamic-config", "environment": "dev", "dynamicConfiguration": [ { @@ -63,7 +63,7 @@ "loadBalancers": [ { "version": 0, - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -73,7 +73,7 @@ }, { "version": 0, - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-dynamicConfig-render.json b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-dynamicConfig-render.json index 0e80b9b5..5a494261 100644 --- a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-dynamicConfig-render.json +++ b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-dynamicConfig-render.json @@ -1,5 +1,5 @@ { - "name": "testapp-dynamicConfig", + "name": "testapp-dynamic-config", "environment": "dev", "dynamicConfiguration": [ { @@ -59,7 +59,7 @@ "deployment": { "loadBalancers": [ { - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -68,7 +68,7 @@ "type": "alb" }, { - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get-with-no-super-secret-access.json b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get-with-no-super-secret-access.json index 0ba55233..c6e7d2d7 100644 --- a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get-with-no-super-secret-access.json +++ b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get-with-no-super-secret-access.json @@ -53,7 +53,7 @@ "deployment": { "loadBalancers": [ { - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -62,7 +62,7 @@ "type": "alb" }, { - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get-without-secret-access.json b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get-without-secret-access.json index a6c2654c..1fea340a 100644 --- a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get-without-secret-access.json +++ b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get-without-secret-access.json @@ -54,7 +54,7 @@ "deployment": { "loadBalancers": [ { - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -63,7 +63,7 @@ "type": "alb" }, { - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get.json b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get.json index c0c2cf7c..26997a28 100644 --- a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get.json +++ b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-get.json @@ -55,7 +55,7 @@ "loadBalancers": [ { "name": "lb-1", - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -65,7 +65,7 @@ }, { "name": "lb-2", - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-update.json b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-update.json index ef8bb794..3bbacd7e 100644 --- a/src/test/resources/fixtures/manifest/expected_output/dev-testapp-update.json +++ b/src/test/resources/fixtures/manifest/expected_output/dev-testapp-update.json @@ -59,7 +59,7 @@ { "name": "lb-1", "version": 0, - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app1.spike.navi-tech.in", "accessPolicies": [ "internal" ], @@ -70,7 +70,7 @@ { "name": "lb-2", "version": 0, - "endpoint": "test-app.spike.navi-tech.in", + "endpoint": "test-app2.spike.navi-tech.in", "accessPolicies": [ "internal" ], diff --git a/src/test/resources/fixtures/manifest/expected_output/manifest-export-with-no-super-secret-access.json b/src/test/resources/fixtures/manifest/expected_output/manifest-export-with-no-super-secret-access.json new file mode 100644 index 00000000..4046ec33 --- /dev/null +++ b/src/test/resources/fixtures/manifest/expected_output/manifest-export-with-no-super-secret-access.json @@ -0,0 +1,142 @@ +{ + "environmentVariables": [ + { + "name": "APP_NAME", + "type": "CONFIG", + "sha256": "1b4f0e9851971998e732078544c96b36c3d01cedf7caa332359d6f1d83567014", + "value": "test1" + }, + { + "name": "test_Config", + "type": "SECRET", + "sha256": "60303ae22b998861bce3b28f33eec1be758a213c86c93c076dbe9f558c11c752", + "value": "test2" + }, + { + "name": "test_super_secret", + "type": "SUPER_SECRET", + "sha256": "ddfaa92ae32b9ff82c40ce5e3350f16de528f021727f13468d9b26201905f59a", + "value": "*****" + } + ], + "metadata": { + "repo": "test", + "language": "Java", + "product": "lending", + "dataSensitivity": "PII_SPI", + "logCriticality": "AccessLogs", + "disasterRecovery": "True" + }, + "deployment": { + "isDeployed": false, + "loadBalancers": [ + { + "endpoint": "test-app1.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + }, + { + "endpoint": "test-app2.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + }, + { + "endpoint": "dev-test.spike.navi-tech.in", + "extraSecurityGroups": [ + "testapp-sg-1" + ], + "accessPolicies": [ + "internetFacing" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + } + ], + "alerts": { + "elb4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "elb5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "http4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 15 + }, + "http5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 2 + }, + "latency": { + "duration": "3m", + "severity": "warning", + "threshold": 800 + }, + "prometheusRecordingRule": [] + }, + "instance": { + "cpu": 0.24, + "memory": "300Mi" + }, + "exposedPorts": [ + { + "name": "serviceport", + "port": 8080 + }, + { + "name": "metrics", + "port": 4001 + } + ], + "allowEgress": [], + "healthCheck": { + "livenessCheck": { + "path": "/actuator/health", + "port": "metrics", + "type": "http", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + }, + "readinessCheck": { + "port": "serviceport", + "type": "tcp", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + } + }, + "hpa": { + "maxReplicas": 2, + "minReplicas": 2 + }, + "timeout": 1500, + "namespace": "dev" + }, + "team": { + "name": "Infra" + }, + "labels": { + "micrometer-prometheus": "enabled" + }, + "environment": "dev", + "name": "test-export", + "isDeployed": false +} \ No newline at end of file diff --git a/src/test/resources/fixtures/manifest/expected_output/manifest-export-without-secret-access.json b/src/test/resources/fixtures/manifest/expected_output/manifest-export-without-secret-access.json new file mode 100644 index 00000000..bca6e430 --- /dev/null +++ b/src/test/resources/fixtures/manifest/expected_output/manifest-export-without-secret-access.json @@ -0,0 +1,142 @@ +{ + "environmentVariables": [ + { + "name": "APP_NAME", + "type": "CONFIG", + "sha256": "1b4f0e9851971998e732078544c96b36c3d01cedf7caa332359d6f1d83567014", + "value": "test1" + }, + { + "name": "test_Config", + "type": "SECRET", + "sha256": "60303ae22b998861bce3b28f33eec1be758a213c86c93c076dbe9f558c11c752", + "value": "*****" + }, + { + "name": "test_super_secret", + "type": "SUPER_SECRET", + "sha256": "ddfaa92ae32b9ff82c40ce5e3350f16de528f021727f13468d9b26201905f59a", + "value": "*****" + } + ], + "metadata": { + "repo": "test", + "language": "Java", + "product": "lending", + "dataSensitivity": "PII_SPI", + "logCriticality": "AccessLogs", + "disasterRecovery": "True" + }, + "deployment": { + "isDeployed": false, + "loadBalancers": [ + { + "endpoint": "test-app1.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + }, + { + "endpoint": "test-app2.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + }, + { + "endpoint": "dev-test.spike.navi-tech.in", + "extraSecurityGroups": [ + "testapp-sg-1" + ], + "accessPolicies": [ + "internetFacing" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + } + ], + "alerts": { + "elb4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "elb5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "http4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 15 + }, + "http5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 2 + }, + "latency": { + "duration": "3m", + "severity": "warning", + "threshold": 800 + }, + "prometheusRecordingRule": [] + }, + "instance": { + "cpu": 0.24, + "memory": "300Mi" + }, + "exposedPorts": [ + { + "name": "serviceport", + "port": 8080 + }, + { + "name": "metrics", + "port": 4001 + } + ], + "allowEgress": [], + "healthCheck": { + "livenessCheck": { + "path": "/actuator/health", + "port": "metrics", + "type": "http", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + }, + "readinessCheck": { + "port": "serviceport", + "type": "tcp", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + } + }, + "hpa": { + "maxReplicas": 2, + "minReplicas": 2 + }, + "timeout": 1500, + "namespace": "dev" + }, + "team": { + "name": "Infra" + }, + "labels": { + "micrometer-prometheus": "enabled" + }, + "environment": "dev", + "name": "test-export", + "isDeployed": false +} \ No newline at end of file diff --git a/src/test/resources/fixtures/manifest/manifest-export-redacted-secret.json b/src/test/resources/fixtures/manifest/manifest-export-redacted-secret.json new file mode 100644 index 00000000..fa6572b2 --- /dev/null +++ b/src/test/resources/fixtures/manifest/manifest-export-redacted-secret.json @@ -0,0 +1,153 @@ +{ + "version": 46, + "environmentVariables": [ + { + "name": "APP_NAME", + "type": "CONFIG", + "sha256": "1b4f0e9851971998e732078544c96b36c3d01cedf7caa332359d6f1d83567014", + "value": "test1" + }, + { + "name": "test_Config", + "type": "SECRET", + "sha256": "60303ae22b998861bce3b28f33eec1be758a213c86c93c076dbe9f558c11c752", + "value": null + }, + { + "name": "test_super_secret", + "type": "SUPER_SECRET", + "sha256": "ddfaa92ae32b9ff82c40ce5e3350f16de528f021727f13468d9b26201905f59a", + "value": null + } + ], + "metadata": { + "repo": "test", + "language": "Java", + "product": "lending", + "dataSensitivity": "PII_SPI", + "logCriticality": "AccessLogs", + "disasterRecovery": "True" + }, + "deployment": { + "id": 1, + "version": 22, + "isDeployed": true, + "loadBalancers": [ + { + "version": 3, + "id": 22, + "endpoint": "test-app1.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + }, + { + "version": 23, + "id": 34, + "endpoint": "test-app2.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + }, + { + "version": 23, + "id": 72, + "endpoint": "dev-test.spike.navi-tech.in", + "extraSecurityGroups": [ + "testapp-sg-1" + ], + "accessPolicies": [ + "internetFacing" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + } + ], + "alerts": { + "elb4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "elb5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "http4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 15 + }, + "http5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 2 + }, + "latency": { + "duration": "3m", + "severity": "warning", + "threshold": 800 + }, + "prometheusRecordingRule": [] + }, + "instance": { + "cpu": 0.24, + "memory": "300Mi" + }, + "exposedPorts": [ + { + "name": "serviceport", + "port": 8080 + }, + { + "name": "metrics", + "port": 4001 + } + ], + "allowEgress": [], + "healthCheck": { + "livenessCheck": { + "path": "/actuator/health", + "port": "metrics", + "type": "http", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + }, + "readinessCheck": { + "port": "serviceport", + "type": "tcp", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + } + }, + "hpa": { + "maxReplicas": 2, + "minReplicas": 2 + }, + "timeout": 1500, + "namespace": "dev" + }, + "team": { + "name": "Infra" + }, + "labels": { + "micrometer-prometheus": "enabled" + }, + "environment": "dev", + "name": "test-export", + "cluster": "spike.np.navi-tech.in", + "isDeployed": true, + "infraVertical": "lending" +} \ No newline at end of file diff --git a/src/test/resources/fixtures/manifest/manifest-export.json b/src/test/resources/fixtures/manifest/manifest-export.json new file mode 100644 index 00000000..37ba6e9d --- /dev/null +++ b/src/test/resources/fixtures/manifest/manifest-export.json @@ -0,0 +1,152 @@ +{ + "version": 46, + "environmentVariables": [ + { + "name": "APP_NAME", + "type": "CONFIG", + "sha256": "1b4f0e9851971998e732078544c96b36c3d01cedf7caa332359d6f1d83567014", + "value": "test1" + }, + { + "name": "test_Config", + "type": "SECRET", + "sha256": "60303ae22b998861bce3b28f33eec1be758a213c86c93c076dbe9f558c11c752", + "value": "test2" + }, + { + "name": "test_super_secret", + "type": "SUPER_SECRET", + "sha256": "ddfaa92ae32b9ff82c40ce5e3350f16de528f021727f13468d9b26201905f59a", + "value": "*****" + } + ], + "metadata": { + "repo": "test", + "language": "Java", + "product": "lending", + "dataSensitivity": "PII_SPI", + "logCriticality": "AccessLogs", + "disasterRecovery": "True" + }, + "deployment": { + "id": 1, + "version": 22, + "isDeployed": true, + "loadBalancers": [ + { + "version": 3, + "id": 22, + "endpoint": "test-app1.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + }, + { + "version": 23, + "id": 34, + "endpoint": "test-app2.spike.navi-tech.in", + "accessPolicies": [ + "internal" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + }, + { + "version": 23, + "id": 72, + "endpoint": "dev-test.spike.navi-tech.in", + "extraSecurityGroups": [ + "testapp-sg-1" + ], + "accessPolicies": [ + "internetFacing" + ], + "stickiness": false, + "idleTimeout": 60, + "type": "alb" + } + ], + "alerts": { + "elb4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "elb5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 1 + }, + "http4xx": { + "duration": "3m", + "severity": "critical", + "threshold": 15 + }, + "http5xx": { + "duration": "3m", + "severity": "critical", + "threshold": 2 + }, + "latency": { + "duration": "3m", + "severity": "warning", + "threshold": 800 + }, + "prometheusRecordingRule": [] + }, + "instance": { + "cpu": 0.24, + "memory": "300Mi" + }, + "exposedPorts": [ + { + "name": "serviceport", + "port": 8080 + }, + { + "name": "metrics", + "port": 4001 + } + ], + "allowEgress": [], + "healthCheck": { + "livenessCheck": { + "path": "/actuator/health", + "port": "metrics", + "type": "http", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + }, + "readinessCheck": { + "port": "serviceport", + "type": "tcp", + "periodSeconds": 30, + "failureThreshold": 5, + "successThreshold": 1, + "initialDelaySeconds": 60 + } + }, + "hpa": { + "maxReplicas": 2, + "minReplicas": 2 + }, + "timeout": 1500, + "namespace": "dev" + }, + "team": { + "name": "Infra" + }, + "labels": { + "micrometer-prometheus": "enabled" + }, + "environment": "dev", + "name": "test-export", + "cluster": "spike.np.navi-tech.in", + "isDeployed": true +} \ No newline at end of file diff --git a/src/test/resources/fixtures/manifest/manifest-with-spaced-env-var.json b/src/test/resources/fixtures/manifest/manifest-with-spaced-env-var.json index 0810463d..3735360b 100644 --- a/src/test/resources/fixtures/manifest/manifest-with-spaced-env-var.json +++ b/src/test/resources/fixtures/manifest/manifest-with-spaced-env-var.json @@ -48,5 +48,6 @@ }, "environment": "dev", "name": "manifest", - "cluster": "spike.np.navi-tech.in" + "cluster": "spike.np.navi-tech.in", + "infraVertical": "lending" } \ No newline at end of file diff --git a/templates/README.md b/templates/README.md deleted file mode 100644 index 72a54060..00000000 --- a/templates/README.md +++ /dev/null @@ -1,14 +0,0 @@ -## Steps to test JSONNET changes - -1. Create a temporary directory in templates directory: - - ```mkdir /templates/temp``` - -2. Change directory to the same - - ```cd /templates/temp``` - -3. Run the following command to create json for testing purposes: - ```jsonnet main.jsonnet -J /manifests// --ext-str IMAGE='image' -m temp``` - -4. Inspect the jsonnets in temp folder. \ No newline at end of file diff --git a/templates/chaos_engine.jsonnet b/templates/chaos_engine.jsonnet deleted file mode 100644 index 3243431b..00000000 --- a/templates/chaos_engine.jsonnet +++ /dev/null @@ -1,94 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local chaos_util = import 'chaos_util.jsonnet'; - - -local env = function(experiment) { - latencyInjection: [ - { - name: 'NETWORK_LATENCY', - value: experiment.details.latency, - }, - ], - packetLoss: [ - { - name: 'NETWORK_PACKET_LOSS_PERCENTAGE', - value: experiment.details.packetLoss, - }, - ], -}[experiment.type]; - - -std.map(function(experiment) { - apiVersion: 'litmuschaos.io/v1alpha1', - kind: 'ChaosEngine', - metadata: { - name: '%s-chaos' % deployment.name, - namespace: deployment.namespace, - labels: { - resource_id: '%s-chaos' % deployment.name, - }, - }, - spec: { - jobCleanUpPolicy: 'delete', - annotationCheck: 'true', - engineState: 'active', - auxiliaryAppInfo: '', - monitoring: false, - appinfo: { - appns: deployment.namespace, - applabel: 'release=%s' % deployment.name, - appkind: 'deployment', - }, - chaosServiceAccount: '%s-sa' % chaos_util.experimentName(experiment), - components: { - runner: { - runnerannotation: { - 'sidecar.istio.io/inject': 'false', - }, - }, - }, - experiments: [{ - name: chaos_util.experimentName(experiment), - spec: { - components: { - experimentannotation: { - 'sidecar.istio.io/inject': 'false', - }, - env: [ - { - name: 'CHAOS_NAMESPACE', - value: deployment.namespace, - }, - { - name: 'APP_NAMESPACE', - value: deployment.namespace, - }, - { - name: 'NETWORK_INTERFACE', - value: 'eth0', - }, - { - name: 'TARGET_CONTAINER', - value: chart.full_service_name(deployment.name), - }, - { - name: 'TOTAL_CHAOS_DURATION', - value: experiment.duration, - }, - { - name: 'PODS_AFFECTED_PERC', - value: '100', - }, - { - name: 'TARGET_HOSTS', - value: std.join(',', experiment.details.targetHosts), - }, - ] + env(experiment), - }, - }, - }], - }, -}, deployment.faults) diff --git a/templates/chaos_experiment.jsonnet b/templates/chaos_experiment.jsonnet deleted file mode 100644 index 8de4fcf8..00000000 --- a/templates/chaos_experiment.jsonnet +++ /dev/null @@ -1,87 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local chaos_util = import 'chaos_util.jsonnet'; - -local descriptionMessage = function(experiment) { - latencyInjection: 'Injects network latency on pods belonging to an app deployment\n', - packetLoss: 'Injects network packet loss on pods belonging to an app deployment\n', -}[experiment.type]; - -local args = function(experiment) { - latencyInjection: './experiments/pod-network-latency', - packetLoss: './experiments/pod-network-loss', -}[experiment.type]; - -std.map( - function(experiment) - { - apiVersion: 'litmuschaos.io/v1alpha1', - description: { - message: descriptionMessage(experiment), - }, - kind: 'ChaosExperiment', - metadata: { - name: chaos_util.experimentName(experiment), - }, - spec: { - definition: { - scope: 'Namespaced', - permissions: [ - { - apiGroups: [ - '', - 'batch', - 'litmuschaos.io', - ], - resources: [ - 'jobs', - 'pods', - 'pods/log', - 'events', - 'chaosengines', - 'chaosexperiments', - 'chaosresults', - ], - verbs: [ - 'create', - 'list', - 'get', - 'patch', - 'update', - 'delete', - ], - }, - ], - image: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/litmus-go:1.8.1', - imagePullPolicy: 'Always', - args: [ - '-c', - args(experiment), - ], - command: [ - '/bin/bash', - ], - env: [ - { - name: 'NETWORK_INTERFACE', - value: 'eth0', - }, - { - name: 'LIB_IMAGE', - value: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/litmus-go:1.8.1', - }, - { - name: 'TC_IMAGE', - value: 'gaiadocker/iproute2', - }, - ], - labels: { - name: chaos_util.experimentName(experiment), - }, - }, - }, - }, - deployment.faults -) diff --git a/templates/chaos_main.jsonnet b/templates/chaos_main.jsonnet deleted file mode 100644 index 77234cf5..00000000 --- a/templates/chaos_main.jsonnet +++ /dev/null @@ -1,118 +0,0 @@ -local chaos_engines = import 'chaos_engine.jsonnet'; -local chaos_experiments = import 'chaos_experiment.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local chaos_util = import 'chaos_util.jsonnet'; - -local chaos_sa = function(experiment) { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - labels: { - name: '%s-sa' % chaos_util.experimentName(experiment), - }, - name: '%s-sa' % chaos_util.experimentName(experiment), - namespace: deployment.namespace, - }, -}; - -local chaos_role = function(experiment) { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', - metadata: { - labels: { - name: '%s-sa' % chaos_util.experimentName(experiment), - }, - name: '%s-sa' % chaos_util.experimentName(experiment), - namespace: deployment.namespace, - }, - rules: [ - { - apiGroups: [ - '', - 'litmuschaos.io', - 'batch', - ], - resources: [ - 'pods', - 'jobs', - 'pods/log', - 'events', - 'chaosengines', - 'chaosexperiments', - 'chaosresults', - ], - verbs: [ - 'create', - 'list', - 'get', - 'patch', - 'update', - 'delete', - ], - }, - ], -}; - -local chaos_rolebinding = function(experiment) { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - labels: { - name: '%s-sa' % chaos_util.experimentName(experiment), - }, - name: '%s-sa' % chaos_util.experimentName(experiment), - namespace: deployment.namespace, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: '%s-sa' % chaos_util.experimentName(experiment), - }, - subjects: [ - { - kind: 'ServiceAccount', - name: '%s-sa' % chaos_util.experimentName(experiment), - }, - ], -}; - -local chaos_privileged_rolebinding = function(experiment) { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'psp:privileged:%s-sa' % chaos_util.experimentName(experiment), - namespace: deployment.namespace, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'psp:privileged', - }, - subjects: [ - { - kind: 'ServiceAccount', - name: '%s-sa' % chaos_util.experimentName(experiment), - }, - ], -}; - -local getFiles = function(s, fn) { - [s % index]: fn(deployment.faults[index]) - for index in std.range(0, std.length(chaos_experiments) - 1) -}; - - -if 'faults' in deployment && std.length(deployment.faults) > 0 then - (if chaos_experiments != null then { - ['1_%s_chaos_experiment.json' % index]: chaos_experiments[index] - for index in std.range(0, std.length(chaos_experiments) - 1) - } else {}) + - getFiles('2_%s_chaos_sa.json', chaos_sa) + - getFiles('3_%s_chaos_role.json', chaos_role) + - getFiles('4_%s_chaos_rolebinding.json', chaos_rolebinding) + - getFiles('5_%s_chaos_privileged_rolebinding.json', chaos_privileged_rolebinding) + - (if chaos_engines != null then { - ['6_%s_chaos_engine.json' % index]: chaos_engines[index] - for index in std.range(0, std.length(chaos_engines) - 1) - } else {}) diff --git a/templates/chaos_util.jsonnet b/templates/chaos_util.jsonnet deleted file mode 100644 index 9e3b49dd..00000000 --- a/templates/chaos_util.jsonnet +++ /dev/null @@ -1,6 +0,0 @@ -{ - experimentName:: function(experiment) { - latencyInjection: 'pod-network-latency', - packetLoss: 'pod-network-loss', - }[experiment.type], -} diff --git a/templates/chart.jsonnet b/templates/chart.jsonnet deleted file mode 100644 index 4b4d9999..00000000 --- a/templates/chart.jsonnet +++ /dev/null @@ -1,29 +0,0 @@ -{ - //Private values - values:: { - apiVersion: 'v1', - name: 'navi-service', - description: 'Deploy navi services to kubernetes', - version: '0.0.1', - appVersion: '0.1', - home: 'https://github.cmd.navi-tech.in/navi-infra', - maintainers: [ - { - name: 'Infra', - email: 'infra-team@navi.com', - }, - ], - }, - - //Public functions - service_name: self.values.name, - - full_service_name(deployment_name): ( - assert std.length(deployment_name) <= 63 : 'Service name must be less than 63 characters. name: %s' % deployment_name; - local name = '%s-%s' % [deployment_name, self.service_name]; - assert std.length(name) <= 253 : 'Full Service name must be less than 253 characters. name: %s' % name; - name - ), - - service_chart: '%s-%s' % [self.values.name, self.values.version], -} diff --git a/templates/cluster_values.jsonnet b/templates/cluster_values.jsonnet deleted file mode 100644 index 4831c567..00000000 --- a/templates/cluster_values.jsonnet +++ /dev/null @@ -1,1514 +0,0 @@ -{ - baseCluster+:: { - loadBalancer+:: { - sharedALBs+::{ - enableOfficeIps:: true - }, - sourceRanges:: ['1.1.1.1/32'], - annotations+:: { - webAcl:: 'dummy-webacl', - deletionProtection:: false, - accessLog:: true, - subnets+:: {}, - }, - }, - commonApiGateway+:: { - externalAuth:: { - config:: { - url:: 'dummyUrl', - }, - }, - }, - sidecarEnabled:: true, - zalandoEnabled:: true, - isEfsSupported: false, - isFsxSupported: false, - isVpaDeployed:: true, - isSwApmEnabled:: false - }, - - // Perf Endpoints - perfDomainEndpoint:: { - lending: '.np.navi-tech.in', - insurance: '.np.navi-gi.in', - sa: '.np.navi-sa.in', - amc: '.np.navi-amc.in', - }, - - //Non Prod cluster - 'nonprod.np.navi-tech.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'lending', - }, - flinkBucket: 'navi-flink-nonprod', - isEfsSupported: true, - isFsxSupported: true, - awsAccountId: 571315076762, - loadBalancer+:: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:571315076762:regional/webacl/AclNonProd/9ad3e612-4125-42ec-ab83-9e83ce95ac22', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-01bbd376d7004403e', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-01a64c085bfdb2cbb', - - //This security group allows inter k8 cluster communication - internal:: 'sg-0bc07e856d000a5f4', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-022aa76e816973224', - - // Cloudflare ips - cdn:: 'sg-04abaea56b3db4697', - }, - sslCert:: { - 'np.navi-tech.in':: 'arn:aws:acm:ap-south-1:571315076762:certificate/a19c398a-639b-45ca-b885-4cf6002a16dc', - 'np.navi-ext.com':: 'arn:aws:acm:ap-south-1:571315076762:certificate/d9f5aac3-daee-401a-9035-b3f89a348d21', - 'navibank.ph':: 'arn:aws:acm:ap-south-1:571315076762:certificate/a19c398a-639b-45ca-b885-4cf6002a16dc', - 'navi.com':: 'arn:aws:acm:ap-south-1:571315076762:certificate/a19c398a-639b-45ca-b885-4cf6002a16dc', - }, - subnets:: { - internal:: 'internal-lb-ap-south-1a.nonprod.np.navi-tech.in,internal-lb-ap-south-1b.nonprod.np.navi-tech.in', - }, - accessLogBucket:: 'navi-nonprod-lb-access-logs', - accessLog: true, - }, - }, - }, - qa:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - dev:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - automation:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'automation-services-alb', - }, - fixedHostNames+:: { - 'mobile-application': 'automation-api.navi.com', - }, - }, - }, - 'qa-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-internal-services-alb', - }, - }, - }, - perf:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'perf-services-alb', - }, - }, - }, - 'dev-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-internal-services-alb', - }, - }, - }, - 'dev-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-critical-services-alb', - }, - }, - }, - 'qa-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-critical-services-alb', - }, - }, - }, - 'dev-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-3p-services-alb', - }, - fixedHostNames+:: { - 'mobile-application': 'dev-api.navi.com', - }, - }, - }, - 'qa-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-3p-services-alb', - }, - fixedHostNames+:: { - 'mobile-application': 'qa-api.navi.com', - }, - }, - }, - }, - - //CMD cluster - 'prod.cmd.navi-tech.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'shared', - }, - isVpaDeployed:: false, - awsAccountId: 193044292705, - loadBalancer+:: { - sharedALBs+::{ - enableOfficeIps:: false - }, - annotations+:: { - securityGroups+:: { - - //This security group allows inter k8 cluster communication - internal:: 'sg-05a07c526f95eeb77', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-07e815976f838974d', - - // Cloudflare IPs - cdn:: 'sg-030f711a697aefbcd', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-0c46b6742d741ef56', - }, - sslCert:: { - 'cmd.navi-tech.in':: 'arn:aws:acm:ap-south-1:193044292705:certificate/f5746e77-f3e0-467b-b09e-3f6f2bd33d5d', - }, - accessLog:: true, - accessLogBucket:: 'navi-cmd-lb-access-logs', - }, - }, - sidecarEnabled:: false, - }, - }, - - //GI nonprod cluster - 'aps1.np.navi-gi.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'gi', - }, - commonApiGateway+:: { - externalAuth:: { - config:: { - url:: 'https://test-ops-auth-service.np.navi-gi.in/auth', - }, - }, - }, - flinkBucket: 'navi-flink-gi-nonprod', - awsAccountId: 883430762451, - loadBalancer+:: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:883430762451:regional/webacl/AclNonProdGi/63c08952-a0ca-4f20-b237-ebebc3e6b45e', - securityGroups+:: { - - //This security group allows inter k8 cluster communication - internal:: 'sg-095f4e72442a3b1cb', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-092a892e2ed92f934', - - //This security group allows packets from everywhere - internetFacing:: 'sg-00f702563af978c17', - - natIp:: 'sg-0bbe47680861cb3af', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-05ed65ea26e845f6b', - - // CF ips - cdn:: 'sg-0101e7a8058f3ff90', - }, - sslCert:: { - 'np.navi-gi.in':: 'arn:aws:acm:ap-south-1:883430762451:certificate/fc0dbd8e-7754-48ac-b5f1-dc5614f918f1', - 'navi.com':: 'arn:aws:acm:ap-south-1:883430762451:certificate/cbd7d693-ef24-44c7-a26c-44cbe198cc89', - }, - accessLog:: true, - accessLogBucket:: 'aps1.np.navi-gi.in-alb-access-logs', - subnets:: { - internal: 'internal-lb-ap-south-1a.aps1.np.navi-gi.in,internal-lb-ap-south-1b.aps1.np.navi-gi.in', - }, - }, - }, - }, - qa:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - dev:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - 'qa-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-internal-services-alb', - }, - }, - }, - perf:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'perf-services-alb', - }, - }, - }, - 'dev-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-internal-services-alb', - }, - }, - }, - 'dev-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-critical-services-alb', - }, - }, - }, - 'qa-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-critical-services-alb', - }, - }, - }, - 'dev-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-3p-services-alb', - }, - }, - }, - 'qa-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-3p-services-alb', - }, - }, - }, - }, - - 'aps1.np.navi-amc.