varnitgoyal95/deployment-portal-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8565d7faab556e45769ef6f9012b0137de23a18f
deployment-portal-be/scripts/generate_role_privileges.py
Ashvin Sharma 9e98b38b94 INFRA-1890 | Ashvin | Create ALL env role for every team
2023-08-07 17:11:24 +05:30

86 lines
5.1 KiB
Python
Raw Blame History

def generate_sql_queries(teams, environments):
privilege_values = ["manifest:{}:{}:.*:read", "manifest:{}:{}:.*:write",
"manifest:{}:{}:.*:clone", "manifest:{}:{}:.*:secret_read",
"manifest:{}:{}:.*:secret_write", "manifest:{}:{}:.*:supersecret_read",
"manifest:{}:{}:.*:supersecret_write", "kube:{}:{}:.*:restart",
"kube:{}:{}:.*:delete",
"manifest:{}:{}:.*:approval_read",
"manifest:{}:{}:.*:delete",
"manifest:{}:{}:.*:manage",
"manifest:{}:{}:.*:approval_write", ]
role_values = ["<TEAM>_<ENV>_VIEWER", "<TEAM>_<ENV>_MAINTAINER", "<TEAM>_<ENV>_MANAGER", ]
roles_privileges_mapping = {"{}_{}_VIEWER": ["manifest:{}:{}:.*:read"],
"{}_{}_MAINTAINER": ['manifest:{}:{}:.*:read',
'manifest:{}:{}:.*:write',
'manifest:{}:{}:.*:clone',
'manifest:{}:{}:.*:secret_read',
'manifest:{}:{}:.*:secret_write',
'manifest:{}:{}:.*:supersecret_write',
'kube:{}:{}:.*:restart',
'kube:{}:{}:.*:delete',
'manifest:{}:{}:.*:approval_read'],
"{}_{}_MANAGER": ['manifest:{}:{}:.*:read',
'manifest:{}:{}:.*:write',
'manifest:{}:{}:.*:clone',
'manifest:{}:{}:.*:secret_read',
'manifest:{}:{}:.*:secret_write',
'manifest:{}:{}:.*:supersecret_write',
'kube:{}:{}:.*:restart',
'kube:{}:{}:.*:delete',
'manifest:{}:{}:.*:approval_read',
'manifest:{}:{}:.*:delete',
'manifest:{}:{}:.*:manage',
'manifest:{}:{}:.*:approval_write']
}
sql_queries = ""
for team in teams:
for env, env_privilege_value in environments.items():
privileges_insert_query = f"""INSERT INTO privilege (created_at, updated_at, name) VALUES {", ".join([f"(now(), now(), '{value.format(team, env_privilege_value)}')" for value in privilege_values])};"""
roles_insert_query = f"""INSERT INTO role (created_at, updated_at, name) VALUES {", ".join([f"(now(), now(), '{value.replace('<TEAM>', team).replace('<ENV>', env)}')" for value in role_values])};"""
roles_privileges_insert_queries = ""
for role, privileges in roles_privileges_mapping.items():
privilege_conditions = ", ".join(
[f"'{privilege.format(team, env_privilege_value)}'" for privilege in privileges])
roles_privileges_insert_query = f"""INSERT INTO roles_privileges (role_id, privilege_id) SELECT role.id AS role_id, privilege.id AS privilege_id FROM role, privilege WHERE role.name = '{role.format(team, env)}' AND privilege.name IN ( {privilege_conditions} );"""
roles_privileges_insert_queries += roles_privileges_insert_query + "\n"
sql_queries += f"""{privileges_insert_query}
{roles_insert_query}
{roles_privileges_insert_queries}
"""
return sql_queries
def main():
teams = ["AMC", "App", "Borrowings", "CBP", "CRM", "Claims", "Co-Lending", "Collections",
"Communication", "DataPlatform", "DataScience", "Frameworks", "GI-Conversions",
"GrowthAndEngagement", "HL-Conversions", "Infra", "KYC", "LMSAndAccounting",
"Navi-Pay", "Navi-Saas", "Navi-Website", "PAXCore", "PL-Conversions", "PL-Operations",
"Payments", "Security", "UnderwritingAndFraudDetection", "insurance-operations",
"lending-operations", "SDET-Frameworks", "AppX-Bridge", "Cosmos", "Digital-Gold",
"Generative-AI", "Edge", "RAndR", "GI-Operations", "HL-Operations",
"InsurancePlatform", "Post-Purchase-Experience", "IT", "CRM-Ops", "Camunda", "GI",
"LoanOrigination", "PLOrigination", "Android"]
environments = {
"cmd": "cmd",
"prod": "prod",
"dev": "dev",
"qa": "qa",
"perf": "perf",
"uat": "uat",
"data-platform-prod": "data-platform-prod",
"data-platform-nonprod": "data-platform-nonprod",
"local": "local",
"ALL": ".*",
}
sql_queries = generate_sql_queries(teams, environments)
with open("output.sql", "w") as file:
file.write(sql_queries)
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink