[Command] [Feature] Migrate Environment Data

[gemanor]

This command should allow developers to migrate all their data from one environment to another. It should work as a standalone command and also be added as an optional flag to the permit env copy command when a --data-migration flag is appear.

Implementation Details

• Command is: permit env data-migration
  • Besides the main command, the flow will happen if the flag --data-migration is featured in the permit env copy command
• Command gets the source and target environment keys/names as arguments. If they do not exist, a wizard will questionnaire the user for them
• If the source/target environments do not exist, the command will fail
• By default, the command will override data and will not fail the flow if the data exists in the target environment
• Auth scope here should be project
• The command will copy the following data from one environment to another:
  • Users
  • Tenants
  • Role assignment of users (both top-level and resource-level roles)
  • User attributes
  • Resource instances
  • Resource attributes
  • Relationship tuples of resources
• The API calls should iterate the whole data in the Permit environment using the pagination in the API and copy all the data
• There's a need for a short investigation about the order of the data copy so it will not fail on non-existent data in the target
  environment
• Command output should be a summary of the success/failed number of each type of entity migrated
• Command arguments:
  • --source - the environment to copy from
  • --target - the environment to copy to
  • --skip-resources - to copy only users and skip the resource instances, attributes, and tuples
  • --skip-users - copy only resources and not users, role assignments, and attributes
  • --conflict-strategy - can be override or fail (default to override). In case of fail, single migration calls should fail, not the whole operation.

Sub Takss / PR

Here's a recommended sub-tasks plan for the issue:

• Create a basic command that copies users and top-level role assignments from one environment to another
• Ensure the operation is encapsulated in a hook, and make it work from the permit env copy command too
• Create comprehensive data sets in the Permit environment to test migration edge cases. Put special effort into data dependency cases (for example, resource-level role assignment where the resource instance doesn't exist yet). Share the data migration operation order in the code/hook.
• Expand the operation to support also resource instances
• Ensure user/resource attributes are migrated and fix bugs if there are any
• Add/Ensure support in resource-level roles
• Add/Ensure support in user/resource attributes
• Add/Ensure support in relationship tuples

[daveads]

Looks interesting... 😂