feat: add script to generate scripts to update archives

2025-02-12 18:35:45 +01:00
parent 0c785f0648
commit 3bd2562dc7
1 changed files with 98 additions and 0 deletions
--- a/scripts/gen-archive-update-scripts.sh
+++ b/scripts/gen-archive-update-scripts.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+
+k="kubectl --context oceanbox -n prod-atlantis exec prod-atlantis-db-1 -- "
+psql="psql -d app -t -A -F',' -c"
+query="$k $psql"
+
+h="user_type,user_id,relation,object_type,object_id,condition_name,condition_context"
+term='{"start_time": "2025-01-01T00:00:00Z", "end_time": "2025-01-01T00:00:00Z"}'
+ticket='{"tasks": [ "*" ], "quota": "-1.0", "start_time": "2025-01-01T00:00:00Z", "end_time": "2025-01-01T00:00:00Z"}'
+
+# principal of primary archives
+$query "select a.archive_id from archives as
+    a where archive_ref_id is null;" |\
+sed -r "
+  s|.*|fga tuple write group:/oceanbox principal archive:&|
+  h
+  s/write/delete/
+  s/--.*//
+  p
+  g
+" > principal_archives.sh
+
+# parent archives
+$query "select a.archive_ref_id, a.archive_id from archives as a
+    where archive_ref_id is not null;" |\
+sed -r "
+  s/'//g
+  s|^([^,]+),([^,]+)|fga tuple write archive:\1 parent archive:\2|
+  h
+  s/write/delete/
+  s/--.*//
+  p
+  g
+" > parent_archives.sh
+
+# archive owners
+$query "select u.name, ax.archive_id from attribs as a
+    join archives as ax on a.attribs_id = ax.attribs_id
+    join archive_owners as ao on ax.archive_id = ao.archive_id
+    join users as u on ao.owner_id = u.user_id;" |\
+sed -r "
+  s/'//g
+  s|^([^,]+),([^,]+)|fga tuple write user:\1 owner archive:\2|
+  h
+  s/write/delete/
+  s/--.*//
+  p
+  g
+" > archive_owners.sh
+
+# archive group view access
+$query "select g.name, ax.archive_id from attribs as a
+    join archives as ax on a.attribs_id = ax.attribs_id
+    join archive_groups as ag on ax.archive_id = ag.archive_id
+    join groups as g on ag.group_id = g.group_id;" |\
+sed -r "
+  s/'//g
+  s|^([^,]+),([^,]+)|fga tuple write group:\1#member view archive:\2 --condition-name term --condition-context '$term'|
+  h
+  s/write/delete/
+  s/--.*//
+  p
+  g
+" > group_view.sh
+
+# archive group exec access
+$query "select g.name, ax.archive_id from attribs as a
+        join archives as ax on a.attribs_id = ax.attribs_id
+        join archive_groups as ag on ax.archive_id = ag.archive_id
+        join groups as g on ag.group_id = g.group_id
+    where a.type_id = 1;" |\
+sed -r "
+  s/'//g
+  s|^([^,]+),([^,]+)|fga tuple write group:\1#member exec archive:\2 --condition-name ticket --condition-context '$ticket'|
+  h
+  s/write/delete/
+  s/--.*//
+  p
+  g
+" > group_exec.sh
+
+# associated stats group access
+$query "select g.name, aa.archive_id from archives as a
+      join associations as ax on ax.attributes_id = a.attribs_id
+      join archives as aa on ax.ref_id = aa.attribs_id
+      join attribs as at on aa.attribs_id = at.attribs_id
+      join archive_groups as ag on ag.archive_id = a.archive_id
+      join groups as g on ag.group_id = g.group_id
+    where at.type_id between 85 and 87;" |\
+sed -r "
+  s/'//g
+  s|^([^,]+),([^,]+)|fga tuple write group:\1#member view archive:\2 --condition-name term --condition-context '$term'|
+  h
+  s/write/delete/
+  s/--.*//
+  p
+  g
+" > stats.sh