django: Add keycloak realm roles in user permissions set
ClosedPublic
Actions

Authored by anlambert on Apr 22 2021, 6:20 PM.

Details

Reviewers

ardumont

Group Reviewers

Reviewers

Maniphest Tasks

T3213: Enable save code now of software source code archives for specific users

Commits

rDAUTHbb90bd23c924: django: Add keycloak realm roles in user permissions set

Summary

Keycloak also allow to define user roles at realm level to define
permissions at a global level not tight to a client.

Include these extra roles in the user permissions set from the
decoded token content.

As a consequence, some parameters of the keycloak_oidc_factory
function got renamed, this will break swh-deposit and swh-web tests but
I will push diffs to fix that (D5579, D5580)

Related to T3213

Diff Detail

Repository

rDAUTH Common authentication libraries

Lint

Automatic diff as part of commit; lint not applicable.

Unit

Automatic diff as part of commit; unit tests not applicable.

Event Timeline

anlambert created this revision.Apr 22 2021, 6:20 PM

Herald added a reviewer: Reviewers. · View Herald TranscriptApr 22 2021, 6:20 PM

Build is green

Patch application report for D5578 (id=19934)

Rebasing onto 6266fa2c15...

Current branch diff-target is up to date.

Changes applied before test

commit bb90bd23c924deb9e87b354a22982f050edfd09d
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Thu Apr 22 18:15:29 2021 +0200

    django: Add keycloak realm roles in user permissions set
    
    Keycloak also allow to define user roles at realm level to define
    permissions at a global level not tight to a client.
    
    Include these extra roles in the user permissions set from the
    decoded token content.
    
    Related to T3213

See https://jenkins.softwareheritage.org/job/DAUTH/job/tests-on-diff/78/ for more details.

Harbormaster completed remote builds in B20939: Diff 19934.Apr 22 2021, 6:21 PM

anlambert requested review of this revision.Apr 22 2021, 6:21 PM

anlambert edited the summary of this revision. (Show Details)Apr 22 2021, 6:24 PM

anlambert added a child revision: D5579: tests: Fix failures after recent changes in swh-auth.Apr 22 2021, 6:28 PM

anlambert added a child revision: D5580: tests: Fix failure after recent changes in swh-auth.

anlambert edited the summary of this revision. (Show Details)Apr 22 2021, 6:30 PM

ardumont accepted this revision.Apr 22 2021, 6:37 PM

This revision is now accepted and ready to land.Apr 22 2021, 6:37 PM

Closed by commit rDAUTHbb90bd23c924: django: Add keycloak realm roles in user permissions set (authored by anlambert). · Explain WhyApr 22 2021, 6:47 PM

This revision was automatically updated to reflect the committed changes.

anlambert added a commit: rDAUTHbb90bd23c924: django: Add keycloak realm roles in user permissions set.