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'amc', - }, - loadBalancer+:: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:667580634104:regional/webacl/AclNonProdAmc/354559db-49fc-465c-9b30-fd84d4583c40', - securityGroups+:: { - - //This security group allows inter k8 cluster communication(nodes security group) - internal:: 'sg-02acb03253f80d846', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0655b24320f15a3c7', - - //This security group allows packets from everywhere - internetFacing:: 'sg-0064b8d763e4ee8a6', - - natIp:: 'sg-03986fe435275bce3', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-09c7dc317585f77fe', - }, - sslCert:: { - 'np.navi-amc.in':: 'arn:aws:acm:ap-south-1:667580634104:certificate/d6b73d36-d83b-4a75-aec3-bb05b8c995a4', - 'navi.com':: 'arn:aws:acm:ap-south-1:667580634104:certificate/d6b73d36-d83b-4a75-aec3-bb05b8c995a4', - }, - accessLog:: true, - accessLogBucket:: 'aps1.np.navi-amc.in-alb-access-logs', - subnets:: { - internal: 'ap-south-1a.aps1.np.navi-amc.in,ap-south-1b.aps1.np.navi-amc.in,ap-south-1c.aps1.np.navi-amc.in', - }, - }, - }, - }, - qa:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - dev:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - 'qa-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-internal-services-alb', - }, - }, - }, - perf:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'perf-services-alb', - }, - }, - }, - 'dev-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-internal-services-alb', - }, - }, - }, - 'dev-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-critical-services-alb', - }, - }, - }, - 'qa-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-critical-services-alb', - }, - }, - }, - 'dev-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-3p-services-alb', - }, - }, - }, - 'qa-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-3p-services-alb', - }, - }, - }, - }, - - 'aps1.np.navi-sa.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'sa', - }, - flinkBucket: 'navi-flink-sa-nonprod', - awsAccountId: 197185947855, - loadBalancer+:: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:197185947855:regional/webacl/AclNonProdSa/bbb07e35-7353-41d2-8603-fcbac4adf181', - securityGroups+:: { - - //This security group allows inter k8 cluster communication(nodes security group) - internal:: 'sg-0800f97f9c4cf731b', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0c954334a33a84784', - - //This security group allows packets from everywhere - internetFacing:: 'sg-00abfe4eb79cb607b', - - natIp:: 'sg-01d5ec5d474097cae', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-079bf73b2288f63ae', - - // Cloudflare ips - cdn:: 'sg-023c2b1a40cdae68d', - }, - sslCert:: { - 'np.navi-sa.in':: 'arn:aws:acm:ap-south-1:197185947855:certificate/a8025483-daf3-49f9-8528-4ffa4683ce88', - 'navi.com':: 'arn:aws:acm:ap-south-1:197185947855:certificate/a8025483-daf3-49f9-8528-4ffa4683ce88', - 'loangy.com':: 'arn:aws:acm:ap-south-1:197185947855:certificate/202f2edf-51ff-4b8d-97af-84750f8d15cf', - 'nuford.com':: 'arn:aws:acm:ap-south-1:197185947855:certificate/68208769-4040-4b29-842f-a1034c5f338a', - }, - accessLogBucket:: 'aps1.np.navi-sa.in-alb-access-logs', - accessLog:: true, - subnets:: { - internal: 'ap-south-1a.aps1.np.navi-sa.in,ap-south-1b.aps1.np.navi-sa.in,ap-south-1c.aps1.np.navi-sa.in', - }, - }, - }, - isSwApmEnabled:: false, - }, - qa:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - 'navi-ops-tech-qa':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - 'navi-ops-tech-dev':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - dev:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - 'qa-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-internal-services-alb', - }, - }, - }, - perf:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'perf-services-alb', - }, - }, - }, - 'dev-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-internal-services-alb', - }, - }, - }, - 'dev-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-critical-services-alb', - }, - }, - }, - 'qa-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-critical-services-alb', - }, - }, - }, - 'dev-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-3p-services-alb', - }, - }, - }, - 'qa-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-3p-services-alb', - }, - }, - }, - }, - - // sa-prod - 'aps1.prod.navi-sa.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'sa', - }, - flinkBucket: 'navi-flink-sa-prod', - awsAccountId: 120419666648, - isVpaDeployed:: true, - loadBalancer+: { - sharedALBs+::{ - enableOfficeIps:: false - }, - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:120419666648:regional/webacl/AclMASProdSa/3cd8ff0b-716b-4342-aa69-9592bc98055d', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-0eefc892db09982c2', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0fe034c75aa465ef3', - - //This security group allows inter k8 cluster communication - internal:: 'sg-011f3fb53e6506486', - - //This security group allows communication from nat gateways of prod cluster - natIp:: 'sg-03b3400e9107cf8bc', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-0853dd98badfed3bd', - - // Cloudflare ips - cdn:: 'sg-01ee5bcb8640e2a1a', - }, - sslCert:: { - 'prod.navi-sa.in':: 'arn:aws:acm:ap-south-1:120419666648:certificate/196a820c-feec-4005-a7fd-a51ed72d4329', - 'navi.com':: 'arn:aws:acm:ap-south-1:120419666648:certificate/196a820c-feec-4005-a7fd-a51ed72d4329', - 'navi.net':: 'arn:aws:acm:ap-south-1:120419666648:certificate/fdfab80c-fc67-4005-938c-05b1188508ee', - 'loangy.com':: 'arn:aws:acm:ap-south-1:120419666648:certificate/a9494b99-c325-4058-bd51-807a3c8227a9', - 'nuford.com':: 'arn:aws:acm:ap-south-1:120419666648:certificate/d96e7a0d-8a14-46a0-92da-95a13faedf3f', - 'navifinserv.com':: 'arn:aws:acm:ap-south-1:120419666648:certificate/15f090d7-608c-4938-911c-6244a9922eb6', - }, - subnets:: { - internal: 'ap-south-1a.aps1.prod.navi-sa.in,ap-south-1b.aps1.prod.navi-sa.in,ap-south-1c.aps1.prod.navi-sa.in', - }, - accessLogBucket:: 'aps1.prod.navi-sa.in-alb-access-logs', - accessLog:: true, - deletionProtection:: false, - }, - }, - }, - 'prod-3p':: self.default { - loadBalancer+:: { - fixedHostNames+:: { - 'mobile-application': 'sa-api.navi.com', - }, - }, - }, - }, - - //PROD cluster - 'aps1.prod.navi-tech.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'lending', - }, - flinkBucket: 'navi-flink-prod', - isEfsSupported: true, - isFsxSupported: true, - awsAccountId: 492941056607, - isVpaDeployed:: true, - loadBalancer+: { - sharedALBs+::{ - enableOfficeIps:: false - }, - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:492941056607:regional/webacl/AclProd/fa85bcff-3c71-434c-be4f-dc4e0456c47d', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-0a4e70d66a8a8bc34', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0df3121be8adc2fbc', - - //This security group allows inter k8 cluster communication - internal:: 'sg-064d258429b99b518', - - //This security group allows communication from nat gateways of prod cluster - natIp:: 'sg-0c7fb31b9b27e5e6f', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-032733713f4787bdc', - - cdn:: 'sg-09317e0e354c7f81f', - }, - sslCert:: { - 'prod.navi-tech.in':: 'arn:aws:acm:ap-south-1:492941056607:certificate/07a548dc-249d-4475-8783-58e3060b0c3f', - 'prod.navi-ext.com':: 'arn:aws:acm:ap-south-1:492941056607:certificate/0a3af671-4e93-415a-a05d-7f4d7dead5dc', - 'navi-ext.com':: 'arn:aws:acm:ap-south-1:492941056607:certificate/0a3af671-4e93-415a-a05d-7f4d7dead5dc', - 'navi.com':: 'arn:aws:acm:ap-south-1:492941056607:certificate/50681498-31f5-4117-8b42-8d0662ab5e93', - 'go-nlc.com':: 'arn:aws:acm:ap-south-1:492941056607:certificate/0ae1b16f-855c-48ca-bcf8-8692a7893d95', - 'navi.net':: 'arn:aws:acm:ap-south-1:492941056607:certificate/194e6d16-a263-4f08-bc2a-414e05bf5cd3', - 'naviinsurance.com':: 'arn:aws:acm:ap-south-1:492941056607:certificate/6e9dfccd-9794-483f-a884-789abf81747d', - }, - subnets:: { - internal: 'internal-lb-ap-south-1a.aps1.prod.navi-tech.in,internal-lb-ap-south-1b.aps1.prod.navi-tech.in,internal-lb-ap-south-1c.aps1.prod.navi-tech.in', - }, - accessLogBucket:: 'navi-prod-lb-access-logs', - accessLog:: true, - deletionProtection:: false, - }, - }, - }, - 'prod-3p':: self.default { - loadBalancer+:: { - fixedHostNames+:: { - 'mobile-application': 'api.navi.com', - }, - }, - }, - }, - - // GI cluster - - //PROD cluster - 'aps1.prod.navi-gi.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'gi', - }, - flinkBucket: 'navi-flink-gi-prod', - awsAccountId: 590617173486, - loadBalancer+: { - sharedALBs+::{ - enableOfficeIps:: false - }, - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:590617173486:regional/webacl/AclMASProdGi/284f5c83-ae37-4197-b885-37773aded948', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-0b1ccba594a9d1119', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-09598b733e28af8f1', - - //This security group allows inter k8 cluster communication - internal:: 'sg-0c3570037bbe9e753', - - //This security group allows communication from nat gateways of prod cluster - natIp:: 'sg-0c13df2b692dadfbc', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-0c325908ef9db57da', - - // Cloudflare ips - cdn:: 'sg-0ecd8f0de802b40c2', - }, - sslCert:: { - 'prod.navi-gi.in':: 'arn:aws:acm:ap-south-1:590617173486:certificate/2ceb99d1-c50d-47d3-8e37-6743726fe48d', - 'prod.navi-gi-ext.com':: 'arn:aws:acm:ap-south-1:590617173486:certificate/2ceb99d1-c50d-47d3-8e37-6743726fe48d', - 'naviinsurance.com':: 'arn:aws:acm:ap-south-1:590617173486:certificate/b60efe78-e8da-43c0-ac7a-cb61adaffd43', - 'navi-gi.in':: 'arn:aws:acm:ap-south-1:590617173486:certificate/b60efe78-e8da-43c0-ac7a-cb61adaffd43', - 'navi.com':: 'arn:aws:acm:ap-south-1:590617173486:certificate/2ceb99d1-c50d-47d3-8e37-6743726fe48d', - 'argohealthsure.com':: 'arn:aws:acm:ap-south-1:590617173486:certificate/481cebc0-897f-48d2-88a7-9a1eccbfe793', - 'navi.net':: 'arn:aws:acm:ap-south-1:590617173486:certificate/904c0763-75ec-4c6c-8ac7-2094d72e778c', - - }, - subnets:: { - internal: 'ap-south-1a.aps1.prod.navi-gi.in,ap-south-1b.aps1.prod.navi-gi.in,ap-south-1c.aps1.prod.navi-gi.in', - }, - accessLogBucket:: 'navi-prod-gi-lb-access-logs', - accessLog:: true, - deletionProtection:: false, - }, - }, - }, - 'prod-3p':: self.default { - loadBalancer+:: { - fixedHostNames+:: { - 'mobile-application': 'gi-api.navi.com', - }, - }, - }, - }, - - 'aps1.prod.navi-amc.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'amc', - }, - zalandoEnabled:: false, - flinkBucket: 'navi-flink-navi-amc-prod', - awsAccountId: 121661608696, - isVpaDeployed:: true, - loadBalancer+: { - annotations+:: { - webAcl:: 'WAF ACL is not required for this cluster. Use API Gateway or Cloudflare instead.', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-084e3d4a23b307840', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0ba9c0e4dbb8c1e09', - - //This security group allows inter k8 cluster communication - internal:: 'sg-064a66df84f58df82', - - //This security group allows communication from nat gateways of prod cluster - natIp:: 'sg-045b3038d61746065', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-0a0499ba0ce2a488f', - }, - sslCert:: { - 'prod.navi-amc.in':: 'arn:aws:acm:ap-south-1:121661608696:certificate/20378b6a-0391-43f0-bd59-6ac83ebf7d60', - }, - subnets:: { - internal: 'ap-south-1a.aps1.prod.navi-amc.in,ap-south-1b.aps1.prod.navi-amc.in,ap-south-1c.aps1.prod.navi-amc.in', - }, - accessLogBucket:: 'navi-prod-amc-lb-access-logs', - accessLog:: true, - }, - }, - }, - }, - - //colending PROD cluster - 'aps1.prod.navi-colending.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'colending', - }, - zalandoEnabled:: false, - loadBalancer+: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:903695743721:regional/webacl/AclMASProdColending/3c155013-3bd1-4198-b7fc-8d345acb2324', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-030b62263df624188', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-03b488d79b9bf1d40', - - //This security group allows inter k8 cluster communication - internal:: 'sg-0e58f969aa60be012', - - //This security group allows communication from nat gateways of prod cluster - natIp:: 'sg-00020a1085c55a380', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-05a801a9dcdcaeff2', - }, - sslCert:: { - 'prod.navi-colending.in':: 'arn:aws:acm:ap-south-1:903695743721:certificate/821aa0ec-ecfa-4432-af60-718fe249aede', - 'go-nlc.com':: 'arn:aws:acm:ap-south-1:903695743721:certificate/2c8774fd-de94-47c9-96f5-377fcdd48c1c', - }, - subnets:: { - internal: 'prod-colending-private-subnet01-ap-south-1a,prod-colending-private-subnet01-ap-south-1b,prod-colending-private-subnet01-ap-south-1c', - }, - accessLogBucket:: 'aps1-prod-colending-alb-access-logs', - accessLog:: true, - deletionProtection:: false, - }, - }, - }, - 'prod-3p':: self.default { - loadBalancer+:: { - fixedHostNames+:: { - 'mobile-application': 'colending-api.navi.com', - }, - }, - }, - }, - //colending nonprod cluster - 'aps1.np.navi-colending.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'colending', - }, - zalandoEnabled:: false, - loadBalancer+: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:942894539187:regional/webacl/AclNonProdColending/fb72041b-1136-4d51-a3af-2f3510c71763', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-0001aca7a784a21aa', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0367bbf59da32f056', - - //This security group allows inter k8 cluster communication - internal:: 'sg-01e48bdc4d14b4b71', - - //This security group allows communication from nat gateways of nonprod cluster - natIp:: 'sg-00e7c7c3ae689c0bb', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-07a6684a8c4caf18e', - }, - sslCert:: { - 'np.navi-colending.in':: 'arn:aws:acm:ap-south-1:942894539187:certificate/c0588d27-8375-4795-89a4-b417f9b92ee4', - }, - subnets:: { - internal: 'nonprod-colending-private-subnet01-ap-south-1a,nonprod-colending-private-subnet01-ap-south-1b,nonprod-colending-private-subnet01-ap-south-1c', - }, - accessLogBucket:: 'aps1-np-colending-alb-access-logs', - accessLog:: true, - deletionProtection:: false, - }, - }, - }, - qa:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - dev:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - 'qa-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-internal-services-alb', - }, - }, - }, - perf:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'perf-services-alb', - }, - }, - }, - 'dev-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-internal-services-alb', - }, - }, - }, - 'dev-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-critical-services-alb', - }, - }, - }, - 'qa-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-critical-services-alb', - }, - }, - }, - 'dev-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-3p-services-alb', - }, - }, - }, - 'qa-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-3p-services-alb', - }, - }, - }, - }, - - //navi-pay nonprod cluster - 'aps1.np.navi-pay.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'navi-pay', - }, - flinkBucket: 'navi-flink-navi-pay-nonprod', - awsAccountId: 840875920349, - zalandoEnabled:: false, - commonApiGateway+:: { - externalAuth:: { - config:: { - url:: 'https://dev-navipay-external-client.np.navi-pay.in/external-client-service/auth', - }, - }, - }, - loadBalancer+: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:840875920349:regional/webacl/AclNonProdNaviPay/4066d790-24db-420b-8bef-18fab8aab41e', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-0fa070f1f06716bff', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0e3a4d99b08f1af52', - - //This security group allows inter k8 cluster communication - internal:: 'sg-08780f13445d3455d', - - //This security group allows communication from nat gateways of nonprod cluster - natIp:: 'sg-0eb39100171bbde83', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-08721320e6adbdf1b', - - // Cloudflare ips - cdn:: 'sg-04aa6cd49eed4a11d', - }, - sslCert:: { - 'np.navi-pay.in':: 'arn:aws:acm:ap-south-1:840875920349:certificate/9a655746-7db5-4c67-8941-22f0ff80026e', - }, - subnets:: { - internal: 'nonprod-navi-pay-private-subnet01-ap-south-1a,nonprod-navi-pay-private-subnet01-ap-south-1b,nonprod-navi-pay-private-subnet01-ap-south-1c', - }, - accessLogBucket:: 'aps1-np-navi-pay-alb-access-logs', - accessLog:: true, - deletionProtection:: false, - }, - }, - }, - qa:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - dev:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - 'qa-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-internal-services-alb', - }, - }, - }, - perf:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'perf-services-alb', - }, - }, - }, - 'dev-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-internal-services-alb', - }, - }, - }, - 'dev-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-critical-services-alb', - }, - }, - }, - 'qa-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-critical-services-alb', - }, - }, - }, - 'dev-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-3p-services-alb', - }, - }, - }, - 'qa-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-3p-services-alb', - }, - }, - }, - }, - - //navi-saas nonprod cluster - 'aps1.np.navi-saas.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'saas', - }, - zalandoEnabled:: false, - loadBalancer+: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:334573405453:regional/webacl/AclNonProdNaviSaas/8f6e2e84-9c90-4956-825c-4cff20a38e18', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-0478f9870d4a9c560', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-02af9692b15baa4f3', - - //This security group allows inter k8 cluster communication - internal:: 'sg-0c9b05d1d251ad6a4', - - //This security group allows communication from nat gateways of nonprod cluster - natIp:: 'sg-0ba2f4125960ee4c9', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-00f43883eaa7a2ebb', - - // Cloudflare ips - cdn:: 'sg-0d8654c7f61d13b36', - }, - sslCert:: { - 'np.navi-saas.in':: 'arn:aws:acm:ap-south-1:334573405453:certificate/7dc303c8-2fd6-40c9-89fd-d85676e00f74', - }, - subnets:: { - internal: 'nonprod-navi-saas-private-subnet01-ap-south-1a,nonprod-navi-saas-private-subnet01-ap-south-1b,nonprod-navi-saas-private-subnet01-ap-south-1c', - }, - accessLogBucket:: 'aps1-np-navi-saas-alb-access-logs', - accessLog:: true, - deletionProtection:: false, - }, - }, - }, - qa:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - dev:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - 'qa-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-internal-services-alb', - }, - }, - }, - perf:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'perf-services-alb', - }, - }, - }, - 'dev-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-internal-services-alb', - }, - }, - }, - 'dev-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-critical-services-alb', - }, - }, - }, - 'qa-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-critical-services-alb', - }, - }, - }, - 'dev-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-3p-services-alb', - }, - }, - }, - 'qa-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-3p-services-alb', - }, - }, - }, - }, - - //Spike cluster - 'spike.np.navi-tech.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'shared', - }, - loadBalancer+:: { - annotations+:: { - webAcl:: 'arn:aws:wafv2:ap-south-1:571315076762:regional/webacl/AclNonProd/9ad3e612-4125-42ec-ab83-9e83ce95ac22', - securityGroups+:: { - //This security group allows packets from everywhere - internetFacing:: 'sg-0ebec8d9727618fd6', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0fd848902c4616550', - - //This security group allows inter k8 cluster communication - internal:: 'sg-009129cbe138c921a', - - // sg for http - http:: 'sg-06cc4240b0ffd8cc4', - - // sg for CF ips - cdn:: 'sg-0b7563d6b962d6676', - }, - sslCert:: { - 'spike.navi-tech.in':: 'arn:aws:acm:ap-south-1:571315076762:certificate/4cbea2e2-2a83-4733-a822-29f44a6a16c4', - 'spike.navi-ext.com':: 'arn:aws:acm:ap-south-1:571315076762:certificate/ccf17c74-a5eb-4470-9963-cff3c3296c97', - }, - accessLogBucket:: 'navi-nonprod-lb-access-logs', - deletionProtection:: false, - }, - }, - }, - }, - - //Data platform cluster - 'aps1.dp.navi-tech.in':: { - default:: $.baseCluster { - sidecarEnabled:: false, - additionalTags+:: { - product:: 'DataPlatform', - }, - flinkBucket: 'navi-flink-dp-prod', - awsAccountId: 594542361424, - isVpaDeployed:: false, - loadBalancer+:: { - sharedALBs+::{ - enableOfficeIps:: false - }, - annotations+:: { - webAcl:: 'WAF ACL is not required for this cluster. Use API Gateway or Cloudflare instead.', - securityGroups+:: { - - //This security group allows inter k8 cluster communication(nodes security group) - internal:: 'sg-07a65dbfbd6c42341', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-04b7d5863a360176c', - - //This security group allows packets from everywhere - internetFacing:: 'sg-0473a1399a9671143', - - natIp:: 'sg-0099e44dd1758ab89', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-03eaac3bc24db6738', - - // Cloudflare SG - cdn:: 'sg-0a3d26e45c4d32787', - }, - sslCert:: { - 'dp.navi-tech.in':: 'arn:aws:acm:ap-south-1:594542361424:certificate/3646fee2-c07a-4e43-9683-14edb14cf694', - 'prod.navi-tech.in':: 'arn:aws:acm:ap-south-1:492941056607:certificate/07a548dc-249d-4475-8783-58e3060b0c3f', - }, - accessLog:: true, - accessLogBucket:: 'aps1-dp-navi-tech-alb-access-logs', - subnets:: { - internal: 'data-platform-eks-private-ap-south-1a,data-platform-eks-private-ap-south-1b,data-platform-eks-private-ap-south-1c', - }, - }, - }, - }, - }, - //Data platform cluster - 'aps1.np.dp.navi-tech.in':: { - default:: $.baseCluster { - sidecarEnabled:: false, - additionalTags+:: { - product:: 'DataPlatform', - }, - flinkBucket: 'navi-flink-dp-nonprod', - awsAccountId: 644366753862, - isVpaDeployed:: false, - loadBalancer+:: { - annotations+:: { - webAcl:: 'WAF ACL is not required for this cluster. Use API Gateway or Cloudflare instead.', - securityGroups+:: { - - //This security group allows inter k8 cluster communication(nodes security group) - internal:: 'sg-0694dbac4b980a99c', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-05577e828628ad6fa', - - //This security group allows packets from everywhere - internetFacing:: 'sg-0bc67bbc16eeaa7fc', - - natIp:: 'sg-0b1c4e57f642bf766', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-00667a4f566c8ffc8', - - // Cloudflare SG - cdn:: 'sg-015f6617b95d8448f', - }, - sslCert:: { - 'np.dp.navi-tech.in':: 'arn:aws:acm:ap-south-1:644366753862:certificate/1033dabd-c5c8-4e45-aad1-380d53c1d232', - }, - accessLog:: true, - accessLogBucket:: 'aps1-np-dp-navi-tech-alb-access-logs', - subnets:: { - internal: 'data-platform-nonprod-private-subnet01-ap-south-1a,data-platform-nonprod-private-subnet01-ap-south-1b', - }, - }, - }, - }, - }, - - //Navi-pay prod cluster - 'aps1.prod.navi-pay.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'navi-pay', - }, - zalandoEnabled:: false, - flinkBucket: 'navi-flink-prod', - awsAccountId: 928489389470, - isVpaDeployed:: true, - loadBalancer+:: { - sharedALBs+::{ - enableOfficeIps:: false - }, - annotations+:: { - webAcl:: 'WAF ACL is not required for this cluster. Use API Gateway or Cloudflare instead.', - securityGroups+:: { - - //This security group allows inter k8 cluster communication(nodes security group) - internal:: 'sg-038b43e1ec70f8e8f', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-008cea2813bc422d0', - - //This security group allows packets from everywhere - internetFacing:: 'sg-06e5131b85ed91eb6', - - natIp:: 'sg-06476c7a084fc7994', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-0c4b2773323da9c66', - - // Cloudflare SG - cdn:: 'sg-0971dd662e54a5722', - }, - sslCert:: { - 'prod.navi-pay.in':: 'arn:aws:acm:ap-south-1:928489389470:certificate/4c2826e3-5f7d-4dd6-a279-3584ee15d8fb', - }, - accessLog:: true, - accessLogBucket:: 'aps1-prod-navi-pay-alb-access-logs', - subnets:: { - internal: 'prod-navi-pay-private-subnet01-ap-south-1a,prod-navi-pay-private-subnet01-ap-south-1b,prod-navi-pay-private-subnet01-ap-south-1c', - }, - }, - }, - }, - }, - - 'aps1.prod.ml.navi-tech.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'blizzard', - }, - flinkBucket: 'navi-flink-ml-prod', - heapDumpBucket: 'java-heap-dumps-ml-prod', - isEfsSupported: true, - isFsxSupported: true, - awsAccountId: 492941056607, - isVpaDeployed:: false, - loadBalancer+:: { - sharedALBs+::{ - enableOfficeIps:: false - }, - annotations+:: { - webAcl:: 'WAF ACL is not required for this cluster. Use API Gateway or Cloudflare instead.', - securityGroups+:: { - //This security group allows inter k8 cluster communication(nodes security group) - internal:: 'sg-05d9d3e66d55ed677', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0139d7eb8709a9fdc', - - //This security group allows packets from everywhere - internetFacing:: 'sg-0e0cca12102820a81', - - natIp:: 'sg-0efb731547402e4b2', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-0762245d9e914ceec', - - // Cloudflare SG - cdn:: 'sg-0d429839605004d55', - }, - sslCert:: { - 'prod.ml.navi-tech.in':: 'arn:aws:acm:ap-south-1:492941056607:certificate/6bca6bec-e70b-4557-9f06-c7c4ac731ea1', - 'prod.navi-tech.in':: 'arn:aws:acm:ap-south-1:492941056607:certificate/07a548dc-249d-4475-8783-58e3060b0c3f', - }, - accessLog:: true, - accessLogBucket:: 'aps1-prod-mlops-alb-access-logs', - subnets:: { - internal: 'prod-mlops-private-subnet01-ap-south-1a,prod-mlops-private-subnet01-ap-south-1b,prod-mlops-private-subnet01-ap-south-1c', - }, - }, - }, - zalandoEnabled:: false, - }, - }, - 'aps1.np.navi-ppl.in'::{ - default:: $.baseCluster { - additionalTags+:: { - product:: 'navi-ppl', - }, - flinkBucket: 'navi-flink-navi-ppl-nonprod', - awsAccountId: 471112764652, - zalandoEnabled:: false, - isVpaDeployed:: true, - loadBalancer+:: { - annotations+:: { - webAcl:: 'WAF ACL is not required for this cluster. Use API Gateway or Cloudflare instead.', - securityGroups+:: { - //This security group allows inter k8 cluster communication(nodes security group) - internal:: 'sg-0051cb11fff4c5fb2', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0be3e60ef8a431589', - - //This security group allows packets from everywhere - internetFacing:: 'sg-0a92ec85b904a120c', - - //This security group allows communication from nat gateways of nonprod cluster - natIp:: 'sg-0ad9b23a6bce01619', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-0be7aeae9826fdd35', - - // Cloudflare SG - cdn:: 'sg-0d45e72ff61d8dd53', - }, - sslCert:: { - 'np.navi-ppl.in':: 'arn:aws:acm:ap-south-1:471112764652:certificate/fd0e85af-3e19-4086-944a-3e12f3b91b31', - }, - accessLog:: true, - accessLogBucket:: 'aps1-np-navi-ppl-alb-access-logs', - subnets:: { - internal: 'nonprod-navi-ppl-private-subnet01-ap-south-1a,nonprod-navi-ppl-private-subnet01-ap-south-1b,nonprod-navi-ppl-private-subnet01-ap-south-1c', - }, - deletionProtection:: false, - }, - }, - }, - qa:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-services-alb', - }, - }, - }, - dev:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-services-alb', - }, - }, - }, - 'qa-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-internal-services-alb', - }, - }, - }, - perf:: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'perf-services-alb', - }, - }, - }, - 'dev-internal':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-internal-services-alb', - }, - }, - }, - 'dev-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-critical-services-alb', - }, - }, - }, - 'qa-critical':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-critical-services-alb', - }, - }, - }, - 'dev-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'dev-3p-services-alb', - }, - }, - }, - 'qa-3p':: self.default { - loadBalancer+:: { - annotations+:: { - alb:: 'qa-3p-services-alb', - }, - }, - }, - }, - 'aps1.prod.navi-ppl.in':: { - default:: $.baseCluster { - additionalTags+:: { - product:: 'navi-ppl', - }, - zalandoEnabled:: false, - flinkBucket: 'navi-flink-navi-ppl-prod', - awsAccountId: 471112770174, - isVpaDeployed:: true, - loadBalancer+:: { - sharedALBs+::{ - enableOfficeIps:: false - }, - annotations+:: { - webAcl:: 'WAF ACL is not required for this cluster. Use API Gateway or Cloudflare instead.', - securityGroups+:: { - - //This security group allows inter k8 cluster communication(nodes security group) - internal:: 'sg-0f938fdee0487d9cb', - - //This security group allows packets from office Ips(VPN, LAN etc) - officeIp:: 'sg-0b20b1e4d6bdaacd8', - - //This security group allows packets from everywhere - internetFacing:: 'sg-0d203187e4a7fde6f', - - natIp:: 'sg-0d6989b921d40fb98', - - //This security group allows HTTP traffic from everywhere - http:: 'sg-0e2b16c7bc3151f47', - - // Cloudflare SG - cdn:: 'sg-0dbefd59452817bc6', - }, - sslCert:: { - 'prod.navi-ppl.in':: 'arn:aws:acm:ap-south-1:471112770174:certificate/a9bacc24-150d-4725-a888-cdf340b15e60', - }, - accessLog:: true, - accessLogBucket:: 'aps1-prod-navi-ppl-alb-access-logs', - subnets:: { - internal: 'prod-navi-ppl-private-subnet01-ap-south-1a,prod-navi-ppl-private-subnet01-ap-south-1b,prod-navi-ppl-private-subnet01-ap-south-1c', - }, - }, - }, - }, - } -} diff --git a/templates/common.jsonnet b/templates/common.jsonnet deleted file mode 100644 index f895274a..00000000 --- a/templates/common.jsonnet +++ /dev/null @@ -1,67 +0,0 @@ -local chart = import 'chart.