Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PIMS-1927 Keycloak Roles Update #2580

Closed
wants to merge 1 commit into from
Closed

PIMS-1927 Keycloak Roles Update #2580

wants to merge 1 commit into from

Conversation

dbarkowsky
Copy link
Collaborator

🎯 Summary

PIMS-1927

Changes

Altered the syncKeycloakUserRoles service so it does the following:

  • If the user has keycloak roles, apply them to the database
  • If they don't have keycloak roles, but have database roles, apply them to Keycloak
  • Otherwise, don't do anything.

Testing

Try changing your role in both keycloak and the database manually.
Log in again to see if the sync took affect. This only triggers on login, not a refresh.

Concern

Because this only triggers on login, there's a situation where a user with no keycloak role may log in and receive the no-access page, even if they have a database role. If they refresh the page, it should resolve itself, but it would be nice to handle this somehow. Open to ideas.

🔰 Checklist

  • I have read and agree with the following checklist and am following the guidelines in our Code of Conduct document.
  • I have performed a self-review of my code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have made corresponding changes to the documentation where required.
  • I have tested my changes to the best of my ability.
  • My changes generate no new warnings.

@dbarkowsky dbarkowsky self-assigned this Jul 26, 2024
@github-actions GitHub Actions
Copy link

🚀 Deployment Information

The Express API Image has been built with the tag: 2580. Please make sure to utilize this specific tag when promoting these changes to the TEST and PROD environments during the API deployment. For more updates please monitor Image Tags Page on Wiki.

@codeclimate CodeClimate
Copy link

codeclimate bot commented Jul 26, 2024

Code Climate has analyzed commit b98693b and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 92.6%.

View more on Code Climate.

@dbarkowsky dbarkowsky marked this pull request as ready for review July 26, 2024 18:10
@dbarkowsky
Copy link
Collaborator Author

Pulling back to draft for now. May have received intervention from the SSO team that will make this unnecessary.

@dbarkowsky dbarkowsky marked this pull request as draft July 26, 2024 21:44
@dbarkowsky
Copy link
Collaborator Author

Closing this. SSO team transferred BCeID users. Used the role-mapping script to assign roles in new integration. Spot checking seems to suggest it was successful. Keycloak will remain the sole source of authorization truth.

@dbarkowsky dbarkowsky closed this Aug 2, 2024
@TaylorFries TaylorFries deleted the PIMS-1927-Keycloak-Roles-Update branch October 25, 2024 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LawrenceLau2020 LawrenceLau2020 Awaiting requested review from LawrenceLau2020 LawrenceLau2020 is a code owner

@Sharala-Perumal Sharala-Perumal Awaiting requested review from Sharala-Perumal Sharala-Perumal is a code owner

@TaylorFries TaylorFries Awaiting requested review from TaylorFries TaylorFries is a code owner

@GrahamS-Quartech GrahamS-Quartech Awaiting requested review from GrahamS-Quartech

@ManishSihag ManishSihag Awaiting requested review from ManishSihag ManishSihag is a code owner

Assignees

@dbarkowsky dbarkowsky

Labels
Express
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dbarkowsky