From 45b1151bfe4dfacbfb13b939f7a8d5618bce524a Mon Sep 17 00:00:00 2001
From: Nivesh Mittapally <mittapally.nivesh@gmail.com>
Date: Tue, 18 Apr 2023 21:06:54 +0530
Subject: [PATCH 1/4] allow all hosts and celery secrets

---
 EnigmaAutomation/settings.py | 2 +-
 secrets/ops_app_celery.env   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/EnigmaAutomation/settings.py b/EnigmaAutomation/settings.py
index b6fea965..b9e0f634 100644
--- a/EnigmaAutomation/settings.py
+++ b/EnigmaAutomation/settings.py
@@ -31,7 +31,7 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ["*"]
 
 
 # Application definition
diff --git a/secrets/ops_app_celery.env b/secrets/ops_app_celery.env
index aad95fa2..6e371ca8 100644
--- a/secrets/ops_app_celery.env
+++ b/secrets/ops_app_celery.env
@@ -1,5 +1,5 @@
-CELERY_BROKER_URL=redis://host.docker.internal:6379
-CELERY_RESULT_BACKEND=redis://host.docker.internal:6379
+CELERY_BROKER_URL=redis:/redis:6379
+CELERY_RESULT_BACKEND=redis://redis:6379
 C_FORCE_ROOT=true
 MYSQL_ROOT_PASSWORD=testtest
 MYSQL_DATABASE=enigma

From 925c138da03414e0106458d951341098c1a28e1c Mon Sep 17 00:00:00 2001
From: Nivesh Mittapally <mittapally.nivesh@gmail.com>
Date: Tue, 18 Apr 2023 21:23:23 +0530
Subject: [PATCH 2/4] allow all hosts and celery secrets

---
 secrets/ops_app_celery.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/secrets/ops_app_celery.env b/secrets/ops_app_celery.env
index 6e371ca8..32b16087 100644
--- a/secrets/ops_app_celery.env
+++ b/secrets/ops_app_celery.env
@@ -1,4 +1,4 @@
-CELERY_BROKER_URL=redis:/redis:6379
+CELERY_BROKER_URL=redis://redis:6379
 CELERY_RESULT_BACKEND=redis://redis:6379
 C_FORCE_ROOT=true
 MYSQL_ROOT_PASSWORD=testtest

From 29239b74c183d6dca07c586edbc9321c2ca3e746 Mon Sep 17 00:00:00 2001
From: Nivesh Mittapally <mittapally.nivesh@gmail.com>
Date: Wed, 19 Apr 2023 15:21:34 +0530
Subject: [PATCH 3/4] Added terraform script for coder enigma setup

---
 main.tf | 311 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 311 insertions(+)
 create mode 100644 main.tf

