Skip to content

Commit

Permalink
Merge pull request #3655 from uselagoon/keycloak-realm-import-account
Browse files Browse the repository at this point in the history 
fix: add correct roles and scopes to keycloak account client
  • Loading branch information
@tobybellwood
tobybellwood authored Feb 23, 2024
2 parents 8f321f0 + f1d5aab commit 17e0d56
Showing 1 changed file with 283 additions and 3 deletions.
286 changes: 283 additions & 3 deletions services/keycloak/lagoon-realm-2.16.0.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,288 @@
"composite": false,
"clientRole": false,
"attributes": {}
},
{
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"attributes": {}
},
{
"name": "default-roles-lagoon",
"description": "${role_default-roles}",
"composite": true,
"composites": {
"realm": [
"offline_access",
"uma_authorization"
],
"client": {
"account": [
"view-profile",
"manage-account"
]
}
},
"clientRole": false,
"attributes": {}
}
]
],
"client": {
"realm-management": [
{
"name": "view-realm",
"description": "${role_view-realm}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "realm-admin",
"description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"view-realm",
"impersonation",
"manage-events",
"query-users",
"view-authorization",
"manage-clients",
"view-events",
"view-users",
"query-groups",
"view-identity-providers",
"view-clients",
"query-clients",
"manage-realm",
"manage-authorization",
"manage-users",
"manage-identity-providers",
"query-realms",
"create-client"
]
}
},
"clientRole": true,
"attributes": {}
},
{
"name": "impersonation",
"description": "${role_impersonation}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-events",
"description": "${role_manage-events}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "query-users",
"description": "${role_query-users}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "uma_protection",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "view-authorization",
"description": "${role_view-authorization}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-clients",
"description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "view-events",
"description": "${role_view-events}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "view-users",
"description": "${role_view-users}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-groups",
"query-users"
]
}
},
"clientRole": true,
"attributes": {}
},
{
"name": "query-groups",
"description": "${role_query-groups}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "view-identity-providers",
"description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "view-clients",
"description": "${role_view-clients}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-clients"
]
}
},
"clientRole": true,
"attributes": {}
},
{
"name": "query-clients",
"description": "${role_query-clients}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-realm",
"description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-authorization",
"description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-identity-providers",
"description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-users",
"description": "${role_manage-users}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "query-realms",
"description": "${role_query-realms}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "create-client",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"attributes": {}
}
],
"account": [
{
"name": "view-groups",
"description": "${role_view-groups}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "view-applications",
"description": "${role_view-applications}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-account-links",
"description": "${role_manage-account-links}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-consent",
"description": "${role_manage-consent}",
"composite": true,
"composites": {
"client": {
"account": [
"view-consent"
]
}
},
"clientRole": true,
"attributes": {}
},
{
"name": "view-consent",
"description": "${role_view-consent}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "view-profile",
"description": "${role_view-profile}",
"composite": false,
"clientRole": true,
"attributes": {}
},
{
"name": "manage-account",
"description": "${role_manage-account}",
"composite": true,
"composites": {
"client": {
"account": [
"manage-account"
]
}
},
"clientRole": true,
"attributes": {}
},
{
"name": "delete-account",
"description": "${role_delete-account}",
"composite": false,
"clientRole": true,
"attributes": {}
}
]
}
},
"defaultRole": {
"name": "default-roles-lagoon",
Expand Down Expand Up @@ -2098,7 +2378,7 @@
"config": {
"resources": "[\"openshift\"]",
"scopes": "[\"view\"]",
"applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]"
"applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]"
}
},
{
Expand Down Expand Up @@ -4767,4 +5047,4 @@
"clientPolicies": {
"policies": []
}
}
}

0 comments on commit 17e0d56

Please sign in to comment.