From bc7f434c42f1d29472a3ae83bbcd31deb0cf0c14 Mon Sep 17 00:00:00 2001 From: Libor Pichler Date: Thu, 7 Nov 2024 18:58:58 +0100 Subject: [PATCH] Allow migration only on read only mode --- rbac/migration_tool/migrate.py | 5 +++++ tests/migration_tool/tests_migrate.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/rbac/migration_tool/migrate.py b/rbac/migration_tool/migrate.py index 8a695c0cf..bb11301a1 100644 --- a/rbac/migration_tool/migrate.py +++ b/rbac/migration_tool/migrate.py @@ -18,6 +18,7 @@ import logging from typing import Iterable +from django.conf import settings from django.db import transaction from kessel.relations.v1beta1 import common_pb2 from management.group.relation_api_dual_write_group_handler import RelationApiDualWriteGroupHandler @@ -154,6 +155,10 @@ def migrate_data_for_tenant(tenant: Tenant, exclude_apps: list, replicator: Rela def migrate_data(exclude_apps: list = [], orgs: list = [], write_relationships: str = "False"): """Migrate all data for all tenants.""" + if not settings.READ_ONLY_API_MODE: + logger.info("Read-only API mode is required. READ_ONLY_API_MODE must be set to true.") + return + count = 0 tenants = Tenant.objects.exclude(tenant_name="public") replicator = _get_replicator(write_relationships) diff --git a/tests/migration_tool/tests_migrate.py b/tests/migration_tool/tests_migrate.py index f6a98227c..2a18baae9 100644 --- a/tests/migration_tool/tests_migrate.py +++ b/tests/migration_tool/tests_migrate.py @@ -127,7 +127,7 @@ def setUp(self): tenant_default_policy.roles.add(self.system_role_2) self.custom_default_group = group - @override_settings(REPLICATION_TO_RELATION_ENABLED=True, PRINCIPAL_USER_DOMAIN="redhat") + @override_settings(REPLICATION_TO_RELATION_ENABLED=True, PRINCIPAL_USER_DOMAIN="redhat", READ_ONLY_API_MODE=True) @patch("management.relation_replicator.logging_replicator.logger") def test_migration_of_data(self, logger_mock): """Test that we get the correct access for a principal."""