-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding keycloak migration for permission matrix #2352
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
During partial import, this migration realm creates new roles & overrides the groups. But the user-group mapping is removed.
Thanks @auslin-aot , I will change it to use script instead as there seems no direct way to do this with import. |
Please review the changes |
|
||
groups_to_role_mappings = { | ||
"formsflow/formsflow-admin": [ | ||
"manage_users", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
formsflow-admin group is not given as the default group in the previous release so while getting get_group_id() it fails
# Get client and group IDs | ||
client_id = get_client_id(token, "forms-flow-web") | ||
client_roles = get_client_roles(token, client_id) | ||
update_client_roles(token, client_id, roles_to_update) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code basically, matches the client roles which needs to be added to the group and then assign it to the group, so for older roles it doesn't need to get into the if loop as those role assignment exists on the group. Do you see issues with this approach ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Here client_roles
will have only old roles(on update_client_roles() - new roles added to the client). So when I executed the script, roles were added to the client, but the new roles were not added to the group(since new roles are not there in client_roles, so not get in the if loop). Executing the script again new roles are added to the group.
Quality Gate passedIssues Measures |
Merging thihs PR for now. Any multitenancy related or pending edga cases can be sorted out in a new PR @sumesh-aot cc @auslin-aot |
Issue Tracking
JIRA: https://aottech.atlassian.net/browse/FWF-3720
Issue Type: BUG/ FEATURE
Changes
Screenshots (if applicable)
Checklist