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local load_balancer_util = import 'load_balancer_util.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local util = import 'util.jsonnet'; -local metadata = deployment_manifest.metadata; - -local remove_slash = function(key, value) - util.replace_character_in_string(metadata[key], '/', '_'); - -local metadata_without_slash = std.mapWithKey(remove_slash, metadata); - -local metadata_labels = { [field]: metadata_without_slash[field] for field in std.objectFields(metadata_without_slash) if field != 'product' }; -{ - labels:: - (if 'labels' in deployment_manifest then deployment_manifest.labels else {}) + - (metadata_labels) + - { - app: chart.service_name, - chart: chart.service_chart, - heritage: 'NaviDeploymentManifest', - release: deployment_manifest.name, - Team: deployment_manifest.team.name, - Environment: deployment_manifest.environment, - Name: deployment_manifest.name, - Product: if 'product' in metadata then metadata.product else namespace_values.additionalTags.product, - Owner: if deployment_manifest.infraVertical == 'lending' then 'medici' else if deployment_manifest.infraVertical == 'insurance' then 'gi' else deployment_manifest.infraVertical, - }, - - matchLabels:: - { - app: chart.service_name, - release: deployment_manifest.name, - }, - - awsTags:: { - app: deployment_manifest.name, - Environment: $.labels.Environment, - Team: $.labels.Team, - Name: $.labels.Name, - Owner: $.labels.Owner, - Product: $.labels.Product, - Namespace: deployment_manifest.deployment.namespace, - Ingress: load_balancer_util.alb_ingress_name(chart.full_service_name($.labels.Name)), - }, - - perfMockServerLabels:: $.labels { - release: deployment_manifest.deployment.name + '-mock-server', - Name: deployment_manifest.deployment.name + '-mock-server', - }, - - perfPostgresServerLabels:: $.labels { - release: deployment_manifest.deployment.name + '-postgres-server', - Name: deployment_manifest.deployment.name + '-postgres-server', - }, - - janitor_annotation:: { - 'janitor/ttl': deployment_manifest.metadata.ttl, - }, - - annotations_map:: { - perf: $.janitor_annotation, - sandbox: $.janitor_annotation, - }, - - annotations:: if deployment_manifest.environment in $.annotations_map then $.annotations_map[deployment_manifest.environment] else {}, -} diff --git a/templates/common_api_gateway.jsonnet b/templates/common_api_gateway.jsonnet deleted file mode 100644 index b668003c..00000000 --- a/templates/common_api_gateway.jsonnet +++ /dev/null @@ -1,213 +0,0 @@ -//Imports -local chart = import 'chart.jsonnet'; -local cluster_values = import 'cluster_values.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local load_balancer_util = import 'load_balancer_util.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local port_map = import 'port_map.jsonnet'; -local util = import 'util.jsonnet'; -local deployment = deployment_manifest.deployment; - -local create_gateway_ingress(environment, servicePrefix, typeIdentifier, gateway, attributeIndex, serviceName) = { - local resourceName = '%s-%s-%s-%s' % [environment, servicePrefix, typeIdentifier, gateway.gatewayAttributes[attributeIndex].pathName], - local commonResourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName], - - local rateLimitIdentifier = '%s-%s-%s' % [environment, servicePrefix, typeIdentifier], - local pathName = if 'pathName' in gateway.gatewayAttributes[attributeIndex] then gateway.gatewayAttributes[attributeIndex].pathName, - - local urlRewritePlugin = if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'sourceGatewayPath')) - && (gateway.gatewayAttributes[attributeIndex].sourceGatewayPath != gateway.gatewayAttributes[attributeIndex].targetGatewayPath) - then commonResourceName + '-url-rewrite', - local externalAuthPlugin = if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'externalAuth') && typeIdentifier == 'external') - then (if gateway.gatewayAttributes[attributeIndex].externalAuth then resourceName + '-external-auth'), - local ipRestrictedPlugin = if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'whitelistedGatewayIps') && typeIdentifier == 'external') - then resourceName + '-ip-restriction', - local rateLimitRules = if 'rateLimitRules' in gateway.gatewayAttributes[attributeIndex] - then gateway.gatewayAttributes[attributeIndex].rateLimitRules else [], - local rateLimitPlugin = std.map(function(rule) - '%s-%s-%s-%s-%s' % [environment, servicePrefix, pathName, rule.name, 'rl'], - rateLimitRules), - - local kongPluginsList = [ - urlRewritePlugin, - ipRestrictedPlugin, - externalAuthPlugin, - (if typeIdentifier == 'external' then std.join(',', rateLimitPlugin)), - ], - local filteresKongPluginsList = std.filter(function(plugin) plugin != null && std.length(plugin) > 0, kongPluginsList), - - - apiVersion: 'networking.k8s.io/v1', - kind: 'Ingress', - metadata: { - name: resourceName, - labels: common.labels { - Name: resourceName, - 'gateway-resource-identifier': commonResourceName, - }, - annotations: common.annotations { - [if filteresKongPluginsList != null && std.length(filteresKongPluginsList) > 0 then 'konghq.com/plugins']: std.join(',', filteresKongPluginsList), - 'external-dns.alpha.kubernetes.io/exclude': 'true', - }, - namespace: deployment_manifest.deployment.namespace, - }, - spec: { - ingressClassName: 'kong-' + typeIdentifier, - rules: [ - { - host: if (typeIdentifier == 'external') then gateway.commonApiGatewayUrl else gateway.internalCommonApiGatewayUrl, - http: { - paths: [ - { - path: gateway.gatewayAttributes[attributeIndex].sourceGatewayPath, - pathType: 'ImplementationSpecific', - backend: { - service: { - name: serviceName, - port: { - number: port_map.getPort('serviceport'), - }, - }, - }, - }, - ], - }, - }, - ], - }, -}; - -// This will be a common resource across internal & external gateways -local create_gateway_url_plugin(environment, servicePrefix, gateway, attributeIndex, serviceName) = { - local resourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName], - apiVersion: 'configuration.konghq.com/v1', - kind: 'KongPlugin', - metadata: { - name: resourceName + '-url-rewrite', - labels: common.labels { - Name: resourceName + '-url-rewrite', - 'gateway-resource-identifier': resourceName, - }, - namespace: deployment_manifest.deployment.namespace, - }, - config: { - replace: { - uri: gateway.gatewayAttributes[attributeIndex].targetGatewayPath, - }, - }, - plugin: 'request-transformer', -}; - -local create_external_auth_plugin(environment, servicePrefix, typeIdentifier, gateway, attributeIndex, serviceName) = { - local resourceName = '%s-%s-%s-%s' % [environment, servicePrefix, typeIdentifier, gateway.gatewayAttributes[attributeIndex].pathName], - local commonResourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName], - local currentCluster = deployment_manifest.cluster, - local currentNamespace = deployment_manifest.deployment.namespace, - local configValues = cluster_values[deployment_manifest.cluster], - local configUrl = if currentNamespace in configValues - then configValues[currentNamespace].commonApiGateway.externalAuth.config.url - else configValues.default.commonApiGateway.externalAuth.config.url, - - apiVersion: 'configuration.konghq.com/v1', - kind: 'KongPlugin', - metadata: { - name: resourceName + '-external-auth', - labels: common.labels { - Name: resourceName + '-external-auth', - 'gateway-resource-identifier': resourceName, - }, - namespace: currentNamespace, - }, - config: { - url: configUrl, - }, - plugin: 'external-auth', -}; - -// This will only be required for External Gateway -local create_gateway_ip_plugin(environment, servicePrefix, typeIdentifier, gateway, attributeIndex, serviceName) = { - local resourceName = '%s-%s-%s-%s' % [environment, servicePrefix, typeIdentifier, gateway.gatewayAttributes[attributeIndex].pathName], - local commonResourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName], - apiVersion: 'configuration.konghq.com/v1', - kind: 'KongPlugin', - metadata: { - name: resourceName + '-ip-restriction', - labels: common.labels { - Name: resourceName + '-ip-restriction', - 'gateway-resource-identifier': commonResourceName, - }, - namespace: deployment_manifest.deployment.namespace, - }, - config: { - allow: std.split(std.strReplace(gateway.gatewayAttributes[attributeIndex].whitelistedGatewayIps, ' ', ''), ','), - }, - plugin: 'ip-restriction', -}; - -// This is only for external api gateways currently. -local create_kong_rate_limiter(environment, servicePrefix, typeIdentifier, gateway, attributeIndex, serviceName) = { - local resourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName], - local commonResourceName = '%s-%s-%s' % [environment, servicePrefix, gateway.gatewayAttributes[attributeIndex].pathName], - local forTheGateway = gateway.gatewayAttributes[attributeIndex].sourceGatewayPath, - local rateLimitRules = if 'rateLimitRules' in gateway.gatewayAttributes[attributeIndex] - then gateway.gatewayAttributes[attributeIndex].rateLimitRules else [], - - kongrules: [{ - apiVersion: 'configuration.konghq.com/v1', - kind: 'KongPlugin', - plugin: 'rate-limiting', - metadata: { - name: resourceName + '-%s' % rule.name + '-rl', // shortening due 63 character limits - labels: common.labels { - 'gateway-resource-identifier': resourceName, - }, - }, - config: { - minute: rule.limit, - limit_by: '%s' % rule.options, - [if rule.options == 'path' then 'path' else null]: '%s' % forTheGateway, - [if rule.options == 'header' then 'header_name' else null]: '%s' % rule.header, - }, - } for rule in rateLimitRules], -}; - -local gateways = deployment.commonApiGateways; -local gatewaysLen = std.length(deployment.commonApiGateways); - -std.map( - function(apiGatewayIndex) { - local gateway = gateways[apiGatewayIndex], - local serviceName = chart.full_service_name(deployment.name), - local servicePrefix = deployment.name, - local environment = deployment_manifest.environment, - local gatewayAttributeLen = std.length(gateway.gatewayAttributes), - local kongRateLimits = [ - create_kong_rate_limiter(environment, servicePrefix, 'external', gateway, attributeIndex, serviceName) - for attributeIndex in std.range(0, gatewayAttributeLen - 1) - if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'rateLimitRules')) - ], - - apiVersion: 'v1', - kind: 'List', - items: [create_gateway_ingress(environment, servicePrefix, 'external', gateway, attributeIndex, serviceName) for attributeIndex in std.range(0, gatewayAttributeLen - 1)] + - [create_gateway_ingress(environment, servicePrefix, 'internal', gateway, attributeIndex, serviceName) for attributeIndex in std.range(0, gatewayAttributeLen - 1)] + - [ - create_gateway_url_plugin(environment, servicePrefix, gateway, attributeIndex, serviceName) - for attributeIndex in std.range(0, gatewayAttributeLen - 1) - if (gateway.gatewayAttributes[attributeIndex].sourceGatewayPath != gateway.gatewayAttributes[attributeIndex].targetGatewayPath) - ] + - [ - create_gateway_ip_plugin(environment, servicePrefix, 'external', gateway, attributeIndex, serviceName) - for attributeIndex in std.range(0, gatewayAttributeLen - 1) - if (std.objectHas(gateway.gatewayAttributes[attributeIndex], 'whitelistedGatewayIps')) - ] + - [ - create_external_auth_plugin(environment, servicePrefix, 'external', gateway, attributeIndex, serviceName) - for attributeIndex in std.range(0, gatewayAttributeLen - 1) - if (gateway.gatewayAttributes[attributeIndex].externalAuth) - ] + - if (std.length(kongRateLimits) > 0) then kongRateLimits[0].kongrules else [], - }, - std.range(0, gatewaysLen - 1) -) diff --git a/templates/configmap.jsonnet b/templates/configmap.jsonnet deleted file mode 100644 index 096a7a54..00000000 --- a/templates/configmap.jsonnet +++ /dev/null @@ -1,20 +0,0 @@ -local chart = import 'chart.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local util = import 'util.jsonnet'; -local deployment = deployment_manifest.deployment; -local common = import 'common.jsonnet'; - -if 'environmentFile' in deployment then - local environmentFile = deployment.environmentFile; - { - apiVersion: 'v1', - data: { - [util.file_name(environmentFile.path)]: environmentFile.data, - }, - kind: 'ConfigMap', - metadata: { - name: chart.full_service_name(deployment_manifest.deployment.name) + '-cm', - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - } diff --git a/templates/cron_hpa_autoscaler.jsonnet b/templates/cron_hpa_autoscaler.jsonnet deleted file mode 100644 index c73595f3..00000000 --- a/templates/cron_hpa_autoscaler.jsonnet +++ /dev/null @@ -1,34 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local util = import 'util.jsonnet'; -local vars = import 'vars.jsonnet'; - -local deployment = deployment_manifest.deployment; -local hpa = deployment_manifest.deployment.hpa; - -local isEnabled = hpa.type == vars.deployment.hpa.type.cron; -local basename = chart.full_service_name(deployment.name); - -local name = if isEnabled then - basename + '-cron-hpa-autoscaler' -else - basename + '-cron-hpa-autoscaler-disabled'; - - -if std.length(hpa.cronJobs) != 0 then { - - apiVersion: 'autoscaling.alibabacloud.com/v1beta1', - kind: 'CronHorizontalPodAutoscaler', - metadata: { - name: name, - labels: common.labels { 'controller-tools.k8s.io': '1.0' }, - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: { - scaleTargetRef: util.hpa_scale_target_ref(deployment.name, deployment.controller, !isEnabled), - deploymentName: chart.full_service_name(deployment_manifest.deployment.name), - jobs: [job + (if job.name == 'ScaleDown' then { targetSize: hpa.minReplicas } else { targetSize: hpa.maxReplicas }) for job in hpa.cronJobs], - }, -} diff --git a/templates/default_alerts.jsonnet b/templates/default_alerts.jsonnet deleted file mode 100644 index 8378deb4..00000000 --- a/templates/default_alerts.jsonnet +++ /dev/null @@ -1,407 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local app_name = chart.full_service_name(deployment_manifest.deployment.name); -local namespace = deployment_manifest.deployment.namespace; -local load_balancer_util = import 'load_balancer_util.jsonnet'; -local alerts = deployment_manifest.deployment.alerts; -local manifest_util = import 'manifest_util.jsonnet'; -local deployment = deployment_manifest.deployment; -local vars = import 'vars.jsonnet'; -local util = import 'util.jsonnet'; - -local isVpaEnabled = deployment_manifest.deployment.isVpaEnabled; -local environment = deployment_manifest.environment; - -local commonAlertFields = { - appName: common.awsTags.Name, - fullName: chart.full_service_name(deployment.name), - namespace: namespace, - environment: environment, -}; - -local loadBalancerAlertFields = commonAlertFields { - albIngressName: load_balancer_util.alb_ingress_name(app_name), -}; - -local databaseAlertFields = commonAlertFields { - dbInstance: deployment_manifest.extraResources.database.instanceName, -}; - -local baseLabels = function(alert) { - labels: { - severity: alert.severity, - alertTeam: deployment_manifest.team.name, - appName: app_name, - [if manifest_util.is_custom_slack_channel_enabled(alert) then 'slackChannel']: alert.slackChannel, - }, -}; - -local baseAnnotations = function(alert) { - annotations: { - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/509936863/Runbook', - }, -}; - -local mapAlerts(alertGroup, alerts) = std.filterMap( - function(alert) alert.type in alertGroup, - function(alert) baseAnnotations(alert) + alertGroup[alert.type](alert) + baseLabels(alert), - alerts -); - -local targetGroupAlerts = { - http4xx: function(alert) { - alert: 'HighHTTP4xx', - annotations+: { - description: '%(namespace)s/%(appName)s has more than %(threshold)s%% http 4xx errors in last %(duration)s' % (loadBalancerAlertFields { threshold: alert.threshold, duration: alert.duration }), - summary: 'Service is facing lot of http 4xx errors', - }, - expr: '((aws_alb_tg_httpcode_target_4_xx_count_sum{tag_Name=~"%(fullName)s",tag_Namespace="%(namespace)s"}/aws_alb_tg_request_count_sum{tag_Name=~"%(fullName)s",tag_Namespace="%(namespace)s"})*100) > %(threshold)s' % (loadBalancerAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - http5xx: function(alert) { - alert: 'HighHTTP5xx', - annotations+: { - description: '%(namespace)s/%(appName)s has more than %(threshold)s%% http 5xx errors in last %(duration)s' % (loadBalancerAlertFields { threshold: alert.threshold, duration: alert.duration }), - summary: 'Service is facing lot of http 5xx errors', - }, - expr: '((aws_alb_tg_httpcode_target_5_xx_count_sum{tag_Name=~"%(fullName)s",tag_Namespace="%(namespace)s"}/aws_alb_tg_request_count_sum{tag_Name=~"%(fullName)s",tag_Namespace="%(namespace)s"})*100) > %(threshold)s' % (loadBalancerAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - latency: function(alert) { - alert: 'HighHTTPLatency', - annotations+: { - description: '%(namespace)s/%(appName)s has latency higher than %(threshold)sms in last %(duration)s' % (loadBalancerAlertFields { threshold: alert.threshold, duration: alert.duration }), - summary: 'Service is having high latency', - }, - expr: '(aws_alb_tg_target_response_time_average{tag_Name=~"%(fullName)s",tag_Namespace="%(namespace)s"}) > %(threshold)s' % (loadBalancerAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, -}; - -/* -- TargetGroup will take default Name tag based on service name pass in ingress. -*/ - -local albAlerts = { - elb4xx: function(alert) { - alert: 'HighELB4xx', - annotations+: { - description: '%(namespace)s/%(appName)s has more than %(threshold)s%% elb 4xx errors in last %(duration)s' % (loadBalancerAlertFields { threshold: alert.threshold, duration: alert.duration }), - summary: 'Service is facing lot of elb 4xx errors', - }, - expr: '((sum by (tag_Ingress) (aws_alb_httpcode_elb_4_xx_count_sum{tag_Ingress="%(albIngressName)s"})/(sum by (tag_Ingress) (aws_alb_tg_request_count_sum{tag_Ingress="%(albIngressName)s"})))*100) > %(threshold)s' % (loadBalancerAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - elb5xx: function(alert) { - alert: 'HighELB5xx', - annotations+: { - description: '%(namespace)s/%(appName)s has more than %(threshold)s%% elb 5xx errors in last %(duration)s' % (loadBalancerAlertFields { threshold: alert.threshold, duration: alert.duration }), - summary: 'Service is facing lot of elb 5xx errors', - }, - expr: '((sum by (tag_Ingress) (aws_alb_httpcode_elb_5_xx_count_sum{tag_Ingress="%(albIngressName)s"})/(sum by (tag_Ingress) (aws_alb_tg_request_count_sum{tag_Ingress="%(albIngressName)s"})))*100) > %(threshold)s' % (loadBalancerAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, -}; - - -// Database alert -local databaseAlerts = { - highActiveConnection: function(alert) { - alert: 'HighActiveConnection', - annotations+: { - description: 'rds {{ $labels.server }} have high number of active connection {{ $value }}', - summary: 'High Active Connections', - }, - expr: '(sum(pg_stat_database_active_connection{server=~"%(dbInstance)s\\\\..*"}) by(server) / on (server) pg_params_max_connections) * 100 > %(threshold)s' % (databaseAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - provisionedCPUNotEnough: function(alert) { - alert: 'ProvisionedCPUNotEnough', - annotations+: { - description: 'rds {{ $labels.server }} have dip in cpu credit balance {{ $value }}', - summary: 'Fall in CPU credit balance', - }, - expr: 'delta(aws_rds_cpucredit_balance_minimum{dimension_DBInstanceIdentifier=~"%(dbInstance)s\\\\..*"}[10m]) < %(threshold)s' % (databaseAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - provisionedDiskNotEnough: function(alert) { - alert: 'DBProvisionedDiskNotEnough', - annotations+: { - description: 'rds {{ $labels.server }} have dip in burst balance {{ $value }}', - summary: 'Fall in EBS burst balance', - }, - expr: 'delta(aws_rds_burst_balance_minimum{dimension_DBInstanceIdentifier=~"%(dbInstance)s\\\\..*"}[10m]) < %(threshold)s' % (databaseAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - connectionAcquireTimeIsHigh: function(alert) { - alert: 'DBConnectionAcquireTimeIsHigh', - annotations+: { - description: 'Namespace: %(appName)s, AppName: %(namespace)s; Acquiring a DB connection for pod {{ $labels.pod }} took more than %(threshold)ss' % (databaseAlertFields { threshold: alert.threshold }), - summary: 'Container is taking too long to connect to database', - }, - expr: 'hikaricp_connections_acquire_seconds_max{pod=~"%(appName)s-.*",namespace="%(namespace)s"} > %(threshold)s AND on(pod,namespace) ((time() - kube_pod_created) >600)' % (databaseAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - maxConnectionPoolReached: function(alert) { - alert: 'MaxDBConnectionPoolReached', - annotations+: { - description: 'Namespace: %(namespace)s, AppName: %(appName)s; All connection in connection pool for pod {{ $labels.pod }} are used since %(duration)s' % (databaseAlertFields { duration: alert.duration }), - summary: 'All connections in hikari connection pool are used', - }, - expr: 'hikaricp_connections_active{pod=~"%(appName)s-.*",namespace="%(namespace)s"} / hikaricp_connections_max{pod=~"%(appName)s-.*",namespace="%(namespace)s"} == %(threshold)s' % (databaseAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - rdsCPUUnderUtilised: function(alert) { - alert: 'RdsCPUUnderUtilised', - annotations+: { - description: 'Namespace: %(namespace)s , AppName: %(appName)s; RDS utilised is below benchmark for last one week, consider downscaling. threshold: %(threshold)s percent' % (databaseAlertFields { threshold: alert.threshold }), - summary: 'RDS utilised is below benchmark for last one week', - }, - expr: '(weekly_rds_cpu_usage_average:dimension_DBInstanceIdentifier:labels{dimension_DBInstanceIdentifier=~"%(dbInstance)s.*"} < bool %(threshold)s ) >0' % (databaseAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, -}; - -local underUtilisedResourcesAlerts = { - k8sCpuUnderUtilised: function(alert) { - alert: 'K8sCpuUnderUtilised', - annotations+: { - description: 'Namespace: %(namespace)s , AppName: %(appName)s; K8s utilised is below benchmark for last one week, consider downscaling. threshold: %(threshold)s percent ' % (databaseAlertFields { threshold: alert.threshold }), - summary: 'K8S utilised is below benchmark for last one week', - }, - expr: 'max_over_time(container_cpu_usage_percentage:1h:container:namespace{namespace="%(namespace)s", container =~"%(appName)s.*"}[1w]) < %(threshold)s ' % (databaseAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - k8sMemoryUnderUtilised: function(alert) { - alert: 'K8sMemoryUnderUtilised', - annotations+: { - description: 'Namespace: %(namespace)s , AppName: %(appName)s; K8s utilised is below benchmark for last one week, consider downscaling. threshold: %(threshold)s percent' % (databaseAlertFields { threshold: alert.threshold }), - summary: 'K8S utilised is below benchmark for last one week', - }, - expr: '(container_memory_usage_percentage:1w:container:namespace{namespace="%(namespace)s", container =~"%(appName)s.*"} ) < %(threshold)s ' % (databaseAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - -}; - - -local kafkaAlerts = { - consumerGroupLag: function(alert) { - alert: 'HighConsumerGroupLag', - annotations+: { - description: '%(group)s has more than %(threshold)s lag in last %(duration)s' % ({ group: alert.group, threshold: alert.threshold, duration: alert.duration }), - summary: 'High consumergroup lag', - }, - expr: 'sum(kafka_consumergroup_lag{topic=~"%(topic)s",consumergroup=~"%(group)s"}) > %(threshold)s' % ({ group: alert.group, threshold: alert.threshold, topic: alert.topic }), - 'for': alert.duration, - }, - kafkaMessageRate: function(alert) { - alert: 'kafkaMessageRate', - annotations+: { - description: '%(topic)s has more than %(threshold)s message in last %(duration)s' % ({ topic: alert.topic, threshold: alert.threshold, duration: alert.duration }), - summary: 'High Message Rate', - }, - expr: 'sum(increase(kafka_topic_partition_current_offset{topic=~"%(topic)s"}[10m])) > %(threshold)s' % ({ threshold: alert.threshold, topic: alert.topic }), - 'for': alert.duration, - }, -}; - -//Custom Alerts -local customAlerts = { - custom: function(alert) { - alert: alert.name, - annotations+: { - description: 'Namespace:%s; App:%s; ' % [namespace, app_name] + alert.description, - summary: alert.summary, - }, - [if alert.duration != null then 'for']: alert.duration, - expr: alert.expression, - }, -}; - -//Custom RecordingRules -local recordingRulesForm = { - prometheusRecordingRule: function(alert) { - name: '%s' % [alert.name], - interval: '%s' % [alert.duration], - rules: [ - { - record: '%s' % [alert.record], - expr: '%s' % [alert.expression], - }, - ], - }, -}; - -local kongAlerts = { - kong4xx: function(alert) { - alert: 'Kong4xx', - annotations+: { - description: '{{ $labels.exported_service }} URI path has more than %(threshold)s%% http 4xx errors per minute for last %(duration)s' % (loadBalancerAlertFields { threshold: alert.threshold, duration: alert.duration }), - summary: 'One of the URI path in Kong API gateway is facing lot of http 4xx errors', - }, - expr: '((sum by (exported_service) (increase(kong_http_requests_total{exported_service=~".*%(appName)s.*", code=~"4.*"}[1m])) / sum by (exported_service) (increase(kong_http_requests_total{exported_service=~".*%(appName)s.*"}[1m]))) * 100) > %(threshold)s' % (loadBalancerAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - kong5xx: function(alert) { - alert: 'Kong5xx', - annotations+: { - description: '{{ $labels.exported_service }} URI path has more than %(threshold)s%% http 5xx errors per minute for last %(duration)s' % (loadBalancerAlertFields { threshold: alert.threshold, duration: alert.duration }), - summary: 'One of the URI path in Kong API gateway is facing lot of http 5xx errors', - }, - expr: '((sum by (exported_service) (increase(kong_http_requests_total{exported_service=~".*%(appName)s.*", code=~"5.*"}[1m])) / sum by (exported_service) (increase(kong_http_requests_total{exported_service=~".*%(appName)s.*"}[1m]))) * 100) > %(threshold)s' % (loadBalancerAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, - kongLatency: function(alert) { - alert: 'KongLatency', - annotations+: { - description: '{{ $labels.exported_service }} URI path has a 5 minute average latency higher than %(threshold)sms for last %(duration)s' % (loadBalancerAlertFields { threshold: alert.threshold, duration: alert.duration }), - summary: 'One of the URI path in Kong API gateway has 5 minute average high latency', - }, - expr: '(sum by (exported_service) (rate(kong_kong_latency_ms_sum{exported_service=~".*%(appName)s.*"}[5m]) / rate(kong_kong_latency_ms_count{exported_service=~".*%(appName)s.*"}[5m]))) > %(threshold)s' % (loadBalancerAlertFields { threshold: alert.threshold }), - 'for': alert.duration, - }, -}; - -local podAlerts = { - HighPodRestarts: function(alert) { - alert: 'HighPodRestarts', - annotations: { - description: 'Namespace: %s, AppName: %s; Pod restarted multiple times' % [namespace, app_name], - summary: 'High Pod Restarts', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'sum(increase(kube_pod_container_status_restarts_total{namespace="%s", pod=~"%s.*"}[%s])) > %s' % [namespace, app_name, alert.duration, alert.threshold], - }, - HighPodFailures: function(alert) { - alert: 'HighPodFailures', - annotations: { - description: 'Namespace: %s, AppName: %s; Pods were last terminated due to reason {{ $labels.reason }}' % [namespace, app_name], - summary: 'High Pod Failures', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'sum(increase(kube_pod_container_status_last_terminated_reason{namespace="%s", container=~"%s.*",reason !~ "Completed|Evicted|OOMKilled"}[%s])) by (reason,pod) > %s' % [namespace, app_name, alert.duration, alert.threshold], - }, - FrequentPodOOMKilled: function(alert) { - alert: 'FrequentPodOOMKilled', - annotations: { - description: 'Namespace: %s, AppName: %s; Pod: {{ $labels.pod }} is restarting multiple times because of OOMKilled' % [namespace, app_name], - summary: 'High Pod Failures', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'increase(kube_pod_container_status_restarts_total{namespace="%s", container="%s"}[%s]) >= %s AND ignoring(reason) kube_pod_container_status_last_terminated_reason{namespace="%s", container="%s", reason="OOMKilled"} > 0' % [namespace, app_name, alert.duration, alert.threshold, namespace, app_name], - }, - PodOOMKilled: function(alert) { - alert: 'PodOOMKilled', - annotations: { - description: 'Namespace: %s, AppName: %s; Pod: {{ $labels.pod }} killed because of OOMKilled' % [namespace, app_name], - summary: 'Pod OOMKilled', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'kube_pod_container_status_restarts_total{namespace="%s", container="%s"} - kube_pod_container_status_restarts_total{namespace="%s", container="%s"} offset %s >= %s AND ignoring(reason) kube_pod_container_status_last_terminated_reason{namespace="%s", container="%s", reason="OOMKilled"} > 0' % [namespace, app_name, namespace, app_name, alert.duration, alert.threshold, namespace, app_name], - }, - KubeContainerWaiting: function(alert) { - alert: 'KubeContainerWaiting', - annotations: { - description: 'Namespace: %s, AppName: %s; container in waiting state for one hour' % [namespace, app_name], - summary: 'container is waiting for too long', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{container="%s", namespace="%s"}) > %s' % [app_name, namespace, alert.threshold], - 'for': alert.duration, - }, -}; - - -local mapRecordingRule(alertGroup, alerts) = std.filterMap( - function(alert) alert.type in alertGroup, - function(alert) alertGroup[alert.type](alert), - alerts -); - -local vpaAlerts(appName, namespace, teamName) = - (if isVpaEnabled then [ - { - alert: 'VPAUncappedTargetGreaterThanCappedTarget', - annotations: { - description: 'Uncapped target is more than bounds Namespace:%s; App:%s; ' % [namespace, app_name], - summary: 'Uncapped target is more than bounds, this means your service is requires lot more resources than what node may have', - }, - labels: { - severity: 'warning', - alertTeam: teamName, - appName: app_name, - }, - 'for': '1m', - expr: 'kube_verticalpodautoscaler_status_recommendation_containerrecommendations_uncappedtarget{container="%s"} / kube_verticalpodautoscaler_status_recommendation_containerrecommendations_target{container="%s"} > 1' % [appName, appName], - }, - ] else []); - -if !util.is_sandbox(environment) then { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: common.labels { - prometheus: 'kube-prometheus', - role: 'alert-rules', - }, - name: app_name, - namespace: namespace, - annotations: common.annotations, - }, - spec: { - groups: [ - { - name: '%s-basic' % [app_name], - rules: (mapAlerts(podAlerts, alerts.pod)) - + (if manifest_util.is_database_present(deployment_manifest) then [ - { - alert: 'CriticalFreeDiskSpace', - annotations: { - description: 'rds {{ $labels.identifier }} have disk space less than {{ $value }}% and disk space autoscaling have reached the allowed limit.', - summary: 'Critical free disk space', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/269844543/Act+on+DB+alert#CriticalFreeDiskSpace', - }, - expr: '(aws_rds_free_storage_space_average{dimension_DBInstanceIdentifier=~"%(dbInstance)s"}/(1024*1024*1024)/ on () rds_config_AllocatedStorage{identifier=~"%(dbInstance)s"})*100 < 10 And on() (rds_config_AllocatedStorage{identifier=~"%(dbInstance)s"} / rds_config_MaxAllocatedStorage{identifier=~"%(dbInstance)s"}) > 0.9 ' % (databaseAlertFields), - 'for': '5m', - labels: { - severity: 'critical', - alertTeam: deployment_manifest.team.name, - appName: app_name, - }, - }, - ] else []) + (if (deployment.controller == vars.defaultController) then [ - { - alert: 'ReplicaUnavailableAlert', - annotations: { - description: 'Namespace: %s, AppName: %s; Not enough instances available since past 15m' % [namespace, app_name], - summary: 'Low desired replica count', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: '(kube_deployment_status_replicas_available{deployment="%s", namespace="%s"}) - ignoring(poddisruptionbudget, deployment) (kube_poddisruptionbudget_status_desired_healthy{poddisruptionbudget="%s-pdb",namespace="%s"}) < 0' % [app_name, namespace, app_name, namespace], - 'for': if deployment_manifest.team.name == 'DataScience' then '30m' else '15m', - labels: { - severity: 'critical', - alertTeam: deployment_manifest.team.name, - appName: app_name, - }, - }, - ] else []) - + (if load_balancer_util.is_using_tg(deployment_manifest.deployment.loadBalancers) then - mapAlerts(targetGroupAlerts, alerts.loadBalancer) else []) - + (if load_balancer_util.is_using_lb(deployment_manifest.deployment.loadBalancers, 'alb') then - mapAlerts(albAlerts, alerts.loadBalancer) else []) - + (if load_balancer_util.is_using_lb(deployment_manifest.deployment.loadBalancers, 'commonApiGateway') then - mapAlerts(kongAlerts, alerts.kong) else []) - + (if manifest_util.is_database_present(deployment_manifest) then - mapAlerts(databaseAlerts, alerts.database) else []) - + mapAlerts(kafkaAlerts, alerts.kafka) - + mapAlerts(customAlerts, alerts.custom) - + mapAlerts(underUtilisedResourcesAlerts, alerts.underUtilisedResources) - + vpaAlerts(app_name, namespace, deployment_manifest.team.name), - }, - ] + mapRecordingRule(recordingRulesForm, alerts.prometheusRecordingRule), - }, -} diff --git a/templates/deployment.jsonnet b/templates/deployment.jsonnet deleted file mode 100644 index 0584984d..00000000 --- a/templates/deployment.jsonnet +++ /dev/null @@ -1,29 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment_util = import 'deployment_util.jsonnet'; -local pod_template = import 'pod_template.jsonnet'; -local vars = import 'vars.jsonnet'; -local deployment = deployment_manifest.deployment; - - -if (deployment.controller == vars.defaultController) then { - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: chart.full_service_name(deployment.name), - labels: common.labels { - linkConfig: std.toString(deployment_manifest.deployment.isLinkConfig), - }, - annotations: common.annotations, - namespace: deployment_manifest.deployment.namespace, - }, - spec: { - progressDeadlineSeconds: deployment.progressDeadlineSeconds, - selector: { - matchLabels: common.matchLabels, - }, - strategy: deployment_util.strategy.rollingUpdate(), - template: pod_template, - }, -} diff --git a/templates/deployment_manifest.jsonnet b/templates/deployment_manifest.jsonnet deleted file mode 100644 index 5295dbba..00000000 --- a/templates/deployment_manifest.jsonnet +++ /dev/null @@ -1,209 +0,0 @@ -local deployment_manifest_json = import 'deployment_manifest.json'; -local health_check_values = import 'health_check_values.jsonnet'; -local manifest_util = import 'manifest_util.jsonnet'; -local port_map = import 'port_map.jsonnet'; -local probe_values = import 'probe_values.jsonnet'; -local default_service_port = [{ name: 'serviceport', port: 8080, enableGrpc: false }]; -local namespace_values = import 'namespace_values.jsonnet'; -local vars = import 'vars.jsonnet'; -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; - -local alertTypes(alerts) = std.map(function(alert) alert.type, alerts); -local containsAlertType(alerts, type) = if (std.find(type, alertTypes(alerts)) != []) then true else false; -local mergePodAlerts(defaultAlerts, manifestAlerts) = manifestAlerts + std.filter(function(alert) !containsAlertType(manifestAlerts, alert.type), defaultAlerts); -local deployment = deployment_manifest_json.deployment; -local defaultStartupProbe = health_check_values.getDefaultStartupProbe; -local defaultLivenessCheck = health_check_values.getDefaultLivenessCheck; -local defaultReadinessCheck = health_check_values.getDefaultReadinessCheck; -local esImageMapping = { - '7.17.0': vars.esImage_7_17_0, - '8.12.2': vars.esImage_8_12_2, -}; -local kibanaImageMapping = { - '7.17.0': vars.kibanaImage_7_17_0, - '8.12.2': vars.kibanaImage_8_12_2, - }; -local lbFunction = function(lbObject) { - type: if 'type' in lbObject then lbObject.type else error 'Missing loadbalancer type', - endpoint: if 'endpoint' in lbObject then lbObject.endpoint else null, - name: if 'name' in lbObject then lbObject.name else null, - groupName: if 'groupName' in lbObject then lbObject.groupName else null, - stickiness: if 'stickiness' in lbObject then lbObject.stickiness else false, - 'tls-1-1': if 'tls-1-1' in lbObject then lbObject['tls-1-1'] else false, - enableGrpc: if 'enableGrpc' in lbObject then lbObject.enableGrpc else false, - stickinessCookieDuration: if 'stickinessCookieDuration' in lbObject then lbObject.stickinessCookieDuration else 86400, - idleTimeout: if 'idleTimeout' in lbObject then lbObject.idleTimeout else 60, - slowStartDuration: if 'slowStartDuration' in lbObject then lbObject.slowStartDuration else 0, - accessPolicies: if 'accessPolicies' in lbObject then lbObject.accessPolicies else [], - extraSecurityGroups: if 'extraSecurityGroups' in lbObject then lbObject.extraSecurityGroups else [], - accessLog: if 'accessLog' in lbObject then lbObject.accessLog else namespace_values.loadBalancer.annotations.accessLog, - webAcl: if 'webAcl' in lbObject then lbObject.webAcl else namespace_values.loadBalancer.annotations.webAcl, - groupOrder: if 'groupOrder' in lbObject then lbObject.groupOrder else '100', - additionalEndpoints: if 'additionalEndpoints' in lbObject then lbObject.additionalEndpoints else [], - redirects: if 'redirects' in lbObject then lbObject.redirects else [], - exposeToLoadBalancer: false, -}; - -// A mixin that carefully overrides values. It should resemble deployment_manifest.json -local manifest_defaults = { - environment: if 'environment' in super then super.environment else null, - securityGroup: if 'securityGroup' in super then super.securityGroup else null, - metadata: if 'metadata' in super then super.metadata else {}, - sandboxParams: if 'sandboxParams' in super then super.sandboxParams else null, - [if 'flink' in deployment_manifest_json then 'flink' else null]+: { - loadBalancers: std.map(lbFunction, - if ('loadBalancers' in deployment_manifest_json.flink && deployment_manifest_json.flink.loadBalancers != []) then deployment_manifest_json.flink.loadBalancers else [{ type: 'none' }]), - }, - deployment+: { - //TODO: Just support $.name instead of $.deployment.name once all apps have migrated - name: if 'name' in super then super.name else $.name, - image: if 'image' in super then deployment.image else null, - imagePullPolicy: if 'imagePullPolicy' in super then deployment.imagePullPolicy else 'IfNotPresent', - maxSurge: if 'maxSurge' in super then deployment.maxSurge else null, - controller: if 'controller' in super then deployment.controller else vars.defaultController, - strategy: if 'strategy' in super then deployment.strategy else null, - strategyConfig: if 'strategyConfig' in super then deployment.strategyConfig else {}, - exposedPorts: if 'exposedPorts' in super then (if port_map.hasPort(super.exposedPorts, 'serviceport') then super.exposedPorts else super.exposedPorts + default_service_port) else default_service_port, - healthChecks+: { - startupProbeEnabled: if 'startupProbeEnabled' in super then deployment.healthChecks.startupProbeEnabled else false, - startupProbe+: { - type: $.deployment.healthChecks.livenessCheck.type, - port: $.deployment.healthChecks.livenessCheck.port, - path: $.deployment.healthChecks.livenessCheck.path, - successThreshold: defaultStartupProbe.successThreshold, - initialDelaySeconds: defaultStartupProbe.initialDelaySeconds, - periodSeconds: defaultStartupProbe.periodSeconds, - failureThreshold: defaultStartupProbe.failureThreshold, - httpHeaders+: $.deployment.healthChecks.livenessCheck.httpHeaders, - }, - livenessCheck+: { - type: if 'type' in super then super.type else defaultLivenessCheck.type, - port: if 'port' in super then super.port else defaultLivenessCheck.port, - path: if 'path' in super then super.path else defaultLivenessCheck.path, - successThreshold: if 'successThreshold' in super then super.successThreshold else defaultLivenessCheck.successThreshold, - initialDelaySeconds: if $.deployment.healthChecks.startupProbeEnabled then 0 else (if 'initialDelaySeconds' in super then super.initialDelaySeconds else defaultLivenessCheck.initialDelaySeconds), - periodSeconds: if 'periodSeconds' in super then super.periodSeconds else defaultLivenessCheck.periodSeconds, - failureThreshold: if 'failureThreshold' in super then super.failureThreshold else defaultLivenessCheck.failureThreshold, - httpHeaders+: if 'httpHeaders' in super then super.httpHeaders else defaultLivenessCheck.httpHeaders, - }, - readinessCheck+: { - type: if 'type' in super then super.type else defaultReadinessCheck.type, - port: if 'port' in super then super.port else defaultReadinessCheck.port, - path: if 'path' in super then super.path else defaultReadinessCheck.path, - successThreshold: if 'successThreshold' in super then super.successThreshold else defaultReadinessCheck.successThreshold, - initialDelaySeconds: if $.deployment.healthChecks.startupProbeEnabled then 0 else (if 'initialDelaySeconds' in super then super.initialDelaySeconds else defaultReadinessCheck.initialDelaySeconds), - periodSeconds: if 'periodSeconds' in super then super.periodSeconds else defaultReadinessCheck.periodSeconds, - failureThreshold: if 'failureThreshold' in super then super.failureThreshold else defaultReadinessCheck.failureThreshold, - httpHeaders+: if 'httpHeaders' in super then super.httpHeaders else defaultReadinessCheck.httpHeaders, - }, - }, - progressDeadlineSeconds: if 'timeout' in super then super.timeout else (if $.environment != vars.environments.prod then 720 else 540), - terminationGracePeriodSeconds: if 'terminationGracePeriodSeconds' in super then super.terminationGracePeriodSeconds else (if $.environment != vars.environments.prod then 60 else 90), - instance+: { - count: if 'count' in super then super.count else 2, - cpu: if 'cpu' in super then super.cpu else '0.25', - memory: if 'memory' in super then super.memory else '300Mi', - [if $.deployment.isVpaEnabled then 'minCPU']: if 'minCPU' in super then super.minCPU else 0.5, - [if $.deployment.isVpaEnabled then 'minMemory']: if 'minMemory' in super then super.minMemory else '512Mi', - gpu: if 'gpu' in super then super.gpu else 0, - gpuNodeSelector: if 'gpuNodeSelector' in super then super.gpuNodeSelector else { 'nvidia.com/gpu': 'true' }, - gpuTolerations: if 'gpuTolerations' in super then super.gpuTolerations else [{ effect: 'NoSchedule', key: 'nvidia.com/gpu', operator: 'Exists' }], - }, - environmentVariables+: [], - mountSecrets+: [], - namespace: if 'namespace' in super then super.namespace else 'default', - loadBalancers: std.map(lbFunction, - if ( 'loadBalancers' in super && super.loadBalancers != []) then super.loadBalancers else [{ type: 'none' }]), - commonApiGateways: std.map(function(apiGateways) { - commonApiGatewayUrl: if 'commonApiGatewayUrl' in apiGateways then apiGateways.commonApiGatewayUrl else null, - internalCommonApiGatewayUrl: if 'internalCommonApiGatewayUrl' in apiGateways then apiGateways.internalCommonApiGatewayUrl else null, - gatewayAttributes: if 'gatewayAttributes' in apiGateways then apiGateways.gatewayAttributes else [], - }, if ( 'commonApiGateways' in super && super.commonApiGateways != []) then super.commonApiGateways else [{ type: 'none' }]), - serviceMonitor+: { - enabled: if 'enabled' in super then super.enabled else false, - port: if 'port' in super then super.port else 'serviceport', - path: if 'path' in super then super.path else '/actuator/prometheus', - namespace: if 'namespace' in super then super.namespace else 'monitoring', - interval: if 'interval' in super then super.interval else '30s', - metricRelabelings: if 'metricRelabelings' in super then super.metricRelabelings else [], - scrapeTimeout: if 'scrapeTimeout' in super then super.scrapeTimeout else '10s', - }, - elasticSearch+: { - local defaultLabelPrefix = deployment.elasticSearch.instance.instanceName, - local elasticsearchVersion = if 'esVersion' in deployment.elasticSearch.instance then deployment.elasticSearch.instance.esVersion else '7.17.0', - enabled: if 'enabled' in super then super.enabled else false, - esLabels: if 'esLabels' in super then super.esLabels else { app: chart.service_name, chart: chart.service_chart, heritage: 'NaviDeploymentManifest', release: defaultLabelPrefix + '-elasticsearch', Team: deployment_manifest_json.team.name, Environment: deployment_manifest_json.environment, Name: defaultLabelPrefix + '-elasticsearch', Product: namespace_values.additionalTags.product, Owner: if deployment_manifest_json.infraVertical == 'lending' then 'medici' else if deployment_manifest_json.infraVertical == 'insurance' then 'gi' else deployment_manifest_json.infraVertical }, - instanceName: if 'instanceName' in super then super.instanceName else 'default-elasticsearch', - cpu: if 'cpu' in super then super.cpu else '1', - memory: if 'memory' in super then super.memory else '1Gi', - diskSpace: if 'diskSpace' in super then super.diskSpace else '30Gi', - esVersion: elasticsearchVersion, - esImage: esImageMapping[elasticsearchVersion], - esCount: if 'esCount' in super then super.esCount else 3, - esNodeSelector: if 'esNodeSelector' in super then super.esNodeSelector else { 'kops.k8s.io/instancegroup': 'datastore-nodes-1' }, - esTolerations: if 'esTolerations' in super then super.esTolerations else [{ effect: 'NoSchedule', key: 'node', operator: 'Equal', value: 'datastore' }], - kibana: if 'kibana' in super then super.kibana else null, - kibanaLabels: if 'kibanaLabels' in super then super.kibanaLabels else { app: chart.service_name, chart: chart.service_chart, heritage: 'NaviDeploymentManifest', release: defaultLabelPrefix + '-kibana', Team: deployment_manifest_json.team.name, Environment: deployment_manifest_json.environment, Name: defaultLabelPrefix + '-kibana', Product: namespace_values.additionalTags.product, Owner: if deployment_manifest_json.infraVertical == 'lending' then 'medici' else if deployment_manifest_json.infraVertical == 'insurance' then 'gi' else deployment_manifest_json.infraVertical }, - kibanaVersion: elasticsearchVersion, - kibanaImage: kibanaImageMapping[elasticsearchVersion], - }, - perfUtility+: { - mockServerEnabled: if 'mockServer' in super then super.mockServer else false, - mockServerImage: if 'mockServerImage' in super then super.mockServerImage else '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/perf-mock-server:latest', - postgresServerEnabled: if 'postgresServer' in super then super.postgresServer else false, - postgresServerImage: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/postgres:13', - }, - hpa+: { - type: if 'type' in super then super.type else vars.deployment.hpa.type.metrics, - maxReplicas: if 'maxReplicas' in super then super.maxReplicas else $.deployment.instance.count, - minReplicas: if 'minReplicas' in super then super.minReplicas else $.deployment.instance.count, - metrics: if 'metrics' in super then super.metrics else [], - custom_metrics: if 'custom_metrics' in super then super.custom_metrics else [], - cronJobs: if 'cronJobs' in super then super.cronJobs else [], - }, - isVpaEnabled: if 'isVpaEnabled' in super then super.isVpaEnabled else false, - isLinkConfig: if 'linkConfig' in super && super.linkConfig != null then super.linkConfig else false, - vpa+: { - maxAllowed: { - cpu: if 'cpu' in super then super.cpu else vars.vpa.maxAllowedCPU, - memory: if 'memory' in super then super.memory else vars.vpa.maxAllowedMemory, - }, - }, - allowEgress: if 'allowEgress' in super then super.allowEgress else [], - alerts+: { - pod: mergePodAlerts(vars.deployment.alerts.pod, if 'pod' in super then super.pod else []), - loadBalancer+: [], - database+: [], - kafka+: [], - custom+: [], - kong+: [], - prometheusRecordingRule+: [], - underUtilisedResources+: [], - }, - disableIstio: if 'disableIstio' in super then super.disableIstio else false, - }, - team+: { - name: if 'name' in super then super.name else 'Infra', - }, - [if 'flink' in deployment_manifest_json then null else 'labels']+: { - 'micrometer-prometheus': if 'micrometer-prometheus' in super then super['micrometer-prometheus'] - else if ($.deployment.serviceMonitor.enabled == false && port_map.hasPort($.deployment.exposedPorts, 'metrics')) then 'enabled' else 'disabled', - }, - isSwApmEnabled: if 'isSwApmEnabled' in super then super.isSwApmEnabled else namespace_values.isSwApmEnabled, - extraResources: if 'extraResources' in super then super.extraResources else null, -}; - -local deployment_manifest = deployment_manifest_json + manifest_defaults; - -//For Validation -local rateLimitRulesLength(commonApiGateways) = [ - if 'rateLimitRules' in attribute then std.length(attribute.rateLimitRules) else 0 - for gateway in commonApiGateways - for attribute in gateway.gatewayAttributes -]; -local commonApiGateways = if 'flink' in deployment_manifest then [] else deployment_manifest.deployment.commonApiGateways; -assert std.length([value for value in rateLimitRulesLength(commonApiGateways) if value > 1]) == 0 : 'Apigateway has more than one rateLimiting rule configured in at least one of the gateway attributes'; -assert std.isString(deployment_manifest.cluster) : 'ValidationError: cluster must be a non empty string'; - -deployment_manifest diff --git a/templates/deployment_util.jsonnet b/templates/deployment_util.jsonnet deleted file mode 100644 index d582deb6..00000000 --- a/templates/deployment_util.jsonnet +++ /dev/null @@ -1,108 +0,0 @@ -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local vars = import 'vars.jsonnet'; -local rolloutController = vars.rolloutController; -local deploymentController = deployment.controller; -local ingress = deployment_manifest.deployment.loadBalancers[0]; -local load_balancer_util = import 'load_balancer_util.jsonnet'; -local chart = import 'chart.jsonnet'; -local port_map = import 'port_map.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local empty(parent, field) = if (field in parent && parent[field] != {} && parent[field] != [] && parent[field] != '') then false else true; - -{ - stepsValueMap(step):: { - manualPromotion: { pause: {} }, - setWeight: { setWeight: step.value }, - pause: { pause: { duration: step.value } }, - }[step.name], - - getSteps(steps):: [ - $.stepsValueMap(step) - for step in steps - ], - - stickinessConfig(stickinessDuration):: { - enabled: true, - durationSeconds: stickinessDuration, - }, - - getMaxSurge(deployment):: - if deployment.maxSurge == null || deployment.maxSurge == '' then - if deployment.hpa.minReplicas <= 5 then '51%' else '20%' - else - deployment.maxSurge + '%', - - strategy:: { - rollingUpdate():: - if (deploymentController == rolloutController) then { - canary: { - maxSurge: $.getMaxSurge(deployment), - maxUnavailable: 0, - }, - } else { - assert deployment.strategy != 'canary' : '%s controller does not support canary' % deploymentController, - type: 'RollingUpdate', - rollingUpdate: { - maxSurge: $.getMaxSurge(deployment), - maxUnavailable: 0, - }, - } - , - - canary(config={}):: { - assert deploymentController == rolloutController : '%s controller is not supported for canary' % deployment.controller, - assert std.find(ingress.type, ['alb', 'sharedAlbAcrossNamespace']) != [] : '%s is not supported for canary' % ingress.type, - local ingressFullName = load_balancer_util.ingress_name(chart.full_service_name(deployment.name), ingress), - local fullName = chart.full_service_name(deployment.name), - local analysisConfig = if !empty(config, 'analysis') then config.analysis else {}, - canary: { - maxSurge: '51%', - maxUnavailable: 0, - [if analysisConfig != {} then 'analysis']: { - templates: [{ - templateName: chart.full_service_name(deployment.name), - }], - [if !empty(analysisConfig, 'templates') && deployment.analysisTemplate != null then 'templates']: analysisConfig.templates, - [if !empty(analysisConfig, 'args') then 'args']: analysisConfig.args, - [if !empty(analysisConfig, 'startingStep') then 'startingStep']: analysisConfig.startingStep, - }, - steps: if empty(config, 'steps') then vars.defaultCanarySteps else $.getSteps(config.steps), - stableService: '%s-stable' % fullName, - canaryService: '%s-canary' % fullName, - trafficRouting: { - alb: { - ingress: ingressFullName, - rootService: fullName, - servicePort: port_map.getPort('serviceport'), - [if 'stickinessDuration' in config && config.stickinessDuration > 0 then 'stickinessConfig']: $.stickinessConfig(config.stickinessDuration), - }, - }, - }, - }, - rollingUpdateWithCanaryMixIn(config={}):: { - assert deploymentController == rolloutController : '%s controller is not supported for canary' % deployment.controller, - assert std.find(ingress.type, ['alb', 'sharedAlbAcrossNamespace']) != [] : '%s is not supported for canary' % ingress.type, - local ingressFullName = load_balancer_util.ingress_name(chart.full_service_name(deployment.name), ingress), - local fullName = chart.full_service_name(deployment.name), - canary: { - maxSurge: '51%', - maxUnavailable: 0, - stableService: '%s-stable' % fullName, - canaryService: '%s-canary' % fullName, - trafficRouting: { - alb: { - ingress: ingressFullName, - rootService: fullName, - servicePort: port_map.getPort('serviceport'), - [if 'stickinessDuration' in config && config.stickinessDuration > 0 then 'stickinessConfig']: $.stickinessConfig(config.stickinessDuration), - }, - }, - [if config.currentStrategy == 'canary' then 'steps']: [{ pause: {} }], - }, - }, - }, - - isEfsNeeded(deployment):: namespace_values.isEfsSupported && 'efs' in deployment, - isFsxNeeded(deployment):: namespace_values.isFsxSupported && 'fsx' in deployment, -} diff --git a/templates/dynamic_configuration.jsonnet b/templates/dynamic_configuration.jsonnet deleted file mode 100644 index 35a995f7..00000000 --- a/templates/dynamic_configuration.jsonnet +++ /dev/null @@ -1,22 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local manifest_util = import 'manifest_util.jsonnet'; -local dynamicConfiguration = if manifest_util.is_dynamic_config_present(deployment_manifest) then deployment_manifest.dynamicConfiguration else {}; - -if manifest_util.is_dynamic_config_present(deployment_manifest) then { - apiVersion: 'v1', - kind: 'Secret', - metadata: { - name: chart.full_service_name(deployment_manifest.deployment.name) + '-dynamic-secret', - namespace: deployment_manifest.deployment.namespace, - labels: common.labels, - annotations: common.annotations, - }, - stringData: - { - [config.fileName]: config.data - for config in dynamicConfiguration - }, - type: 'Opaque', -} diff --git a/templates/efs_persistent_volume_claim.jsonnet b/templates/efs_persistent_volume_claim.jsonnet deleted file mode 100644 index 94137d23..00000000 --- a/templates/efs_persistent_volume_claim.jsonnet +++ /dev/null @@ -1,34 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment_util = import 'deployment_util.jsonnet'; -local deployment = deployment_manifest.deployment; -local namespace_values = import 'namespace_values.jsonnet'; - -if (deployment_util.isEfsNeeded(deployment)) then - local efs_list = deployment.efs; - if (std.length(efs_list) != 0) then - { - apiVersion: 'v1', - kind: 'List', - items: std.map(function(efs) { - apiVersion: 'v1', - kind: 'PersistentVolumeClaim', - metadata: { - name: chart.full_service_name(deployment.name) + '-' + efs.name, - labels: common.labels, - annotations: common.annotations, - namespace: deployment.namespace, - }, - spec: { - accessModes: ['ReadWriteMany'], - storageClassName: efs.name, - resources: { - requests: { - storage: '1Mi', - }, - }, - }, - }, efs_list), - } - else null diff --git a/templates/elastic_search.jsonnet b/templates/elastic_search.jsonnet deleted file mode 100644 index 13081fb3..00000000 --- a/templates/elastic_search.jsonnet +++ /dev/null @@ -1,90 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local PVCAnnotations = '{ "Team": "%s", "Environment": "%s", "Product": "%s" }' % [deployment_manifest.team.name, deployment_manifest.environment, deployment_manifest.metadata.product]; -if deployment_manifest.deployment.elasticSearch.enabled == true then { - apiVersion: 'elasticsearch.k8s.elastic.co/v1', - kind: 'Elasticsearch', - metadata: { - name: deployment.elasticSearch.instance.instanceName + '-elasticsearch', - namespace: deployment_manifest.environment + '-datastores', - labels: deployment.elasticSearch.esLabels, - annotations: common.annotations, - }, - spec: { - version: deployment.elasticSearch.esVersion, - image: deployment.elasticSearch.esImage, - secureSettings: [ - { - secretName: 'aws-credentials-es-backup', - }, - ], - http: { - tls: { - selfSignedCertificate: { - disabled: true, - }, - }, - }, - nodeSets: [ - { - name: 'node', - config: { - 'node.roles': [ - 'master', - 'data', - 'ingest', - ], - 'node.store.allow_mmap': false, - }, - podTemplate: { - metadata: { - labels: deployment.elasticSearch.esLabels, - }, - spec: { - nodeSelector: deployment.elasticSearch.esNodeSelector, - tolerations: deployment.elasticSearch.esTolerations, - containers: [ - { - name: 'elasticsearch', - resources: { - requests: { - memory: deployment.elasticSearch.instance.memory, - cpu: deployment.elasticSearch.instance.cpu, - }, - limits: { - memory: deployment.elasticSearch.instance.memory, - cpu: deployment.elasticSearch.instance.cpu, - }, - }, - }, - ], - }, - }, - count: deployment.elasticSearch.esCount, - volumeClaimTemplates: [ - { - metadata: { - name: 'elasticsearch-data', - annotations: { - 'k8s-pvc-tagger/tags': PVCAnnotations - } - }, - spec: { - accessModes: [ - 'ReadWriteOnce', - ], - resources: { - requests: { - storage: deployment.elasticSearch.instance.diskSpace, - }, - }, - storageClassName: 'gp3-retain-policy', - }, - }, - ], - }, - ], - }, -} diff --git a/templates/elasticsearch_alerts_default.jsonnet b/templates/elasticsearch_alerts_default.jsonnet deleted file mode 100644 index 687dffa2..00000000 --- a/templates/elasticsearch_alerts_default.jsonnet +++ /dev/null @@ -1,186 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local app_name = chart.full_service_name(deployment_manifest.deployment.name); -local namespace = deployment_manifest.deployment.namespace; -local deployment = deployment_manifest.deployment; - -local clusterName = deployment.elasticSearch.instance.instanceName + '-elasticsearch'; - -if deployment_manifest.deployment.elasticSearch.enabled == true then { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: deployment.elasticSearch.esLabels { - prometheus: 'kube-prometheus', - role: 'alert-rules', - }, - annotations: common.annotations, - name: clusterName + '-alerts', - namespace: deployment_manifest.environment + '-datastores', - }, - spec: { - groups: [ - { - name: clusterName + '-alerts', - rules: [ - { - alert: 'ElasticsearchHeapUsageTooHigh', - expr: '(es_jvm_mem_heap_used_bytes{job=~".*http",es_cluster="%(clustername)s"} / es_jvm_mem_heap_max_bytes{job=~".*http",es_cluster="%(clustername)s"}) * 100 > 90' % ({ clustername: clusterName }), - 'for': '20m', - labels: { - severity: 'critical', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch Heap Usage Too High (node `{{ $labels.node }}`)', - description: 'The heap usage is over 90% for 5m VALUE = `{{ $value }}`\n NAME: `{{ $labels.node }}`', - }, - }, - { - alert: 'ElasticsearchHeapUsageWarning', - expr: '(es_jvm_mem_heap_used_bytes{job=~".*http",es_cluster="%(clustername)s"} / es_jvm_mem_heap_max_bytes{job=~".*http",es_cluster="%(clustername)s"}) * 100 > 80' % ({ clustername: clusterName }), - 'for': '15m', - labels: { - severity: 'warning', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch Heap Usage warning (node `{{ $labels.node }}`)', - description: 'The heap usage is over 80% for 15m\n VALUE = `{{ $value }}`\n NAME: `{{ $labels.node }}`', - }, - }, - { - alert: 'ElasticsearchAvgDiskOutOfSpace_Warning', - expr: '(es_fs_total_free_bytes{job=~".*http",es_cluster="%(clustername)s"}/es_fs_total_total_bytes{job=~".*http",es_cluster="%(clustername)s"}) * 100 < 15' % ({ clustername: clusterName }), - 'for': '20m', - labels: { - severity: 'warning', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch average disk out of space (node - `{{ $labels.node }}`). No new shards will be allocated at this node', - description: 'The disk usage is over 85%\n VALUE = `{{ $value }}`', - }, - }, - { - alert: 'ElasticsearchDiskOutOfSpace', - expr: '(es_fs_total_free_bytes{job=~".*http",es_cluster="%(clustername)s"}/es_fs_total_total_bytes{job=~".*http",es_cluster="%(clustername)s"}) * 100 < 10' % ({ clustername: clusterName }), - 'for': '10m', - labels: { - severity: 'critical', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch disk out of space (node `{{ $labels.node }}`). No new shards will be allocated at this node', - description: 'The disk usage is over 90%\n VALUE = `{{ $value }}`\n NAME: `{{ $labels.node }}`', - }, - }, - { - alert: 'ElasticsearchClusterRed', - expr: 'max(es_cluster_status{job=~".*http",es_cluster="%(clustername)s"}) by (es_cluster) == 2' % ({ clustername: clusterName }), - 'for': '5m', - labels: { - severity: 'critical', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch Cluster Red (cluster - `{{ $labels.es_cluster }}`)', - description: 'Elastic Cluster Red', - }, - }, - { - alert: 'ElasticsearchClusterYellow', - expr: 'max(es_cluster_status{job=~".*http",es_cluster="%(clustername)s"}) by (es_cluster) == 1' % ({ clustername: clusterName }), - 'for': '15m', - labels: { - severity: 'warning', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch Cluster Yellow (cluster - `{{ $labels.es_cluster }}`)', - description: 'Elastic Cluster Yellow for 15 minutes', - }, - }, - { - alert: 'ElasticsearchClusterIndexReplicaUnavailable', - expr: 'min(es_index_replicas_number{job=~".*http",es_cluster="%(clustername)s",index!~"^[.].*"}) by (es_cluster,index) < 1' % ({ clustername: clusterName }), - 'for': '15m', - labels: { - severity: 'warning', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch Cluster Index Replica less than 1 (cluster - `{{ $labels.es_cluster }}`)', - description: 'Elastic Cluster Index Replica less than 1 for 15 minutes\n VALUE = `{{ $value }}`', - }, - }, - { - alert: 'ElasticsearchInitializingShards', - expr: 'max(es_cluster_shards_number{type="initializing",job=~".*http",es_cluster="%(clustername)s"}) by (es_cluster) > 0' % ({ clustername: clusterName }), - 'for': '10m', - labels: { - severity: 'warning', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch initializing shards (cluster `{{ $labels.es_cluster }}`)', - description: 'Number of initializing shards for 10 min\n VALUE = `{{ $value }}`', - }, - }, - { - alert: 'ElasticsearchUnassignedShards', - expr: 'max(es_cluster_shards_number{type="unassigned",job=~".*http",es_cluster="%(clustername)s"}) by (es_cluster) > 0' % ({ clustername: clusterName }), - 'for': '30m', - labels: { - severity: 'critical', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch unassigned shards (cluster `{{ $labels.es_cluster }}`)', - description: 'Number of unassigned shards for 30 min\n VALUE = `{{ $value }}`', - }, - }, - { - alert: 'ElasticsearchUnassignedShards', - expr: 'max(es_cluster_shards_number{type="unassigned",job=~".*http",es_cluster="%(clustername)s"}) by (es_cluster) > 0' % ({ clustername: clusterName }), - 'for': '15m', - labels: { - severity: 'warning', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch unassigned shards (cluster `{{ $labels.es_cluster }}`)', - description: 'Number of unassigned shards for 15 min\n VALUE = `{{ $value }}`', - }, - }, - { - alert: 'ElasticsearchPendingTasks', - expr: 'max(es_cluster_pending_tasks_number{job=~".*http",es_cluster="%(clustername)s"}) by (es_cluster) > 0' % ({ clustername: clusterName }), - 'for': '15m', - labels: { - severity: 'warning', - alertTeam: deployment_manifest.team.name, - appName: clusterName, - }, - annotations: { - summary: 'Elasticsearch pending tasks (cluster `{{ $labels.es_cluster }}`)', - description: 'Number of pending tasks for 15 min. Cluster works slowly.\n VALUE = `{{ $value }}`', - }, - }, - ], - }, - ], - }, -} diff --git a/templates/elasticsearch_secrets.jsonnet b/templates/elasticsearch_secrets.jsonnet deleted file mode 100644 index 17e1b275..00000000 --- a/templates/elasticsearch_secrets.jsonnet +++ /dev/null @@ -1,18 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; - -if deployment_manifest.deployment.elasticSearch.enabled == true then { - apiVersion: 'v1', - kind: 'Secret', - metadata: { - name: deployment.elasticSearch.instance.instanceName + '-elasticsearch' + '-es-elastic-user', - namespace: deployment_manifest.environment + '-datastores', - labels: deployment.elasticSearch.esLabels, - annotations: common.annotations, - }, - - data: { [e.name]: std.base64(e.value) for e in deployment_manifest.environmentVariables if std.toString(e.name) == 'elastic' }, - type: 'Opaque', -} diff --git a/templates/elasticsearch_servicemonitor.jsonnet b/templates/elasticsearch_servicemonitor.jsonnet deleted file mode 100644 index 646af3e9..00000000 --- a/templates/elasticsearch_servicemonitor.jsonnet +++ /dev/null @@ -1,75 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; - -if deployment_manifest.deployment.elasticSearch.enabled == true then { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - labels: deployment.elasticSearch.esLabels, - name: deployment.elasticSearch.instance.instanceName + '-elasticsearch-monitor', - namespace: deployment_manifest.environment + '-datastores', - annotations: common.annotations, - }, - spec: { - endpoints: [ - { - metricRelabelings: [ - { - action: 'drop', - regex: 'es_index_segments_memory_bytes', - sourceLabels: ['__name__'], - }, - { - action: 'drop', - regex: '.*es-node', - sourceLabels: ['job'], - }, - { - action: 'drop', - regex: 'es_cluster.*;.*es-node-[1-9]+', - sourceLabels: ['__name__', 'pod'], - }, - { - sourceLabels: ['cluster'], - targetLabel: 'es_cluster', - replacement: '$1' - }, - { - action: 'labeldrop', - regex: '^cluster$', - } - ], - interval: '30s', - path: '/_prometheus/metrics', - port: 'http', - scheme: 'http', - tlsConfig: { - insecureSkipVerify: true, - }, - basicAuth: { - password: { - name: deployment.elasticSearch.instance.instanceName + '-elasticsearch' + '-sm-secret', - key: 'password', - }, - username: { - name: deployment.elasticSearch.instance.instanceName + '-elasticsearch' + '-sm-secret', - key: 'username', - }, - }, - }, - ], - namespaceSelector: { - matchNames: [ - deployment_manifest.environment + '-datastores', - ], - }, - selector: { - matchLabels: { - 'common.k8s.elastic.co/type': 'elasticsearch', - 'elasticsearch.k8s.elastic.co/cluster-name': deployment.elasticSearch.instance.instanceName + '-elasticsearch', - }, - }, - }, -} diff --git a/templates/elasticsearch_sm_secrets.jsonnet b/templates/elasticsearch_sm_secrets.jsonnet deleted file mode 100644 index 2295b1b1..00000000 --- a/templates/elasticsearch_sm_secrets.jsonnet +++ /dev/null @@ -1,18 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; - -if deployment_manifest.deployment.elasticSearch.enabled == true then { - apiVersion: 'v1', - kind: 'Secret', - metadata: { - name: deployment.elasticSearch.instance.instanceName + '-elasticsearch' + '-sm-secret', - namespace: deployment_manifest.environment + '-datastores', - labels: deployment.elasticSearch.esLabels, - annotations: common.annotations, - }, - - data: { ['username']: std.base64(e.name) for e in deployment_manifest.environmentVariables if std.toString(e.name) == 'elastic' } + { ['password']: std.base64(e.value) for e in deployment_manifest.environmentVariables if std.toString(e.name) == 'elastic' }, - type: 'Opaque', -} diff --git a/templates/elasticsearch_snapshots.jsonnet b/templates/elasticsearch_snapshots.jsonnet deleted file mode 100644 index 2962a335..00000000 --- a/templates/elasticsearch_snapshots.jsonnet +++ /dev/null @@ -1,122 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; - -if deployment_manifest.deployment.elasticSearch.enabled == true then { - apiVersion: 'batch/v1', - kind: 'Job', - metadata: { - name: deployment.elasticSearch.instance.instanceName + '-elasticsearch' + '-init-snapshots', - namespace: deployment_manifest.environment + '-datastores', - labels: deployment.elasticSearch.esLabels, - annotations: common.annotations, - }, - spec: { - template: { - spec: { - initContainers: [ - { - name: 'elasticsearch-s3-repository', - image: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/centos:7-custom', - imagePullPolicy: 'IfNotPresent', - volumeMounts: [ - { - name: 'es-basic-auth', - mountPath: '/mnt/elastic/es-basic-auth', - }, - ], - env: [ - { - name: 'ES_HOST', - value: deployment.elasticSearch.instance.instanceName + '-elasticsearch-es-http.' + deployment_manifest.environment + '-datastores.' + 'svc.cluster.local', - }, - { - name: 'ES_PORT', - value: '9200', - }, - { - name: 'ES_REPOSITORY', - value: 'snapshots', - }, - { - name: 'S3_REGION', - value: 'ap-south-1', - }, - { - name: 'S3_BUCKET', - valueFrom: { - secretKeyRef: { - name: 's3-bucket-es-backup', - key: 'bucket', - }, - }, - }, - { - name: 'S3_BASE_PATH', - value: deployment.elasticSearch.instance.instanceName, - }, - { - name: 'S3_COMPRESS', - value: 'true', - }, - { - name: 'S3_STORAGE_CLASS', - value: 'standard', - }, - ], - command: [ - '/bin/sh', - '-c', - ], - args: [ - "dockerize -wait tcp://${ES_HOST}:${ES_PORT} -timeout 600s && curl -s -i -k -u \"elastic:$(\"'\",\n \"repository\": \"'\"${ES_REPOSITORY}\"'\",\n \"config\": {\n \"indices\": \"'\"*\"'\",\n \"include_global_state\": \"'\"true\"'\"\n },\n \"retention\": {\n \"expire_after\": \"7d\",\n \"min_count\": 7,\n \"max_count\": 14\n }\n}'\n", - ], - }, - ], - restartPolicy: 'Never', - volumes: [ - { - name: 'es-basic-auth', - secret: { - secretName: deployment.elasticSearch.instance.instanceName + '-elasticsearch' + '-es-elastic-user', - }, - }, - ], - }, - }, - }, -} diff --git a/templates/flink_default_alerts.jsonnet b/templates/flink_default_alerts.jsonnet deleted file mode 100644 index 7b510440..00000000 --- a/templates/flink_default_alerts.jsonnet +++ /dev/null @@ -1,238 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local app_name = chart.full_service_name(deployment_manifest.name); -local namespace = deployment_manifest.flink.namespace; -local load_balancer_util = import 'load_balancer_util.jsonnet'; -local manifest_util = import 'manifest_util.jsonnet'; -local flink = deployment_manifest.flink; -local vars = import 'vars.jsonnet'; -local util = import 'util.jsonnet'; - -local environment = deployment_manifest.environment; -local commonAlertFields = { - appName: common.awsTags.Name, - fullName: chart.full_service_name(deployment_manifest.name), - namespace: namespace, - environment: environment, -}; -local baseLabels = function(alert) { - labels: { - severity: alert.severity, - alertTeam: deployment_manifest.team.name, - appName: app_name, - [if manifest_util.is_custom_slack_channel_enabled(alert) then 'slackChannel']: alert.slackChannel, - }, -}; -local baseAnnotations = function(alert) { - annotations: { - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/509936863/Runbook', - }, -}; -local mapAlerts(alertGroup, alerts) = std.filterMap( - function(alert) alert.type in alertGroup, - function(alert) baseAnnotations(alert) + alertGroup[alert.type](alert) + baseLabels(alert), - alerts -); - -local alerts = { - "pod": [ - { - "type": "HighPodRestarts", - "duration": "30m", - "severity": "critical", - "threshold": 3 - }, - { - "type": "HighPodFailures", - "duration": "3h", - "severity": "warning", - "threshold": 2 - }, - { - "type": "FrequentPodOOMKilled", - "duration": "10m", - "severity": "critical", - "threshold": 2 - }, - { - "type": "PodOOMKilled", - "duration": "5m", - "severity": "warning", - "threshold": 1 - }, - { - "type": "KubeContainerWaiting", - "duration": "1h", - "severity": "critical", - "threshold": 0 - } - ], - "flink": [ - { - "type": "JobManagerJvmMemoryUsageHigh", - "duration": "10m", - "severity": "critical", - "threshold": 85 - }, - { - "type": "JobManagerCpuLoadHigh", - "duration": "10m", - "severity": "critical", - "threshold": 75 - }, - { - "type": "TaskManagerJvmCpuLoadHigh", - "duration": "10m", - "severity": "critical", - "threshold": 75 - }, - { - "type": "TaskManagerJvmMemoryUsageHigh", - "duration": "10m", - "severity": "critical", - "threshold": 85 - }, - { - "type": "JobManagerFailedCheckpointIncreased", - "duration": "5m", - "severity": "critical", - "threshold": 0 - }, - { - "type": "FlinkTaskFailed", - "duration": "5m", - "severity": "critical", - "threshold": 0 - } - ], - "custom": [] -}; - -local podAlerts = { - HighPodRestarts: function(alert) ({ - alert: 'HighPodRestarts', - annotations: { - description: 'Namespace: %s, AppName: %s; Pod restarted multiple times' % [namespace, app_name], - summary: 'High Pod Restarts', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'sum(increase(kube_pod_container_status_restarts_total{namespace="%s", pod=~"%s.*"}[%s])) > %s' % [namespace, app_name, alert.duration, alert.threshold], - }), - HighPodFailures: function(alert) ({ - alert: 'HighPodFailures', - annotations: { - description: 'Namespace: %s, AppName: %s; Pods were last terminated due to reason {{ $labels.reason }}' % [namespace, app_name], - summary: 'High Pod Failures', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'sum(increase(kube_pod_container_status_last_terminated_reason{namespace="%s", container=~"%s.*",reason !~ "Completed|Evicted|OOMKilled"}[%s])) by (reason,pod) > %s' % [namespace, app_name, alert.duration, alert.threshold], - }), - FrequentPodOOMKilled: function(alert) ({ - alert: 'FrequentPodOOMKilled', - annotations: { - description: 'Namespace: %s, AppName: %s; Pod: {{ $labels.pod }} is restarting multiple times because of OOMKilled' % [namespace, app_name], - summary: 'High Pod Failures', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'increase(kube_pod_container_status_restarts_total{namespace="%s", container="%s"}[%s]) >= %s AND ignoring(reason) kube_pod_container_status_last_terminated_reason{namespace="%s", container="%s", reason="OOMKilled"} > 0' % [namespace, app_name, alert.duration, alert.threshold, namespace, app_name], - }), - PodOOMKilled: function(alert) ({ - alert: 'PodOOMKilled', - annotations: { - description: 'Namespace: %s, AppName: %s; Pod: {{ $labels.pod }} killed because of OOMKilled' % [namespace, app_name], - summary: 'Pod OOMKilled', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'kube_pod_container_status_restarts_total{namespace="%s", container="%s"} - kube_pod_container_status_restarts_total{namespace="%s", container="%s"} offset %s >= %s AND ignoring(reason) kube_pod_container_status_last_terminated_reason{namespace="%s", container="%s", reason="OOMKilled"} > 0' % [namespace, app_name, namespace, app_name, alert.duration, alert.threshold, namespace, app_name], - }), - KubeContainerWaiting: function(alert) ({ - alert: 'KubeContainerWaiting', - annotations: { - description: 'Namespace: %s, AppName: %s; container in waiting state for one hour' % [namespace, app_name], - summary: 'container is waiting for too long', - runbook: 'https://navihq.atlassian.net/wiki/spaces/IN/pages/279937094/Act+On+Pod+Alert', - }, - expr: 'sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{container="%s", namespace="%s"}) > %s' % [app_name, namespace, alert.threshold], - 'for': alert.duration, - }), -}; - -local flinkAlerts = { - JobManagerJvmMemoryUsageHigh: function(alert) ({ - alert: 'JobManagerJvmMemoryUsageHigh', - annotations: { - description: 'Namespace: %s, AppName: %s; JVM Memory usage more than 80 percent for flink job {{ $labels.job }} since last %s ' % [namespace, app_name, alert.duration], - summary: 'Job Manager JVM Memory Usage High', - }, - expr: '( flink_jobmanager_Status_JVM_Memory_Heap_Used / flink_jobmanager_Status_JVM_Memory_Heap_Max ) * 100 > %s ' % [alert.threshold], - 'for': alert.duration, - }), - JobManagerCpuLoadHigh: function(alert) ({ - alert: 'JobManagerCpuLoadHigh', - annotations: { - description: 'Namespace: %s, AppName: %s; JVM CPU Load more than %s for flink job {{ $labels.job }} since last %s.' % [namespace, app_name,alert.threshold, alert.duration], - summary: 'Job Manager CPU Load High', - }, - expr: 'flink_jobmanager_Status_JVM_CPU_Load > %s' % alert.threshold, - 'for': alert.duration, - }), - TaskManagerJvmCpuLoadHigh: function(alert) ({ - alert: 'TaskManagerJvmCpuLoadHigh', - annotations: { - description: 'Namespace: %s, AppName: %s; JVM CPU Load more than %s for flink taskmanager {{ $labels.tm_id }} for job {{ $labels.job }} since last %s.' % [namespace, app_name, alert.threshold, alert.duration], - summary: 'Task Manager JVM CPU Load High', - }, - expr: 'flink_taskmanager_Status_JVM_CPU_Load > %s' % alert.threshold, - 'for': alert.duration, - }), - TaskManagerJvmMemoryUsageHigh: function(alert) ({ - alert: 'TaskManagerJvmMemoryUsageHigh', - annotations: { - description: 'Namespace: %s, AppName: %s; JVM Memory usage more than 80 percent for TaskManager {{ $labels.tm_id }} for job {{ $labels.job }} since last %s.' % [namespace, app_name, alert.duration], - summary: 'Task Manager JVM Memory Usage High', - }, - expr: '(flink_taskmanager_Status_JVM_Memory_Heap_Used / flink_taskmanager_Status_JVM_Memory_Heap_Max) * 100 > %s' % alert.threshold, - 'for': alert.duration, - }), - JobManagerFailedCheckpointIncreased: function(alert) ({ - alert: 'JobManagerFailedCheckpointIncreased', - annotations: { - description: 'Namespace: %s, AppName: %s; Number of failed checkpoints increased in last %s for job {{ $labels.job }}' % [namespace, app_name, alert.duration], - summary: 'Job Manager Failed Checkpoint Increased', - }, - expr: 'increase(flink_jobmanager_job_numberOfFailedCheckpoints[%s]) > 0' % alert.duration, - }), - FlinkTaskFailed: function(alert) ({ - alert: 'FlinkTaskFailed', - annotations: { - description: 'Namespace: %s, AppName: %s; The Flink job {{ $labels.job }} has tasks that failed.' % [namespace, app_name], - summary: 'Flink Task Failed', - }, - expr: 'rate(flink_taskmanager_job_task_failed{job="{{ $labels.job }}"}[%s]) > 0' % alert.duration, - 'for': alert.duration, - }), -}; - -{ - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: common.labels { - prometheus: 'kube-prometheus', - role: 'alert-rules', - }, - name: app_name, - namespace: namespace, - annotations: common.annotations, - }, - spec: { - groups: [ - { - name: '%s-basic' % [app_name], - rules: (mapAlerts(podAlerts, alerts.pod) + mapAlerts(flinkAlerts, alerts.flink)), - }, - ], - }, -} diff --git a/templates/flink_deployment.jsonnet b/templates/flink_deployment.jsonnet deleted file mode 100644 index 0f6906f0..00000000 --- a/templates/flink_deployment.jsonnet +++ /dev/null @@ -1,172 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local flink = deployment_manifest.flink; -local namespace_values = import 'namespace_values.jsonnet'; -local flinkBucket = namespace_values.flinkBucket; -local flinkBucketBaseDir = 's3://' + flinkBucket + '/jobs/' + deployment_manifest.environment + '/' + deployment_manifest.name; -local util = import 'util.jsonnet'; -local needsAWSAccess = if util.is_field_present(deployment_manifest.extraResources, 'aws_access') - && util.is_field_present(deployment_manifest.extraResources.aws_access, 'policies') - && std.length(deployment_manifest.extraResources.aws_access.policies) > 0 then true else false; - -local roleName = chart.full_service_name(deployment_manifest.name) + '-' + deployment_manifest.environment; - -local awsAccess = { - volumeName:: 'aws-iam-credentials', - volumeMountPath:: '/meta/aws-iam', - - volume: if (needsAWSAccess && namespace_values.zalandoEnabled) then [ - { name: $.volumeName, secret: { secretName: roleName, defaultMode: 420 } }, - ] else [], - mount: if (needsAWSAccess && namespace_values.zalandoEnabled) then [ - { name: $.volumeName, mountPath: $.volumeMountPath }, - ] else [], - env: if (needsAWSAccess && namespace_values.zalandoEnabled) then [ - { name: 'AWS_DEFAULT_REGION', value: 'ap-south-1' }, - { name: 'AWS_SHARED_CREDENTIALS_FILE', value: $.volumeMountPath + '/credentials.process' }, - { name: 'AWS_CREDENTIAL_PROFILES_FILE', value: $.volumeMountPath + '/credentials' }, - ] else [], -}; - -local rocksDbSupport = { - name:: 'rocksdb-storage', - storageClassName:: 'gp2', - mountPath:: '/opt/flink/rocksdb', - accessModes:: ['ReadWriteOnce'], - - volume: { - name: $.name, - ephemeral: { - volumeClaimTemplate: { - metadata: { - labels: common.labels, - }, - spec: { - accessModes: $.accessModes, - storageClassName: $.storageClassName, - resources: { - requests: { - storage: flink.flinkDeployment.taskManager.volumeSize, - }, - }, - }, - }, - }, - }, - mount: { - name: $.name, - mountPath: $.mountPath, - }, -}; - -{ - mainContainerName:: 'flink-main-container', - image:: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/flink:1.17.2-s3-hadoop', - flinkVersion:: 'v1_17', - defaultStateBackendType:: 'filesystem', - isRocksDbSupportEnabled:: ('volumeSize' in flink.flinkDeployment.taskManager), - isCustomTaskManagerPodTemplateRequired:: ($.isRocksDbSupportEnabled), - stateBackendType:: ( - if $.isRocksDbSupportEnabled then - 'rocksdb' - else - $.defaultStateBackendType - ), - - apiVersion: 'flink.apache.org/v1beta1', - kind: 'FlinkDeployment', - metadata: { - name: deployment_manifest.name, - namespace: flink.namespace, - }, - spec: { - image: $.image, - imagePullPolicy: 'IfNotPresent', - flinkVersion: $.flinkVersion, - restartNonce: flink.flinkDeployment.restartNonce, - flinkConfiguration: { - 'taskmanager.numberOfTaskSlots': std.toString(flink.flinkDeployment.flinkConfiguration.taskManagerSlots), - 'high-availability': 'KUBERNETES', - 'high-availability.storageDir': flinkBucketBaseDir + '/recovery', - 'state.backend.type': $.stateBackendType, - [if $.isRocksDbSupportEnabled then 'state.backend.rocksdb.localdir']: rocksDbSupport.mountPath, - 'state.checkpoints.dir': flinkBucketBaseDir + '/checkpoints', - 'state.savepoints.dir': flinkBucketBaseDir + '/savepoints', - 'kubernetes.operator.periodic.savepoint.interval': flink.flinkDeployment.flinkConfiguration.savepointFrequency, - 'kubernetes.operator.savepoint.history.max.count': '24', - 'kubernetes.operator.pod-template.merge-arrays-by-name': 'true', - 'restart-strategy': 'exponentialdelay', - 'execution.checkpointing.interval': '30s', - 'restart-strategy.exponential-delay.initial-backoff': '10s', - 'restart-strategy.exponential-delay.max-backoff': '2min', - 'restart-strategy.exponential-delay.backoff-multiplier': '2.0', - 'restart-strategy.exponential-delay.reset-backoff-threshold': '10min', - 'restart-strategy.exponential-delay.jitter-factor': '0.1', - 'metrics.reporter.promgateway.jobName': deployment_manifest.name, - 'metrics.reporter.promgateway.groupingKey': 'tag_team=' + deployment_manifest.team.name, - }, - serviceAccount: roleName, - podTemplate: { - apiVersion: 'v1', - kind: 'Pod', - metadata: { - name: deployment_manifest.name, - labels: common.labels, - }, - spec: { - containers: [ - { - name: $.mainContainerName, - env: [ - { - name: e.name, - valueFrom: { - secretKeyRef: { - name: chart.full_service_name(deployment_manifest.name) + '-secret', - key: e.name, - }, - }, - } - for e in deployment_manifest.environmentVariables - ] + - // Adding md5 to make sure deployment is retrigerred if just values are changed - ([{ name: 'secretMd5', value: std.md5(std.toString(deployment_manifest.environmentVariables)) }]) + - awsAccess.env, - volumeMounts: awsAccess.mount, - }, - ], - volumes: awsAccess.volume, - serviceAccountName: roleName, - }, - }, - jobManager: { - replicas: flink.flinkDeployment.jobManager.replicas, - resource: { - memory: flink.flinkDeployment.jobManager.resources.memory, - cpu: flink.flinkDeployment.jobManager.resources.cpu, - }, - }, - taskManager: { - [if $.isCustomTaskManagerPodTemplateRequired then 'podTemplate']: { - spec: { - securityContext: { - fsGroup: 9999, - }, - containers: [ - { - name: $.mainContainerName, - volumeMounts: [rocksDbSupport.mount], - }, - ], - volumes: [rocksDbSupport.volume], - }, - }, - replicas: flink.flinkDeployment.taskManager.replicas, - resource: { - memory: flink.flinkDeployment.taskManager.resources.memory, - cpu: flink.flinkDeployment.taskManager.resources.cpu, - }, - }, - }, -} diff --git a/templates/flink_role_binding.jsonnet b/templates/flink_role_binding.jsonnet deleted file mode 100644 index 7685f52b..00000000 --- a/templates/flink_role_binding.jsonnet +++ /dev/null @@ -1,27 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local namespace = deployment_manifest.flink.namespace; - -local serviceAccountName = chart.full_service_name(deployment_manifest.name) + '-' + deployment_manifest.environment; -{ - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'flink' + '-' + serviceAccountName, - namespace: namespace, - labels: common.labels, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: 'flink', - }, - subjects: [ - { - kind: 'ServiceAccount', - name: serviceAccountName, - namespace: namespace, - }, - ], -} diff --git a/templates/flink_service_account.jsonnet b/templates/flink_service_account.jsonnet deleted file mode 100644 index 5225463f..00000000 --- a/templates/flink_service_account.jsonnet +++ /dev/null @@ -1,27 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local namespace = deployment_manifest.flink.namespace; -local namespace_values = import 'namespace_values.jsonnet'; -local util = import 'util.jsonnet'; -local needsAWSAccess = if util.is_field_present(deployment_manifest.extraResources, 'aws_access') - && util.is_field_present(deployment_manifest.extraResources.aws_access, 'policies') - && std.length(deployment_manifest.extraResources.aws_access.policies) > 0 then true else false; - -local roleName = chart.full_service_name(deployment_manifest.name) + '-' + deployment_manifest.environment; - - -{ - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: ({ - name: roleName, - namespace: namespace, - labels: common.labels, - [if !namespace_values.zalandoEnabled then 'annotations' else null]: { - 'eks.amazonaws.com/role-arn': 'arn:aws:iam::' + namespace_values.awsAccountId + ':role/' + roleName, - 'eks.amazonaws.com/sts-regional-endpoints': 'true', - 'eks.amazonaws.com/token-expiration': '10800', - }, - }), -} diff --git a/templates/flink_session_job.jsonnet b/templates/flink_session_job.jsonnet deleted file mode 100644 index c99993f9..00000000 --- a/templates/flink_session_job.jsonnet +++ /dev/null @@ -1,24 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local flink = deployment_manifest.flink; -local namespace_values = import 'namespace_values.jsonnet'; -{ - apiVersion: 'flink.apache.org/v1beta1', - kind: 'FlinkSessionJob', - metadata: { - name: deployment_manifest.name, - namespace: flink.namespace, - }, - spec: { - deploymentName: deployment_manifest.name, - job: { - jarURI: std.extVar('IMAGE'), - parallelism: flink.flinkJob.parallelism, - allowNonRestoredState: true, - upgradeMode: 'savepoint', - [if 'entryClass' in flink.flinkJob then 'entryClass' else null]: flink.flinkJob.entryClass, - args: [flink.flinkJob.jobArguments], - }, - }, -} diff --git a/templates/health_check_values.jsonnet b/templates/health_check_values.jsonnet deleted file mode 100644 index f0b7da71..00000000 --- a/templates/health_check_values.jsonnet +++ /dev/null @@ -1,65 +0,0 @@ -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local port_map = import 'port_map.jsonnet'; -local exposedPorts = deployment_manifest.deployment.exposedPorts; - - -local isMicrometerPrometheusEnabled = deployment_manifest.labels['micrometer-prometheus'] == 'enabled'; -local error_message = 'Metrics port not specified with micrometer-prometheus enabled'; - -local defaultReadinessCheck = { - type: 'tcp', - port: 'serviceport', - path: '/actuator/health', - successThreshold: 1, - initialDelaySeconds: 60, - periodSeconds: 30, - failureThreshold: 5, - httpHeaders: [], -}; - -local defaultLivenessCheck = { - type: 'tcp', - port: 'serviceport', - path: '/actuator/health', - successThreshold: 1, - initialDelaySeconds: 60, - periodSeconds: 30, - failureThreshold: 5, - httpHeaders: [], -} + if isMicrometerPrometheusEnabled then { port: 'metrics', type: 'http' } else {}; - -local defaultStartupProbe = { - successThreshold: 1, - initialDelaySeconds: 0, - periodSeconds: 10, - failureThreshold: 30, - httpHeaders: [], -}; - -{ - generator(healthCheck): { - http:: { - httpGet: { - port: port_map.getPort(healthCheck.port), - path: healthCheck.path, - httpHeaders: healthCheck.httpHeaders, - }, - successThreshold: healthCheck.successThreshold, - initialDelaySeconds: healthCheck.initialDelaySeconds, - periodSeconds: healthCheck.periodSeconds, - failureThreshold: healthCheck.failureThreshold, - }, - tcp:: { - tcpSocket: { - port: port_map.getPort(healthCheck.port), - }, - successThreshold: healthCheck.successThreshold, - initialDelaySeconds: healthCheck.initialDelaySeconds, - periodSeconds: healthCheck.periodSeconds, - failureThreshold: healthCheck.failureThreshold, - }, - }, - getDefaultReadinessCheck:: defaultReadinessCheck, - getDefaultStartupProbe:: defaultStartupProbe, - getDefaultLivenessCheck:: if (isMicrometerPrometheusEnabled && !port_map.hasPort(exposedPorts, 'metrics')) then error error_message else defaultLivenessCheck, -} diff --git a/templates/hpa.jsonnet b/templates/hpa.jsonnet deleted file mode 100644 index 945db992..00000000 --- a/templates/hpa.jsonnet +++ /dev/null @@ -1,70 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local hpa = deployment.hpa; -local vars = import 'vars.jsonnet'; -local util = import 'util.jsonnet'; - -local hpa_custom_metrics = [ - item { name: super.name + '_' + deployment.name + '_' + deployment_manifest.environment } - for item in hpa.custom_metrics -]; - -local basename = chart.full_service_name(deployment.name); -local isHpaEnabled = hpa.type == vars.deployment.hpa.type.metrics; -local name = if isHpaEnabled then - basename -else - basename + '-disabled'; - -{ - apiVersion: 'autoscaling/v2beta2', - kind: 'HorizontalPodAutoscaler', - metadata: { - name: name, - labels: common.labels, - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations + { - [std.format('metric-config.external.prometheus-query.prometheus/%s', metric.name)]: metric.query - for metric in hpa_custom_metrics - }, - }, - spec: { - maxReplicas: hpa.maxReplicas, - minReplicas: if hpa.minReplicas == 0 then 1 else hpa.minReplicas, - metrics: [ - { - resource: { - name: metric.name, - target: { - averageUtilization: metric.threshold, - type: 'Utilization', - }, - }, - type: 'Resource', - } - for metric in hpa.metrics - ] + [ - { - external: { - metric: { - name: 'prometheus-query', - selector: { - matchLabels: { - 'query-name': metric.name, - }, - }, - }, - target: { - type: 'Value', - value: metric.threshold, - }, - }, - type: 'External', - } - for metric in hpa_custom_metrics - ], - scaleTargetRef: util.hpa_scale_target_ref(deployment.name, deployment.controller, !isHpaEnabled), - }, -} diff --git a/templates/ingress.jsonnet b/templates/ingress.jsonnet deleted file mode 100644 index ef700e6c..00000000 --- a/templates/ingress.jsonnet +++ /dev/null @@ -1,189 +0,0 @@ -//Imports -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local load_balancer_util = import 'load_balancer_util.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local port_map = import 'port_map.jsonnet'; -local util = import 'util.jsonnet'; -local flink = deployment_manifest.flink; -local sandbox = import './sandbox/main.jsonnet'; -local isSandbox = util.is_sandbox(deployment_manifest.environment); -local vars = import 'vars.jsonnet'; -local isflinkJob = std.objectHas(deployment_manifest, 'flink'); -local loadBalancers = if isflinkJob then deployment_manifest.flink.loadBalancers else deployment_manifest.deployment.loadBalancers; -local namespace = if isflinkJob then deployment_manifest.flink.namespace else deployment_manifest.deployment.namespace; -local exposedPorts = deployment_manifest.deployment.exposedPorts; - -local albScheme = { - internetFacing: 'internet-facing', - internal: 'internal', - cdn: 'internet-facing', - internetFacingRestricted: 'internet-facing', -}; - -local albTags = common.awsTags + if isSandbox then { - Environment: deployment_manifest.sandboxParams.source.environment, - Namespace: deployment_manifest.sandboxParams.source.namespace, -} else {}; - -local nginxClass(environment, serviceName) = '%s-%s-nginx' % [environment, serviceName]; - -local ingress_annotations(lbObject, clusterAnnotationValues, exposePortToLb=false, enableGrpc=false) = { - local subnetScheme = load_balancer_util.subnet_scheme(lbObject.accessPolicies), - local groupName = load_balancer_util.group_name(lbObject), - local ingressName = load_balancer_util.ingress_name(chart.full_service_name(deployment_manifest.name), lbObject), - - local sslCerts = clusterAnnotationValues.sslCert, - local certificateArns = std.join(',', std.set( - [sslCerts[util.get_certs(std.objectFieldsAll(sslCerts), lbObject.endpoint)]] + - [sslCerts[util.get_certs(std.objectFieldsAll(sslCerts), host.hostname)] for host in lbObject.redirects] + - [sslCerts[util.get_certs(std.objectFieldsAll(sslCerts), host)] for host in lbObject.additionalEndpoints] - )), - local redirect_annotations(destinationHost) = { ['alb.ingress.kubernetes.io/actions.redirect-%s' % i]: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301", "Host": "%(destinationHost)s","Path": "%(destinationPath)s"}}' % (lbObject.redirects[i] { destinationHost: destinationHost }) for i in std.range(0, std.length(lbObject.redirects) - 1) }, - - nginxLb: namespace_values.loadBalancer.annotations { - 'kubernetes.io/ingress.class': nginxClass(deployment_manifest.environment, deployment_manifest.name), - 'nginx.ingress.kubernetes.io/rewrite-target': '/', - }, - sharedAlbAcrossNamespace: common.annotations + namespace_values.loadBalancer.annotations { - local sortedPolicies = std.sort(lbObject.accessPolicies), - local sgs = [if accessPolicy in clusterAnnotationValues.securityGroups then clusterAnnotationValues.securityGroups[accessPolicy] for accessPolicy in sortedPolicies], - 'kubernetes.io/ingress.class': 'alb', - 'alb.ingress.kubernetes.io/target-type': 'ip', - 'alb.ingress.kubernetes.io/listen-ports': load_balancer_util.listener_ports(lbObject), - 'alb.ingress.kubernetes.io/certificate-arn': certificateArns, - 'alb.ingress.kubernetes.io/actions.ssl-redirect': '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}', - } - + ( - if load_balancer_util.target_group_attribute_list(lbObject) != null then { - 'alb.ingress.kubernetes.io/target-group-attributes': load_balancer_util.target_group_attribute_list(lbObject), - } else {} - ) - + (if subnetScheme == 'internetFacing' then { - 'alb.ingress.kubernetes.io/ip-address-type': 'dualstack', // exclusive - } else {}) - + (if groupName == null then {} else { - 'alb.ingress.kubernetes.io/group.name': '%s' % groupName, - 'alb.ingress.kubernetes.io/group.order': lbObject.groupOrder, - }) - + redirect_annotations(lbObject.endpoint), - alb: common.annotations + namespace_values.loadBalancer.annotations { - 'kubernetes.io/ingress.class': 'alb', - 'alb.ingress.kubernetes.io/target-type': 'ip', - [if enableGrpc then 'alb.ingress.kubernetes.io/backend-protocol-version']: 'GRPC', - [if !lbObject['tls-1-1'] then 'alb.ingress.kubernetes.io/ssl-policy']: 'ELBSecurityPolicy-TLS-1-2-2017-01', - 'alb.ingress.kubernetes.io/listen-ports': load_balancer_util.listener_ports(lbObject, exposePortToLb), - 'alb.ingress.kubernetes.io/certificate-arn': certificateArns, - 'alb.ingress.kubernetes.io/scheme': albScheme[subnetScheme], - 'alb.ingress.kubernetes.io/security-groups': (load_balancer_util.security_group_list(lbObject.accessPolicies, clusterAnnotationValues.securityGroups, lbObject.extraSecurityGroups)) - + (if (subnetScheme == 'internetFacing' || subnetScheme == 'internetFacingRestricted') then (',' + clusterAnnotationValues.securityGroups.http) else ''), - 'alb.ingress.kubernetes.io/load-balancer-attributes': load_balancer_util.load_balancer_attribute_list(lbObject, namespace_values.loadBalancer.annotations, deployment_manifest.name), - 'alb.ingress.kubernetes.io/tags': 'Environment=%(Environment)s,Owner=%(Owner)s,Name=%(Name)s,Team=%(Team)s,Namespace=%(Namespace)s,Ingress=%(ingressName)s,Product=%(Product)s' % (albTags { ingressName: ingressName }), - [if !exposePortToLb then 'alb.ingress.kubernetes.io/actions.ssl-redirect']: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}', - } + redirect_annotations(lbObject.endpoint) - + ( - if load_balancer_util.target_group_attribute_list(lbObject) != null then { - 'alb.ingress.kubernetes.io/target-group-attributes': load_balancer_util.target_group_attribute_list(lbObject), - } else {} - ) - + (if subnetScheme in (clusterAnnotationValues.subnets) then { - 'alb.ingress.kubernetes.io/subnets': clusterAnnotationValues.subnets[subnetScheme], - } else {}) - + (if subnetScheme == 'internetFacing' then { - 'alb.ingress.kubernetes.io/ip-address-type': 'dualstack', - [if lbObject.webAcl != 'false' then 'alb.ingress.kubernetes.io/wafv2-acl-arn']: lbObject.webAcl, - } else {}) - + (if subnetScheme == 'internetFacingRestricted' then { - 'alb.ingress.kubernetes.io/ip-address-type': 'dualstack', - } else {}) - + (if subnetScheme == 'cdn' then { - 'alb.ingress.kubernetes.io/ip-address-type': 'dualstack', - 'external-dns.alpha.kubernetes.io/exclude': 'true', - } else {}) - + (if deployment_manifest.environment != vars.environments.prod then { - 'alb.ingress.kubernetes.io/group.name': std.join('-', [ingressName, namespace]), - 'alb.ingress.kubernetes.io/group.order': lbObject.groupOrder, - } else {}) - + (if lbObject.groupName != '' then { - 'alb.ingress.kubernetes.io/group.name': std.join('-', [ingressName, namespace]), - } else {}), -}[lbObject.type]; - - -//Filter alb & sharedAlbAcrossNamespace type of loadbalancer configurations -local filteredLbs = std.filter(function(lbObject) std.find(lbObject.type, ['alb', 'sharedAlbAcrossNamespace', 'nginxLb']) != [], loadBalancers); - -local ports = [ - { port: port_map.getPort('serviceport'), exposeToLoadBalancer: false, portFieldKey: 'number', enableGrpc: port_map.isGrpcEnabled('serviceport') }, - { port: port_map.getPort('secondary-service-port'), exposeToLoadBalancer: true, portFieldKey: 'number', enableGrpc: port_map.isGrpcEnabled('secondary-service-port') }, - { port: port_map.getPort(chart.full_service_name(deployment_manifest.name) + '-rest'), exposeToLoadBalancer: false, portFieldKey: 'name' }, -]; -local loadbalancerWithAllPorts = [ - lb + port - for lb in filteredLbs - for port in ports - if port.port != null -]; - -// this is to ensure only in case of new load balancers,( which will not have groupName as empty string ), exposed ingress is created -local isOldALB(lbObject) = lbObject.groupName == ''; - -local filteredLoadBalancerWithAllPorts = [ - lbObject - for lbObject in loadbalancerWithAllPorts - if !isOldALB(lbObject) || (isOldALB(lbObject) && !lbObject.exposeToLoadBalancer) -]; - -std.map( - //Generate ingress objects based on above filtered configurations - function(lbIndex) { - config:: { - lbObject: filteredLoadBalancerWithAllPorts[lbIndex], - subnetScheme: load_balancer_util.subnet_scheme($.config.lbObject.accessPolicies), - serviceName: if isflinkJob then (deployment_manifest.name + '-rest') else chart.full_service_name(deployment_manifest.name), - servicePort: $.config.lbObject.port, - exposePortToLoadBalancer: $.config.lbObject.exposeToLoadBalancer, - enableGrpc: $.config.lbObject.enableGrpc, - portFieldKey: $.config.lbObject.portFieldKey, - name: load_balancer_util.ingress_name(chart.full_service_name(deployment_manifest.name), $.config.lbObject, $.config.exposePortToLoadBalancer), - }, - assert std.length($.config.name) <= 253 : 'Ingress name must be less than 253 characters. name: %s' % $.config.name, - apiVersion: 'networking.k8s.io/v1', - kind: 'Ingress', - metadata: { - name: $.config.name, - labels: common.labels, - annotations: ingress_annotations($.config.lbObject, namespace_values.loadBalancer.annotations, $.config.exposePortToLoadBalancer, $.config.enableGrpc) + if isSandbox then sandbox.sandbox($.config).albIngress.annotations else {}, - namespace: namespace, - }, - spec: { - rules: [ - { - host: if $.config.lbObject.endpoint != null && $.config.lbObject.endpoint != '' then $.config.lbObject.endpoint else namespace_values.loadBalancer.fixedHostNames[deployment_manifest.name], - http: { - paths: (if $.config.exposePortToLoadBalancer then [] else load_balancer_util.http_redirect_config) - + load_balancer_util.weighted_path_config($.config.serviceName) - + (if isSandbox then sandbox.sandbox($.config).albIngress.host.paths else - (load_balancer_util.path_config($.config.serviceName, $.config.servicePort, $.config.portFieldKey))), - }, - }, - ] + [ - { - host: endpoint, - http: { - paths: if $.config.subnetScheme == 'internetFacing' || - $.config.subnetScheme == 'internetFacingRestricted' then - load_balancer_util.http_redirect_config - else - load_balancer_util.create_sandbox_or_standard_paths($.config, isSandbox, sandbox), - }, - } - for endpoint in $.config.lbObject.additionalEndpoints - ] + [load_balancer_util.redirect_config($.config.lbObject.redirects[i], 'redirect-%s' % i) for i in std.range(0, std.length($.config.lbObject.redirects) - 1)], - - }, - }, - - std.range(0, std.length(filteredLoadBalancerWithAllPorts) - 1) -) diff --git a/templates/kibana.jsonnet b/templates/kibana.jsonnet deleted file mode 100644 index 6fb3c7e6..00000000 --- a/templates/kibana.jsonnet +++ /dev/null @@ -1,60 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; - -if deployment_manifest.deployment.elasticSearch.kibana != null then { - apiVersion: 'kibana.k8s.elastic.co/v1', - kind: 'Kibana', - metadata: { - name: deployment.elasticSearch.instance.instanceName + '-kibana', - namespace: deployment_manifest.environment + '-datastores', - labels: deployment.elasticSearch.kibanaLabels, - annotations: common.annotations, - }, - spec: { - version: deployment.elasticSearch.kibanaVersion, - image: deployment.elasticSearch.kibanaImage, - config: { - 'xpack.monitoring.enabled': true, - 'xpack.monitoring.ui.enabled': true, - 'xpack.monitoring.kibana.collection.enabled': true, - 'server.publicBaseUrl': 'https://' + deployment.elasticSearch.kibana, - }, - http: { - tls: { - selfSignedCertificate: { - disabled: true, - }, - }, - }, - count: 2, - elasticsearchRef: { - name: deployment.elasticSearch.instance.instanceName + '-elasticsearch', - }, - podTemplate: { - metadata: { - labels: deployment.elasticSearch.kibanaLabels, - }, - spec: { - nodeSelector: deployment.elasticSearch.esNodeSelector, - tolerations: deployment.elasticSearch.esTolerations, - containers: [ - { - name: 'kibana', - resources: { - requests: { - memory: '1Gi', - cpu: 0.5, - }, - limits: { - memory: '4Gi', - cpu: 2, - }, - }, - }, - ], - }, - }, - }, -} diff --git a/templates/kibana_ingress_endpoint.jsonnet b/templates/kibana_ingress_endpoint.jsonnet deleted file mode 100644 index e0416cf4..00000000 --- a/templates/kibana_ingress_endpoint.jsonnet +++ /dev/null @@ -1,83 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local namespace_values = import 'namespace_values.jsonnet'; -local load_balancer_util = import 'load_balancer_util.jsonnet'; -local util = import 'util.jsonnet'; - -local albTags = common.awsTags; -local ingressName = deployment.elasticSearch.instance.instanceName + '-kibana'; -local groupName = '%s-datastores-services-alb' % deployment_manifest.environment; -local annotations = namespace_values.loadBalancer.annotations; -local securityGroups = std.join(',', [ - annotations.securityGroups.internal, - annotations.securityGroups.officeIp, -]); -local lbObject = { - idleTimeout: 60, - accessPolicies: ['internal'], - accessLog: true, -}; -local subnetScheme = load_balancer_util.subnet_scheme(lbObject.accessPolicies); - -if deployment_manifest.deployment.elasticSearch.kibana != null then { - apiVersion: 'networking.k8s.io/v1', - kind: 'Ingress', - metadata: { - name: deployment.elasticSearch.instance.instanceName + '-kibana', - namespace: deployment_manifest.environment + '-datastores', - annotations: common.annotations { - 'kubernetes.io/ingress.class': 'alb', - 'alb.ingress.kubernetes.io/target-type': 'ip', - 'alb.ingress.kubernetes.io/ssl-policy': 'ELBSecurityPolicy-TLS-1-2-2017-01', - 'alb.ingress.kubernetes.io/listen-ports': load_balancer_util.listener_ports(lbObject), - 'alb.ingress.kubernetes.io/certificate-arn': annotations.sslCert[util.get_certs(std.objectFieldsAll(annotations.sslCert), deployment_manifest.deployment.elasticSearch.kibana)], - 'alb.ingress.kubernetes.io/scheme': 'internal', - 'alb.ingress.kubernetes.io/security-groups': securityGroups, - 'alb.ingress.kubernetes.io/load-balancer-attributes': load_balancer_util.load_balancer_attribute_list(lbObject, namespace_values.loadBalancer.annotations, groupName), - 'alb.ingress.kubernetes.io/tags': 'Name=shared-alb-%(name)s,Ingress=shared-alb-%(name)s,Owner=shared,Team=Shared,Product=%(Product)s,Environment=%(Environment)s' % (albTags { name: groupName }), - 'alb.ingress.kubernetes.io/actions.ssl-redirect': '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}', - 'alb.ingress.kubernetes.io/group.name': '%s' % groupName, - } - + ( - if load_balancer_util.subnet_scheme(lbObject.accessPolicies) in (annotations.subnets) then { - 'alb.ingress.kubernetes.io/subnets': annotations.subnets[subnetScheme], - } else {} - ), - }, - spec: { - rules: [ - { - host: deployment_manifest.deployment.elasticSearch.kibana, - http: { - paths: [ - { - backend: { - service: { - name: 'ssl-redirect', - port: { - name: 'use-annotation', - }, - }, - }, - pathType: 'ImplementationSpecific', - path: '/*', - }, - { - pathType: 'ImplementationSpecific', - backend: { - service: { - name: deployment.elasticSearch.instance.instanceName + '-kibana' + '-kb-http', - port: { - number: 5601, - }, - }, - }, - }, - ], - }, - }, - ], - }, -} diff --git a/templates/load_balancer_util.jsonnet b/templates/load_balancer_util.jsonnet deleted file mode 100644 index e226e5c6..00000000 --- a/templates/load_balancer_util.jsonnet +++ /dev/null @@ -1,142 +0,0 @@ -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local util = import 'util.jsonnet'; -local vars = import 'vars.jsonnet'; -local isSandbox = util.is_sandbox(deployment_manifest.environment); - -local alias(type) = if type == 'sharedalbacrossnamespace' then 'sharedalb' else type; - -{ - // Creates a comma separated list of security groups - security_group_list(accessPolicies, securityGroups, extraSecurityGroups):: - local accessPolicySecurityGroups = [if accessPolicy in securityGroups then securityGroups[accessPolicy] for accessPolicy in accessPolicies]; - local extraSGs = if std.objectHas(deployment_manifest.deployment, 'securityGroup') then std - .flattenArrays([if std.objectHas(sg, 'ids') then sg.ids for sg in deployment_manifest - .deployment.securityGroup]) else []; - std.join(',', accessPolicySecurityGroups + extraSGs), - - // Determines kind of subnet(internal or internetFacing or cdn) to use based on access policy. - subnet_scheme(accessPolicies):: - local scheme = std.setInter(std.set(accessPolicies), ['internal', 'internetFacing', 'internetFacingRestricted', 'cdn']); - assert std.length(scheme) == 1 : 'ValidationError: accessPolicies can only contain one out of internal, internetFacing, interetFacingRestricted & cdn'; - { internal: 'internal', internetFacing: 'internetFacing', internetFacingRestricted: 'internetFacingRestricted', cdn: 'cdn' }[scheme[0]], - - // Returns true if application is using aws application load balancer - is_using_lb(lbObjects, lbName):: - std.length(std.filter(function(lbObject) lbObject.type == lbName, lbObjects)) > 0, - - // Returns group name for sharedAlbAcrossNamespace if any - group_name(lbObject):: - if lbObject.groupName != null && lbObject.groupName != '' then - lbObject.groupName - else null, - - // Returns true if application is using aws target groups - is_using_tg(lbObjects):: - std.length(std.filter(function(lbObject) std.find(lbObject.type, ['alb', 'sharedAlbAcrossNamespace']) != [], lbObjects)) > 0, - - ingress_name(full_service_name, lbObject, expose=false):: - local name = if lbObject.name != null && lbObject.name != '' then - full_service_name + '-' + alias(std.asciiLower(lbObject.type)) + '-' + std.asciiLower(lbObject.name) - else - full_service_name + '-' + alias(std.asciiLower(lbObject.type)); - local finalName = if expose then name + '-exposed' else name; - finalName, - - alb_ingress_name(full_service_name):: - self.ingress_name(full_service_name, { type: 'alb', name: null }), - - load_balancer_attribute_list(lbObject, namespace_annotations, s3_key_prefix):: - local idleTimeout = 'idle_timeout.timeout_seconds=%s' % lbObject.idleTimeout; - local baseAttributes = if namespace_annotations.deletionProtection then idleTimeout + ',deletion_protection.enabled=true' else idleTimeout; - local accessLogAttributes = 'access_logs.s3.enabled=true,access_logs.s3.bucket=%s,access_logs.s3.prefix=%s' % [namespace_annotations.accessLogBucket, s3_key_prefix]; - std.join(',', [ - baseAttributes, - if lbObject.accessLog then accessLogAttributes, - ],), - - target_group_attribute_list(lbObject):: - local slowStartDurationAttribute = 'slow_start.duration_seconds=%s' % lbObject.slowStartDuration; - local sticknessAttribute = 'stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=%s' % lbObject.stickinessCookieDuration; - local tg_annotation = [ - if lbObject.slowStartDuration > 0 then slowStartDurationAttribute, - if lbObject.stickiness then sticknessAttribute, - ]; - std.join(',', std.prune(tg_annotation)), - - //Determines listener-ports to be added to the load-balaner - listener_ports(lbObject, exposeToLoadBalancer=false):: - local subnetScheme = $.subnet_scheme(lbObject.accessPolicies); - if exposeToLoadBalancer then - if lbObject.type == 'alb' then '[{"HTTPS": %s}]' % lbObject.port - else error 'ValidationError: secondary port can only be used with alb. Please change the loadbalancer type' - else - '[{ "HTTPS": 443 },{"HTTP": 80}]', - - //Returns path to be added to alb to enable HTTP to HTTPS redirection - http_redirect_config:: [{ - path: '/*', - pathType: 'ImplementationSpecific', - backend: { - service: { - name: 'ssl-redirect', - port: { - name: 'use-annotation', - }, - }, - }, - }], - - redirect_config(host, actionNaem):: { - host: host.hostname, - http: { - paths: [{ - path: host.path, - pathType: 'ImplementationSpecific', - backend: { - service: { - name: actionNaem, - port: { - name: 'use-annotation', - }, - }, - }, - }], - }, - }, - - weighted_path_config(serviceName):: if 'flink' in deployment_manifest then [] - else (if (deployment_manifest.deployment.controller == vars.rolloutController && deployment_manifest.deployment.strategy != vars.defaultDeploymentStrategy && !isSandbox) then [{ - path: '/*', - pathType: 'ImplementationSpecific', - backend: { - service: { - name: serviceName, - port: { - name: 'use-annotation', - }, - }, - }, - }] else []), - - path_config(serviceName, servicePort, portFieldKey='number'):: - [ - { - pathType: 'ImplementationSpecific', - backend: { - service: { - name: serviceName, - port: { - [portFieldKey]: servicePort, - }, - }, - }, - }, - ], - - create_sandbox_or_standard_paths(config, isSandboxEnabled=false, sandbox={}):: ( - if isSandboxEnabled then - sandbox.sandbox(config).albIngress.host.paths - else - $.path_config(config.serviceName, config.servicePort) - ), -} diff --git a/templates/main.jsonnet b/templates/main.jsonnet deleted file mode 100644 index d13b745e..00000000 --- a/templates/main.jsonnet +++ /dev/null @@ -1,97 +0,0 @@ -local common_api_gateways = import 'common_api_gateway.jsonnet'; -local configmap = import 'configmap.jsonnet'; -local cron_hpa_autoscaler = import 'cron_hpa_autoscaler.jsonnet'; -local default_alerts = import 'default_alerts.jsonnet'; -local deployment = import 'deployment.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local rollout = import 'rollout.jsonnet'; -local hpa = import 'hpa.jsonnet'; -local ingresses = import 'ingress.jsonnet'; -local kibana = import 'kibana.jsonnet'; -local kibana_ingress_endpoint = import 'kibana_ingress_endpoint.jsonnet'; -local pdb = import 'pdb.jsonnet'; -local perf_utility = import 'perf_utility.jsonnet'; -local rollout_analysis_template = import 'rollout_analysis_template.jsonnet'; -local sandbox = import 'sandbox/main.jsonnet'; -local secret = import 'secret.jsonnet'; -local security_group = import 'security_group.jsonnet'; -local service = import 'service.jsonnet'; -local service_monitor = import 'service_monitor.jsonnet'; -local sidecar = import 'sidecar.jsonnet'; -local cron_hpa_autoscaler = import 'cron_hpa_autoscaler.jsonnet'; -local elastic_search_secrets = import 'elasticsearch_secrets.jsonnet'; -local elastic_search = import 'elastic_search.jsonnet'; -local kibana = import 'kibana.jsonnet'; -local kibana_ingress_endpoint = import 'kibana_ingress_endpoint.jsonnet'; -local elasticsearch_sm_secrets = import 'elasticsearch_sm_secrets.jsonnet'; -local elasticsearch_servicemonitor = import 'elasticsearch_servicemonitor.jsonnet'; -local elasticsearch_alerts_default = import 'elasticsearch_alerts_default.jsonnet'; -local elasticsearch_snapshots = import 'elasticsearch_snapshots.jsonnet'; -local dynamic_configuration = import 'dynamic_configuration.jsonnet'; -local perf_utility = import 'perf_utility.jsonnet'; -local vpa = import 'vpa.jsonnet'; -local efs_pvc = import 'efs_persistent_volume_claim.jsonnet'; -local common_api_gateways = import 'common_api_gateway.jsonnet'; -local sandbox = import 'sandbox/main.jsonnet'; -local util = import 'util.jsonnet'; -local isSandbox = util.is_sandbox(deployment_manifest.environment); -local flink_deployment = import 'flink_deployment.jsonnet'; -local flink_session_job = import 'flink_session_job.jsonnet'; -local flink_service_account = import 'flink_service_account.jsonnet'; -local flink_role_binding = import 'flink_role_binding.jsonnet'; -local flink_default_alerts = import 'flink_default_alerts.jsonnet'; -local isflinkJob = std.objectHas(deployment_manifest, 'flink'); - -if isflinkJob then - ({ - '0_secret.json': secret, - '0_0_flink_deployment.json': flink_deployment, - '0_1_flink_session_job.json': flink_session_job, - '0_2_flink_service_account.json': flink_service_account, - '0_3_flink_role_binding.json': flink_role_binding, - '0_4_flink_default_alerts.json': flink_default_alerts, - } + { ['5_%s_ingress.json' % index]: ingresses[index] for index in std.range(0, std.length(ingresses) - 1) }) -else ({ - '0_secret.json': secret, - '1_configmap.json': configmap, - '2_sidecar.json': sidecar, - '3_service.json': service, - '4_deployment.json': deployment, - '4_rollout.json': rollout, - '4_0_rollout_analysis_template.json': rollout_analysis_template, - '6_pdb.json': pdb, - '7_service_monitor.json': service_monitor, - '8_default_alerts.json': default_alerts, - '9_hpa.json': hpa, - '11_cron_hpa_autoscaler.json': cron_hpa_autoscaler, - '12_elastic_search_secrets.json': elastic_search_secrets, - '13_elastic_search.json': elastic_search, - '14_kibana.json': kibana, - '15_kibana_ingress_endpoint.json': kibana_ingress_endpoint, - '16_elasticsearch_sm_secrets.json': elasticsearch_sm_secrets, - '17_elasticsearch_servicemonitor.json': elasticsearch_servicemonitor, - '18_elasticsearch_alerts_default.json': elasticsearch_alerts_default, - '19_elasticsearch_snapshots.json': elasticsearch_snapshots, - '20_dynamic_configuration.json': dynamic_configuration, - '21_perf_utility.json': perf_utility, - '22_vpa.json': vpa, - '23_efs_pvc.json': efs_pvc, - }) - + - (if isSandbox then { - '0_0_namespace.json': sandbox.sandbox().namespace, - '0_1_iam_role.json': sandbox.sandbox().iamRole, - '30_role_binding.json': sandbox.sandbox().roleBinding, - '31_access_role_binding.json': sandbox.sandbox().accessRoleBinding, - '32_access_role.json': sandbox.sandbox().accessRole, - } else {}) - + - (if ingresses != null then - { ['5_%s_ingress.json' % index]: ingresses[index] for index in std.range(0, std.length(ingresses) - 1) } - + - if security_group != null then - { ['10_%s_security_group.json' % index]: security_group[index] for index in std.range(0, std.length - (security_group) - 1) } else {}) - + - (if common_api_gateways != null then - { ['23_%s_common_api_gateways.json' % index]: common_api_gateways[0].items[index] for index in std.range(0, std.length(common_api_gateways[0].items) - 1) }) diff --git a/templates/manifest_util.jsonnet b/templates/manifest_util.jsonnet deleted file mode 100644 index d1b886dd..00000000 --- a/templates/manifest_util.jsonnet +++ /dev/null @@ -1,17 +0,0 @@ -{ - is_alert_defined(deployment, alertName):: - if ('alerts' in deployment && alertName in deployment.alerts) then true else false, - - is_database_present(deploymentManifest):: - if ('extraResources' in deploymentManifest && deploymentManifest.extraResources != null) then - if ('database' in deploymentManifest.extraResources) then - local database = deploymentManifest.extraResources.database; - 'instanceName' in database && database.instanceName != '' - else false - else false, - is_dynamic_config_present(deploymentManifest):: - if ('dynamicConfiguration' in deploymentManifest && deploymentManifest.dynamicConfiguration != null && deploymentManifest.dynamicConfiguration != []) then true else false, - - is_custom_slack_channel_enabled(alert):: - if ('slackChannel' in alert && alert.slackChannel != null && alert.slackChannel != '') then true else false, -} diff --git a/templates/namespace_values.jsonnet b/templates/namespace_values.jsonnet deleted file mode 100644 index dca39ab1..00000000 --- a/templates/namespace_values.jsonnet +++ /dev/null @@ -1,19 +0,0 @@ -local cluster_values = import 'cluster_values.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; - -assert deployment_manifest.cluster in cluster_values : - 'ValidationError: Unrecognized cluster - %s' % deployment_manifest.cluster; - -local cluster_config = cluster_values[deployment_manifest.cluster]; -local manifest_namespace = if 'flink' in deployment_manifest then deployment_manifest.flink.namespace else deployment_manifest.deployment.namespace; - - -// Use default namespace values for a cluster if specific namespace values not present -local namespace_values = - if manifest_namespace in cluster_config - then - cluster_config[manifest_namespace] - else - cluster_config.default; - -namespace_values diff --git a/templates/pdb.jsonnet b/templates/pdb.jsonnet deleted file mode 100644 index efb1d588..00000000 --- a/templates/pdb.jsonnet +++ /dev/null @@ -1,20 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; - -if deployment_manifest.deployment.instance.count > 1 then { - apiVersion: 'policy/v1beta1', - kind: 'PodDisruptionBudget', - metadata: { - name: chart.full_service_name(deployment_manifest.deployment.name) + '-pdb', - labels: common.labels, - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: { - maxUnavailable: '15%', - selector: { - matchLabels: common.matchLabels, - }, - }, -} diff --git a/templates/perf_utility.jsonnet b/templates/perf_utility.jsonnet deleted file mode 100644 index e17421cf..00000000 --- a/templates/perf_utility.jsonnet +++ /dev/null @@ -1,289 +0,0 @@ -local chart = import 'chart.jsonnet'; -local cluster_values = import 'cluster_values.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local namespace_values = import 'namespace_values.jsonnet'; -local util = import 'util.jsonnet'; -local load_balancer_util = import 'load_balancer_util.jsonnet'; - -local albTags = common.awsTags; -local ingressName = deployment.name + '-mock-server'; -local postgresServiceName = deployment.name + '-postgres-server'; -local mockEndpointName = deployment.name + '-perf-mock'; -local postgresEndpointName = deployment.name + '-perf-postgres'; -local domainEndpoint = cluster_values.perfDomainEndpoint[deployment_manifest.infraVertical]; -local lbObject = { - idleTimeout: 60, - accessPolicies: ['internal'], - accessLog: true, -}; -local subnetScheme = load_balancer_util.subnet_scheme(lbObject.accessPolicies); -local annotations = namespace_values.loadBalancer.annotations; -local groupName = 'perf-internal'; -local securityGroups = std.join(',', [ - annotations.securityGroups.internal, - annotations.securityGroups.officeIp, -]); - -if deployment_manifest.environment == 'perf' && (deployment_manifest.deployment.perfUtility.mockServerEnabled || deployment_manifest.deployment.perfUtility.postgresServerEnabled) == true then { - apiVersion: 'v1', - kind: 'List', - items: - (if deployment_manifest.deployment.perfUtility.mockServerEnabled then [ - { - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: deployment.name + '-mock-server', - labels: common.perfMockServerLabels, - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: { - progressDeadlineSeconds: 1500, - selector: { - matchLabels: { - app: chart.service_name, - release: deployment.name + '-mock-server', - }, - }, - template: { - metadata: { - labels: common.perfMockServerLabels, - }, - spec: { - containers: [{ - name: 'mock-server', - image: deployment_manifest.deployment.perfUtility.mockServerImage, - imagePullPolicy: 'IfNotPresent', - resources: { - requests: { - memory: '2Gi', - cpu: '1', - }, - limits: { - memory: '2Gi', - cpu: '1', - }, - }, - }], - }, - }, - }, - }, - { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: deployment.name + '-mock-server', - labels: common.perfMockServerLabels, - namespace: deployment_manifest.deployment.namespace, - }, - spec: { - selector: { - app: chart.service_name, - release: deployment.name + '-mock-server', - }, - type: 'ClusterIP', - ports: [ - { - name: 'service-port', - port: 1080, - protocol: 'TCP', - targetPort: 1080, - }, - ], - }, - }, - { - apiVersion: 'networking.k8s.io/v1', - kind: 'Ingress', - metadata: { - name: deployment.name + '-mock-server', - annotations: { - 'kubernetes.io/ingress.class': 'alb', - 'alb.ingress.kubernetes.io/target-type': 'ip', - 'alb.ingress.kubernetes.io/ssl-policy': 'ELBSecurityPolicy-TLS-1-2-2017-01', - 'alb.ingress.kubernetes.io/listen-ports': load_balancer_util.listener_ports(lbObject), - 'alb.ingress.kubernetes.io/certificate-arn': annotations.sslCert[util.get_certs(std.objectFieldsAll(annotations.sslCert), mockEndpointName + domainEndpoint)], - 'alb.ingress.kubernetes.io/scheme': 'internal', - 'alb.ingress.kubernetes.io/security-groups': securityGroups, - 'alb.ingress.kubernetes.io/load-balancer-attributes': load_balancer_util.load_balancer_attribute_list(lbObject, namespace_values.loadBalancer.annotations, groupName), - 'alb.ingress.kubernetes.io/tags': 'Name=shared-alb-%(name)s,Ingress=shared-alb-%(name)s,Owner=shared,Team=Shared,Product=%(Product)s,Environment=%(Environment)s' % (albTags { name: groupName }), - 'alb.ingress.kubernetes.io/actions.ssl-redirect': '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}', - 'alb.ingress.kubernetes.io/group.name': '%s' % groupName, - } - + ( - if load_balancer_util.subnet_scheme(lbObject.accessPolicies) in (annotations.subnets) then { - 'alb.ingress.kubernetes.io/subnets': annotations.subnets[subnetScheme], - } else {} - ), - namespace: deployment_manifest.deployment.namespace, - }, - spec: { - rules: [ - { - host: mockEndpointName + domainEndpoint, - http: { - paths: [ - { - pathType: 'ImplementationSpecific', - backend: { - service: { - name: 'ssl-redirect', - port: { - name: 'use-annotation', - }, - }, - }, - path: '/*', - }, - { - pathType: 'ImplementationSpecific', - backend: { - service: { - name: deployment.name + '-mock-server', - port: { - number: 1080, - }, - }, - }, - }, - ], - }, - }, - ], - }, - }, - ] else []) + - (if deployment_manifest.deployment.perfUtility.postgresServerEnabled then [ - { - apiVersion: 'v1', - kind: 'Secret', - metadata: { - name: deployment.name + '-postgres-secret', - labels: common.perfPostgresServerLabels, - namespace: deployment_manifest.deployment.namespace, - }, - type: 'Opaque', - data: { password: 'cG9zdGdyZXNwZXJmcGFzc3dvcmQK' }, - }, - { - apiVersion: 'v1', - kind: 'PersistentVolumeClaim', - metadata: { - name: deployment.name + '-postgres-storage', - labels: common.perfPostgresServerLabels, - namespace: deployment_manifest.deployment.namespace, - }, - spec: { - accessModes: ['ReadWriteOnce'], - resources: { - requests: { - storage: deployment_manifest.deployment.perfUtility.postgresDbConfig.storage, - }, - }, - storageClassName: 'gp2', - }, - }, - { - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: deployment.name + '-postgres-server', - labels: common.perfPostgresServerLabels, - namespace: deployment_manifest.deployment.namespace, - }, - spec: { - progressDeadlineSeconds: 1500, - selector: { - matchLabels: { - app: chart.service_name, - release: deployment.name + '-postgres-server', - }, - }, - template: { - metadata: { - labels: common.perfPostgresServerLabels, - }, - spec: { - containers: [{ - name: 'postgres', - image: deployment_manifest.deployment.perfUtility.postgresServerImage, - imagePullPolicy: 'IfNotPresent', - env: [ - { - name: 'POSTGRES_PASSWORD', - valueFrom: { - secretKeyRef: { - name: deployment.name + '-postgres-secret', - key: 'password', - }, - }, - }, - { - name: 'PGDATA', - value: '/var/lib/postgresql/data/pgdata', - }, - ], - resources: { - requests: { - memory: deployment_manifest.deployment.perfUtility.postgresDbConfig.memory, - cpu: deployment_manifest.deployment.perfUtility.postgresDbConfig.cpu, - }, - limits: { - memory: deployment_manifest.deployment.perfUtility.postgresDbConfig.memory, - cpu: deployment_manifest.deployment.perfUtility.postgresDbConfig.cpu, - }, - }, - volumeMounts: [ - { - name: deployment.name + '-postgres-storage', - mountPath: '/var/lib/postgresql/data', - }, - ], - }], - volumes: [ - { - name: deployment.name + '-postgres-storage', - persistentVolumeClaim: { - claimName: deployment.name + '-postgres-storage', - }, - }, - ], - }, - }, - }, - }, - { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: deployment.name + '-postgres-server', - labels: common.perfPostgresServerLabels, - annotations: { - 'external-dns.alpha.kubernetes.io/hostname': postgresEndpointName + domainEndpoint, - 'service.beta.kubernetes.io/aws-load-balancer-internal': '0.0.0.0/0', - 'service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags': 'Environment=%(Environment)s,Owner=%(Owner)s,Name=%(Name)s,Team=%(Team)s,Product=%(Product)s' % (albTags { ingressName: postgresServiceName }), - }, - namespace: deployment_manifest.deployment.namespace, - }, - spec: { - selector: { - app: chart.service_name, - release: deployment.name + '-postgres-server', - }, - type: 'LoadBalancer', - ports: [ - { - name: 'service-port', - port: 5432, - protocol: 'TCP', - targetPort: 5432, - }, - ], - }, - }, - ] else []), -} diff --git a/templates/pod_template.jsonnet b/templates/pod_template.jsonnet deleted file mode 100644 index 5b4da4bb..00000000 --- a/templates/pod_template.jsonnet +++ /dev/null @@ -1,363 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment_util = import 'deployment_util.jsonnet'; -local health_check_values = import 'health_check_values.jsonnet'; -local port_map = import 'port_map.jsonnet'; -local util = import 'util.jsonnet'; -local vars = import 'vars.jsonnet'; -local environments = vars.environments; -local deployment = deployment_manifest.deployment; -local environment = deployment_manifest.environment; -local readinessCheck = deployment.healthChecks.readinessCheck; -local livenessCheck = deployment.healthChecks.livenessCheck; -local startupProbe = deployment.healthChecks.startupProbe; -local exposedPorts = deployment_manifest.deployment.exposedPorts; -local manifest_util = import 'manifest_util.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local vars = import 'vars.jsonnet'; -local image = util.get_image(deployment.image, environment); -assert image != 'null' : '[IMAGE or deployment.image] cannot be null'; - -local isSandbox = util.is_sandbox(environment); -local sandbox = import 'sandbox/main.jsonnet'; -local sandboxConfig = sandbox.sandbox(); - -// Conditions to check if heap-dump sidecar has to be enabled or not -local isEfsNeeded = deployment_util.isEfsNeeded(deployment); -local isFsxNeeded = deployment_util.isFsxNeeded(deployment); -local mandatoryHeapDumpString = '-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/dumps'; -local errorLogFileString = '-XX:ErrorFile=/dumps/hs_err_pid%p.log'; -local envKeys = [e.name for e in deployment_manifest.environmentVariables]; -local jvmOptionsExists = std.length(std.find('JVM_OPTS', envKeys)); -local isSwApmEnabled = deployment_manifest.isSwApmEnabled; -local jvmParameter = [e for e in deployment_manifest.environmentVariables if std.toString(e.name) == 'JVM_OPTS'][0]; -local heapDumpEnabled = if !isSandbox && (jvmOptionsExists > 0 && (std.length(std.findSubstr(mandatoryHeapDumpString, std.toString(jvmParameter.value))) > 0 - || std.length(std.findSubstr(errorLogFileString, std.toString(jvmParameter.value))) > 0)) then true else false; - -//# Sandbox - -// GPU -local isGPUEnabled = if deployment.instance.gpu == 0 then false else true; - -// Required to form S3 bucket name for heap-dumps -local bucketEnvironment = if deployment_manifest.environment == environments.prod then environments.prod else 'nonprod'; -local bucketName = 'java-heap-dumps-' + deployment_manifest.infraVertical + '-' + bucketEnvironment; -local hasEnvironmentFile = if 'environmentFile' in deployment then true else false; - -local needsAWSAccess = if util.is_field_present(deployment_manifest.extraResources, 'aws_access') - && util.is_field_present(deployment_manifest.extraResources.aws_access, 'policies') - && std.length(deployment_manifest.extraResources.aws_access.policies) > 0 then true else false; - -local roleName = (if ('roleName' in deployment_manifest.extraResources.aws_access && deployment_manifest.extraResources.aws_access.roleName != '') then deployment_manifest.extraResources.aws_access.roleName else chart.full_service_name(deployment.name)) + '-' + deployment_manifest.environment; - -local istioInboundPortsAnnotation = if deployment.disableIstio then - { 'sidecar.istio.io/inject': 'false' } -else - { - 'traffic.sidecar.istio.io/excludeInboundPorts': std.join(',', std.map(function(exposedPort) std.toString(exposedPort.port), exposedPorts)), - 'traffic.sidecar.istio.io/includeInboundPorts': '*', - }; - -local injectSwAgent(isSwApmEnabled) = ( - if isSwApmEnabled then [ - { - name: 'agent-container', - image: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/skywalking-java-agent:8.7.0-alpine', - volumeMounts: [ - { - name: 'skywalking-agent', - mountPath: '/agent', - }, - ], - command: [ - '/bin/sh', - ], - args: [ - '-c', - 'cp -R /skywalking/agent /agent/ && cp /skywalking/agent/optional-plugins/apm-kotlin-coroutine-plugin-8.7.0.jar /agent/agent/plugins', - ], - securityContext: { - runAsUser: 4000, - }, - }, - ] - else null -); - -local topologicalSpreadConstraints = [ - { - maxSkew: 1, - topologyKey: 'topology.kubernetes.io/zone', - whenUnsatisfiable: 'DoNotSchedule', - labelSelector: { - matchLabels: common.matchLabels, - }, - }, -]; - -{ - metadata: { - labels: common.labels, - annotations: common.annotations + istioInboundPortsAnnotation, - }, - spec: { - [if isSandbox then 'securityContext']: sandboxConfig.securityContext, - initContainers: injectSwAgent(isSwApmEnabled), - [if deployment_manifest.environment == environments.prod then 'topologySpreadConstraints' else null]: topologicalSpreadConstraints, - [if isGPUEnabled then 'nodeSelector']: deployment.instance.gpuNodeSelector, - [if isGPUEnabled then 'tolerations']: deployment.instance.gpuTolerations, - containers: - (if heapDumpEnabled then [{ - name: 'push-heap-dump', - image: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/java-heap-dump-manager:v7d6dad2b5a2431412b8183c9707f93b5dcb05287', - resources: { - limits: { - memory: '128Mi', - cpu: '100m', - }, - requests: { - memory: '128Mi', - cpu: '100m', - }, - }, - env: [ - { - name: 'AWS_DEFAULT_REGION', - value: 'ap-south-1', - }, - { - name: 'AWS_SHARED_CREDENTIALS_FILE', - value: '/meta/aws-iam/credentials.process', - }, - { - name: 'AWS_CREDENTIAL_PROFILES_FILE', - value: '/meta/aws-iam/credentials', - }, - { - name: 'SERVICE_NAME', - value: chart.full_service_name(deployment.name), - }, - { - name: 'S3_BUCKET', - value: if 'heapDumpBucket' in namespace_values then namespace_values.heapDumpBucket else bucketName, - }, - { - name: 'ENVIRONMENT', - value: deployment_manifest.environment, - }, - ], - volumeMounts: [ - { - name: 'aws-iam-credentials-heap-dump', - mountPath: '/meta/aws-iam', - readOnly: true, - }, - { - name: 'heap-dumps', - mountPath: '/dumps', - }, - ], - }] else []) + - [ - { - env: [ - { - name: e.name, - valueFrom: { - secretKeyRef: { - name: chart.full_service_name(deployment.name) + '-secret', - key: e.name, - }, - }, - } - for e in deployment_manifest.environmentVariables - ] + (if needsAWSAccess && namespace_values.zalandoEnabled then [ - { - name: 'AWS_SHARED_CREDENTIALS_FILE', - value: '/meta/aws-iam/credentials.process', - }, - { - name: 'AWS_CREDENTIAL_PROFILES_FILE', - value: '/meta/aws-iam/credentials', - }, - ] else []) - // Adding md5 to make sure deployment is retrigerred if just values are changed - + [{ name: 'secretMd5', value: std.md5(std.toString(deployment_manifest.environmentVariables)) }] - + (if 'environmentFile' in deployment then - [{ name: 'environmentFileMd5', value: std.md5(std.toString(deployment.environmentFile)) }] - else []) - + ( - if isSwApmEnabled then - [ - { - name: 'JAVA_TOOL_OPTIONS', - value: '-javaagent:/skywalking/agent/skywalking-agent.jar', - }, - { - name: 'SW_AGENT_COLLECTOR_BACKEND_SERVICES', - value: vars.swBackend + ':' + vars.swPort, - }, - { - name: 'SW_AGENT_NAMESPACE', - value: deployment_manifest.deployment.namespace, - }, - { - name: 'SW_AGENT_NAME', - value: deployment.name, - }, - { - name: 'SW_LOGGING_OUTPUT', - value: 'CONSOLE', - }, - { - name: 'ELASTIC_APM_ENABLED', - value: 'false', - }, - { - name: 'ELASTIC_APM_ACTIVE', - value: 'false', - }, - ] else [] - ), - image: image, //Directly passed to jssonnet via --ext-str command - imagePullPolicy: deployment.imagePullPolicy, - lifecycle: { - preStop: { - exec: { - command: ['sleep', if deployment_manifest.environment == 'prod' then std.toString - (0.8 * $.spec.terminationGracePeriodSeconds) else std.toString(0.5 * $.spec.terminationGracePeriodSeconds)], - }, - }, - }, - resources: { - limits: { - memory: if deployment.isVpaEnabled then deployment.instance.minMemory else deployment.instance.memory, - cpu: ( - if deployment.isVpaEnabled then - (if environment == environments.prod then deployment.instance.minCPU * 1.75 else deployment.instance.minCPU * 1.5) - else deployment.instance.cpu - ), - } + (if isGPUEnabled then { 'nvidia.com/gpu': deployment.instance.gpu } else {}), - requests: { - memory: if deployment.isVpaEnabled then deployment.instance.minMemory else deployment.instance.memory, - cpu: if deployment.isVpaEnabled then deployment.instance.minCPU else deployment.instance.cpu, - } + (if isGPUEnabled then { 'nvidia.com/gpu': deployment.instance.gpu } else {}), - }, - name: chart.full_service_name(deployment.name), - ports: port_map.getContainerPorts, - volumeMounts: - (if (isFsxNeeded) then - std.map(function(fsx) { - name: fsx.name, - mountPath: fsx.mountPath, - }, deployment.fsx) - else []) + - (if (isEfsNeeded) then - std.map(function(efs) { - name: efs.name, - mountPath: efs.mountPath, - }, deployment.efs) - else []) + - (if needsAWSAccess && namespace_values.zalandoEnabled then - [{ - name: 'aws-iam-credentials', - mountPath: '/meta/aws-iam', - readOnly: true, - }] else []) + - (if hasEnvironmentFile then - [{ - mountPath: util.parent_dir(deployment.environmentFile.path), - name: 'environment-file-volume', - }] else []) + - (if manifest_util.is_dynamic_config_present(deployment_manifest) then - [{ - mountPath: '/var/navi-app/dynamic_configuration', - name: 'dynamic-config-volume', - }] else []) + - (if heapDumpEnabled then - [{ - mountPath: '/dumps', - name: 'heap-dumps', - }] else []) + - (if isSwApmEnabled then - [{ - name: 'skywalking-agent', - mountPath: '/skywalking', - }] else []) + - [{ - mountPath: secret.path, - name: secret.name, - } for secret in deployment.mountSecrets], - [if util.is_readiness_probe_enabled(deployment.image, environment) then 'readinessProbe']: health_check_values.generator(readinessCheck)[readinessCheck.type], - [if util.is_liveness_probe_enabled(deployment.image, environment) then 'livenessProbe']: health_check_values.generator(livenessCheck)[livenessCheck.type], - [if util.is_startup_probe_enabled(deployment.healthChecks.startupProbeEnabled, deployment.image, environment) then 'startupProbe']: health_check_values.generator(startupProbe)[startupProbe.type], - }, - ], - terminationGracePeriodSeconds: deployment.terminationGracePeriodSeconds, - dnsConfig: { - options: [ - { - name: 'ndots', - value: '2', - }, - ], - }, - volumes: - (if (isFsxNeeded) then - std.map(function(fsx) { - name: fsx.name, - persistentVolumeClaim: { - claimName: fsx.name, - }, - }, deployment.fsx) - else []) + - (if (isEfsNeeded) then - std.map(function(efs) { - name: efs.name, - persistentVolumeClaim: { - claimName: chart.full_service_name(deployment.name) + '-' + efs.name, - }, - }, deployment.efs) - else []) + - (if hasEnvironmentFile then - [{ - configMap: { - name: chart.full_service_name(deployment.name) + '-cm', - }, - name: 'environment-file-volume', - }] else []) + - (if manifest_util.is_dynamic_config_present(deployment_manifest) then - [{ - name: 'dynamic-config-volume', - secret: { - secretName: chart.full_service_name(deployment_manifest.deployment.name) + '-dynamic-secret', - }, - }] else []) + - (if needsAWSAccess && namespace_values.zalandoEnabled then - [{ - name: 'aws-iam-credentials', - secret: { - secretName: roleName, - }, - }] else []) + - (if heapDumpEnabled then - [{ - name: 'heap-dumps', - emptyDir: {}, - }] else []) + - (if heapDumpEnabled then - [{ - name: 'aws-iam-credentials-heap-dump', - secret: { - secretName: 'java-heap-dump-bucket-role', - }, - }] else []) + - (if isSwApmEnabled then - [{ - name: 'skywalking-agent', - emptyDir: {}, - }] else []) + - [{ name: secret.name, secret: { secretName: secret.name } } for secret in deployment.mountSecrets], - } + (if (needsAWSAccess && !namespace_values.zalandoEnabled) then { serviceAccountName: roleName } else {}), -} diff --git a/templates/port_map.jsonnet b/templates/port_map.jsonnet deleted file mode 100644 index a502209e..00000000 --- a/templates/port_map.jsonnet +++ /dev/null @@ -1,50 +0,0 @@ -local chart = import 'chart.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local exposedPorts = if std.objectHas(deployment_manifest, 'flink') then - [{ name: chart.full_service_name(deployment_manifest.name) + '-rest', port: 'rest' }] -else - deployment_manifest.deployment.exposedPorts; - -{ - hasPort(ports, portName):: if portName in self.parsePorts(ports) then true else false, - parsePorts(ports):: { - [port.name]: port.port - for port in ports - }, - getServicePorts:: [ - { - name: port.name, - port: port.port, - protocol: 'TCP', - targetPort: port.port, - } - for port in exposedPorts - ], - getPortsforClusterIPService:: [ - { - name: port.name, - port: port.port, - protocol: 'TCP', - nodePort: null, - targetPort: port.port, - } - for port in exposedPorts - ], - getContainerPorts:: [ - { - containerPort: port.port, - protocol: 'TCP', - } - for port in exposedPorts - ], - getPort(portName):: if portName in self.parsePorts(exposedPorts) then self.parsePorts(exposedPorts)[portName] else null, - isGrpcEnabled(name):: ( - local result = std.filter(function(obj) obj.name == name, exposedPorts); - if std.length(result) == 0 then - false - else if 'enableGrpc' in result[0] then - result[0].enableGrpc - else - false - ), -} diff --git a/templates/rollout.jsonnet b/templates/rollout.jsonnet deleted file mode 100644 index 47ff281f..00000000 --- a/templates/rollout.jsonnet +++ /dev/null @@ -1,31 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment_util = import 'deployment_util.jsonnet'; -local pod_template = import 'pod_template.jsonnet'; -local deployment = deployment_manifest.deployment; -local vars = import 'vars.jsonnet'; -local strategyConfig = deployment.strategy.config; - -if (deployment.controller == vars.rolloutController) then { - apiVersion: 'argoproj.io/v1alpha1', - kind: 'Rollout', - metadata: { - name: chart.full_service_name(deployment.name), - labels: common.labels { - linkConfig: std.toString(deployment_manifest.deployment.isLinkConfig), - }, - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: { - progressDeadlineSeconds: deployment.progressDeadlineSeconds, - selector: { - matchLabels: common.matchLabels, - }, - template: pod_template, - strategy: if deployment.strategy == 'canary' then deployment_util.strategy.canary(if 'canaryConfig' in deployment.strategyConfig then deployment.strategyConfig.canaryConfig else {}) - else if deployment.strategy == 'rollingUpdateWithCanaryMixIn' then deployment_util.strategy.rollingUpdateWithCanaryMixIn(deployment.strategyConfig.rollingUpdateWithCanaryMixInConfig) - else deployment_util.strategy.rollingUpdate(), - }, -} diff --git a/templates/rollout_analysis_template.jsonnet b/templates/rollout_analysis_template.jsonnet deleted file mode 100644 index 8519c12c..00000000 --- a/templates/rollout_analysis_template.jsonnet +++ /dev/null @@ -1,33 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local vars = import 'vars.jsonnet'; -local templateEnabled = if 'analysisTemplate' in deployment.strategyConfig then true else false; - -if (deployment.controller == vars.rolloutController && templateEnabled) then { - apiVersion: 'argoproj.io/v1alpha1', - kind: 'AnalysisTemplate', - metadata: { - name: chart.full_service_name(deployment.name), - labels: common.labels, - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: { - metrics: [ - { - name: 'degrade-rollout', - interval: deployment.strategyConfig.analysisTemplate.interval, - successCondition: 'result' + deployment.strategyConfig.analysisTemplate.operator + deployment.strategyConfig.analysisTemplate.threshold, - failureLimit: deployment.strategyConfig.analysisTemplate.failureLimit, - provider: { - prometheus: { - address: 'http://prometheus-kube-prometheus.monitoring.svc.cluster.local:9090', - query: deployment.strategyConfig.analysisTemplate.query, - }, - }, - }, - ], - }, -} diff --git a/templates/sandbox/access_role.jsonnet b/templates/sandbox/access_role.jsonnet deleted file mode 100644 index ad929e2f..00000000 --- a/templates/sandbox/access_role.jsonnet +++ /dev/null @@ -1,80 +0,0 @@ -local common = import '../common.jsonnet'; -local deployment_manifest = import '../deployment_manifest.jsonnet'; -local namespace = deployment_manifest.deployment.namespace; - -{ - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', - metadata: { - name: namespace + '-full-access', - namespace: namespace, - labels: common.labels - }, - rules: [ - { - apiGroups: [""], - resources: [ - "configmaps", - "endpoints", - "persistentvolumeclaims", - "pods", - "replicationcontrollers", - "replicationcontrollers/scale", - "serviceaccounts", - "services", - "events", - "limitranges", - "pods/log", - "pods/status", - "replicationcontrollers/status", - "resourcequotas", - "resourcequotas/status", - ], - verbs: ["get", "list", "watch"], - }, - { - apiGroups: ["apps"], - resources: [ - "controllerrevisions", - "daemonsets", - "deployments", - "deployments/scale", - "replicasets", - "replicasets/scale", - "statefulsets", - "statefulsets/scale", - ], - verbs: ["get", "list", "watch"], - }, - { - apiGroups: ["autoscaling"], - resources: ["horizontalpodautoscalers"], - verbs: ["get", "list", "watch"], - }, - { - apiGroups: ["batch"], - resources: ["cronjobs", "jobs"], - verbs: ["get", "list", "watch"], - }, - { - apiGroups: ["policy"], - resources: ["poddisruptionbudgets"], - verbs: ["get", "list", "watch"], - }, - { - apiGroups: ["networking.k8s.io"], - resources: ["ingresses", "networkpolicies"], - verbs: ["get", "list", "watch"], - }, - { - apiGroups: [""], - resources: ["configmaps", "pods/portforward", "pods/exec"], - verbs: ["get", "update", "create"], - }, - { - apiGroups: ["apps"], - resources: ["deployments"], - verbs: ["create", "update", "patch", "delete"], - }, - ], -} \ No newline at end of file diff --git a/templates/sandbox/access_role_binding.jsonnet b/templates/sandbox/access_role_binding.jsonnet deleted file mode 100644 index 0a9e7887..00000000 --- a/templates/sandbox/access_role_binding.jsonnet +++ /dev/null @@ -1,26 +0,0 @@ -local common = import '../common.jsonnet'; -local deployment_manifest = import '../deployment_manifest.jsonnet'; -local sandboxParams = deployment_manifest.sandboxParams; -local namespace = deployment_manifest.deployment.namespace; - -{ - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: namespace + "-full-access", - namespace: namespace, - labels: common.labels - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: namespace + '-full-access', - }, - subjects: [ - { - apiGroup: "rbac.authorization.k8s.io", - kind: "User", - name: "remote-"+sandboxParams.email+"-teleport.cmd.navi-tech.in" - } - ] -} \ No newline at end of file diff --git a/templates/sandbox/aws_iam_role.jsonnet b/templates/sandbox/aws_iam_role.jsonnet deleted file mode 100644 index e8ed2973..00000000 --- a/templates/sandbox/aws_iam_role.jsonnet +++ /dev/null @@ -1,36 +0,0 @@ -local chart = import '../chart.jsonnet'; -local common = import '../common.jsonnet'; -local deployment_manifest = import '../deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local sourceEnvironment = deployment_manifest.sandboxParams.source.environment; -local environment = deployment_manifest.environment; -local full_name = chart.full_service_name(deployment.name); -local namespace_values = import '../namespace_values.jsonnet'; - -if (deployment_manifest.extraResources != null - && 'aws_access' in deployment_manifest.extraResources) then - if (namespace_values.zalandoEnabled) then { - apiVersion: 'zalando.org/v1', - kind: 'AWSIAMRole', - metadata: { - name: '%s-%s' % [full_name, environment], - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: { - roleReference: '%s-%s' % [full_name, sourceEnvironment], - }, - } else { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - annotations: { - 'eks.amazonaws.com/role-arn': 'arn:aws:iam::%s:role/%s-%s' % [namespace_values.awsAccountId, full_name, sourceEnvironment], - 'eks.amazonaws.com/sts-regional-endpoints': 'true', - 'eks.amazonaws.com/token-expiration': '10800', - }, - name: '%s-%s' % [full_name, environment], - namespace: deployment_manifest.deployment.namespace, - }, - } -else null diff --git a/templates/sandbox/main.jsonnet b/templates/sandbox/main.jsonnet deleted file mode 100644 index a52f1b1d..00000000 --- a/templates/sandbox/main.jsonnet +++ /dev/null @@ -1,53 +0,0 @@ -local namespace = import "namespace.jsonnet"; -local roleBinding = import "role_binding.jsonnet"; -local accessRole = import "access_role.jsonnet"; -local accessRoleBinding = import "access_role_binding.jsonnet"; -local deployment_manifest = import '../deployment_manifest.jsonnet'; -local namespace = import 'namespace.jsonnet'; -local sandboxParams = deployment_manifest.sandboxParams; -local roleBinding = import 'role_binding.jsonnet'; -local groupOrder = '20'; -local awsIamRole = import 'aws_iam_role.jsonnet'; -{ - sandbox: function(config={}) { - local _config = { - routingKey: if sandboxParams != null then sandboxParams.routingKey, - serviceName: null, - servicePort: null, - } + config, - namespace: namespace, - roleBinding: roleBinding, - securityContext: { - runAsUser: 0, - }, - albIngress: { - annotations: { - assert _config.serviceName != null : 'serviceName is required', - assert _config.servicePort != null : 'servicePort is required', - assert _config.routingKey != null : 'routingKey is required', - 'alb.ingress.kubernetes.io/actions.sandbox': '{"Type":"forward","ForwardConfig":{"TargetGroups":[{"ServiceName":"%s","ServicePort":"%s","Weight":100}]}}' % [_config.serviceName, _config.servicePort], - 'alb.ingress.kubernetes.io/conditions.sandbox': '[{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "routing_key", "values":["%s"]}}]' % _config.routingKey, - 'alb.ingress.kubernetes.io/group.order': groupOrder, - }, - host: { - paths: [ - { - pathType: 'ImplementationSpecific', - backend: { - service: { - name: 'sandbox', - port: { - name: 'use-annotation', - }, - }, - }, - }, - ], - }, - }, - rolebinding: roleBinding, - accessRoleBinding: accessRoleBinding, - accessRole: accessRole, - iamRole: awsIamRole - }, -} \ No newline at end of file diff --git a/templates/sandbox/namespace.jsonnet b/templates/sandbox/namespace.jsonnet deleted file mode 100644 index bbcbb52f..00000000 --- a/templates/sandbox/namespace.jsonnet +++ /dev/null @@ -1,17 +0,0 @@ -local common = import '../common.jsonnet'; -local deployment_manifest = import '../deployment_manifest.jsonnet'; -local namespace = deployment_manifest.deployment.namespace; - -local metadata = { - labels: { - privilege: 'true', - prometheus: 'kube-prometheus', - }, - name: namespace, -}; - -{ - apiVersion: 'v1', - kind: 'Namespace', - metadata: metadata, -} diff --git a/templates/sandbox/role_binding.jsonnet b/templates/sandbox/role_binding.jsonnet deleted file mode 100644 index 76232fa6..00000000 --- a/templates/sandbox/role_binding.jsonnet +++ /dev/null @@ -1,25 +0,0 @@ -local common = import '../common.jsonnet'; -local deployment_manifest = import '../deployment_manifest.jsonnet'; -local namespace = deployment_manifest.deployment.namespace; - -{ - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'psp:privileged:' + namespace, - labels: common.labels, - namespace: namespace, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'psp:privileged', - }, - subjects: [ - { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Group', - name: 'system:serviceaccounts:' + namespace, - }, - ], -} diff --git a/templates/secret.jsonnet b/templates/secret.jsonnet deleted file mode 100644 index d400d9b2..00000000 --- a/templates/secret.jsonnet +++ /dev/null @@ -1,18 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local namespace = if 'flink' in deployment_manifest then deployment_manifest.flink.namespace else deployment_manifest.deployment.namespace; - -{ - apiVersion: 'v1', - kind: 'Secret', - metadata: { - name: chart.full_service_name(deployment_manifest.name) + '-secret', - labels: common.labels, - namespace: namespace, - annotations: common.annotations, - }, - - data: { [e.name]: std.base64(e.value) for e in deployment_manifest.environmentVariables }, - type: 'Opaque', -} diff --git a/templates/security_group.jsonnet b/templates/security_group.jsonnet deleted file mode 100644 index 337c0023..00000000 --- a/templates/security_group.jsonnet +++ /dev/null @@ -1,32 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -if 'securityGroup' in deployment then - local security_group = deployment.securityGroup; - [{ - apiVersion: 'aws.navi.com/v1', - kind: 'SecurityGroup', - metadata: { - name: '%s-%s' % [chart.full_service_name(deployment_manifest.deployment.name), sg.name], - labels: common.labels, - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: { - rules: [ - { - local ipv4_cidrs = [cidr for cidr in rule.ingressCidr if std.findSubstr(':',cidr) == []], - local ipv6_cidrs = [cidr for cidr in rule.ingressCidr if std.findSubstr(':',cidr) != []], - [if 'fromPort' in rule then 'fromPort']: rule.fromPort, - [if 'toPort' in rule then 'toPort']: rule.toPort, - [if 'protocol' in rule then 'protocol']: rule.protocol, - [if 'description' in rule then 'description']: rule.description, - [if 'ingressCidr' in rule then 'ingressCidr']: ipv4_cidrs, - [if 'ingressCidr' in rule then 'ipv6ingressCidr']: ipv6_cidrs, - } - for rule in sg.rules - ], - [if 'vpcId' in sg then 'vpcId']: sg.vpcId, - }, - } for sg in security_group] diff --git a/templates/service.jsonnet b/templates/service.jsonnet deleted file mode 100644 index 79af347d..00000000 --- a/templates/service.jsonnet +++ /dev/null @@ -1,119 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local health_check_values = import 'health_check_values.jsonnet'; -local load_balancer_util = import 'load_balancer_util.jsonnet'; -local namespace_values = import 'namespace_values.jsonnet'; -local port_map = import 'port_map.jsonnet'; -local util = import 'util.jsonnet'; -local vars = import 'vars.jsonnet'; -local deployment = deployment_manifest.deployment; -local livenessCheck = deployment.healthChecks.livenessCheck; - -local elbScheme = { - internetFacing: 'false', - internal: 'true', -}; - -local name = chart.full_service_name(deployment.name); -local services = [name] + if (deployment.controller == vars.rolloutController) then ['%s-canary' % name, '%s-stable' % name] else []; - -local albTags = common.awsTags; - -local load_balancer_spec = { - alb: { - type: 'ClusterIP', - ports: port_map.getServicePorts, - }, - //If shared Alb is used all accessPolicies are ignored for now - sharedAlbAcrossNamespace: self.alb, - nodePort: self.alb, - commonApiGateway: self.alb, - - elb: { - type: 'LoadBalancer', - loadBalancerSourceRanges: namespace_values.loadBalancer.sourceRanges, - ports: [{ - port: 443, - targetPort: port_map.getPort('serviceport'), - protocol: 'TCP', - name: 'https', - }] + port_map.getServicePorts, - }, - - // If elb or alb is being created, a clusterIP is created by default - kubeLb: { - type: 'ClusterIP', - ports: port_map.getServicePorts, - }, - - nginxLb: self.kubeLb, - - // Creates a kubernetes headless service - none: { - type: 'ClusterIP', - ports: port_map.getServicePorts, - }, -}; - -local lb_annotations_mixin(albTags) = - local elbObjects = std.filter(function(lbObject) lbObject.type == 'elb', deployment.loadBalancers); - - // Only first elb loadbalancer configuration is considered - local elb_annotations_mixin = - if elbObjects != [] then - { - 'service.beta.kubernetes.io/aws-load-balancer-ssl-ports': 'https', - 'service.beta.kubernetes.io/aws-load-balancer-backend-protocol': 'http', - 'service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout': '3600', - 'service.beta.kubernetes.io/aws-load-balancer-extra-security-groups': - load_balancer_util.security_group_list(elbObjects[0].accessPolicies, super.securityGroups, elbObjects[0].extraSecurityGroups), - 'service.beta.kubernetes.io/aws-load-balancer-ssl-cert': super.sslCert[util.get_certs(std - .objectFieldsAll(super.sslCert), elbObjects[0].endpoint)], - 'service.beta.kubernetes.io/aws-load-balancer-internal': elbScheme[load_balancer_util.subnet_scheme(elbObjects[0].accessPolicies)], - 'external-dns.alpha.kubernetes.io/hostname': elbObjects[0].endpoint, - 'external-dns.alpha.kubernetes.io/ttl': '60', - } - else {}; - - local albObjects = std.filter(function(lbObject) std.prune([std.find(loadBalancers.type, ['alb', 'sharedAlbAcrossNamespace']) for loadBalancers in deployment.loadBalancers]) != [], deployment.loadBalancers); - - // Only first alb/sharedAlbAcrossNamespace loadbalancer configuration is considered - local alb_annotations_mixin = - if albObjects != [] then - { - 'alb.ingress.kubernetes.io/healthcheck-path': livenessCheck.path, - 'alb.ingress.kubernetes.io/healthcheck-port': std.toString(port_map.getPort(livenessCheck.port)), - 'alb.ingress.kubernetes.io/tags': 'Environment=%(Environment)s,Owner=%(Owner)s,Name=%(Name)s,Team=%(Team)s,Namespace=%(Namespace)s' % (albTags), - } - else {}; - - elb_annotations_mixin + alb_annotations_mixin; - - -//Kubernetes Service Object - -local create_service(name) = { - local tags = albTags { Name: name }, - apiVersion: 'v1', - kind: 'Service', - metadata: { - labels: common.labels, - name: name, - annotations: common.annotations + namespace_values.loadBalancer.annotations + lb_annotations_mixin(tags), - namespace: deployment_manifest.deployment.namespace, - }, - - spec: { - selector: { - app: chart.service_name, - release: deployment.name, - }, - } + load_balancer_spec[deployment.loadBalancers[0].type], -}; -// this if condition is only added so older test get passed. we need to update older tests fixture and than remove this -if (std.length(services) == 1) then create_service(name) else { - apiVersion: 'v1', - kind: 'List', - items: [create_service(service) for service in services], -} diff --git a/templates/service_monitor.jsonnet b/templates/service_monitor.jsonnet deleted file mode 100644 index 95462ea1..00000000 --- a/templates/service_monitor.jsonnet +++ /dev/null @@ -1,37 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; - -if deployment_manifest.deployment.serviceMonitor.enabled == true then { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - labels: common.labels, - name: chart.full_service_name(deployment_manifest.deployment.name) + '-monitor', - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: - { - endpoints: [ - { - honorLabels: false, - interval: deployment_manifest.deployment.serviceMonitor.interval, - path: deployment_manifest.deployment.serviceMonitor.path, - port: deployment_manifest.deployment.serviceMonitor.port, - metricRelabelings: deployment_manifest.deployment.serviceMonitor.metricRelabelings, - scrapeTimeout: deployment_manifest.deployment.serviceMonitor.scrapeTimeout, - }, - ], - namespaceSelector: { - matchNames: [ - deployment_manifest.deployment.namespace, - ], - }, - //adding hard limit on scrape sample per target - sampleLimit: 20000, - selector: { - matchLabels: common.matchLabels, - }, - }, -} diff --git a/templates/shared_ingress_config/main.jsonnet b/templates/shared_ingress_config/main.jsonnet deleted file mode 100644 index 51da141f..00000000 --- a/templates/shared_ingress_config/main.jsonnet +++ /dev/null @@ -1,5 +0,0 @@ -local shared_ingress = import 'shared_ingress.libsonnet'; - -function(cluster, namespace, group_name, environment, product="shared") { - '10_ingress.json': shared_ingress.create(cluster, namespace, group_name, environment, product) -} diff --git a/templates/shared_ingress_config/shared_ingress.libsonnet b/templates/shared_ingress_config/shared_ingress.libsonnet deleted file mode 100644 index 192a6e2c..00000000 --- a/templates/shared_ingress_config/shared_ingress.libsonnet +++ /dev/null @@ -1,75 +0,0 @@ -local cluster_values = import '../cluster_values.jsonnet'; - -local defaults = { - idle_timeout_seconds: 60, - access_logs_enable: true, - ssl_policy: 'ELBSecurityPolicy-TLS-1-2-2017-01', - team_name: 'Shared', - labels: { - product: 'shared', - owner: 'shared', - heritage: 'NaviDeploymentManifest', - }, -}; - -{ - namespace_values(cluster, namespace):: - local cluster_value = cluster_values[cluster]; - if namespace in cluster_value - then cluster_value[namespace] - else cluster_value.default, - - annotations(cluster, namespace, group_name, environment, product):: - local namespace_values = $.namespace_values(cluster, namespace); - local cluster_annotations = namespace_values.loadBalancer.annotations; - local security_groups = cluster_annotations.securityGroups; - local ingress_sg = if !namespace_values.loadBalancer.sharedALBs.enableOfficeIps then security_groups.internal else std.join(',', [security_groups.officeIp, security_groups.internal]); - local loadbalancer_attributes = std.join(',', [ - 'idle_timeout.timeout_seconds=%s' % defaults.idle_timeout_seconds, - 'access_logs.s3.enabled=%s' % defaults.access_logs_enable, - 'access_logs.s3.bucket=%s' % cluster_annotations.accessLogBucket, - 'access_logs.s3.prefix=%s' % group_name, - ]); - - { - 'alb.ingress.kubernetes.io/ssl-policy': defaults.ssl_policy, - 'alb.ingress.kubernetes.io/scheme': 'internal', - 'alb.ingress.kubernetes.io/security-groups': ingress_sg, - 'alb.ingress.kubernetes.io/load-balancer-attributes': loadbalancer_attributes, - [if cluster != 'spike.np.navi-tech.in' then 'alb.ingress.kubernetes.io/subnets']: cluster_annotations.subnets.internal, - 'alb.ingress.kubernetes.io/group.name': group_name, - 'alb.ingress.kubernetes.io/tags': 'Name=shared-alb-%(name)s,Ingress=shared-alb-%(name)s,Owner=shared,Team=Shared,Product=%(product)s,Environment=%(environment)s' % { name: group_name, product: product, environment: environment }, - 'kubernetes.io/ingress.class': 'alb', - }, - - labels(name, environment, product):: - { - app: name, - chart: name, - heritage: defaults.labels.heritage, - release: name, - Team: defaults.team_name, - Environment: environment, - Name: name, - Product: product, - Owner: defaults.labels.owner, - }, - - name(group_name):: '%s-shared-alb-config' % [group_name], - - create(cluster, namespace, group_name, environment, product=defaults.labels.product):: - local name = $.name(group_name); - { - apiVersion: 'networking.k8s.io/v1', - kind: 'Ingress', - metadata: { - name: name, - labels: $.labels(name, environment, product), - namespace: namespace, - annotations: $.annotations(cluster, namespace, group_name, environment, product), - }, - spec: { - rules: [{}], - }, - }, -} diff --git a/templates/shared_ingress_config/tests/expected/ingress/nonprod.np.navi-tech.in:dev-internal:custom-group-name:dev.json b/templates/shared_ingress_config/tests/expected/ingress/nonprod.np.navi-tech.in:dev-internal:custom-group-name:dev.json deleted file mode 100644 index 435667f4..00000000 --- a/templates/shared_ingress_config/tests/expected/ingress/nonprod.np.navi-tech.in:dev-internal:custom-group-name:dev.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "apiVersion": "networking.k8s.io/v1", - "kind": "Ingress", - "metadata": { - "annotations": { - "alb.ingress.kubernetes.io/group.name": "custom-group-name", - "alb.ingress.kubernetes.io/load-balancer-attributes": "idle_timeout.timeout_seconds=60,access_logs.s3.enabled=true,access_logs.s3.bucket=navi-nonprod-lb-access-logs,access_logs.s3.prefix=custom-group-name", - "alb.ingress.kubernetes.io/scheme": "internal", - "alb.ingress.kubernetes.io/security-groups": "sg-01a64c085bfdb2cbb,sg-0bc07e856d000a5f4", - "alb.ingress.kubernetes.io/ssl-policy": "ELBSecurityPolicy-TLS-1-2-2017-01", - "alb.ingress.kubernetes.io/subnets": "internal-lb-ap-south-1a.nonprod.np.navi-tech.in,internal-lb-ap-south-1b.nonprod.np.navi-tech.in", - "alb.ingress.kubernetes.io/tags": "Name=shared-alb-custom-group-name,Ingress=shared-alb-custom-group-name,Owner=shared,Team=Shared,Product=shared,Environment=dev", - "kubernetes.io/ingress.class": "alb" - }, - "labels": { - "Environment": "dev", - "Name": "custom-group-name-shared-alb-config", - "Owner": "shared", - "Product": "shared", - "Team": "Shared", - "app": "custom-group-name-shared-alb-config", - "chart": "custom-group-name-shared-alb-config", - "heritage": "NaviDeploymentManifest", - "release": "custom-group-name-shared-alb-config" - }, - "name": "custom-group-name-shared-alb-config", - "namespace": "dev-internal" - }, - "spec": { - "rules": [ - {} - ] - } -} diff --git a/templates/shared_ingress_config/tests/jsonnetfile.json b/templates/shared_ingress_config/tests/jsonnetfile.json deleted file mode 100644 index 65c2176d..00000000 --- a/templates/shared_ingress_config/tests/jsonnetfile.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "version": 1, - "dependencies": [ - { - "source": { - "git": { - "remote": "https://github.com/yugui/jsonnetunit.git", - "subdir": "jsonnetunit" - } - }, - "version": "master" - } - ], - "legacyImports": true -} diff --git a/templates/shared_ingress_config/tests/jsonnetfile.lock.json b/templates/shared_ingress_config/tests/jsonnetfile.lock.json deleted file mode 100644 index b2f6ed72..00000000 --- a/templates/shared_ingress_config/tests/jsonnetfile.lock.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "version": 1, - "dependencies": [ - { - "source": { - "git": { - "remote": "https://github.com/yugui/jsonnetunit.git", - "subdir": "jsonnetunit" - } - }, - "version": "6927c58cae7624a00f368b977ccc477d4f74071f", - "sum": "9FFqqln65hooRF0l6rjICDtnTxUlmDj34+sKMh4sjPI=" - } - ], - "legacyImports": false -} diff --git a/templates/shared_ingress_config/tests/shared_ingress.jsonnet b/templates/shared_ingress_config/tests/shared_ingress.jsonnet deleted file mode 100644 index 232f43af..00000000 --- a/templates/shared_ingress_config/tests/shared_ingress.jsonnet +++ /dev/null @@ -1,49 +0,0 @@ -local shared_ingress = import '../shared_ingress.libsonnet'; -local test = import './vendor/jsonnetunit/test.libsonnet'; - -test.suite({ - testName: { - actual: shared_ingress.name('group-name'), - expect: 'group-name-shared-alb-config', - }, - testAnnotations: { - actual: shared_ingress.annotations('nonprod.np.navi-tech.in', 'dev', 'group_name', 'dev', product='shared'), - expect: { - 'alb.ingress.kubernetes.io/group.name': 'group_name', - 'alb.ingress.kubernetes.io/load-balancer-attributes': 'idle_timeout.timeout_seconds=60,access_logs.s3.enabled=true,access_logs.s3.bucket=navi-nonprod-lb-access-logs,access_logs.s3.prefix=group_name', - 'alb.ingress.kubernetes.io/scheme': 'internal', - 'alb.ingress.kubernetes.io/security-groups': 'sg-01a64c085bfdb2cbb,sg-0bc07e856d000a5f4', - 'alb.ingress.kubernetes.io/ssl-policy': 'ELBSecurityPolicy-TLS-1-2-2017-01', - 'alb.ingress.kubernetes.io/subnets': 'internal-lb-ap-south-1a.nonprod.np.navi-tech.in,internal-lb-ap-south-1b.nonprod.np.navi-tech.in', - 'alb.ingress.kubernetes.io/tags': 'Name=shared-alb-group_name,Ingress=shared-alb-group_name,Owner=shared,Team=Shared,Product=shared,Environment=dev', - 'kubernetes.io/ingress.class': 'alb', - }, - }, - testLabels: { - local name = 'group-name-shared-alb-config', - local env = 'dev', - local product = 'shared', - - actual: shared_ingress.labels(name, env, product), - expect: { - app: name, - chart: name, - heritage: 'NaviDeploymentManifest', - release: name, - Team: 'Shared', - Environment: env, - Name: name, - Product: 'shared', - Owner: 'shared', - }, - }, - testIngress: { - local cluster = 'nonprod.np.navi-tech.in', - local namespace = 'dev-internal', - local environment = 'dev', - local group_name = 'custom-group-name', - - actual: shared_ingress.create(cluster, namespace, group_name, environment), - expect: import './expected/ingress/nonprod.np.navi-tech.in:dev-internal:custom-group-name:dev.json', - }, -}) diff --git a/templates/sidecar.jsonnet b/templates/sidecar.jsonnet deleted file mode 100644 index 00e9484c..00000000 --- a/templates/sidecar.jsonnet +++ /dev/null @@ -1,87 +0,0 @@ -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local deployment = deployment_manifest.deployment; -local namespace_values = import 'namespace_values.jsonnet'; -local vars = import 'vars.jsonnet'; -local util = import 'util.jsonnet'; -local cluster = deployment_manifest.cluster; -local namespace = deployment.namespace; - -local outboundTrafficPolicy = { - "nonprod.np.navi-tech.in": { - "dev": { mode: 'ALLOW_ANY' }, - "qa": { mode: 'ALLOW_ANY' }, - }, -}; - -local getOutboundTrafficPolicy(cluster, namespace) = ( - local envConf = util.get(outboundTrafficPolicy, cluster, {}); - local policy = util.get(envConf, namespace, {}); - policy -); - -// Istio sidecar need not be deployed for Infra team or applications in command cluster -if (deployment_manifest.team.name != 'Infra' && namespace_values.sidecarEnabled -&& !deployment.disableIstio) then { - local chart = import 'chart.jsonnet', - local common = import 'common.jsonnet', - local util = import 'util.jsonnet', - - local default_egress_list = [ - 'istio-system/*', - '*/' + vars.swBackend, - ], - - - // Applies namespace prefix as required by sidecar configuration - // FROM [ "dev-payment.np.navi-tech.in", - // "dev-camunda.np.navi-tech.in", - // "192.168.1.1", - // - // TO [ "*/dev-payment.np.navi-tech.in", - // "*/dev-camunda.np.navi-tech.in", - // "192.168.1.1" ] - local sidecar_egress_list(egressEndpoints) = - std.map(function(egressEndpoint) if util.is_ipv4_address(egressEndpoint) then egressEndpoint else '*/' + egressEndpoint, egressEndpoints), - - // Converts a array of endpoint urls to flat array of hostnames - // FROM [ "https://dev-payment.np.navi-tech.in", - // "https://dev-camunda.np.navi-tech.in", - // "192.168.1.1", - // "kafka-0.np.navi-tech.in:19092,kafka-1.np.navi-tech.in:19092,kafka-2.np.navi-tech.in:19092" ] - // - // TO [ "dev-payment.np.navi-tech.in", - // "dev-camunda.np.navi-tech.in", - // "192.168.1.1", - // "kafka-0.np.navi-tech.in", - // "kafka-1.np.navi-tech.in", - // "kafka-2.np.navi-tech.in" ] - local host_list(egressEndpoints) = - std.flattenArrays([ - if std.findSubstr(',', egressEndpoint) != [] then std.map(util.host_name, std.split(egressEndpoint, ',')) - else [util.host_name(egressEndpoint)] - for egressEndpoint in egressEndpoints - ]), - - apiVersion: 'networking.istio.io/v1alpha3', - kind: 'Sidecar', - metadata: { - name: chart.full_service_name(deployment.name) + '-sidecar', - labels: common.labels, - namespace: deployment.namespace, - annotations: common.annotations, - }, - spec: { - workloadSelector: { - labels: { - app: chart.service_name, - release: deployment.name, - }, - }, - outboundTrafficPolicy: getOutboundTrafficPolicy(cluster, namespace), - egress: [ - { - hosts: sidecar_egress_list(host_list(deployment.allowEgress)) + default_egress_list, - }, - ], - }, -} diff --git a/templates/util.jsonnet b/templates/util.jsonnet deleted file mode 100644 index de9ce6de..00000000 --- a/templates/util.jsonnet +++ /dev/null @@ -1,96 +0,0 @@ -local chart = import 'chart.jsonnet'; -local vars = import 'vars.jsonnet'; - -{ - parent_dir(filePath):: - std.splitLimit(filePath, '/', 1)[0], - - file_name(filePath):: - local words = std.split(filePath, '/'); - words[std.length(words) - 1], - - // Returns the root domain for given domain - // dev-camunda.np.navi-tech.in => navi-tech.in - // dev-camunda.np.navi-ext.com => navi-ext.com - root_domain(domain):: - local words = std.split(domain, '.'); - words[std.length(words) - 2] + '.' + words[std.length(words) - 1], - - get_certs(ssls, domain):: - local qualified_certificates = std.prune([if std.findSubstr(ssl, domain) != [] then ssl for ssl in std.sort(ssls)]); - if std.length(qualified_certificates) == 0 then error 'No cert found for domain: %s' % domain - else qualified_certificates[std.length(qualified_certificates) - 1], - - // Returns hostname for given full endpoint urls like following - // https://dev-camunda.np.navi-tech.in => dev-camuna.np.navi-tech.in - // https://dev-camunda.np.navi-tech.in/camunda => dev-camuna.np.navi-tech.in - // dev-camunda.np.navi-tech.in:3131 => dev-camuna.np.navi-tech.in - // 192.168.1.1 => 192.168.1.1 - host_name(endpoint):: - if std.findSubstr('://', endpoint) != [] then local hostNameStart = std.findSubstr('://', endpoint); self.host_name(std.substr(endpoint, hostNameStart[0] + 3, 9999)) - else if std.findSubstr(':', endpoint) != [] then self.host_name(std.split(endpoint, ':')[0]) - else if std.findSubstr('/', endpoint) != [] then self.host_name(std.split(endpoint, '/')[0]) - else endpoint, - - is_ipv4_address(endpoint):: - local ipChars = std.split(endpoint, '.'); - std.length(ipChars) == 4 && std.length(std.filter(function(ipChar) std.length(ipChar) >= 1 && std.length(ipChar) <= 3, ipChars)) == 4, - - is_field_present(object, field):: - if object == null then false - else std.objectHas(object, field), - - memory_in_mb(memory):: - local unitMap = { - Mi: 1, - Gi: 1024, - }; - local length = std.length(memory); - local value = std.parseInt(std.substr(memory, 0, length - 2)); - local unit = std.substr(memory, length - 2, 2); - value * unitMap[unit], - - cpu_in_milli_core(cpu):: - local cpuStr = cpu + ''; - if std.substr(cpuStr, std.length(cpuStr) - 1, 1) == 'm' then cpu else '%dm' % (cpu * 1000), - - replace_character_in_string(str, a, b):: ( - assert std.length(a) == 1; - std.join(b, std.split(str, a)) - ), - - is_sandbox(env):: if env == 'sandbox' then true else false, - - is_local_sandbox(image, env):: std.extVar('IMAGE') == 'null' && $.is_sandbox(env) && (image == null || image == 'null'), - - get_image(image, env):: - if std.extVar('IMAGE') == 'null' then - if $.is_local_sandbox(image, env) then - vars.sandboxImage - else - image - else - std.extVar('IMAGE'), - - is_readiness_probe_enabled(image, environment):: !$.is_local_sandbox(image, environment), - - is_liveness_probe_enabled(image, environment):: !$.is_local_sandbox(image, environment), - - is_startup_probe_enabled(is_enabled, image, environment):: is_enabled && !$.is_local_sandbox(image, environment), - - hpa_scale_target_ref(name, controller, isDisabled):: if isDisabled then { - apiVersion: 'apps/v1', - kind: 'Deployment', - name: 'disabled', - } else if (controller == vars.rolloutController) then { - apiVersion: 'argoproj.io/v1alpha1', - kind: 'Rollout', - name: chart.full_service_name(name), - } else { - apiVersion: 'apps/v1', - kind: 'Deployment', - name: chart.full_service_name(name), - }, - - get( object, key, defaultValue ):: if std.objectHas(object, key) then object[key] else defaultValue, -} diff --git a/templates/vars.jsonnet b/templates/vars.jsonnet deleted file mode 100644 index cf0ef47f..00000000 --- a/templates/vars.jsonnet +++ /dev/null @@ -1,44 +0,0 @@ -{ - esImage_7_17_0:: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/elastic-search:7.17.0-withplugins', - esImage_8_12_2:: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/elastic-search:8.12.2-withplugins', - kibanaImage_7_17_0:: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/kibana:7.17.0', - kibanaImage_8_12_2:: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/kibana:8.12.2', - sandboxImage:: '193044292705.dkr.ecr.ap-south-1.amazonaws.com/common/busybox:navicli', - swBackend:: 'skywalking-skywalking-helm-oap.skywalking.svc.cluster.local', - swPort:: '11800', - rolloutController:: 'argo', - defaultController:: 'default', - defaultDeploymentStrategy:: 'rollingUpdate', - defaultCanarySteps: [ - { setWeight: 20 }, - { pause: {} }, - ], - environments: { - prod: 'prod', - dev: 'dev', - qa: 'qa', - perf: 'perf', - cmd: 'cmd', - }, - vpa:: { - maxAllowedCPU: '7200m', - maxAllowedMemory: '16Gi', - }, - deployment:: { - hpa:: { - type:: { - metrics:: 'metrics', - cron:: 'cron', - }, - }, - alerts:: { - pod:: [ - { type: 'HighPodRestarts', threshold: 3, duration: '30m', severity: 'critical' }, - { type: 'HighPodFailures', threshold: 2, duration: '3h', severity: 'warning' }, - { type: 'FrequentPodOOMKilled', threshold: 2, duration: '10m', severity: 'critical' }, - { type: 'PodOOMKilled', threshold: 1, duration: '5m', severity: 'warning' }, - { type: 'KubeContainerWaiting', threshold: 0, duration: '1h', severity: 'critical' }, - ], - }, - }, -} diff --git a/templates/vpa.jsonnet b/templates/vpa.jsonnet deleted file mode 100644 index 5630ec61..00000000 --- a/templates/vpa.jsonnet +++ /dev/null @@ -1,60 +0,0 @@ -local chart = import 'chart.jsonnet'; -local common = import 'common.jsonnet'; -local deployment_manifest = import 'deployment_manifest.jsonnet'; -local vars = import 'vars.jsonnet'; -local deployment = deployment_manifest.deployment; -local vpaEnabled = deployment.isVpaEnabled; -local namespace_values = import 'namespace_values.jsonnet'; -local util = import 'util.jsonnet'; - -local name = chart.full_service_name(deployment.name); -local vpaAllowed = namespace_values.isVpaDeployed; - -local minAllowed = { - cpu: util.cpu_in_milli_core(deployment.instance.minCPU), - memory: deployment.instance.minMemory, -}; - -local maxAllowed = { - cpu: util.cpu_in_milli_core(deployment.vpa.maxAllowed.cpu), - memory: deployment.vpa.maxAllowed.memory, -}; - -if vpaAllowed then { - apiVersion: 'autoscaling.k8s.io/v1', - kind: 'VerticalPodAutoscaler', - metadata: { - name: name, - labels: common.labels, - namespace: deployment_manifest.deployment.namespace, - annotations: common.annotations, - }, - spec: { - targetRef: if (deployment.controller == vars.rolloutController) then { - apiVersion: 'argoproj.io/v1alpha1', - kind: 'Rollout', - name: name, - } else { - apiVersion: 'apps/v1', - kind: 'Deployment', - name: name, - }, - [if !vpaEnabled then 'updatePolicy']: { - updateMode: 'Off', - }, - [if vpaEnabled then 'resourcePolicy']: { - containerPolicies: [ - { - containerName: name, - minAllowed: minAllowed, - maxAllowed: maxAllowed, - controlledResources: ['cpu', 'memory'], - }, - { - containerName: '*', - mode: 'Off', - }, - ], - }, - }, -}