Page MenuHomeSoftware Heritage
Files F7343137

D6531.id.diff
No OneTemporary
Actions

D6531.id.diff
View Options

diff --git a/docker/services/keycloak/keycloak_swh_setup.py b/docker/services/keycloak/keycloak_swh_setup.py
--- a/docker/services/keycloak/keycloak_swh_setup.py
+++ b/docker/services/keycloak/keycloak_swh_setup.py
@@ -39,9 +39,7 @@
for realm_role in realm_roles:
roles.append(keycloak_admin.get_realm_role(realm_role))
user_id = keycloak_admin.get_user_id(username)
- # due to a design bug in python-keycloak API, client_id parameter must
- # be provided while it is not used
- keycloak_admin.assign_realm_roles(user_id, client_id="", roles=roles)
+ keycloak_admin.assign_realm_roles(user_id, roles=roles)
def assign_client_roles_to_user(keycloak_admin, client_name, client_roles, username):
@@ -243,10 +241,21 @@
break
# create webapp client roles
+
+WEB_API_THROTTLING_EXEMPTED_ROLE_NAME = "swh.web.api.throttling_exempted"
+WEB_API_GRAPH_ROLE_NAME = "swh.web.api.graph"
+VAULT_GIT_BARE_UI_ROLE_NAME = "swh.vault.git_bare.ui"
+WEB_ADMIN_LIST_DEPOSITS_ROLE_NAME = "swh.web.admin.list_deposits"
+
create_client_roles(
KEYCLOAK_ADMIN,
CLIENT_WEBAPP_NAME,
- ["swh.web.api.throttling_exempted", "swh.web.api.graph", "swh.vault.git_bare.ui"],
+ [
+ WEB_API_THROTTLING_EXEMPTED_ROLE_NAME,
+ WEB_API_GRAPH_ROLE_NAME,
+ VAULT_GIT_BARE_UI_ROLE_NAME,
+ WEB_ADMIN_LIST_DEPOSITS_ROLE_NAME,
+ ],
)
DEPOSIT_API_ROLE_NAME = "swh.deposit.api"
@@ -307,6 +316,9 @@
assign_client_roles_to_user(
KEYCLOAK_ADMIN, CLIENT_DEPOSIT_NAME, [DEPOSIT_API_ROLE_NAME], "test"
)
+assign_client_roles_to_user(
+ KEYCLOAK_ADMIN, CLIENT_WEBAPP_NAME, [WEB_ADMIN_LIST_DEPOSITS_ROLE_NAME], "test"
+)
AMBASSADOR_ROLE_NAME = "swh.ambassador"

File Metadata

Mime Type
text/plain
Expires
Mar 17 2025, 7:36 PM (7 w, 3 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3229500

Event Timeline

About · Developer information · Legal