Replicate system role assignments for custom roles in migrator

RedHatInsights · Nov 5, 2024 · 188e976 · 188e976
1 parent 3b613d6
commit 188e976
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/rbac/migration_tool/migrate.py b/rbac/migration_tool/migrate.py
@@ -18,8 +18,11 @@
 import logging
 from typing import Iterable
 
+from django.db import transaction
+
 from kessel.relations.v1beta1 import common_pb2
-from management.models import Workspace
+from management.group.relation_api_dual_write_group_handler import RelationApiDualWriteGroupHandler
+from management.models import Group, Workspace
 from management.principal.model import Principal
 from management.relation_replicator.logging_replicator import LoggingReplicator
 from management.relation_replicator.outbox_replicator import OutboxReplicator
@@ -152,6 +155,18 @@ def migrate_data_for_tenant(tenant: Tenant, exclude_apps: list, replicator: Rela
         logger.info(f"Migration completed for role: {role.name} with UUID {role.uuid}.")
     logger.info(f"Migrated {roles.count()} roles for tenant: {tenant.org_id}")
 
+    public_default_roles = Role.objects.filter(platform_default=True, tenant=Tenant.objects.get(tenant_name="public"))
+
+
+    with transaction.atomic():
+        for group in tenant.group_set.all():
+            dual_write_handler = RelationApiDualWriteGroupHandler(group, ReplicationEventType.CUSTOMIZE_DEFAULT_GROUP)
+            if group.platform_default is True:
+                dual_write_handler.generate_relations_to_add_roles(public_default_roles)
+            system_roles = group.roles().filter(system=True)
+            dual_write_handler.generate_relations_to_add_roles(system_roles)
+            dual_write_handler.replicate()
+
 
 def migrate_data(exclude_apps: list = [], orgs: list = [], write_relationships: str = "False"):
     """Migrate all data for all tenants."""