From 25d3cbac284c8c41210075fd2cb2b957753a9ad7 Mon Sep 17 00:00:00 2001 From: dandds Date: Mon, 30 Jul 2018 14:03:42 -0400 Subject: [PATCH] add role and perms migrations for authorization --- .../4ea5917e7781_add_default_atat_role.py | 39 ++++ .../96a9f3537996_add_roles_and_permissions.py | 183 ++++++++++++++++++ 2 files changed, 222 insertions(+) create mode 100644 alembic/versions/4ea5917e7781_add_default_atat_role.py create mode 100644 alembic/versions/96a9f3537996_add_roles_and_permissions.py diff --git a/alembic/versions/4ea5917e7781_add_default_atat_role.py b/alembic/versions/4ea5917e7781_add_default_atat_role.py new file mode 100644 index 00000000..78b6ef55 --- /dev/null +++ b/alembic/versions/4ea5917e7781_add_default_atat_role.py @@ -0,0 +1,39 @@ +"""add_default_atat_role + +Revision ID: 4ea5917e7781 +Revises: 96a9f3537996 +Create Date: 2018-07-30 13:51:29.576931 + +""" +from alembic import op +import sqlalchemy as sa +from sqlalchemy.orm.session import Session + + +# revision identifiers, used by Alembic. +revision = '4ea5917e7781' +down_revision = '96a9f3537996' +branch_labels = None +depends_on = None + +from atst.models.role import Role +from atst.models.permissions import Permissions + + +def upgrade(): + session = Session(bind=op.get_bind()) + mission_owner_role = Role( + name='default', + description='', + permissions=[ + Permissions.REQUEST_JEDI_WORKSPACE, + ] + ) + session.add(mission_owner_role) + session.commit() + + +def downgrade(): + db = op.get_bind() + db.execute("DELETE FROM roles WHERE name = 'default'") + diff --git a/alembic/versions/96a9f3537996_add_roles_and_permissions.py b/alembic/versions/96a9f3537996_add_roles_and_permissions.py new file mode 100644 index 00000000..4380208a --- /dev/null +++ b/alembic/versions/96a9f3537996_add_roles_and_permissions.py @@ -0,0 +1,183 @@ +"""add_roles_and_permissions + +Revision ID: 96a9f3537996 +Revises: 4ede1e3e50d1 +Create Date: 2018-07-30 13:48:31.325234 + +""" +import os +import sys +from alembic import op +import sqlalchemy as sa + +from sqlalchemy.orm.session import Session + +from atst.models.role import Role +from atst.models.permissions import Permissions + +# revision identifiers, used by Alembic. +revision = '96a9f3537996' +down_revision = '4ede1e3e50d1' +branch_labels = None +depends_on = None + + +def upgrade(): + session = Session(bind=op.get_bind()) + roles = [ + Role( + name='ccpo', + description='', + permissions=[ + Permissions.VIEW_ORIGINAL_JEDI_REQEUST, + Permissions.REVIEW_AND_APPROVE_JEDI_WORKSPACE_REQUEST, + Permissions.MODIFY_ATAT_ROLE_PERMISSIONS, + Permissions.CREATE_CSP_ROLE, + Permissions.DELETE_CSP_ROLE, + Permissions.DEACTIVE_CSP_ROLE, + Permissions.MODIFY_CSP_ROLE_PERMISSIONS, + + Permissions.VIEW_USAGE_REPORT, + Permissions.VIEW_USAGE_DOLLARS, + Permissions.ADD_AND_ASSIGN_CSP_ROLES, + Permissions.REMOVE_CSP_ROLES, + Permissions.REQUEST_NEW_CSP_ROLE, + Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, + + Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, + Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, + + Permissions.DEACTIVATE_WORKSPACE, + Permissions.VIEW_ATAT_PERMISSIONS, + Permissions.TRANSFER_OWNERSHIP_OF_WORKSPACE, + + Permissions.ADD_APPLICATION_IN_WORKSPACE, + Permissions.DELETE_APPLICATION_IN_WORKSPACE, + Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + Permissions.RENAME_APPLICATION_IN_WORKSPACE, + + Permissions.ADD_ENVIRONMENT_IN_APPLICATION, + Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, + Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, + Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, + + Permissions.ADD_TAG_TO_WORKSPACE, + Permissions.REMOVE_TAG_FROM_WORKSPACE + ] + ), + Role( + name='owner', + description='', + permissions=[ + Permissions.REQUEST_JEDI_WORKSPACE, + Permissions.VIEW_ORIGINAL_JEDI_REQEUST, + + Permissions.VIEW_USAGE_REPORT, + Permissions.VIEW_USAGE_DOLLARS, + Permissions.ADD_AND_ASSIGN_CSP_ROLES, + Permissions.REMOVE_CSP_ROLES, + Permissions.REQUEST_NEW_CSP_ROLE, + Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, + + Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, + Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, + + Permissions.DEACTIVATE_WORKSPACE, + Permissions.VIEW_ATAT_PERMISSIONS, + + Permissions.ADD_APPLICATION_IN_WORKSPACE, + Permissions.DELETE_APPLICATION_IN_WORKSPACE, + Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + Permissions.RENAME_APPLICATION_IN_WORKSPACE, + + Permissions.ADD_ENVIRONMENT_IN_APPLICATION, + Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, + Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, + Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, + ] + ), + Role( + name='admin', + description='', + permissions=[ + Permissions.VIEW_USAGE_REPORT, + Permissions.ADD_AND_ASSIGN_CSP_ROLES, + Permissions.REMOVE_CSP_ROLES, + Permissions.REQUEST_NEW_CSP_ROLE, + Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE, + + Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, + Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, + + Permissions.ADD_APPLICATION_IN_WORKSPACE, + Permissions.DELETE_APPLICATION_IN_WORKSPACE, + Permissions.DEACTIVATE_APPLICATION_IN_WORKSPACE, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + Permissions.RENAME_APPLICATION_IN_WORKSPACE, + + Permissions.ADD_ENVIRONMENT_IN_APPLICATION, + Permissions.DELETE_ENVIRONMENT_IN_APPLICATION, + Permissions.DEACTIVATE_ENVIRONMENT_IN_APPLICATION, + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, + Permissions.RENAME_ENVIRONMENT_IN_APPLICATION, + ] + ), + Role( + name='developer', + description='', + permissions=[ + Permissions.VIEW_USAGE_REPORT, + Permissions.VIEW_USAGE_DOLLARS, + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION + ] + ), + Role( + name='billing_auditor', + description='', + permissions=[ + Permissions.VIEW_USAGE_REPORT, + Permissions.VIEW_USAGE_DOLLARS, + + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, + ] + ), + Role( + name='security_auditor', + description='', + permissions=[ + Permissions.VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS, + Permissions.VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS, + + Permissions.VIEW_ATAT_PERMISSIONS, + + Permissions.VIEW_APPLICATION_IN_WORKSPACE, + + Permissions.VIEW_ENVIRONMENT_IN_APPLICATION, + ] + ), + ] + + session.add_all(roles) + session.commit() + + +def downgrade(): + db = op.get_bind() + db.execute(""" + DELETE FROM roles + WHERE name IN ( + 'ccpo', + 'owner', + 'admin', + 'developer', + 'billing_auditor', + 'security_auditor' + ); + """)