diff --git a/Makefile b/Makefile
index 2535de9a46..08633ed4b8 100644
--- a/Makefile
+++ b/Makefile
@@ -76,9 +76,6 @@ PUBLISH_PLATFORM_ARCH := linux/amd64,linux/arm64
# Skip image scanning by default to make building images substantially faster
SCAN_IMAGES := false
-# Clear all data from the API on a retest run, usually to clear up after a failure. Set false to preserve
-CLEAR_API_DATA ?= true
-
# Init the file that is used to hold the image tag cross-reference table
$(shell >build.txt)
$(shell >scan.txt)
@@ -526,7 +523,6 @@ k3d/test: k3d/setup
USE_CALICO_CNI=false \
LAGOON_SSH_PORTAL_LOADBALANCER=$(LAGOON_SSH_PORTAL_LOADBALANCER) \
LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD=enabled \
- CLEAR_API_DATA=$(CLEAR_API_DATA) \
&& docker run --rm --network host --name ct-$(CI_BUILD_TAG) \
--volume "$$(pwd)/test-suite-run.ct.yaml:/etc/ct/ct.yaml" \
--volume "$$(pwd):/workdir" \
@@ -729,7 +725,6 @@ k3d/retest:
USE_CALICO_CNI=false \
LAGOON_SSH_PORTAL_LOADBALANCER=$(LAGOON_SSH_PORTAL_LOADBALANCER) \
LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD=enabled \
- CLEAR_API_DATA=$(CLEAR_API_DATA) \
&& docker run --rm --network host --name ct-$(CI_BUILD_TAG) \
--volume "$$(pwd)/test-suite-run.ct.yaml:/etc/ct/ct.yaml" \
--volume "$$(pwd):/workdir" \
diff --git a/docs/interacting/rbac.md b/docs/interacting/rbac.md
index 1b0ab8444f..a275e3799a 100644
--- a/docs/interacting/rbac.md
+++ b/docs/interacting/rbac.md
@@ -389,7 +389,6 @@ Here is a table that lists the roles and the access they have:
| addKubernetes | kubernetes | add | |
| updateKubernetes | kubernetes | update | |
| deleteKubernetes | kubernetes | delete | |
- | deleteAllKubernetes| kubernetes | deleteAll | |
| getAllOpenshifts | openshift | viewAll | |
| getAllProjects | project | viewAll | |
| addSshKey | ssh\_key | add | userID |
@@ -519,19 +518,10 @@ Here is a table that lists the roles and the access they have:
| **Name** | **Resource** | **Scope** | **Attributes** |
| :--- | :--- | :--- | :--- |
- | deleteAllBackups | backup | deleteAll | |
- | deleteAllEnvironments | environment | deleteAll | |
| getEnvironmentStorageMonthBy
EnvironmentId | environment | storage | |
| getEnvironmentHoursMonthBy
EnvironmentId | environment | storage | |
| getEnvironmentHitsMonthBy
EnvironmentId | environment | storage | |
- | deleteAllGroups | group | deleteAll | |
- | deleteAllNotificationSlacks | notification | deleteAll | |
- | removeAllNotificationsFrom
AllProjects | notification | removeAll | |
| getAllOpenshifts | openshift | viewAll | |
- | deleteAllProjects | project | deleteAll | |
- | deleteAllSshKeys | ssh\_key | deleteAll | |
- | removeAllSshKeysFromAllUsers | ssh\_key | removeAll | |
- | deleteAllUsers | user | deleteAll | |
| addOrUpdateEnvironment
Storage | environment | storage | |
| addNotificationSlack | notification | add | |
| updateNotificationSlack | notification | update | |
@@ -539,7 +529,6 @@ Here is a table that lists the roles and the access they have:
| addKubernetes | kubernetes | add | |
| updateKubernetes | kubernetes | update | |
| deleteKubernetes | kubernetes | delete | |
- | deleteAllKubernetes| kubernetes | deleteAll | |
| getAllProjects | project | viewAll | |
| addSshKey | ssh\_key | add | userID |
| updateSshKey | ssh\_key | update | userID |
diff --git a/docs/ja/interacting/rbac.md b/docs/ja/interacting/rbac.md
index adb472b7b8..ddf6448220 100644
--- a/docs/ja/interacting/rbac.md
+++ b/docs/ja/interacting/rbac.md
@@ -389,7 +389,6 @@ Lagoon バージョン 1.0 では、プロジェクトへのアクセス方法
| addKubernetes | kubernetes | add | |
| updateKubernetes | kubernetes | update | |
| deleteKubernetes | kubernetes | delete | |
- | deleteAllKubernetes| kubernetes | deleteAll | |
| getAllOpenshifts | openshift | viewAll | |
| getAllProjects | project | viewAll | |
| addSshKey | ssh\_key | add | userID |
@@ -519,19 +518,10 @@ Lagoon バージョン 1.0 では、プロジェクトへのアクセス方法
| **名前** | **リソース** | **スコープ** | **属性** |
| :--- | :--- | :--- | :--- |
- | deleteAllBackups | backup | deleteAll | |
- | deleteAllEnvironments | environment | deleteAll | |
| getEnvironmentStorageMonthBy
EnvironmentId | environment | storage | |
| getEnvironmentHoursMonthBy
EnvironmentId | environment | storage | |
| getEnvironmentHitsMonthBy
EnvironmentId | environment | storage | |
- | deleteAllGroups | group | deleteAll | |
- | deleteAllNotificationSlacks | notification | deleteAll | |
- | removeAllNotificationsFrom
AllProjects | notification | removeAll | |
| getAllOpenshifts | openshift | viewAll | |
- | deleteAllProjects | project | deleteAll | |
- | deleteAllSshKeys | ssh\_key | deleteAll | |
- | removeAllSshKeysFromAllUsers | ssh\_key | removeAll | |
- | deleteAllUsers | user | deleteAll | |
| addOrUpdateEnvironment
Storage | environment | storage | |
| addNotificationSlack | notification | add | |
| updateNotificationSlack | notification | update | |
@@ -539,7 +529,6 @@ Lagoon バージョン 1.0 では、プロジェクトへのアクセス方法
| addKubernetes | kubernetes | add | |
| updateKubernetes | kubernetes | update | |
| deleteKubernetes | kubernetes | delete | |
- | deleteAllKubernetes| kubernetes | deleteAll | |
| getAllProjects | project | viewAll | |
| addSshKey | ssh\_key | add | userID |
| updateSshKey | ssh\_key | update | userID |
diff --git a/local-dev/api-data-watcher-pusher/api-data/00-clear-api-data.gql b/local-dev/api-data-watcher-pusher/api-data/00-clear-api-data.gql
deleted file mode 100644
index 551d34731f..0000000000
--- a/local-dev/api-data-watcher-pusher/api-data/00-clear-api-data.gql
+++ /dev/null
@@ -1,18 +0,0 @@
-mutation ClearApiData {
- # Remove everything from API
-
- # First, remove all relations between entities...
- RemoveAllNotificationsFromAllProjects: removeAllNotificationsFromAllProjects
- RemoveAllSshKeysFromAllUsers: removeAllSshKeysFromAllUsers
-
- # ...then delete the entities themselves
- DeleteAllEnvironments: deleteAllEnvironments
- DeleteAllNotificationSlacks: deleteAllNotificationSlacks
- DeleteAllNotificationRocketChats: deleteAllNotificationRocketChats
- DeleteAllOpenshifts: deleteAllOpenshifts
- DeleteAllProjects: deleteAllProjects
- DeleteAllSshKeys: deleteAllSshKeys
- DeleteAllUsers: deleteAllUsers
- DeleteAllBackups: deleteAllBackups
- DeleteAllGroups: deleteAllGroups
-}
diff --git a/local-dev/api-data-watcher-pusher/data-init-push.sh b/local-dev/api-data-watcher-pusher/data-init-push.sh
index db6d03e85d..8c1cd0d154 100755
--- a/local-dev/api-data-watcher-pusher/data-init-push.sh
+++ b/local-dev/api-data-watcher-pusher/data-init-push.sh
@@ -3,7 +3,6 @@
# inject variables from environment into the GQL template
envsubst '$GIT_HOST $GIT_PORT $INGRESS_IP $CONSOLE_URL $TOKEN' < /home/api-data/03-populate-api-data-ci-local-control-k8s.gql | sponge /home/api-data/03-populate-api-data-ci-local-control-k8s.gql
-clear_gql_file_path="/home/api-data/00-clear-api-data.gql"
populate_demo_lagoon_gql_file_path="/home/api-data/01-populate-api-data-lagoon-demo.gql"
populate_demo_lagoon_org_gql_file_path="/home/api-data/02-populate-api-data-lagoon-demo-org.gql"
populate_ci_local_control_k8s_gql_file_path="/home/api-data/03-populate-api-data-ci-local-control-k8s.gql"
@@ -55,12 +54,6 @@ send_task_data() {
# Waiting for the API to be ready
wait_for_services
-# Optionally clear *some* API data prior to reloading - not really necessary any more
-if expr "$CLEAR_API_DATA" : '[Tt][Rr][Uu][Ee]' > /dev/null; then
- echo "Clearing Lagoon data first"
- send_graphql_query $clear_gql_file_path
-fi
-
# Create the lagoon-demo project and associated users, groups, deployments, tasks etc
send_graphql_query $populate_demo_lagoon_gql_file_path
diff --git a/services/api/src/mocks.js b/services/api/src/mocks.js
index 9112901fe0..f96f9b4d8a 100644
--- a/services/api/src/mocks.js
+++ b/services/api/src/mocks.js
@@ -643,52 +643,40 @@ mocks.Mutation = () => ({
addOrUpdateEnvironment: () => mocks.Environment(),
updateEnvironment: () => mocks.Environment(),
deleteEnvironment: () => faker.random.arrayElement(['success', `Error: unknown deploy type ${mocks.DeployType()}`]),
- deleteAllEnvironments: () => 'success',
addOrUpdateEnvironmentStorage: () => mocks.EnvironmentStorage(),
addNotificationSlack: () => mocks.NotificationSlack(),
updateNotificationSlack: () => mocks.NotificationSlack(),
deleteNotificationSlack: () => faker.random.arrayElement(['success', "Can't delete notification linked to projects"]),
- deleteAllNotificationSlacks: () => 'success',
addNotificationRocketChat: () => mocks.NotificationRocketChat(),
updateNotificationRocketChat: () => mocks.NotificationRocketChat(),
deleteNotificationRocketChat: () => faker.random.arrayElement(['success', "Can't delete notification linked to projects"]),
- deleteAllNotificationRocketChats: () => 'success',
addNotificationMicrosoftTeams: () => mocks.NotificationMicrosoftTeams(),
updateNotificationMicrosoftTeams: () => mocks.NotificationMicrosoftTeams(),
deleteNotificationMicrosoftTeams: () => faker.random.arrayElement(['success', "Can't delete notification linked to projects"]),
- deleteAllNotificationMicrosoftTeams: () => 'success',
addNotificationEmail: () => mocks.NotificationEmail(),
updateNotificationEmail: () => mocks.NotificationEmail(),
deleteNotificationEmail: () => faker.random.arrayElement(['success', "Can't delete notification linked to projects"]),
- deleteAllNotificationEmails: () => 'success',
addNotificationToProject: () => mocks.Project(),
removeNotificationFromProject: () => mocks.Project(),
- removeAllNotificationsFromAllProjects: () => 'success',
addOpenshift: () => mocks.Openshift(),
updateOpenshift: () => mocks.Openshift(),
deleteOpenshift: () => 'success',
- deleteAllOpenshifts: () => 'success',
addProject: () => mocks.Project(),
updateProject: () => mocks.Project(),
deleteProject: () => 'success',
- deleteAllProjects: () => 'success',
addSshKey: () => mocks.SshKey(),
updateSshKey: () => mocks.SshKey(),
deleteSshKey: () => 'success',
deleteSshKeyById: () => 'success',
- deleteAllSshKeys: () => 'success',
- removeAllSshKeysFromAllUsers: () => 'success',
addUser: () => mocks.User(),
updateUser: () => mocks.User(),
deleteUser: () => 'success',
- deleteAllUsers: () => 'success',
addDeployment: () => mocks.Deployment(),
deleteDeployment: () => 'success',
updateDeployment: () => mocks.Deployment(),
cancelDeployment: () => faker.random.arrayElement(['success', 'Deployment not cancelled, reason: Too slow.']),
addBackup: () => mocks.Backup(),
deleteBackup: () => 'success',
- deleteAllBackups: () => 'success',
addRestore: () => mocks.Restore(),
updateRestore: () => mocks.Restore(),
addEnvVariable: () => mocks.EnvKeyValue(),
@@ -714,7 +702,6 @@ mocks.Mutation = () => ({
addGroup: () => mocks.Group(),
updateGroup: () => mocks.Group(),
deleteGroup: () => 'success',
- deleteAllGroups: () => 'success',
addUserToGroup: () => mocks.Group(),
removeUserFromGroup: () => mocks.Group(),
addGroupsToProject: () => mocks.Project(),
diff --git a/services/api/src/models/group.ts b/services/api/src/models/group.ts
index 9c7f0117c0..bbbed3bcd1 100644
--- a/services/api/src/models/group.ts
+++ b/services/api/src/models/group.ts
@@ -258,7 +258,7 @@ export const Group = (clients: {
// briefRepresentation pulls all the group information from keycloak including the attributes
// this means we don't need to iterate over all the groups one by one anymore to get the full group information
const fullGroups = await keycloakAdminClient.groups.find({briefRepresentation: false});
- // no need to transform, just return the full response, only the `allGroups` and `deleteAllGroups` resolvers use this
+ // no need to transform, just return the full response, only the `allGroups` resolvers use this
// and the `sync-groups-opendistro-security` consumption of this helper sync script is going to
// go away in the future when we move to the `lagoon-opensearch-sync` supporting service
return fullGroups;
diff --git a/services/api/src/resolvers.js b/services/api/src/resolvers.js
index dc0556b0d7..31f80167a0 100644
--- a/services/api/src/resolvers.js
+++ b/services/api/src/resolvers.js
@@ -120,7 +120,6 @@ const {
getEnvironmentsByProjectId,
updateEnvironment,
getAllEnvironments,
- deleteAllEnvironments,
userCanSshToEnvironment,
getEnvironmentUrl,
getEnvironmentsByKubernetes,
@@ -161,12 +160,6 @@ const {
addNotificationEmail,
updateNotificationEmail,
deleteNotificationEmail,
- deleteAllNotificationEmails,
- deleteAllNotificationSlacks,
- deleteAllNotificationMicrosoftTeams,
- deleteAllNotificationRocketChats,
- deleteAllNotificationWebhook,
- removeAllNotificationsFromAllProjects,
} = require('./resources/notification/resolvers');
const {
@@ -178,7 +171,6 @@ const {
getOpenshiftByEnvironmentId,
getProjectUser,
updateOpenshift,
- deleteAllOpenshifts,
getToken,
getConsoleUrl,
getMonitoringConfig,
@@ -194,7 +186,6 @@ const {
getProjectsByMetadata,
getAllProjects,
updateProject,
- deleteAllProjects,
getProjectUrl,
updateProjectMetadata,
removeProjectMetadataByKey,
@@ -208,8 +199,6 @@ const {
updateSshKey,
deleteSshKey,
deleteSshKeyById,
- deleteAllSshKeys,
- removeAllSshKeysFromAllUsers
} = require('./resources/sshKey/resolvers');
const {
@@ -222,7 +211,6 @@ const {
removeUserFromOrganization,
resetUserPassword,
deleteUser,
- deleteAllUsers,
getAllUsers,
getUserByEmail,
} = require('./resources/user/resolvers');
@@ -237,7 +225,6 @@ const {
getAllProjectsByGroupId,
updateGroup,
deleteGroup,
- deleteAllGroups,
addUserToGroup,
removeUserFromGroup,
addGroupsToProject,
@@ -282,7 +269,6 @@ const {
addBackup,
getBackupsByEnvironmentId,
deleteBackup,
- deleteAllBackups,
addRestore,
getRestoreByBackupId,
updateRestore,
@@ -616,7 +602,6 @@ const resolvers = {
addOrUpdateEnvironment,
updateEnvironment,
deleteEnvironment,
- deleteAllEnvironments,
addOrUpdateEnvironmentStorage,
addOrUpdateStorageOnEnvironment: addOrUpdateEnvironmentStorage,
addNotificationSlack,
@@ -625,50 +610,38 @@ const resolvers = {
addNotificationWebhook,
updateNotificationWebhook,
deleteNotificationWebhook,
- deleteAllNotificationSlacks,
- deleteAllNotificationWebhook,
addNotificationRocketChat,
updateNotificationRocketChat,
deleteNotificationRocketChat,
- deleteAllNotificationRocketChats,
addNotificationMicrosoftTeams,
updateNotificationMicrosoftTeams,
deleteNotificationMicrosoftTeams,
- deleteAllNotificationMicrosoftTeams,
addNotificationEmail,
updateNotificationEmail,
deleteNotificationEmail,
- deleteAllNotificationEmails,
addNotificationToProject,
removeNotificationFromProject,
- removeAllNotificationsFromAllProjects,
addOpenshift,
updateOpenshift,
deleteOpenshift,
- deleteAllOpenshifts,
addKubernetes: addOpenshift,
updateKubernetes: updateOpenshift,
deleteKubernetes: deleteOpenshift,
- deleteAllKubernetes: deleteAllOpenshifts,
addProject,
updateProject,
deleteProject,
- deleteAllProjects,
updateProjectMetadata,
removeProjectMetadataByKey,
addSshKey,
updateSshKey,
deleteSshKey,
deleteSshKeyById,
- deleteAllSshKeys,
- removeAllSshKeysFromAllUsers,
addUser,
updateUser,
addUserToOrganization,
removeUserFromOrganization,
resetUserPassword,
deleteUser,
- deleteAllUsers,
addDeployment,
deleteDeployment,
updateDeployment,
@@ -676,7 +649,6 @@ const resolvers = {
bulkDeployEnvironmentLatest,
addBackup,
deleteBackup,
- deleteAllBackups,
addRestore,
updateRestore,
addEnvVariable,
@@ -709,7 +681,6 @@ const resolvers = {
addGroup,
updateGroup,
deleteGroup,
- deleteAllGroups,
addUserToGroup,
removeUserFromGroup,
addGroupsToProject,
diff --git a/services/api/src/resources/backup/resolvers.ts b/services/api/src/resources/backup/resolvers.ts
index a4924d1227..5d14712096 100644
--- a/services/api/src/resources/backup/resolvers.ts
+++ b/services/api/src/resources/backup/resolvers.ts
@@ -228,21 +228,6 @@ export const deleteBackup: ResolverFn = async (
return 'success';
};
-export const deleteAllBackups: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission, userActivityLogger }
-) => {
- await hasPermission('backup', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateBackup());
-
- userActivityLogger(`User deleted all backups`);
-
- // TODO: Check rows for success
- return 'success';
-};
-
export const addRestore: ResolverFn = async (
root,
{ input: { id, backupId, status, restoreLocation, created, execute } },
diff --git a/services/api/src/resources/environment/resolvers.ts b/services/api/src/resources/environment/resolvers.ts
index 7878a39d25..b8d923c34e 100644
--- a/services/api/src/resources/environment/resolvers.ts
+++ b/services/api/src/resources/environment/resolvers.ts
@@ -720,27 +720,6 @@ export const getAllEnvironments: ResolverFn = async (
return withK8s;
};
-export const deleteAllEnvironments: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission, userActivityLogger }
-) => {
- await hasPermission('environment', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateEnvironment());
-
- userActivityLogger(`User deleted all environments'`, {
- project: '',
- event: 'api:deleteAllEnvironments',
- payload: {
- args
- }
- });
-
- // TODO: Check rows for success
- return 'success';
-};
-
// @deprecated in favor of addOrUpdateEnvironmentService and deleteEnvironmentService, will eventually be removed
export const setEnvironmentServices: ResolverFn = async (
root,
diff --git a/services/api/src/resources/group/resolvers.ts b/services/api/src/resources/group/resolvers.ts
index d0526ccfc8..f91d138b54 100644
--- a/services/api/src/resources/group/resolvers.ts
+++ b/services/api/src/resources/group/resolvers.ts
@@ -510,30 +510,6 @@ export const deleteGroup: ResolverFn = async (
return 'success';
};
-export const deleteAllGroups: ResolverFn = async (
- _root,
- _args,
- { models, hasPermission }
-) => {
- await hasPermission('group', 'deleteAll');
-
- const allGroups = await models.GroupModel.loadAllGroups();
- const groups = await models.GroupModel.transformKeycloakGroups(allGroups);
-
- let deleteErrors: String[] = [];
- for (const group of groups) {
- try {
- await models.GroupModel.deleteGroup(group.id);
- } catch (err) {
- deleteErrors = [...deleteErrors, `${group.name} (${group.id})`];
- }
- }
-
- return R.ifElse(R.isEmpty, R.always('success'), deleteErrors => {
- throw new Error(`Could not delete groups: ${deleteErrors.join(', ')}`);
- })(deleteErrors);
-};
-
export const addUserToGroup: ResolverFn = async (
_root,
{ input: { user: userInput, group: groupInput, role } },
diff --git a/services/api/src/resources/notification/resolvers.ts b/services/api/src/resources/notification/resolvers.ts
index faa5980b79..e2c5a09427 100644
--- a/services/api/src/resources/notification/resolvers.ts
+++ b/services/api/src/resources/notification/resolvers.ts
@@ -696,84 +696,6 @@ export const updateNotificationSlack: ResolverFn = async (
return R.prop(0, rows);
};
-export const deleteAllNotificationSlacks: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission }
-) => {
- await hasPermission('notification', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateNotificationSlack());
-
- // TODO: Check rows for success
- return 'success';
-};
-
-export const deleteAllNotificationEmails: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission }
-) => {
- await hasPermission('notification', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateNotificationEmail());
-
- // TODO: Check rows for success
- return 'success';
-};
-
-export const deleteAllNotificationRocketChats: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission }
-) => {
- await hasPermission('notification', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateNotificationRocketchat());
-
- // TODO: Check rows for success
- return 'success';
-};
-
-export const deleteAllNotificationMicrosoftTeams: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission }
-) => {
- await hasPermission('notification', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateNotificationMicrosoftTeams());
-
- // TODO: Check rows for success
- return 'success';
-};
-
-export const deleteAllNotificationWebhook: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission },
-) => {
- await hasPermission('notification', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateNotificationWebhook());
-
- // TODO: Check rows for success
- return 'success';
-};
-
-export const removeAllNotificationsFromAllProjects: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission }
-) => {
- await hasPermission('notification', 'removeAll');
-
- await query(sqlClientPool, Sql.truncateProjectNotification());
-
- // TODO: Check rows for success
- return 'success';
-};
-
export const getAllNotifications: ResolverFn = async (
root,
args,
diff --git a/services/api/src/resources/openshift/resolvers.ts b/services/api/src/resources/openshift/resolvers.ts
index 6e9aafc8c5..c3734dd34d 100644
--- a/services/api/src/resources/openshift/resolvers.ts
+++ b/services/api/src/resources/openshift/resolvers.ts
@@ -213,22 +213,3 @@ export const updateOpenshift: ResolverFn = async (
return R.prop(0, rows);
};
-
-export const deleteAllOpenshifts: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission, userActivityLogger }
-) => {
- await hasPermission('openshift', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateOpenshift());
-
- userActivityLogger(`User deleted all openshifts`, {
- project: '',
- event: 'api:updateOpenshift',
- payload: { }
- });
-
- // TODO: Check rows for success
- return 'success';
-};
diff --git a/services/api/src/resources/project/resolvers.ts b/services/api/src/resources/project/resolvers.ts
index e87fe56fc3..673e95179f 100644
--- a/services/api/src/resources/project/resolvers.ts
+++ b/services/api/src/resources/project/resolvers.ts
@@ -934,33 +934,6 @@ export const updateProject: ResolverFn = async (
return Helpers(sqlClientPool).getProjectById(id);
};
-export const deleteAllProjects: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission, userActivityLogger }
-) => {
- await hasPermission('project', 'deleteAll');
-
- const projectNames = await Helpers(sqlClientPool).getAllProjectNames();
-
- await query(sqlClientPool, Sql.truncateProject());
-
- for (const name of projectNames) {
- await KeycloakOperations.deleteGroup(name);
- }
-
- userActivityLogger(`User deleted all projects`, {
- project: '',
- event: 'api:deleteAllProjects',
- payload: {
- ...args
- }
- });
-
- // TODO: Check rows for success
- return 'success';
-};
-
export const removeProjectMetadataByKey: ResolverFn = async (
root,
{ input: { id, key } },
diff --git a/services/api/src/resources/sshKey/resolvers.ts b/services/api/src/resources/sshKey/resolvers.ts
index 1e6cd88177..1126842b42 100644
--- a/services/api/src/resources/sshKey/resolvers.ts
+++ b/services/api/src/resources/sshKey/resolvers.ts
@@ -4,6 +4,7 @@ import { query, isPatchEmpty } from '../../util/db';
import { validateSshKey, getSshKeyFingerprint } from '.';
import { Sql } from './sql';
+const ENABLE_DANGEROUS_GRAPHQL_MUTATIONS = process.env.ENABLE_DANGEROUS_GRAPHQL_MUTATIONS || "false"
const formatSshKey = ({ keyType, keyValue }) => `${keyType} ${keyValue}`;
@@ -278,29 +279,3 @@ export const deleteSshKeyById: ResolverFn = async (
return 'success';
};
-
-export const deleteAllSshKeys: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission }
-) => {
- await hasPermission('ssh_key', 'deleteAll');
-
- await query(sqlClientPool, Sql.truncateSshKey());
-
- // TODO: Check rows for success
- return 'success';
-};
-
-export const removeAllSshKeysFromAllUsers: ResolverFn = async (
- root,
- args,
- { sqlClientPool, hasPermission }
-) => {
- await hasPermission('ssh_key', 'removeAll');
-
- await query(sqlClientPool, Sql.truncateUserSshKey());
-
- // TODO: Check rows for success
- return 'success';
-};
diff --git a/services/api/src/resources/user/resolvers.ts b/services/api/src/resources/user/resolvers.ts
index d9e239217b..16bebc8a00 100644
--- a/services/api/src/resources/user/resolvers.ts
+++ b/services/api/src/resources/user/resolvers.ts
@@ -318,31 +318,3 @@ export const removeUserFromOrganization: ResolverFn = async (
return organizationData;
};
-
-export const deleteAllUsers: ResolverFn = async (
- _root,
- _args,
- { models, hasPermission },
-) => {
- await hasPermission('user', 'deleteAll');
-
- const users = await models.UserModel.loadAllUsers();
-
- let deleteErrors: String[] = [];
- for (const user of users) {
- try {
- await models.UserModel.deleteUser(user.id)
- } catch (err) {
- deleteErrors = [
- ...deleteErrors,
- `${user.email} (${user.id})`,
- ]
- }
- }
-
- return R.ifElse(
- R.isEmpty,
- R.always('success'),
- deleteErrors => { throw new Error(`Could not delete users: ${deleteErrors.join(', ')}`) },
- )(deleteErrors);
-};
diff --git a/services/api/src/typeDefs.js b/services/api/src/typeDefs.js
index 59a4dc97d5..07e059029f 100644
--- a/services/api/src/typeDefs.js
+++ b/services/api/src/typeDefs.js
@@ -2316,7 +2316,6 @@ const typeDefs = gql`
addOrUpdateEnvironment(input: AddEnvironmentInput!): Environment
updateEnvironment(input: UpdateEnvironmentInput!): Environment
deleteEnvironment(input: DeleteEnvironmentInput!): String
- deleteAllEnvironments: String
"""
Add or update Storage Information for Environment
"""
@@ -2331,7 +2330,6 @@ const typeDefs = gql`
input: UpdateNotificationSlackInput!
): NotificationSlack
deleteNotificationSlack(input: DeleteNotificationSlackInput!): String
- deleteAllNotificationSlacks: String
addNotificationRocketChat(
input: AddNotificationRocketChatInput!
): NotificationRocketChat
@@ -2341,7 +2339,6 @@ const typeDefs = gql`
deleteNotificationRocketChat(
input: DeleteNotificationRocketChatInput!
): String
- deleteAllNotificationRocketChats: String
addNotificationMicrosoftTeams(
input: AddNotificationMicrosoftTeamsInput!
): NotificationMicrosoftTeams
@@ -2351,7 +2348,6 @@ const typeDefs = gql`
deleteNotificationMicrosoftTeams(
input: DeleteNotificationMicrosoftTeamsInput!
): String
- deleteAllNotificationMicrosoftTeams: String
addNotificationWebhook(
input: AddNotificationWebhookInput!
): NotificationWebhook
@@ -2361,7 +2357,6 @@ const typeDefs = gql`
deleteNotificationWebhook(
input: DeleteNotificationWebhookInput!
): String
- deleteAllNotificationWebhook: String
addNotificationEmail(
input: AddNotificationEmailInput!
): NotificationEmail
@@ -2371,7 +2366,6 @@ const typeDefs = gql`
deleteNotificationEmail(
input: DeleteNotificationEmailInput!
): String
- deleteAllNotificationEmails: String
"""
Connect previous created Notification to a Project
"""
@@ -2379,25 +2373,19 @@ const typeDefs = gql`
removeNotificationFromProject(
input: RemoveNotificationFromProjectInput!
): Project
- removeAllNotificationsFromAllProjects: String
addOpenshift(input: AddOpenshiftInput!): Openshift
updateOpenshift(input: UpdateOpenshiftInput!): Openshift
deleteOpenshift(input: DeleteOpenshiftInput!): String
- deleteAllOpenshifts: String
addKubernetes(input: AddKubernetesInput!): Kubernetes
updateKubernetes(input: UpdateKubernetesInput!): Kubernetes
deleteKubernetes(input: DeleteKubernetesInput!): String
- deleteAllKubernetes: String
addProject(input: AddProjectInput!): Project
updateProject(input: UpdateProjectInput!): Project
deleteProject(input: DeleteProjectInput!): String
- deleteAllProjects: String
addSshKey(input: AddSshKeyInput!): SshKey
updateSshKey(input: UpdateSshKeyInput!): SshKey
deleteSshKey(input: DeleteSshKeyInput!): String
deleteSshKeyById(input: DeleteSshKeyByIdInput!): String
- deleteAllSshKeys: String
- removeAllSshKeysFromAllUsers: String
addUser(input: AddUserInput!): User
updateUser(input: UpdateUserInput!): User
"""
@@ -2412,7 +2400,6 @@ const typeDefs = gql`
removeUserFromOrganization(input: addUserToOrganizationInput!): Organization
resetUserPassword(input: ResetUserPasswordInput!): String
deleteUser(input: DeleteUserInput!): String
- deleteAllUsers: String
addDeployment(input: AddDeploymentInput!): Deployment
bulkDeployEnvironmentLatest(input: BulkDeploymentLatestInput!): String
deleteDeployment(input: DeleteDeploymentInput!): String
@@ -2433,7 +2420,6 @@ const typeDefs = gql`
deleteFactReference(input: DeleteFactReferenceInput!): String
deleteAllFactReferencesByFactId(input: DeleteFactReferencesByFactIdInput!): String
deleteBackup(input: DeleteBackupInput!): String
- deleteAllBackups: String
addRestore(input: AddRestoreInput!): Restore
updateRestore(input: UpdateRestoreInput!): Restore
addEnvVariable(input: EnvVariableInput!): EnvKeyValue @deprecated(reason: "Use addOrUpdateEnvVariableByName instead")
@@ -2475,7 +2461,6 @@ const typeDefs = gql`
addGroup(input: AddGroupInput!): GroupInterface
updateGroup(input: UpdateGroupInput!): GroupInterface
deleteGroup(input: DeleteGroupInput!): String
- deleteAllGroups: String
addUserToGroup(input: UserGroupRoleInput!): GroupInterface
removeUserFromGroup(input: UserGroupInput!): GroupInterface
addGroupsToProject(input: ProjectGroupsInput): Project
@@ -2490,7 +2475,6 @@ const typeDefs = gql`
addDeployTargetConfig(input: AddDeployTargetConfigInput!): DeployTargetConfig @deprecated(reason: "Unstable API, subject to breaking changes in any release. Use at your own risk")
updateDeployTargetConfig(input: UpdateDeployTargetConfigInput!): DeployTargetConfig @deprecated(reason: "Unstable API, subject to breaking changes in any release. Use at your own risk")
deleteDeployTargetConfig(input: DeleteDeployTargetConfigInput!): String @deprecated(reason: "Unstable API, subject to breaking changes in any release. Use at your own risk")
- deleteAllDeployTargetConfigs: String @deprecated(reason: "Unstable API, subject to breaking changes in any release. Use at your own risk")
updateEnvironmentDeployTarget(environment: Int!, deployTarget: Int!): Environment
"""
Add an organization
diff --git a/services/keycloak/lagoon-realm-base-import.json b/services/keycloak/lagoon-realm-base-import.json
index 239dc06677..efc2baddc0 100644
--- a/services/keycloak/lagoon-realm-base-import.json
+++ b/services/keycloak/lagoon-realm-base-import.json
@@ -847,9 +847,6 @@
{
"name": "viewAll"
},
- {
- "name": "deleteAll"
- },
{
"name": "delete"
},
@@ -883,9 +880,6 @@
{
"name": "viewAll"
},
- {
- "name": "deleteAll"
- },
{
"name": "delete"
}
@@ -1030,18 +1024,12 @@
{
"name": "add"
},
- {
- "name": "removeAll"
- },
{
"name": "view"
},
{
"name": "update"
},
- {
- "name": "deleteAll"
- },
{
"name": "delete"
},
@@ -1063,9 +1051,6 @@
{
"name": "view"
},
- {
- "name": "deleteAll"
- },
{
"name": "delete"
}
@@ -1120,15 +1105,9 @@
{
"name": "add"
},
- {
- "name": "removeAll"
- },
{
"name": "update"
},
- {
- "name": "deleteAll"
- },
{
"name": "view:user"
},
@@ -1159,9 +1138,6 @@
{
"name": "viewAll"
},
- {
- "name": "deleteAll"
- },
{
"name": "delete"
}
@@ -1204,9 +1180,6 @@
{
"name": "storage"
},
- {
- "name": "deleteAll"
- },
{
"name": "addOrUpdate:development"
},
@@ -1288,9 +1261,6 @@
{
"name": "updateProject"
},
- {
- "name": "deleteAll"
- },
{
"name": "delete"
},
@@ -1348,9 +1318,6 @@
{
"name": "viewAll"
},
- {
- "name": "deleteAll"
- },
{
"name": "delete"
}
@@ -1615,7 +1582,7 @@
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"openshift\"]",
- "scopes": "[\"delete\",\"view:token\",\"update\",\"add\",\"deleteAll\"]",
+ "scopes": "[\"delete\",\"view:token\",\"update\",\"add\"]",
"applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]"
}
},
@@ -1828,17 +1795,6 @@
"applyPolicies": "[\"[Lagoon] User is admin of organization\",\"[Lagoon] User is owner of organization\",\"[Lagoon] Users role for realm is Platform Owner\",\"[Lagoon] User is viewer of organization\"]"
}
},
- {
- "name": "Delete All SSH Keys",
- "type": "scope",
- "logic": "POSITIVE",
- "decisionStrategy": "UNANIMOUS",
- "config": {
- "resources": "[\"ssh_key\"]",
- "scopes": "[\"removeAll\",\"deleteAll\"]",
- "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
- }
- },
{
"name": "Update Project",
"type": "scope",
@@ -1872,17 +1828,6 @@
"applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]"
}
},
- {
- "name": "Delete All Notifications",
- "type": "scope",
- "logic": "POSITIVE",
- "decisionStrategy": "UNANIMOUS",
- "config": {
- "resources": "[\"notification\"]",
- "scopes": "[\"removeAll\",\"deleteAll\"]",
- "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
- }
- },
{
"name": "View Facts",
"type": "scope",
@@ -1905,17 +1850,6 @@
"applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]"
}
},
- {
- "name": "Delete All Projects",
- "type": "scope",
- "logic": "POSITIVE",
- "decisionStrategy": "UNANIMOUS",
- "config": {
- "resources": "[\"project\"]",
- "scopes": "[\"deleteAll\"]",
- "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
- }
- },
{
"name": "Delete Deployment",
"type": "scope",
@@ -1934,7 +1868,7 @@
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"organization\"]",
- "scopes": "[\"delete\",\"update\",\"add\",\"deleteAll\"]",
+ "scopes": "[\"delete\",\"update\",\"add\"]",
"applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]"
}
},
@@ -2070,17 +2004,6 @@
"applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]"
}
},
- {
- "name": "Delete All Groups",
- "type": "scope",
- "logic": "POSITIVE",
- "decisionStrategy": "UNANIMOUS",
- "config": {
- "resources": "[\"group\"]",
- "scopes": "[\"deleteAll\"]",
- "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
- }
- },
{
"name": "User can SSH to Development Environment",
"type": "scope",
@@ -2125,17 +2048,6 @@
"applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]"
}
},
- {
- "name": "Delete All Users",
- "type": "scope",
- "logic": "POSITIVE",
- "decisionStrategy": "UNANIMOUS",
- "config": {
- "resources": "[\"user\"]",
- "scopes": "[\"deleteAll\"]",
- "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
- }
- },
{
"name": "Get User By SSH Key",
"type": "scope",
@@ -2279,17 +2191,6 @@
"applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]"
}
},
- {
- "name": "Delete All Environments",
- "type": "scope",
- "logic": "POSITIVE",
- "decisionStrategy": "UNANIMOUS",
- "config": {
- "resources": "[\"environment\"]",
- "scopes": "[\"deleteAll\"]",
- "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
- }
- },
{
"name": "Add Environment Variable to Production Environment",
"type": "scope",
@@ -2686,17 +2587,6 @@
"applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]"
}
},
- {
- "name": "Delete All Backups",
- "type": "scope",
- "logic": "POSITIVE",
- "decisionStrategy": "UNANIMOUS",
- "config": {
- "resources": "[\"backup\"]",
- "scopes": "[\"deleteAll\"]",
- "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]"
- }
- },
{
"name": "View All Projects",
"type": "scope",
@@ -2970,9 +2860,6 @@
{
"name": "view"
},
- {
- "name": "deleteAll"
- },
{
"name": "storage"
},
@@ -3030,9 +2917,6 @@
{
"name": "add"
},
- {
- "name": "removeAll"
- },
{
"name": "removeNotification"
},
diff --git a/services/keycloak/startup-scripts/00-configure-lagoon.sh b/services/keycloak/startup-scripts/00-configure-lagoon.sh
index 93f61562df..15593a86af 100755
--- a/services/keycloak/startup-scripts/00-configure-lagoon.sh
+++ b/services/keycloak/startup-scripts/00-configure-lagoon.sh
@@ -256,7 +256,7 @@ function migrate_admin_organization_permissions {
echo Configuring Organization admin permissions
- echo Delete existing organization management
+ echo Delete deleteall sshkeys
manage_organization=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Manage+Organization --config $CONFIG_PATH | jq -r '.[0]["id"]')
/opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$manage_organization --config $CONFIG_PATH
@@ -332,6 +332,71 @@ EOF
EOF
}
+function remove_deleteall_permissions_scopes {
+ # The changes here match the changes that are made in the realm import script
+ # fresh installs will not need to perform this migration as the changes will already be in the import
+ # this will only run on existing installations to get it into a state that matches the realm import
+ CLIENT_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients?clientId=api --config $CONFIG_PATH | jq -r '.[0]["id"]')
+ delete_all_projects=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+All+Projects --config $CONFIG_PATH)
+
+ if [ "$delete_all_projects" == "[ ]" ]; then
+ echo "deleteall permissions already removed"
+ return 0
+ fi
+
+ NOTIFICATION_RESOURCE_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$api_client_id/authz/resource-server/resource?name=notification --config $CONFIG_PATH | jq -r '.[0]["_id"]')
+ /opt/keycloak/bin/kcadm.sh update clients/$CLIENT_ID/authz/resource-server/resource/$NOTIFICATION_RESOURCE_ID --config $CONFIG_PATH -r ${KEYCLOAK_REALM:-master} -s 'scopes=[{"name":"add"},{"name":"delete"},{"name":"view"},{"name":"update"},{"name":"viewAll"}]'
+
+ NOTIFICATION_RESOURCE_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$api_client_id/authz/resource-server/resource?name=group --config $CONFIG_PATH | jq -r '.[0]["_id"]')
+ /opt/keycloak/bin/kcadm.sh update clients/$CLIENT_ID/authz/resource-server/resource/$NOTIFICATION_RESOURCE_ID --config $CONFIG_PATH -r ${KEYCLOAK_REALM:-master} -s 'scopes=[{"name":"addUser"},{"name":"add"},{"name":"removeUser"},{"name":"update"},{"name":"viewAll"},{"name":"delete"}]'
+
+ NOTIFICATION_RESOURCE_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$api_client_id/authz/resource-server/resource?name=backup --config $CONFIG_PATH | jq -r '.[0]["_id"]')
+ /opt/keycloak/bin/kcadm.sh update clients/$CLIENT_ID/authz/resource-server/resource/$NOTIFICATION_RESOURCE_ID --config $CONFIG_PATH -r ${KEYCLOAK_REALM:-master} -s 'scopes=[{"name":"add"},{"name":"view"},{"name":"delete"}]'
+
+ NOTIFICATION_RESOURCE_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$api_client_id/authz/resource-server/resource?name=ssh_key --config $CONFIG_PATH | jq -r '.[0]["_id"]')
+ /opt/keycloak/bin/kcadm.sh update clients/$CLIENT_ID/authz/resource-server/resource/$NOTIFICATION_RESOURCE_ID --config $CONFIG_PATH -r ${KEYCLOAK_REALM:-master} -s 'scopes=[{"name":"add"},{"name":"update"},{"name":"view:user"},{"name":"delete"},{"name":"view:project"}]'
+
+ NOTIFICATION_RESOURCE_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$api_client_id/authz/resource-server/resource?name=user --config $CONFIG_PATH | jq -r '.[0]["_id"]')
+ /opt/keycloak/bin/kcadm.sh update clients/$CLIENT_ID/authz/resource-server/resource/$NOTIFICATION_RESOURCE_ID --config $CONFIG_PATH -r ${KEYCLOAK_REALM:-master} -s 'scopes=[{"name":"add"},{"name":"getBySshKey"},{"name":"update"},{"name":"viewAll"},{"name":"delete"}]'
+
+ NOTIFICATION_RESOURCE_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$api_client_id/authz/resource-server/resource?name=environment --config $CONFIG_PATH | jq -r '.[0]["_id"]')
+ /opt/keycloak/bin/kcadm.sh update clients/$CLIENT_ID/authz/resource-server/resource/$NOTIFICATION_RESOURCE_ID --config $CONFIG_PATH -r ${KEYCLOAK_REALM:-master} -s 'scopes=[{"name":"deploy:production"},{"name":"addOrUpdate:production"},{"name":"viewAll"},{"name":"storage"},{"name":"addOrUpdate:development"},{"name":"update:development"},{"name":"ssh:development"},{"name":"delete:development"},{"name":"view"},{"name":"deploy:development"},{"name":"deleteNoExec"},{"name":"ssh:production"},{"name":"delete:production"},{"name":"update:production"}]'
+
+ NOTIFICATION_RESOURCE_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$api_client_id/authz/resource-server/resource?name=organization --config $CONFIG_PATH | jq -r '.[0]["_id"]')
+ /opt/keycloak/bin/kcadm.sh update clients/$CLIENT_ID/authz/resource-server/resource/$NOTIFICATION_RESOURCE_ID --config $CONFIG_PATH -r ${KEYCLOAK_REALM:-master} -s 'scopes=[{"name":"updateNotification"},{"name":"addUser"},{"name":"add"},{"name":"removeNotification"},{"name":"viewNotification"},{"name":"addOwner"},{"name":"updateOrganization"},{"name":"update"},{"name":"viewUser"},{"name":"viewAll"},{"name":"updateProject"},{"name":"delete"},{"name":"viewProject"},{"name":"addNotification"},{"name":"viewUsers"},{"name":"view"},{"name":"viewGroup"},{"name":"deleteProject"},{"name":"removeGroup"},{"name":"addViewer"},{"name":"addProject"},{"name":"addGroup"}]'
+
+ NOTIFICATION_RESOURCE_ID=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$api_client_id/authz/resource-server/resource?name=openshift --config $CONFIG_PATH | jq -r '.[0]["_id"]')
+ /opt/keycloak/bin/kcadm.sh update clients/$CLIENT_ID/authz/resource-server/resource/$NOTIFICATION_RESOURCE_ID --config $CONFIG_PATH -r ${KEYCLOAK_REALM:-master} -s 'scopes=[{"name":"add"},{"name":"view"},{"name":"view:token"},{"name":"update"},{"name":"viewAll"},{"name":"delete"}]'
+ echo Delete deleteall sshkeys permission
+ manage_organization=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+All+SSH Keys --config $CONFIG_PATH | jq -r '.[0]["id"]')
+ /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$manage_organization --config $CONFIG_PATH
+
+ echo Delete deleteall notifications permission
+ manage_organization=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+All+Notifications --config $CONFIG_PATH | jq -r '.[0]["id"]')
+ /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$manage_organization --config $CONFIG_PATH
+
+ echo Delete deleteall groups permission
+ manage_organization=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+All+Groups --config $CONFIG_PATH | jq -r '.[0]["id"]')
+ /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$manage_organization --config $CONFIG_PATH
+
+ echo Delete deleteall users permission
+ manage_organization=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+All+Users --config $CONFIG_PATH | jq -r '.[0]["id"]')
+ /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$manage_organization --config $CONFIG_PATH
+
+ echo Delete deleteall environments permission
+ manage_organization=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+All+Environments --config $CONFIG_PATH | jq -r '.[0]["id"]')
+ /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$manage_organization --config $CONFIG_PATH
+
+ echo Delete deleteall backups permission
+ manage_organization=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+All+Backups --config $CONFIG_PATH | jq -r '.[0]["id"]')
+ /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$manage_organization --config $CONFIG_PATH
+
+ echo Delete deleteall projects permission
+ manage_organization=$(/opt/keycloak/bin/kcadm.sh get -r lagoon clients/$CLIENT_ID/authz/resource-server/permission?name=Delete+All+Projects --config $CONFIG_PATH | jq -r '.[0]["id"]')
+ /opt/keycloak/bin/kcadm.sh delete -r lagoon clients/$CLIENT_ID/authz/resource-server/permission/$manage_organization --config $CONFIG_PATH
+
+}
+
##################
# Initialization #
##################
@@ -362,6 +427,7 @@ function configure_keycloak {
service-api_add_query-groups_permission
add_notification_view_all
migrate_admin_organization_permissions
+ remove_deleteall_permissions_scopes
# always run last
sync_client_secrets
diff --git a/services/workflows/internal/lagoonclient/schema.graphql b/services/workflows/internal/lagoonclient/schema.graphql
index c951d05ce9..28a6e3299f 100644
--- a/services/workflows/internal/lagoonclient/schema.graphql
+++ b/services/workflows/internal/lagoonclient/schema.graphql
@@ -987,7 +987,6 @@ type Mutation {
addOrUpdateEnvironment(input: AddEnvironmentInput!): Environment
updateEnvironment(input: UpdateEnvironmentInput!): Environment
deleteEnvironment(input: DeleteEnvironmentInput!): String
- deleteAllEnvironments: String
"""
Add or update Storage Information for Environment
@@ -1000,7 +999,6 @@ type Mutation {
input: UpdateNotificationSlackInput!
