From 2203b09fb480f48dab3156094ede3d8868f14013 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@oceanbox.io>
Date: Thu, 31 Oct 2024 14:33:10 +0100
Subject: [PATCH] fix: add acl.json to new atlantis deployment

---
 acl.json                                   |   1 -
 values/atlantis/base/acl.json              | 331 +++++++++++++++++++++
 values/atlantis/base/deployment_patch.yaml |  18 +-
 values/atlantis/base/kustomization.yaml    |   8 +-
 values/atlantis/chart                      |   1 -
 5 files changed, 351 insertions(+), 8 deletions(-)
 delete mode 120000 acl.json
 create mode 100644 values/atlantis/base/acl.json
 delete mode 100644 values/atlantis/chart

diff --git a/acl.json b/acl.json
deleted file mode 120000
index 4b80f846..00000000
--- a/acl.json
+++ /dev/null
@@ -1 +0,0 @@
-values/petimeter/manifests/acl.json
\ No newline at end of file
diff --git a/values/atlantis/base/acl.json b/values/atlantis/base/acl.json
new file mode 100644
index 00000000..bd89d80b
--- /dev/null
+++ b/values/atlantis/base/acl.json
@@ -0,0 +1,331 @@
+[
+    {
+        "domain": "oceanbox.io",
+        "access": [
+            {
+                "matching": ".*@oceanbox.io",
+                "group": "/oceanbox",
+                "roles": [ "admin" ],
+                "capabilities": [
+                    "run:*"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "salmar.no",
+        "access": [
+            {
+                "matching": ".*@salmar.no",
+                "group": "/salmar",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "leroy.no",
+        "access": [
+            {
+                "matching": "karstein@leroy.no",
+                "group": "/oceanbox",
+                "roles": [ "admin" ],
+                "capabilities": [ "run:*" ]
+            },
+            {
+                "matching": ".*@leroy.no",
+                "group": "/leroy",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "serit.no",
+        "access": [
+            {
+                "matching": ".*@tromso.serit.no",
+                "group": "/oceanbox",
+                "roles": [ "admin" ],
+                "capabilities": []
+            }
+        ]
+    },
+    {
+        "domain": "aqua-kompetanse.no",
+        "access": [
+            {
+                "matching": ".*@aqua-kompetanse.no",
+                "group": "/aqua-kompetanse",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "kelpinor.no",
+        "access": [
+            {
+                "matching": ".*@kelpinor.no",
+                "group": "/kelpinor",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "bkmanimalhealth.com",
+        "access": [
+            {
+                "matching": ".*@bkmanimalhealth.com",
+                "group": "/bkmanimalhealth",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "uio.no",
+        "access": [
+            {
+                "matching": ".*@geo.uio.no",
+                "group": "/demo",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "nord.no",
+        "access": [
+            {
+                "matching": ".*@.*.nord.no",
+                "group": "/uni-nord",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "argusmiljo.no",
+        "access": [
+            {
+                "matching": ".*@argusmiljo.no",
+                "group": "/argusmiljo",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "bakkafrost.com",
+        "access": [
+            {
+                "matching": ".*@bakkafrost.com",
+                "group": "/bakkafrost",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "multiconsult.no",
+        "access": [
+            {
+                "matching": ".*@multiconsult.no",
+                "group": "/multiconsult",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "kpmg.no",
+        "access": [
+            {
+                "matching": ".*@kpmg.no",
+                "group": "/kpmg",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "synfaring.no",
+        "access": [
+            {
+                "matching": ".*@synfaring.no",
+                "group": "/synfaring",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "boehareide.no",
+        "access": [
+            {
+                "matching": ".*@boehareide.no",
+                "group": "/boehareide",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "sinkaberg.no",
+        "access": [
+            {
+                "matching": ".*@sinkaberg.no",
+                "group": "/sinkaberg",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "akerbla.no",
+        "access": [
+            {
+                "matching": ".*@akerbla.no",
+                "group": "/akerbla",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "nr.no",
+        "access": [
+            {
+                "matching": ".*@nr.no",
+                "group": "/nr",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "sjomatnorge.no",
+        "access": [
+            {
+                "matching": ".*@sjomatnorge.no",
+                "group": "/sjomatnorge",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "tatidentilbake.no",
+        "access": [
+            {
+                "matching": ".*@tatidentilbake.no",
+                "group": "/tatidentilbake",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "oceandata.earth",
+        "access": [
+            {
+                "matching": ".*@oceandata.earth",
+                "group": "/hubocean",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "masoval.no",
+        "access": [
+            {
+                "matching": ".*@masoval.no",
+                "group": "/masoval",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    },
+    {
+        "domain": "gmail.com",
+        "access": [
+            {
+                "matching": "jonas.juselius@gmail.com",
+                "group": "/bakkafrost",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            },
+            {
+                "matching": ".*@gmail.com",
+                "group": "/demo",
+                "roles": [ "user" ],
+                "capabilities": [
+                    "run:transport",
+                    "run:sedimentation"
+                ]
+            }
+        ]
+    }
+]
diff --git a/values/atlantis/base/deployment_patch.yaml b/values/atlantis/base/deployment_patch.yaml
index 546c88e9..a17f569c 100644
--- a/values/atlantis/base/deployment_patch.yaml
+++ b/values/atlantis/base/deployment_patch.yaml
@@ -4,11 +4,19 @@
 - op: replace
   path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
   value: /healthz
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: INTRERNAL_PORT
-    value: "8000"
 - op: add
   path: /spec/template/spec/containers/0/envFrom
   value: []
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value:
+    name: acl
+    mountPath: /app/acl.json
+    subPath: acl.json
+    readOnly: true
+- op: add
+  path: /spec/template/spec/volumes/-
+  value:
+    name: acl
+    configMap:
+      name: petimeter-acl
diff --git a/values/atlantis/base/kustomization.yaml b/values/atlantis/base/kustomization.yaml
index 24579eee..591b8d32 100644
--- a/values/atlantis/base/kustomization.yaml
+++ b/values/atlantis/base/kustomization.yaml
@@ -1,6 +1,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: atlantis
+generatorOptions:
+  disableNameSuffixHash: true
+configmapGenerator:
+- name: petimeter-acl
+  files:
+    - acl.json
 patches:
   - target:
       version: v1
@@ -14,4 +20,4 @@ patches:
     path: ingress_patch.yaml
 resources:
   - _manifest.yaml
-  - defaultbackend.yaml
\ No newline at end of file
+  - defaultbackend.yaml
diff --git a/values/atlantis/chart b/values/atlantis/chart
deleted file mode 100644
index 82e27175..00000000
--- a/values/atlantis/chart
+++ /dev/null
@@ -1 +0,0 @@
-oceanbox/atlantis