diff --git a/main.tf b/main.tf
new file mode 100644
index 00000000..e497dd6f
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,311 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = "~> 0.6.17"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.55"
+    }
+  }
+}
+
+# Last updated 2023-03-14
+# aws ec2 describe-regions | jq -r '[.Regions[].RegionName] | sort'
+data "coder_parameter" "region" {
+  name        = "Region"
+  description = "The region to deploy the workspace in."
+  default     = "us-east-1"
+  mutable     = false
+  option {
+    name  = "Asia Pacific (Tokyo)"
+    value = "ap-northeast-1"
+    icon  = "/emojis/1f1ef-1f1f5.png"
+  }
+  option {
+    name  = "Asia Pacific (Seoul)"
+    value = "ap-northeast-2"
+    icon  = "/emojis/1f1f0-1f1f7.png"
+  }
+  option {
+    name  = "Asia Pacific (Osaka-Local)"
+    value = "ap-northeast-3"
+    icon  = "/emojis/1f1f0-1f1f7.png"
+  }
+  option {
+    name  = "Asia Pacific (Mumbai)"
+    value = "ap-south-1"
+    icon  = "/emojis/1f1f0-1f1f7.png"
+  }
+  option {
+    name  = "Asia Pacific (Singapore)"
+    value = "ap-southeast-1"
+    icon  = "/emojis/1f1f0-1f1f7.png"
+  }
+  option {
+    name  = "Asia Pacific (Sydney)"
+    value = "ap-southeast-2"
+    icon  = "/emojis/1f1f0-1f1f7.png"
+  }
+  option {
+    name  = "Canada (Central)"
+    value = "ca-central-1"
+    icon  = "/emojis/1f1e8-1f1e6.png"
+  }
+  option {
+    name  = "EU (Frankfurt)"
+    value = "eu-central-1"
+    icon  = "/emojis/1f1ea-1f1fa.png"
+  }
+  option {
+    name  = "EU (Stockholm)"
+    value = "eu-north-1"
+    icon  = "/emojis/1f1ea-1f1fa.png"
+  }
+  option {
+    name  = "EU (Ireland)"
+    value = "eu-west-1"
+    icon  = "/emojis/1f1ea-1f1fa.png"
+  }
+  option {
+    name  = "EU (London)"
+    value = "eu-west-2"
+    icon  = "/emojis/1f1ea-1f1fa.png"
+  }
+  option {
+    name  = "EU (Paris)"
+    value = "eu-west-3"
+    icon  = "/emojis/1f1ea-1f1fa.png"
+  }
+  option {
+    name  = "South America (São Paulo)"
+    value = "sa-east-1"
+    icon  = "/emojis/1f1e7-1f1f7.png"
+  }
+  option {
+    name  = "US East (N. Virginia)"
+    value = "us-east-1"
+    icon  = "/emojis/1f1fa-1f1f8.png"
+  }
+  option {
+    name  = "US East (Ohio)"
+    value = "us-east-2"
+    icon  = "/emojis/1f1fa-1f1f8.png"
+  }
+  option {
+    name  = "US West (N. California)"
+    value = "us-west-1"
+    icon  = "/emojis/1f1fa-1f1f8.png"
+  }
+  option {
+    name  = "US West (Oregon)"
+    value = "us-west-2"
+    icon  = "/emojis/1f1fa-1f1f8.png"
+  }
+}
+
+data "coder_parameter" "instance_type" {
+  name        = "Instance Type"
+  description = "What instance type should your workspace use?"
+  default     = "t3.micro"
+  mutable     = false
+  option {
+    name  = "2 vCPU, 1 GiB RAM"
+    value = "t3.micro"
+  }
+  option {
+    name  = "2 vCPU, 2 GiB RAM"
+    value = "t3.small"
+  }
+  option {
+    name  = "2 vCPU, 4 GiB RAM"
+    value = "t3.medium"
+  }
+  option {
+    name  = "2 vCPU, 8 GiB RAM"
+    value = "t3.large"
+  }
+  option {
+    name  = "4 vCPU, 16 GiB RAM"
+    value = "t3.xlarge"
+  }
+  option {
+    name  = "8 vCPU, 32 GiB RAM"
+    value = "t3.2xlarge"
+  }
+}
+
+provider "aws" {
+  region = data.coder_parameter.region.value
+}
+
+provider "coder" {
+  feature_use_managed_variables = true
+}
+
+data "coder_workspace" "me" {
+}
+
+variable "github_token" {
+  description = "token to clone the github"
+}
+
+data "aws_ami" "ubuntu" {
+  most_recent = true
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+  }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+  owners = ["099720109477"] # Canonical
+}
+
+resource "coder_agent" "main" {
+  arch                   = "amd64"
+  auth                   = "aws-instance-identity"
+  os                     = "linux"
+  login_before_ready     = false
+  startup_script_timeout = 500
+  startup_script         = <<-EOT
+    set -e
+
+    # install and start code-server
+    curl -fsSL https://code-server.dev/install.sh | sh -s -- --method=standalone --prefix=/tmp/code-server --version 4.8.3
+    /tmp/code-server/bin/code-server --auth none --port 13337 >/tmp/code-server.log 2>&1 &
+
+    sudo apt update -y
+    # Install docker
+    sudo apt install -y docker.io
+    sudo chmod 666 /var/run/docker.sock
+
+    # Install docker-compose
+    sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+    sudo chmod +x /usr/local/bin/docker-compose
+
+    # Install Make
+    sudo apt install -y make
+
+    # Clone enigma-central
+    git clone https://qwe:${var.github_token}@github.com/browserstack/enigma-public-central.git --branch coder-setup
+
+    # Run the enigma
+    cd enigma-public-central
+    curl 172.31.39.132:8080/config.json > config.json
+    curl 172.31.39.132:8080/inventory.csv > inventory.csv
+    make dev
+  EOT
+}
+
+resource "coder_app" "code-server" {
+  agent_id     = coder_agent.main.id
+  slug         = "code-server"
+  display_name = "code-server"
+  url          = "http://localhost:13337/?folder=/home/coder"
+  icon         = "/icon/code.svg"
+  subdomain    = false
+  share        = "owner"
+
+  healthcheck {
+    url       = "http://localhost:13337/healthz"
+    interval  = 3
+    threshold = 10
+  }
+}
+
+locals {
+
+  # User data is used to stop/start AWS instances. See:
+  # https://github.com/hashicorp/terraform-provider-aws/issues/22
+
+  user_data_start = <<EOT
+Content-Type: multipart/mixed; boundary="//"
+MIME-Version: 1.0
+
+--//
+Content-Type: text/cloud-config; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="cloud-config.txt"
+
+#cloud-config
+cloud_final_modules:
+- [scripts-user, always]
+hostname: ${lower(data.coder_workspace.me.name)}
+users:
+- name: ${local.linux_user}
+  sudo: ALL=(ALL) NOPASSWD:ALL
+  shell: /bin/bash
+
+--//
+Content-Type: text/x-shellscript; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="userdata.txt"
+
+#!/bin/bash
+sudo -u ${local.linux_user} sh -c '${coder_agent.main.init_script}'
+--//--
+EOT
+
+  user_data_end = <<EOT
+Content-Type: multipart/mixed; boundary="//"
+MIME-Version: 1.0
+
+--//
+Content-Type: text/cloud-config; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="cloud-config.txt"
+
+#cloud-config
+cloud_final_modules:
+- [scripts-user, always]
+
+--//
+Content-Type: text/x-shellscript; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment; filename="userdata.txt"
+
+#!/bin/bash
+sudo shutdown -h now
+--//--
+EOT
+
+  linux_user = "coder" # Ensure this user/group does not exist in your VM image
+
+}
+
+resource "aws_instance" "dev" {
+  ami               = data.aws_ami.ubuntu.id
+  availability_zone = "${data.coder_parameter.region.value}a"
+  instance_type     = data.coder_parameter.instance_type.value
+
+  user_data = data.coder_workspace.me.transition == "start" ? local.user_data_start : local.user_data_end
+
+  tags = {
+    Name = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
+    # Required if you are using our example policy, see template README
+    Coder_Provisioned = "true"
+  }
+}
+
+resource "coder_metadata" "workspace_info" {
+  resource_id = aws_instance.dev.id
+  item {
+    key   = "region"
+    value = data.coder_parameter.region.value
+  }
+  item {
+    key   = "instance type"
+    value = aws_instance.dev.instance_type
+  }
+  item {
+    key   = "disk"
+    value = "${aws_instance.dev.root_block_device[0].volume_size} GiB"
+  }
+}

From 482744c279c6506068732bda917533939b9499e0 Mon Sep 17 00:00:00 2001
From: Nivesh Mittapally <mittapally.nivesh@gmail.com>
Date: Wed, 10 May 2023 20:18:16 +0530
Subject: [PATCH 4/4] seed_data

---
 Access/management/commands/seed_dev_data.py | 145 ++++++++++++++++++++
 1 file changed, 145 insertions(+)
 create mode 100644 Access/management/commands/seed_dev_data.py

diff --git a/Access/management/commands/seed_dev_data.py b/Access/management/commands/seed_dev_data.py
new file mode 100644
index 00000000..df395881
--- /dev/null
+++ b/Access/management/commands/seed_dev_data.py
@@ -0,0 +1,145 @@
+from django.contrib.auth.models import User as DjangoUser
+from django.core.management.base import BaseCommand, CommandError
+from django.utils import timezone
+import logging, random, string, time, datetime, pytz
+
+from Access.models import *
+
+def randomword(length):
+   letters = string.ascii_lowercase
+   return ''.join(random.choice(letters) for i in range(length))
+
+def create_user(username, email):
+    try:
+        duser = DjangoUser.objects.get(username=username, name=username)
+        logging.warning("User %s already exists" % (username))
+    except:
+        duser = DjangoUser.objects.create_superuser(username, email, 'qweqweqwe')
+        duser.is_ops = True
+        duser.is_manager = True
+        duser.name = username
+        duser.save()
+        User.objects.create(email=email, user=duser, name=username)
+
+    user = duser.user
+    access_approve_permission, created = Permission.objects.get_or_create(label="ACCESS_APPROVE")
+
+    access_approve_role, created = Role.objects.get_or_create(label="ACCESS_APPROVE_ROLE")
+    if access_approve_permission not in access_approve_role.permission.all():
+        access_approve_role.permission.add(access_approve_permission)
+    access_approve_role.save()
+
+    if access_approve_role not in user.role.all():
+        user.role.add(access_approve_role)
+    user.save()
+
+    return duser
+
+class Command(BaseCommand):
+    help = 'Seed data for development environment'
+
+    def handle(self, *args, **kwargs):
+        logger = logging.getLogger(__name__)
+
+        user = User.objects.get(email="nivesh@browserstack.com")
+
+        approver = User.objects.get(email="user1@gmail.com")
+
+        AccessV2.objects.create(access_tag="old_module_tag1")
+        AccessV2.objects.create(access_tag="old_module_tag2")
+        AccessV2.objects.create(access_tag="old_module_tag3")
+        AccessV2.objects.create(access_tag="old_module_tag4")
+
+        all_accesses = []
+        aws_access_count = 14
+        confluence_access_count = 31
+        github_access_count = 20
+        groups_count = 80
+
+        confluence_access_levels = ["View Access", "Edit Access", "Admin Access"]
+        github_access_levels = ["push", "pull", "admin", "merge"]
+
+        for i in range(aws_access_count):
+            all_accesses.append(AccessV2.objects.create(access_tag="aws_access", access_label={"account":"dummy","group": ("dummy_group_%s" % randomword(5)),"action":"GroupAccess"}))
+
+        for i in range(confluence_access_count):
+            all_accesses.append(AccessV2.objects.create(access_tag="confluence_module", access_label={"access_workspace": ("dummy_workspace_%s" % randomword(5)),"access_type": random.choice(confluence_access_levels)}))
+
+        for i in range(github_access_count):
+            all_accesses.append(AccessV2.objects.create(access_tag="github_access", access_label={"repository": ("dummy_repo_%s" % randomword(5)),"access_level": random.choice(github_access_levels), "action": "repository_access"}))
+        logging.info("Created AccessV2 Objects")
+
+        STATUS_CHOICES = [
+            "Pending",
+            "Processing",
+            "Approved",
+            "GrantFailed",
+            "Declined",
+            "Offboarding",
+            "ProcessingRevoke",
+            "RevokeFailed",
+            "Revoked",
+        ]
+
+        identities = {
+            "aws_access": UserIdentity.objects.get_or_create(status="Active", identity='{}', user=user, access_tag="aws_access")[0],
+            "confluence_module": UserIdentity.objects.get_or_create(status="Active", identity='{}', user=user, access_tag="confluence_module")[0],
+            "github_access": UserIdentity.objects.get_or_create(status="Active", identity='{}', user=user, access_tag="github_access")[0],
+        }
+
+        random.shuffle(all_accesses)
+        for each_access in all_accesses:
+            base_datetime_prefix = datetime.datetime.utcnow().strftime("%Y%m%d%H%M%S")
+            request_id = (
+                randomword(10)
+                + "-"
+                + randomword(20)
+                + "-"
+                + base_datetime_prefix
+                + "-"
+                + str(random.choice([0, 1, 2]))
+            )
+
+            status = random.choice(STATUS_CHOICES)
+            userMappingObj, created = UserAccessMapping.objects.get_or_create(
+                request_id = request_id,
+                user_identity = identities[each_access.access_tag],
+                access = each_access,
+                approver_1 = approver,
+                request_reason = "%s--%s--%s" % (randomword(20), randomword(10), randomword(10)),
+                access_type = "Individual",
+                status = status,
+                updated_on = timezone.now(),
+                approved_on = timezone.now(),
+            )
+        logging.info("Creating Groups")
+        for i in range(groups_count):
+            status = random.choice(['Pending', 'Approved', 'Declined', 'Deprecated'])
+            new_group = GroupV2.create(
+                name = randomword(12),
+                description = randomword(60),
+                requester = user,
+                needsAccessApprove = random.choice([ True, False ])
+            )
+            new_group.status = status
+            if status == 'Declined':
+                new_group.decline_reason = randomword(50)
+            if status == 'Approved':
+                new_group.approver = approver
+            new_group.save()
+
+            new_membership = MembershipV2.objects.create(
+                membership_id = randomword(20),
+                user = user,
+                group = new_group,
+                is_owner = random.choice([ True, False ]),
+                requested_by = user,
+            )
+            new_membership.status = random.choice(['Pending', 'Approved', 'Declined', 'Revoked'])
+            if new_membership.status != 'Approved':
+                new_membership.reason = randomword(60)
+            if new_membership.status == 'Declined':
+                new_membership.decline_reason = randomword(60)
+            new_membership.approver = approver
+            new_membership.save()
+        logging.info("Done")