): NotificationSlack
deleteNotificationSlack(input: DeleteNotificationSlackInput!): String
- deleteAllNotificationSlacks: String
addNotificationRocketChat(
input: AddNotificationRocketChatInput!
): NotificationRocketChat
@@ -1010,7 +1008,6 @@ type Mutation {
deleteNotificationRocketChat(
input: DeleteNotificationRocketChatInput!
): String
- deleteAllNotificationRocketChats: String
addNotificationMicrosoftTeams(
input: AddNotificationMicrosoftTeamsInput!
): NotificationMicrosoftTeams
@@ -1020,7 +1017,6 @@ type Mutation {
deleteNotificationMicrosoftTeams(
input: DeleteNotificationMicrosoftTeamsInput!
): String
- deleteAllNotificationMicrosoftTeams: String
addNotificationWebhook(
input: AddNotificationWebhookInput!
): NotificationWebhook
@@ -1028,13 +1024,11 @@ type Mutation {
input: UpdateNotificationWebhookInput!
): NotificationWebhook
deleteNotificationWebhook(input: DeleteNotificationWebhookInput!): String
- deleteAllNotificationWebhook: String
addNotificationEmail(input: AddNotificationEmailInput!): NotificationEmail
updateNotificationEmail(
input: UpdateNotificationEmailInput!
): NotificationEmail
deleteNotificationEmail(input: DeleteNotificationEmailInput!): String
- deleteAllNotificationEmails: String
"""
Connect previous created Notification to a Project
@@ -1043,29 +1037,22 @@ type Mutation {
removeNotificationFromProject(
input: RemoveNotificationFromProjectInput!
): Project
- removeAllNotificationsFromAllProjects: String
addOpenshift(input: AddOpenshiftInput!): Openshift
updateOpenshift(input: UpdateOpenshiftInput!): Openshift
deleteOpenshift(input: DeleteOpenshiftInput!): String
- deleteAllOpenshifts: String
addKubernetes(input: AddKubernetesInput!): Kubernetes
updateKubernetes(input: UpdateKubernetesInput!): Kubernetes
deleteKubernetes(input: DeleteKubernetesInput!): String
- deleteAllKubernetes: String
addProject(input: AddProjectInput!): Project
updateProject(input: UpdateProjectInput!): Project
deleteProject(input: DeleteProjectInput!): String
- deleteAllProjects: String
addSshKey(input: AddSshKeyInput!): SshKey
updateSshKey(input: UpdateSshKeyInput!): SshKey
deleteSshKey(input: DeleteSshKeyInput!): String
deleteSshKeyById(input: DeleteSshKeyByIdInput!): String
- deleteAllSshKeys: String
- removeAllSshKeysFromAllUsers: String
addUser(input: AddUserInput!): User
updateUser(input: UpdateUserInput!): User
deleteUser(input: DeleteUserInput!): String
- deleteAllUsers: String
addDeployment(input: AddDeploymentInput!): Deployment
deleteDeployment(input: DeleteDeploymentInput!): String
updateDeployment(input: UpdateDeploymentInput): Deployment
@@ -1090,7 +1077,6 @@ type Mutation {
input: DeleteFactReferencesByFactIdInput!
): String
deleteBackup(input: DeleteBackupInput!): String
- deleteAllBackups: String
addRestore(input: AddRestoreInput!): Restore
updateRestore(input: UpdateRestoreInput!): Restore
addEnvVariable(input: EnvVariableInput!): EnvKeyValue
@@ -1129,7 +1115,6 @@ type Mutation {
addGroup(input: AddGroupInput!): GroupInterface
updateGroup(input: UpdateGroupInput!): GroupInterface
deleteGroup(input: DeleteGroupInput!): String
- deleteAllGroups: String
addUserToGroup(input: UserGroupRoleInput!): GroupInterface
removeUserFromGroup(input: UserGroupInput!): GroupInterface
addGroupsToProject(input: ProjectGroupsInput): Project
@@ -1142,10 +1127,6 @@ type Mutation {
removeGroupsFromProject(input: ProjectGroupsInput!): Project
updateProjectMetadata(input: UpdateMetadataInput!): Project
removeProjectMetadataByKey(input: RemoveMetadataInput!): Project
- addBillingModifier(input: AddBillingModifierInput!): BillingModifier
- updateBillingModifier(input: UpdateBillingModifierInput!): BillingModifier
- deleteBillingModifier(input: DeleteBillingModifierInput!): String
- deleteAllBillingModifiersByBillingGroup(input: GroupInput!): String
addDeployTargetConfig(input: AddDeployTargetConfigInput!): DeployTargetConfig
@deprecated(
reason: "Unstable API, subject to breaking changes in any release. Use at your own risk"
@@ -1160,10 +1141,6 @@ type Mutation {
@deprecated(
reason: "Unstable API, subject to breaking changes in any release. Use at your own risk"
)
- deleteAllDeployTargetConfigs: String
- @deprecated(
- reason: "Unstable API, subject to breaking changes in any release. Use at your own risk"
- )
}
union Notification =