Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update roles and rolesmapping handling to match Lagoon permission logic #161

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update roles and rolesmapping handling to match Lagoon permission logic #161

wants to merge 2 commits into from

Conversation

smlx
Copy link
Member

@smlx smlx commented Jan 17, 2025
edited
Loading

Previously lagoon-opensearch-sync was creating project roles and rolesmapping by iterating over groups, including for project groups. This logic was based on the incorrect assumption that projects and project groups (AKA project default groups) are a 1:1 mapping.

In reality, project groups can have multiple project "members". So the new logic ignores the project groups and just uses project IDs and names for roles and rolesmapping. This matches the logic used in the custom Keycloak mapper Lagoon uses to grant roles to Opensearch users.

Closes: #151

@smlx smlx changed the title multi project project default groups Support project groups with multiple projects Jan 17, 2025
smlx added 2 commits January 17, 2025 20:16
@smlx
chore: update roles test
164bb8e 
Add tests to ensure that roles are now created based on the project ID
and name only, ignoring groups.
@smlx
fix: create roles and rolesmapping based on project IDs and names only
c205f15 
Previously lagoon-opensearch-sync was creating project roles and
rolesmapping by iterating over groups, including for project groups.
This logic was based on the incorrect assumption that projects and
project groups (AKA project default groups) are a 1:1 mapping.

In reality, project groups can have multiple project "members". So
the new logic ignores the project groups and just uses project IDs and
names for roles and rolesmapping. This matches the logic used in the
custom Keycloak mapper Lagoon uses to grant roles to Opensearch users.
@smlx smlx force-pushed the multi-project-project-default-groups branch from 66187bf to c205f15 Compare January 17, 2025 12:24
@smlx smlx changed the title Support project groups with multiple projects Refactor roles and rolesmapping handling to match Lagoon permission logic Jan 17, 2025
@smlx smlx changed the title Refactor roles and rolesmapping handling to match Lagoon permission logic Update roles and rolesmapping handling to match Lagoon permission logic Jan 17, 2025
@smlx smlx marked this pull request as ready for review January 17, 2025 12:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobybellwood tobybellwood Awaiting requested review from tobybellwood

@shreddedbacon shreddedbacon Awaiting requested review from shreddedbacon

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

role creation for projects doesn't handle multiple projects in default project group
1 participant
@smlx