Skip to content

[Command] [Feature] Migrate Environment Data #100

Open
Open
[Command] [Feature] Migrate Environment Data#100
Assignees
daveads
@gemanor

Description

@gemanor
gemanor
opened on Apr 11, 2025

This command should allow developers to migrate all their data from one environment to another. It should work as a standalone command and also be added as an optional flag to the permit env copy command when a --data-migration flag is appear.

Implementation Details

  • Command is: permit env data-migration
    • Besides the main command, the flow will happen if the flag --data-migration is featured in the permit env copy command
  • Command gets the source and target environment keys/names as arguments. If they do not exist, a wizard will questionnaire the user for them
  • If the source/target environments do not exist, the command will fail
  • By default, the command will override data and will not fail the flow if the data exists in the target environment
  • Auth scope here should be project
  • The command will copy the following data from one environment to another:
    • Users
    • Tenants
    • Role assignment of users (both top-level and resource-level roles)
    • User attributes
    • Resource instances
    • Resource attributes
    • Relationship tuples of resources
  • The API calls should iterate the whole data in the Permit environment using the pagination in the API and copy all the data
  • There's a need for a short investigation about the order of the data copy so it will not fail on non-existent data in the target
    environment
  • Command output should be a summary of the success/failed number of each type of entity migrated
  • Command arguments:
    • --source - the environment to copy from
    • --target - the environment to copy to
    • --skip-resources - to copy only users and skip the resource instances, attributes, and tuples
    • --skip-users - copy only resources and not users, role assignments, and attributes
    • --conflict-strategy - can be override or fail (default to override). In case of fail, single migration calls should fail, not the whole operation.

Sub Takss / PR

Here's a recommended sub-tasks plan for the issue:

  • Create a basic command that copies users and top-level role assignments from one environment to another
  • Ensure the operation is encapsulated in a hook, and make it work from the permit env copy command too
  • Create comprehensive data sets in the Permit environment to test migration edge cases. Put special effort into data dependency cases (for example, resource-level role assignment where the resource instance doesn't exist yet). Share the data migration operation order in the code/hook.
  • Expand the operation to support also resource instances
  • Ensure user/resource attributes are migrated and fix bugs if there are any
  • Add/Ensure support in resource-level roles
  • Add/Ensure support in user/resource attributes
  • Add/Ensure support in relationship tuples

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions