diff --git a/docker-compose.yaml b/docker-compose.yaml index 2a83ff8fa6..2805328f67 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -132,7 +132,6 @@ services: - '8088:8080' environment: - KEYCLOAK_ADMIN_EMAIL=admin@example.com - # - KEYCLOAK_TEST_REALM_IMPORT=true # Uncomment for local new relic tracking # - NEW_RELIC_LICENSE_KEY= # - NEW_RELIC_APP_NAME=keycloak-local diff --git a/services/keycloak/Dockerfile b/services/keycloak/Dockerfile index 1cd2a92d3d..57e4199cf6 100644 --- a/services/keycloak/Dockerfile +++ b/services/keycloak/Dockerfile @@ -75,7 +75,7 @@ COPY entrypoints/wait-for-mariadb.sh /lagoon/entrypoints/98-wait-for-mariadb.sh COPY entrypoints/default-keycloak-entrypoint.sh /lagoon/entrypoints/99-default-keycloak-entrypoint.sh COPY startup-scripts /opt/jboss/startup-scripts COPY profile.properties /opt/jboss/keycloak/standalone/configuration/profile.properties -COPY lagoon-test-realm-2.16.0.json /lagoon/keycloak/lagoon-test-realm-2.16.0.json +COPY lagoon-realm-2.16.0.json /lagoon/seed/lagoon-realm-2.16.0.json COPY configure-ds-pool.cli /opt/jboss/tools/cli/databases/configure-ds-pool.cli COPY themes/lagoon /opt/jboss/keycloak/themes/lagoon COPY --from=commons /tmp/lagoon-scripts.jar /opt/jboss/keycloak/standalone/deployments/lagoon-scripts.jar diff --git a/services/keycloak/lagoon-test-realm-2.16.0.json b/services/keycloak/lagoon-realm-2.16.0.json similarity index 80% rename from services/keycloak/lagoon-test-realm-2.16.0.json rename to services/keycloak/lagoon-realm-2.16.0.json index 5b1399b722..bf944f354b 100644 --- a/services/keycloak/lagoon-test-realm-2.16.0.json +++ b/services/keycloak/lagoon-realm-2.16.0.json @@ -1,5 +1,4 @@ { - "id": "51efcf9c-d17a-487b-88f2-6ba40f17cc56", "realm": "lagoon", "notBefore": 0, "defaultSignatureAlgorithm": "RS256", @@ -29,12 +28,8 @@ "sslRequired": "external", "registrationAllowed": false, "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, "loginWithEmailAllowed": true, "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": true, "bruteForceProtected": false, "permanentLockout": false, "maxFailureWaitSeconds": 900, @@ -43,13 +38,88 @@ "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, + "roles": { + "realm": [ + { + "name": "admin", + "composite": true, + "composites": { + "realm": [ + "platform-owner" + ] + }, + "clientRole": false, + "attributes": {} + }, + { + "name": "platform-owner", + "composite": false, + "clientRole": false, + "attributes": {} + }, + { + "name": "reporter", + "composite": true, + "composites": { + "realm": [ + "guest" + ] + }, + "clientRole": false, + "attributes": {} + }, + { + "name": "developer", + "composite": true, + "composites": { + "realm": [ + "reporter", + "guest" + ] + }, + "clientRole": false, + "attributes": {} + }, + { + "name": "maintainer", + "composite": true, + "composites": { + "realm": [ + "reporter", + "developer", + "guest" + ] + }, + "clientRole": false, + "attributes": {} + }, + { + "name": "owner", + "composite": true, + "composites": { + "realm": [ + "reporter", + "developer", + "guest", + "maintainer" + ] + }, + "clientRole": false, + "attributes": {} + }, + { + "name": "guest", + "composite": false, + "clientRole": false, + "attributes": {} + } + ] + }, "defaultRole": { - "id": "b4bbe90b-bf1c-4199-906f-4187863b412f", "name": "default-roles-lagoon", "description": "${role_default-roles}", "composite": true, - "clientRole": false, - "containerId": "51efcf9c-d17a-487b-88f2-6ba40f17cc56" + "clientRole": false }, "requiredCredentials": [ "password" @@ -88,56 +158,6 @@ "webAuthnPolicyPasswordlessCreateTimeout": 0, "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "8a4901b9-e5eb-46d3-9ac6-addf4e1fc599", - "createdTimestamp": 1690876271933, - "username": "service-account-api", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "api", - "disableableCredentialTypes": [], - "requiredActions": [], - "notBefore": 0 - }, - { - "id": "addd8d58-44ee-4bb6-bbca-8619d9ca95f1", - "createdTimestamp": 1690876259925, - "username": "service-account-auth-server", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "auth-server", - "disableableCredentialTypes": [], - "requiredActions": [], - "notBefore": 0 - }, - { - "id": "c93fbc17-dc30-43e2-8906-1ed033da293e", - "createdTimestamp": 1690876503006, - "username": "service-account-lagoon-opensearch-sync", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "lagoon-opensearch-sync", - "disableableCredentialTypes": [], - "requiredActions": [], - "notBefore": 0 - }, - { - "id": "b964fb21-be1f-4a29-bb51-a5c15efe15ed", - "createdTimestamp": 1690876374880, - "username": "service-account-service-api", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "service-api", - "disableableCredentialTypes": [], - "requiredActions": [], - "notBefore": 0 - } - ], "scopeMappings": [ { "clientScope": "offline_access", @@ -158,7 +178,6 @@ }, "clients": [ { - "id": "4f8873f2-aa41-4725-9228-3f73cf60798d", "clientId": "account", "name": "${client_account}", "rootUrl": "${authBaseUrl}", @@ -187,8 +206,8 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -199,7 +218,6 @@ ] }, { - "id": "b1a419b4-2539-468f-a8a6-5d053271975f", "clientId": "account-console", "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", @@ -230,7 +248,6 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "68700a50-5c93-42a6-b275-b949b80bfcf9", "name": "audience resolve", "protocol": "openid-connect", "protocolMapper": "oidc-audience-resolve-mapper", @@ -240,8 +257,8 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -252,7 +269,6 @@ ] }, { - "id": "d6148c4e-e712-46a7-900c-0a5cc41c4510", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, @@ -277,8 +293,8 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -289,13 +305,11 @@ ] }, { - "id": "02f16557-bf29-49e8-8d83-f6a98e4c001a", "clientId": "api", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -315,35 +329,32 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "d23beca7-8822-4547-928b-139014f1ec68", - "name": "Client ID", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientId", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientId", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "b390a924-aacb-43ba-b837-84126a5be818", - "name": "Client IP Address", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientId", "jsonType.label": "String" } }, { - "id": "4daac759-0eee-44b1-8d6a-ba88f108aae1", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -359,8 +370,8 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -374,60 +385,70 @@ "policyEnforcementMode": "ENFORCING", "resources": [ { - "name": "env_var", + "name": "openshift", "ownerManagedAccess": false, - "displayName": "env_var", + "displayName": "openshift", "attributes": {}, - "_id": "067f350e-c3e3-45df-bad1-7ce2ebc40821", "uris": [], "scopes": [ { - "name": "environment:viewValue:development" + "name": "add" }, { - "name": "environment:delete:production" + "name": "view" }, { - "name": "environment:add:development" + "name": "view:token" }, { - "name": "project:delete" + "name": "update" }, { - "name": "delete" + "name": "viewAll" }, { - "name": "environment:viewValue:production" + "name": "deleteAll" }, { - "name": "environment:add:production" + "name": "delete" + } + ] + }, + { + "name": "ssh_key", + "ownerManagedAccess": false, + "displayName": "ssh_key", + "attributes": {}, + "uris": [], + "scopes": [ + { + "name": "add" }, { - "name": "project:add" + "name": "removeAll" }, { - "name": "environment:delete:development" + "name": "update" }, { - "name": "environment:view:production" + "name": "deleteAll" }, { - "name": "project:viewValue" + "name": "view:user" }, { - "name": "environment:view:development" + "name": "delete" }, { - "name": "project:view" + "name": "view:project" } ] }, { - "name": "harbor_scan_match", + "name": "backup", "ownerManagedAccess": false, - "displayName": "Harbor scan match", + "displayName": "backup", "attributes": {}, - "_id": "27610599-3b65-49b5-8181-e0312d9f28ce", "uris": [], "scopes": [ { @@ -436,17 +457,19 @@ { "name": "view" }, + { + "name": "deleteAll" + }, { "name": "delete" } ] }, { - "name": "notification", + "name": "harbor_scan_match", "ownerManagedAccess": false, - "displayName": "notification", + "displayName": "Harbor scan match", "attributes": {}, - "_id": "5be923f3-0780-4138-a426-5ae077a69e53", "uris": [], "scopes": [ { @@ -455,116 +478,72 @@ { "name": "view" }, - { - "name": "removeAll" - }, - { - "name": "update" - }, - { - "name": "deleteAll" - }, { "name": "delete" } ] }, { - "name": "task", + "name": "deployment", "ownerManagedAccess": false, - "displayName": "task", + "displayName": "deployment", "attributes": {}, - "_id": "6949ed59-4111-4114-acb0-3d4419288031", "uris": [], "scopes": [ { - "name": "drushRsync:source:production" - }, - { - "name": "drushSqlSync:source:development" - }, - { - "name": "drushSqlSync:destination:development" - }, - { - "name": "drushSqlDump:production" - }, - { - "name": "add:development" - }, - { - "name": "drushUserLogin:development" - }, - { - "name": "drushSqlDump:development" - }, - { - "name": "drushSqlSync:source:production" - }, - { - "name": "drushCacheClear:development" - }, - { - "name": "drushRsync:destination:development" - }, - { - "name": "drushCron:production" - }, - { - "name": "drushArchiveDump:development" - }, - { - "name": "drushCacheClear:production" - }, - { - "name": "drushUserLogin:production" + "name": "view" }, { - "name": "drushCron:development" + "name": "cancel" }, { "name": "update" }, - { - "name": "drushRsync:destination:production" - }, - { - "name": "cancel:production" - }, - { - "name": "drushSqlSync:destination:production" - }, { "name": "delete" - }, - { - "name": "view" - }, + } + ] + }, + { + "name": "advanced_task", + "ownerManagedAccess": false, + "displayName": "advanced_task", + "attributes": {}, + "uris": [], + "scopes": [ { - "name": "cancel:development" + "name": "invoke:developer" }, { - "name": "add:production" + "name": "invoke:guest" }, { - "name": "addNoExec" + "name": "delete:advanced" }, { - "name": "drushRsync:source:development" + "name": "create:advanced" }, { - "name": "drushArchiveDump:production" + "name": "invoke:maintainer" } ] }, { - "name": "Default Resource", - "type": "urn:api:resources:default", + "name": "problem", "ownerManagedAccess": false, + "displayName": "problem", "attributes": {}, - "_id": "711851f1-0da4-4c35-8e12-52fef02fabfd", - "uris": [ - "/*" + "uris": [], + "scopes": [ + { + "name": "add" + }, + { + "name": "view" + }, + { + "name": "delete" + } ] }, { @@ -572,7 +551,6 @@ "ownerManagedAccess": false, "displayName": "environment", "attributes": {}, - "_id": "77fdd241-5400-49dd-99b5-8c563f697b70", "uris": [], "scopes": [ { @@ -591,10 +569,10 @@ "name": "deleteAll" }, { - "name": "update:development" + "name": "addOrUpdate:development" }, { - "name": "addOrUpdate:development" + "name": "update:development" }, { "name": "ssh:development" @@ -606,150 +584,169 @@ "name": "view" }, { - "name": "deleteNoExec" + "name": "deploy:development" }, { - "name": "deploy:development" + "name": "deleteNoExec" }, { "name": "ssh:production" }, { - "name": "update:production" + "name": "delete:production" }, { - "name": "delete:production" + "name": "update:production" } ] }, { - "name": "backup", + "name": "env_var", "ownerManagedAccess": false, - "displayName": "backup", + "displayName": "env_var", "attributes": {}, - "_id": "91b3aa98-8b26-4b41-9704-ff6b7a476511", "uris": [], "scopes": [ { - "name": "add" + "name": "environment:delete:production" }, { - "name": "view" + "name": "environment:viewValue:development" }, { - "name": "deleteAll" + "name": "environment:add:development" }, { - "name": "delete" - } - ] - }, - { - "name": "project", - "ownerManagedAccess": false, - "displayName": "project", - "attributes": {}, - "_id": "a31e2311-e99b-4cc2-961e-df11ddb711bc", - "uris": [], - "scopes": [ - { - "name": "addNotification" + "name": "project:delete" }, { - "name": "add" + "name": "delete" }, { - "name": "removeNotification" - }, - { - "name": "view" + "name": "environment:viewValue:production" }, { - "name": "removeGroup" + "name": "environment:add:production" }, { - "name": "update" + "name": "project:add" }, { - "name": "viewAll" + "name": "environment:delete:development" }, { - "name": "deleteAll" + "name": "environment:view:production" }, { - "name": "delete" + "name": "project:viewValue" }, { - "name": "viewPrivateKey" + "name": "environment:view:development" }, { - "name": "addGroup" + "name": "project:view" } ] }, { - "name": "user", + "name": "task", "ownerManagedAccess": false, - "displayName": "user", + "displayName": "task", "attributes": {}, - "_id": "aae37987-9685-4daa-8e3a-109e8fcde78a", "uris": [], "scopes": [ { - "name": "add" + "name": "drushRsync:source:production" }, { - "name": "getBySshKey" + "name": "drushSqlSync:source:development" + }, + { + "name": "drushSqlSync:destination:development" + }, + { + "name": "drushSqlDump:production" + }, + { + "name": "add:development" + }, + { + "name": "drushUserLogin:development" + }, + { + "name": "drushSqlDump:development" + }, + { + "name": "drushRsync:destination:development" + }, + { + "name": "drushCacheClear:development" + }, + { + "name": "drushSqlSync:source:production" + }, + { + "name": "drushCron:production" + }, + { + "name": "drushArchiveDump:development" + }, + { + "name": "drushCron:development" + }, + { + "name": "drushUserLogin:production" + }, + { + "name": "drushCacheClear:production" }, { "name": "update" }, { - "name": "viewAll" + "name": "drushSqlSync:destination:production" }, { - "name": "deleteAll" + "name": "drushRsync:destination:production" }, { - "name": "delete" - } - ] - }, - { - "name": "problem", - "ownerManagedAccess": false, - "displayName": "problem", - "attributes": {}, - "_id": "c2fd4902-1a02-41c4-bd1a-3d64a7db3cb3", - "uris": [], - "scopes": [ + "name": "cancel:production" + }, { - "name": "add" + "name": "delete" }, { "name": "view" }, { - "name": "delete" + "name": "cancel:development" + }, + { + "name": "drushRsync:source:development" + }, + { + "name": "add:production" + }, + { + "name": "addNoExec" + }, + { + "name": "drushArchiveDump:production" } ] }, { - "name": "openshift", + "name": "user", "ownerManagedAccess": false, - "displayName": "openshift", + "displayName": "user", "attributes": {}, - "_id": "c5160003-2636-4362-af91-024a1b72ccdb", "uris": [], "scopes": [ { "name": "add" }, { - "name": "view" - }, - { - "name": "view:token" + "name": "getBySshKey" }, { "name": "update" @@ -770,7 +767,6 @@ "ownerManagedAccess": false, "displayName": "fact", "attributes": {}, - "_id": "d6ba3dc6-b588-4229-9e66-03c05ae9d112", "uris": [], "scopes": [ { @@ -785,21 +781,35 @@ ] }, { - "name": "group", + "name": "Default Resource", + "type": "urn:api:resources:default", "ownerManagedAccess": false, - "displayName": "group", "attributes": {}, - "_id": "d8d3a613-cb3a-4d75-9236-600e1d66931a", + "uris": [ + "/*" + ] + }, + { + "name": "project", + "ownerManagedAccess": false, + "displayName": "project", + "attributes": {}, "uris": [], "scopes": [ + { + "name": "addNotification" + }, { "name": "add" }, { - "name": "addUser" + "name": "removeNotification" }, { - "name": "removeUser" + "name": "view" + }, + { + "name": "removeGroup" }, { "name": "update" @@ -812,209 +822,275 @@ }, { "name": "delete" + }, + { + "name": "viewPrivateKey" + }, + { + "name": "addGroup" } ] }, { - "name": "deployment", + "name": "organization", "ownerManagedAccess": false, - "displayName": "deployment", + "displayName": "organization", "attributes": {}, - "_id": "e2b958c4-fa94-4f25-bfad-f47de5815624", "uris": [], "scopes": [ { - "name": "view" + "name": "updateNotification" }, { - "name": "cancel" + "name": "addUser" + }, + { + "name": "add" + }, + { + "name": "removeNotification" + }, + { + "name": "viewNotification" + }, + { + "name": "addOwner" + }, + { + "name": "updateOrganization" }, { "name": "update" }, + { + "name": "viewUser" + }, + { + "name": "viewAll" + }, + { + "name": "updateProject" + }, + { + "name": "deleteAll" + }, { "name": "delete" - } - ] - }, - { - "name": "advanced_task", - "ownerManagedAccess": false, - "displayName": "advanced_task", - "attributes": {}, - "_id": "e31ddef7-9282-4d02-b541-7098b6f3af2b", - "uris": [], - "scopes": [ + }, { - "name": "invoke:developer" + "name": "viewProject" }, { - "name": "invoke:guest" + "name": "addNotification" }, { - "name": "delete:advanced" + "name": "viewUsers" }, { - "name": "create:advanced" + "name": "view" }, { - "name": "invoke:maintainer" + "name": "viewGroup" + }, + { + "name": "deleteProject" + }, + { + "name": "removeGroup" + }, + { + "name": "addViewer" + }, + { + "name": "addProject" + }, + { + "name": "addGroup" } ] }, { - "name": "restore", + "name": "notification", "ownerManagedAccess": false, - "displayName": "restore", + "displayName": "notification", "attributes": {}, - "_id": "ef9aeee4-e9fd-4e0d-a29b-05b40ee61ef6", "uris": [], "scopes": [ { "name": "add" }, { - "name": "addNoExec" + "name": "removeAll" + }, + { + "name": "view" }, { "name": "update" + }, + { + "name": "deleteAll" + }, + { + "name": "delete" } ] }, { - "name": "ssh_key", + "name": "group", "ownerManagedAccess": false, - "displayName": "ssh_key", + "displayName": "group", "attributes": {}, - "_id": "f7b8990d-7e36-437d-b6d4-5deffe254bde", "uris": [], "scopes": [ + { + "name": "addUser" + }, { "name": "add" }, { - "name": "removeAll" + "name": "removeUser" }, { "name": "update" }, { - "name": "deleteAll" + "name": "viewAll" }, { - "name": "view:user" + "name": "deleteAll" }, { "name": "delete" + } + ] + }, + { + "name": "restore", + "ownerManagedAccess": false, + "displayName": "restore", + "attributes": {}, + "uris": [], + "scopes": [ + { + "name": "add" }, { - "name": "view:project" + "name": "addNoExec" + }, + { + "name": "update" } ] } ], "policies": [ { - "id": "177c566b-a393-4de2-98c4-073865ba4254", - "name": "[Lagoon] Users role for group is Owner", - "description": "Checks the users role for a group is Owner or higher", - "type": "script-policies/users-role-for-group-is-owner.js", + "name": "[Lagoon] Users role for project is Developer", + "description": "Checks the users role for a project is Developer or higher", + "type": "script-policies/users-role-for-project-is-developer.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "19e1415d-f7db-45db-adee-746157706ad7", - "name": "[Lagoon] Users role for project is Guest", - "description": "Checks the users role for a project is Guest or higher", - "type": "script-policies/users-role-for-project-is-guest.js", + "name": "[Lagoon] Users role for group is Guest", + "description": "Checks the users role for a group is Guest or higher", + "type": "script-policies/users-role-for-group-is-guest.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "27681f8c-0de2-4d7f-b96a-55ae9afab836", - "name": "[Lagoon] Users role for project is Maintainer", - "description": "Checks the users role for a project is Maintainer or higher", - "type": "script-policies/users-role-for-project-is-maintainer.js", + "name": "[Lagoon] User is owner of organization", + "description": "Checks that the user is owner of an organization via attribute", + "type": "script-policies/user-is-owner-of-organization.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "5af7ea03-f7ff-4e0f-80b2-0ef805bc603b", - "name": "[Lagoon] Users role for group is Developer", - "description": "Checks the users role for a group is Developer or higher", - "type": "script-policies/users-role-for-group-is-developer.js", + "name": "[Lagoon] Users role for group is Reporter", + "description": "Checks the users role for a group is Reporter or higher", + "type": "script-policies/users-role-for-group-is-reporter.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "608ff46e-bd57-4de8-939e-7ba8bc460391", - "name": "[Lagoon] Users role for group is Reporter", - "description": "Checks the users role for a group is Reporter or higher", - "type": "script-policies/users-role-for-group-is-reporter.js", + "name": "[Lagoon] Users role for realm is Admin", + "description": "Checks the users role for the realm is Admin", + "type": "script-policies/users-role-for-realm-is-admin.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "8f7ceabf-5879-42c2-b93f-618f8f3830e9", - "name": "[Lagoon] User has access to own data", - "description": "Checks that the current user is same as queried", - "type": "script-policies/user-has-access-to-own-data.js", + "name": "[Lagoon] Users role for realm is Platform Owner", + "description": "Checks the users role for the realm is Platform Owner or higher", + "type": "script-policies/users-role-for-realm-is-platform-owner.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "a381ec08-9c97-4967-b5bb-d679398aaf4a", - "name": "[Lagoon] Users role for realm is Admin", - "description": "Checks the users role for the realm is Admin", - "type": "script-policies/users-role-for-realm-is-admin.js", + "name": "[Lagoon] User has access to project", + "description": "Checks that the user has access to a project via groups", + "type": "script-policies/user-has-access-to-project.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "a5f8eca7-6011-45ab-9b8e-940ccf8b248d", - "name": "[Lagoon] Users role for realm is Platform Owner", - "description": "Checks the users role for the realm is Platform Owner or higher", - "type": "script-policies/users-role-for-realm-is-platform-owner.js", + "name": "[Lagoon] Users role for group is Developer", + "description": "Checks the users role for a group is Developer or higher", + "type": "script-policies/users-role-for-group-is-developer.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "ab8187c9-84a6-472f-9c44-634c90c3ddea", - "name": "[Lagoon] Users role for project is Owner", - "description": "Checks the users role for a project is Owner or higher", - "type": "script-policies/users-role-for-project-is-owner.js", + "name": "[Lagoon] Users role for group is Owner", + "description": "Checks the users role for a group is Owner or higher", + "type": "script-policies/users-role-for-group-is-owner.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "b5bc56e5-fa8a-4590-8000-4eb3f7729ab1", - "name": "[Lagoon] Users role for group is Guest", - "description": "Checks the users role for a group is Guest or higher", - "type": "script-policies/users-role-for-group-is-guest.js", + "name": "[Lagoon] User is viewer of organization", + "description": "Checks that the user is viewer of an organization via attribute", + "type": "script-policies/user-is-viewer-of-organization.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "bea60616-4bba-444c-a7a9-8d3b8f6eb22b", - "name": "[Lagoon] User has access to project", - "description": "Checks that the user has access to a project via groups", - "type": "script-policies/user-has-access-to-project.js", + "name": "[Lagoon] User has access to own data", + "description": "Checks that the current user is same as queried", + "type": "script-policies/user-has-access-to-own-data.js", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": {} + }, + { + "name": "[Lagoon] Users role for project is Guest", + "description": "Checks the users role for a project is Guest or higher", + "type": "script-policies/users-role-for-project-is-guest.js", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": {} + }, + { + "name": "[Lagoon] Users role for project is Maintainer", + "description": "Checks the users role for a project is Maintainer or higher", + "type": "script-policies/users-role-for-project-is-maintainer.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "cdb6aa31-e70f-4810-b69b-4c5fcad5cdc0", "name": "[Lagoon] Users role for project is Reporter", "description": "Checks the users role for a project is Reporter or higher", "type": "script-policies/users-role-for-project-is-reporter.js", @@ -1023,7 +1099,6 @@ "config": {} }, { - "id": "e190881e-fe71-4de8-bd27-f21b4b1adfdf", "name": "[Lagoon] Users role for group is Maintainer", "description": "Checks the users role for a group is Maintainer or higher", "type": "script-policies/users-role-for-group-is-maintainer.js", @@ -1032,195 +1107,189 @@ "config": {} }, { - "id": "fe027a8f-5f51-4b0e-b741-c8e113585748", - "name": "[Lagoon] Users role for project is Developer", - "description": "Checks the users role for a project is Developer or higher", - "type": "script-policies/users-role-for-project-is-developer.js", + "name": "Default Policy", + "description": "A policy that grants access only for users within this realm", + "type": "js", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", + "config": { + "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" + } + }, + { + "name": "[Lagoon] Users role for project is Owner", + "description": "Checks the users role for a project is Owner or higher", + "type": "script-policies/users-role-for-project-is-owner.js", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": {} }, { - "id": "ff716ee7-24a0-4631-bc87-ef8ffec79b2c", - "name": "Default Policy", - "description": "A policy that grants access only for users within this realm", - "type": "js", + "name": "Add SSH Key", + "type": "scope", "logic": "POSITIVE", "decisionStrategy": "AFFIRMATIVE", "config": { - "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" + "resources": "[\"ssh_key\"]", + "scopes": "[\"add\"]", + "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "007c39c3-5cae-4135-a2c4-f196411116d2", - "name": "Run Drush cron", + "name": "Delete All Groups", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", - "scopes": "[\"drushCron:production\",\"drushCron:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "resources": "[\"group\"]", + "scopes": "[\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "00ba7714-b2ed-4574-8158-c7184d39e054", - "name": "Run Drush uli on Production Environment", + "name": "Run Drush sql-sync to Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"task\"]", - "scopes": "[\"drushUserLogin:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "scopes": "[\"drushSqlSync:destination:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "03acb2be-82e7-4f12-b526-346e8895906f", - "name": "Add Deployment to Production Environment", + "name": "View Organization", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", + "decisionStrategy": "AFFIRMATIVE", "config": { - "resources": "[\"environment\"]", - "scopes": "[\"deploy:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "resources": "[\"organization\"]", + "scopes": "[\"view\",\"viewProject\",\"viewGroup\",\"viewNotification\",\"viewUser\",\"viewUsers\"]", + "applyPolicies": "[\"[Lagoon] User is owner of organization\",\"[Lagoon] Users role for realm is Platform Owner\",\"[Lagoon] User is viewer of organization\"]" } }, { - "id": "06b5bc26-b5f5-41c7-ae06-2ff7135032ba", - "name": "Delete Production Environment", + "name": "View Deployments", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"environment\"]", - "scopes": "[\"delete:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" + "resources": "[\"deployment\"]", + "scopes": "[\"view\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "0918b045-f6f3-48b6-af66-1f8fefd72a3f", - "name": "Delete Environment Variable", + "name": "Delete All Backups", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"delete\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "resources": "[\"backup\"]", + "scopes": "[\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "0abe1c76-7643-419c-ba4a-dd9dde5f8500", - "name": "Advanced Task Delete", + "name": "Get SSH Keys for User", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", + "decisionStrategy": "AFFIRMATIVE", "config": { - "resources": "[\"advanced_task\"]", - "scopes": "[\"delete:advanced\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"ssh_key\"]", + "scopes": "[\"view:user\"]", + "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "0b41540f-8744-4da7-a6de-fe49ba699af8", - "name": "User can SSH to Production Environment", + "name": "View Environment Metrics", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"environment\"]", - "scopes": "[\"ssh:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "scopes": "[\"storage\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "0fa5de58-4603-4085-9dd1-9777ea368b95", - "name": "View Backups", + "name": "Update Group", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"backup\"]", - "scopes": "[\"view\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"group\"]", + "scopes": "[\"update\"]", + "applyPolicies": "[\"[Lagoon] Users role for group is Maintainer\"]" } }, { - "id": "11722bae-9939-4d0d-b3a6-60c7effb8d5e", - "name": "Delete Environment", + "name": "Delete Environment Variable from Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"environment\"]", - "scopes": "[\"delete\"]", + "resources": "[\"env_var\"]", + "scopes": "[\"environment:delete:production\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "12e639fb-8075-4648-8060-d71893248557", - "name": "Run Drush archive-dump", + "name": "Add Notification to Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", - "scopes": "[\"drushArchiveDump:development\",\"drushArchiveDump:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"project\"]", + "scopes": "[\"addNotification\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "1663339e-78d9-4ebc-9a2a-82311c70e4d1", - "name": "Delete Problem", + "name": "Delete Environment Variable from Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"problem\"]", - "scopes": "[\"delete\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"env_var\"]", + "scopes": "[\"project:delete\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "1a7d2662-19bb-4a0a-84c2-1f9cacda65f9", - "name": "Delete Group", + "name": "Cancel Development Task", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"group\"]", - "scopes": "[\"delete\"]", - "applyPolicies": "[\"[Lagoon] Users role for group is Maintainer\"]" + "resources": "[\"task\"]", + "scopes": "[\"cancel:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "1a8032c6-68ec-4516-bd50-8d0ff2b56ce0", - "name": "View Project", + "name": "Delete All SSH Keys", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"view\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "resources": "[\"ssh_key\"]", + "scopes": "[\"removeAll\",\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "1d19806e-655b-49eb-9324-326da0dc00b5", - "name": "Delete All Environments", + "name": "View All Groups", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"environment\"]", - "scopes": "[\"deleteAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "resources": "[\"group\"]", + "scopes": "[\"viewAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "1d4930ad-85de-4b88-97db-752c62f46f79", "name": "Delete SSH Key", "type": "scope", "logic": "POSITIVE", @@ -1232,43 +1301,28 @@ } }, { - "id": "1ead6fd4-9cbf-42fa-800c-0959c6fe358a", - "name": "Delete Deployment", + "name": "Cancel Production Task", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"deployment\"]", - "scopes": "[\"delete\"]", + "resources": "[\"task\"]", + "scopes": "[\"cancel:production\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "1f611964-2471-4eef-a8e2-1ebade274902", - "name": "Add Deployment to Development Environment", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"environment\"]", - "scopes": "[\"deploy:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" - } - }, - { - "id": "28c9b46c-823d-47ae-8dd9-5ac4cf313e6a", - "name": "Update Development Environment", + "name": "View Environment Variable Value for Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"environment\"]", - "scopes": "[\"update:development\"]", + "resources": "[\"env_var\"]", + "scopes": "[\"environment:viewValue:development\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "29dac4e9-443d-4a0a-a54e-bfb0007a3309", "name": "Add or Update Development Environment", "type": "scope", "logic": "POSITIVE", @@ -1280,487 +1334,468 @@ } }, { - "id": "35dc9193-f0a1-45e7-9739-9831284b3cc6", - "name": "CUD Notification", + "name": "View All Organizations", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"notification\"]", - "scopes": "[\"delete\",\"add\",\"update\"]", + "resources": "[\"organization\"]", + "scopes": "[\"viewAll\"]", "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "3629e7df-114b-4adc-9197-39457d0cf80a", - "name": "Delete All Users", + "name": "View Environment Variable for Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"user\"]", - "scopes": "[\"deleteAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "resources": "[\"env_var\"]", + "scopes": "[\"project:view\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "36b1e154-a1ae-4e0c-81a5-5b010788b520", - "name": "Delete Development Environment", + "name": "Manage Openshift", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"environment\"]", - "scopes": "[\"delete:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"openshift\"]", + "scopes": "[\"delete\",\"view:token\",\"update\",\"add\",\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "3ac7538f-8dc9-42fb-b977-60d645b08572", - "name": "Add Group", + "name": "Delete All Projects", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"group\"]", - "scopes": "[\"add\"]", - "applyPolicies": "[\"Default Policy\"]" + "resources": "[\"project\"]", + "scopes": "[\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "3c6e3db6-0bb6-49ad-b9cc-466247017b01", - "name": "Add Groups to Project", + "name": "View Harbor Scan Match", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"addGroup\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" + "resources": "[\"harbor_scan_match\"]", + "scopes": "[\"view\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "421caca2-55ea-4bab-9bcd-8a3655de8ec9", - "name": "Cancel Production Task", + "name": "Run Drush cache-clear", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"task\"]", - "scopes": "[\"cancel:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "scopes": "[\"drushCacheClear:production\",\"drushCacheClear:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "44087f70-aa5b-4c25-9581-d31c6a8d5a81", - "name": "Delete Project", + "name": "Add Deployment to Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"delete\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" - } + "resources": "[\"environment\"]", + "scopes": "[\"deploy:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + } }, { - "id": "451acaed-78b7-4117-a61e-7efa9955f5d0", - "name": "Delete User", + "name": "Remove User from Group", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"user\"]", - "scopes": "[\"delete\"]", - "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"group\"]", + "scopes": "[\"removeUser\"]", + "applyPolicies": "[\"[Lagoon] Users role for group is Maintainer\"]" } }, { - "id": "4832e90c-f0d6-4213-9d04-b6269a703a81", - "name": "View Environment Variable Value for Production Environment", + "name": "Manage Organization", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", + "decisionStrategy": "AFFIRMATIVE", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"environment:viewValue:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "resources": "[\"organization\"]", + "scopes": "[\"addNotification\",\"removeNotification\",\"addProject\",\"updateNotification\",\"updateProject\",\"removeGroup\",\"deleteProject\",\"addViewer\",\"addOwner\",\"addGroup\"]", + "applyPolicies": "[\"[Lagoon] User is owner of organization\",\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "48bf1f75-10d7-48fb-98b6-054b766c97d9", - "name": "View All Projects", + "name": "Invoke Task Developer", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"viewAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"advanced_task\"]", + "scopes": "[\"invoke:developer\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "49999aeb-e363-43b0-b230-bec142af4847", - "name": "Cancel Development Task", + "name": "Run Drush uli on Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"task\"]", - "scopes": "[\"cancel:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "scopes": "[\"drushUserLogin:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "49a7ae30-2863-43ad-9bf6-f1cf5172992c", - "name": "View Deployments", + "name": "Delete Deployment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"deployment\"]", - "scopes": "[\"view\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "scopes": "[\"delete\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "4a2c4876-6624-47c0-b2e8-0287211c583d", - "name": "Run Drush sql-dump", + "name": "User can SSH to Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", - "scopes": "[\"drushSqlDump:production\",\"drushSqlDump:development\"]", + "resources": "[\"environment\"]", + "scopes": "[\"ssh:development\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "4ca86482-2484-4548-9031-f364ffc4c77f", - "name": "Add or Update Production Environment", + "name": "Add Deployment to Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"environment\"]", - "scopes": "[\"addOrUpdate:production\"]", + "scopes": "[\"deploy:production\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "4d784cd9-3500-419e-86bd-8ec91b686b97", - "name": "Create Image Based Task", + "name": "Cancel Deployment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"advanced_task\"]", - "scopes": "[\"create:advanced\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"deployment\"]", + "scopes": "[\"cancel\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "4f23ab98-a8e6-4e3b-9417-2bc039fb70ea", - "name": "Add Harbor Scan Match", + "name": "Add Group", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"harbor_scan_match\"]", + "resources": "[\"group\"]", "scopes": "[\"add\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "applyPolicies": "[\"Default Policy\"]" } }, { - "id": "514f6137-316a-49f7-93cd-e3382626ef79", - "name": "Remove Groups from Project", + "name": "View Project Private Key", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"project\"]", - "scopes": "[\"removeGroup\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "scopes": "[\"viewPrivateKey\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" } }, { - "id": "5598e584-1b29-459e-a03a-a40991d9aff1", - "name": "Add SSH Key", + "name": "View All Openshifts", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"ssh_key\"]", - "scopes": "[\"add\"]", - "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"openshift\"]", + "scopes": "[\"viewAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "5971eb91-03e0-4faf-a9fe-295f9173d6a2", - "name": "Add Problem", + "name": "Delete Problem", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"problem\"]", - "scopes": "[\"add\"]", + "scopes": "[\"delete\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "59beb9e4-970e-4653-b363-7bc60985fe9c", - "name": "Run Drush rsync to Production Environment", + "name": "Run Drush cron", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"task\"]", - "scopes": "[\"drushRsync:destination:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "scopes": "[\"drushCron:development\",\"drushCron:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "5a1716d9-d46b-4279-9525-5e9fc4b9395b", - "name": "Get SSH Keys for User", + "name": "Update Restore", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"ssh_key\"]", - "scopes": "[\"view:user\"]", - "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"restore\"]", + "scopes": "[\"update\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "5bb350d0-4897-4666-854f-488d2190346a", - "name": "Invoke Task Maintainer", + "name": "Get User By SSH Key", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"advanced_task\"]", - "scopes": "[\"invoke:maintainer\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "resources": "[\"user\"]", + "scopes": "[\"getBySshKey\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "5d8a3f27-348c-404c-ac52-01e77f371691", - "name": "Add Environment Variable to Development Environment", + "name": "Delete Task", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"environment:add:development\"]", + "resources": "[\"task\"]", + "scopes": "[\"delete\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "5ed01a57-265c-492d-8194-11914e06cb61", - "name": "View Task", + "name": "View Backups", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", + "resources": "[\"backup\"]", "scopes": "[\"view\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "5f28ac8b-bd7a-4d1e-bb33-d1d70e9455ae", - "name": "Add Task to Production Environment", + "name": "Update Organization", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", + "decisionStrategy": "AFFIRMATIVE", "config": { - "resources": "[\"task\"]", - "scopes": "[\"add:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "resources": "[\"organization\"]", + "scopes": "[\"updateOrganization\"]", + "applyPolicies": "[\"[Lagoon] User is owner of organization\",\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "5fa798d3-427a-4674-8310-a42dfd03a317", - "name": "Update SSH Key", + "name": "Add User to Group", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"ssh_key\"]", - "scopes": "[\"update\"]", - "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"group\"]", + "scopes": "[\"addUser\"]", + "applyPolicies": "[\"[Lagoon] Users role for group is Owner\"]" } }, { - "id": "60cb57e9-022f-453d-9450-314efcd11d99", - "name": "Delete Environment Variable from Production Environment", + "name": "Delete Environment Variable", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"env_var\"]", - "scopes": "[\"environment:delete:production\"]", + "scopes": "[\"delete\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "6348e801-c1cd-464d-a07c-1bc9a96cb2c7", - "name": "Delete All SSH Keys", + "name": "Platform Owner Manage Organizations and Owners", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"ssh_key\"]", - "scopes": "[\"deleteAll\",\"removeAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "resources": "[\"organization\"]", + "scopes": "[\"delete\",\"update\",\"add\",\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "6cff2c76-c36e-44ab-b5e3-0ae4b6b12c6c", - "name": "Run Drush rsync to Development Environment", + "name": "View Environment Variable Value for Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", - "scopes": "[\"drushRsync:destination:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"env_var\"]", + "scopes": "[\"environment:viewValue:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "7216ccd5-4453-4245-826a-6f0ac7523c1c", - "name": "View Environment Metrics", + "name": "User can SSH to Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"environment\"]", - "scopes": "[\"storage\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + "scopes": "[\"ssh:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "72a59c63-eecc-4b88-9894-4db7283b3da8", - "name": "Delete Environment Variable from Project", + "name": "Delete User", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", + "config": { + "resources": "[\"user\"]", + "scopes": "[\"delete\"]", + "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" + } + }, + { + "name": "Add Harbor Scan Match", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"project:delete\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "resources": "[\"harbor_scan_match\"]", + "scopes": "[\"add\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "738f04e6-e9db-49f4-b507-cb30465a7b2e", - "name": "Add User to Group", + "name": "Run Drush archive-dump", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"group\"]", - "scopes": "[\"addUser\"]", - "applyPolicies": "[\"[Lagoon] Users role for group is Owner\"]" + "resources": "[\"task\"]", + "scopes": "[\"drushArchiveDump:production\",\"drushArchiveDump:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "748f1125-0450-44a1-b2ef-9db7ee50c2ce", - "name": "Update Production Environment", + "name": "Add Environment Variable to Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"environment\"]", - "scopes": "[\"update:production\"]", + "resources": "[\"env_var\"]", + "scopes": "[\"project:add\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "752f5761-9eec-4d2c-8273-94d96ca9ad5f", - "name": "Invoke Task Guest", + "name": "Add User", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"advanced_task\"]", - "scopes": "[\"invoke:guest\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\"]" + "resources": "[\"user\"]", + "scopes": "[\"add\"]", + "applyPolicies": "[\"Default Policy\"]" } }, { - "id": "78cb73c2-8aa4-4706-bed7-43aba1f2be85", - "name": "View Notification", + "name": "Delete Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"notification\"]", - "scopes": "[\"view\"]", + "resources": "[\"environment\"]", + "scopes": "[\"delete:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" + } + }, + { + "name": "Run Drush sql-sync from Any Environment", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"task\"]", + "scopes": "[\"drushSqlSync:source:development\",\"drushSqlSync:source:production\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "7a6ef9c6-a204-42ea-b8b6-3934c4373706", - "name": "Remove Notification from Project", + "name": "Delete Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"removeNotification\"]", + "resources": "[\"environment\"]", + "scopes": "[\"delete\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "7b9f2d29-9496-47a5-a07f-7913f4a0caed", - "name": "Add Project", + "name": "Update Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"add\"]", - "applyPolicies": "[\"Default Policy\"]" + "resources": "[\"environment\"]", + "scopes": "[\"update:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "821c96bd-e34b-4bd7-a096-fff10cea4f91", - "name": "Add User", + "name": "Delete Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"user\"]", - "scopes": "[\"add\"]", - "applyPolicies": "[\"Default Policy\"]" + "resources": "[\"environment\"]", + "scopes": "[\"delete:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "88176055-ebc6-42a4-900a-dbc59b30c63a", - "name": "Delete Task", + "name": "Delete Backup", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", + "resources": "[\"backup\"]", "scopes": "[\"delete\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "8e18e5d3-1c2b-4f74-a848-033dd2b11056", - "name": "View Environment", + "name": "Update Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"environment\"]", - "scopes": "[\"view\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "scopes": "[\"update:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "90e14922-d62a-4c70-8998-2e79a8ab165e", "name": "Add Restore", "type": "scope", "logic": "POSITIVE", @@ -1772,175 +1807,138 @@ } }, { - "id": "97494304-371b-4685-81a6-01bc33206029", - "name": "Delete Backup", + "name": "Delete Group", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"backup\"]", + "resources": "[\"group\"]", "scopes": "[\"delete\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "applyPolicies": "[\"[Lagoon] Users role for group is Maintainer\"]" } }, { - "id": "9e51bd99-43ea-495a-bf89-7c41eea3c025", - "name": "Delete Harbor Scan Match", + "name": "Add Problem", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"harbor_scan_match\"]", - "scopes": "[\"delete\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" - } - }, - { - "id": "9f528c9c-d6ff-49d7-814a-f2d1d56bec1e", - "name": "Update Project", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"project\"]", - "scopes": "[\"update\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" - } - }, - { - "id": "9f7717a3-f405-4d38-9c16-b3dfa936804f", - "name": "Run Drush rsync from Any Environment", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"task\"]", - "scopes": "[\"drushRsync:source:production\",\"drushRsync:source:development\"]", + "resources": "[\"problem\"]", + "scopes": "[\"add\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "a1aae4e8-3108-4528-84ba-254b426d5cc5", - "name": "View Harbor Scan Match", + "name": "View Environment Variable for Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"harbor_scan_match\"]", - "scopes": "[\"view\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "resources": "[\"env_var\"]", + "scopes": "[\"environment:view:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "a1b96f82-da31-44b1-ac40-bcbb75732bc8", - "name": "User can SSH to Development Environment", + "name": "Add Task to Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"environment\"]", - "scopes": "[\"ssh:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"task\"]", + "scopes": "[\"add:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "a2b7dc68-0a08-4866-a92d-99ea569cf05c", - "name": "Delete Environment Variable from Development Environment", + "name": "Delete Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"environment:delete:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"project\"]", + "scopes": "[\"delete\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" } }, { - "id": "a8adf6f5-820f-417e-8ef7-4b84acc37c83", - "name": "Run Drush sql-sync to Development Environment", + "name": "Add Backup", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", - "scopes": "[\"drushSqlSync:destination:development\"]", + "resources": "[\"backup\"]", + "scopes": "[\"add\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "ab748ff7-0180-446a-9c13-5492a734a27a", - "name": "Update Restore", + "name": "Update Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"restore\"]", + "resources": "[\"project\"]", "scopes": "[\"update\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "ab86aa4e-1c04-44df-b0dc-a898b4d03b31", - "name": "Add Notification to Project", + "name": "Invoke Task Guest", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"addNotification\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "resources": "[\"advanced_task\"]", + "scopes": "[\"invoke:guest\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\"]" } }, { - "id": "b11128e8-a6ac-4fcc-aa5e-a474171b1b3a", - "name": "Invoke Task Developer", + "name": "Delete Harbor Scan Match", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"advanced_task\"]", - "scopes": "[\"invoke:developer\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"harbor_scan_match\"]", + "scopes": "[\"delete\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "b2b342ee-424c-4937-88c6-099c5483f721", - "name": "View Environment Variable for Development Environment", + "name": "Add Task to Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"environment:view:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "resources": "[\"task\"]", + "scopes": "[\"add:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "b72e8297-695c-4fce-941d-b8f22853cd07", - "name": "View All Users", + "name": "View Notification", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"user\"]", - "scopes": "[\"viewAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"notification\"]", + "scopes": "[\"view\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "b7546519-a48b-49f6-903c-3a1cf35b05e1", - "name": "Run Drush sql-sync to Production Environment", + "name": "Run Drush rsync to Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"task\"]", - "scopes": "[\"drushSqlSync:destination:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "scopes": "[\"drushRsync:destination:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "b7775d40-1b3b-4a70-bdd6-bb2b5ca6d763", "name": "View All Environments", "type": "scope", "logic": "POSITIVE", @@ -1952,103 +1950,83 @@ } }, { - "id": "bb49c4c0-133d-4236-945b-b7c0302ff0ef", - "name": "Add Fact", + "name": "Delete All Notifications", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"fact\"]", - "scopes": "[\"add\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"notification\"]", + "scopes": "[\"removeAll\",\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "bbc2977d-58af-4a62-ace0-b3a1a0babbc2", - "name": "Remove User from Group", + "name": "Update Deployment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"group\"]", - "scopes": "[\"removeUser\"]", - "applyPolicies": "[\"[Lagoon] Users role for group is Maintainer\"]" + "resources": "[\"deployment\"]", + "scopes": "[\"update\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "be3a8938-d9e4-4b4d-aa26-74fdabbaba7b", - "name": "View Problems", + "name": "View Environment Variable for Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"problem\"]", - "scopes": "[\"view\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"env_var\"]", + "scopes": "[\"environment:view:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "bed0a73e-0a82-4e9d-90cc-31d69cc9c596", - "name": "Delete All Projects", + "name": "Add or Update Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"deleteAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "resources": "[\"environment\"]", + "scopes": "[\"addOrUpdate:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "c4df739d-f32c-45ff-a0a0-8e8b0c49e228", - "name": "View Environment Variable Value for Development Environment", + "name": "Delete All Environments", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"environment:viewValue:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"environment\"]", + "scopes": "[\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "c5b54ee8-dce4-464d-89db-e29166d73e2b", - "name": "View Environment Variable for Production Environment", + "name": "Add Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"environment:view:production\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "resources": "[\"project\"]", + "scopes": "[\"add\"]", + "applyPolicies": "[\"Default Policy\"]" } }, { - "id": "c7d280c9-db0c-4f0e-9393-7523c990fc45", - "name": "View All Openshifts", + "name": "CUD Notification", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"openshift\"]", - "scopes": "[\"viewAll\"]", + "resources": "[\"notification\"]", + "scopes": "[\"delete\",\"update\",\"add\"]", "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "cf62bbb1-2a2d-4447-ac15-5b227b54779c", - "name": "Add Environment Variable to Project", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"project:add\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" - } - }, - { - "id": "cfab1fa5-3015-4521-98c1-6a355cdbe9f2", "name": "Run Drush uli on Development Environment", "type": "scope", "logic": "POSITIVE", @@ -2060,571 +2038,577 @@ } }, { - "id": "d0b19ab6-22d1-4bb7-9ee0-4c6ad11affd3", - "name": "Get User By SSH Key", + "name": "Delete All Users", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"user\"]", - "scopes": "[\"getBySshKey\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + "scopes": "[\"deleteAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" } }, { - "id": "d591bcc8-25f2-40ce-a6ac-eeb3c78a2a1b", - "name": "Delete All Backups", + "name": "Update SSH Key", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", + "decisionStrategy": "AFFIRMATIVE", "config": { - "resources": "[\"backup\"]", - "scopes": "[\"deleteAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "resources": "[\"ssh_key\"]", + "scopes": "[\"update\"]", + "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "d88c72a2-aadc-4758-939a-f5a3fe175dc0", - "name": "Delete All Notifications", + "name": "Update Task", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"notification\"]", - "scopes": "[\"deleteAll\",\"removeAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "resources": "[\"task\"]", + "scopes": "[\"update\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "d97c289f-ad80-49c3-9068-6d72b6d8f564", - "name": "View All Groups", + "name": "Update User", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", + "decisionStrategy": "AFFIRMATIVE", "config": { - "resources": "[\"group\"]", - "scopes": "[\"viewAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"user\"]", + "scopes": "[\"update\"]", + "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "da11f57f-5484-4a70-b382-fca45a483762", - "name": "Add Backup", + "name": "Run Drush rsync from Any Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"backup\"]", - "scopes": "[\"add\"]", + "resources": "[\"task\"]", + "scopes": "[\"drushRsync:source:development\",\"drushRsync:source:production\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "da42523f-7afd-482f-b751-606818088be0", - "name": "Add Environment Variable to Production Environment", + "name": "View Openshift", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"environment:add:production\"]", + "resources": "[\"openshift\"]", + "scopes": "[\"view\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "de21d516-e515-4715-ab4c-7f9185576504", - "name": "View Openshift", + "name": "View Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"openshift\"]", + "resources": "[\"environment\"]", "scopes": "[\"view\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "df5a5056-9484-4e86-8a84-60ea61ddd320", - "name": "Update Group", + "name": "View All Users", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"group\"]", - "scopes": "[\"update\"]", - "applyPolicies": "[\"[Lagoon] Users role for group is Maintainer\"]" + "resources": "[\"user\"]", + "scopes": "[\"viewAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "e1329690-07d4-43bb-8310-a64e7e495122", - "name": "Manage Openshift", + "name": "View Task", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"openshift\"]", - "scopes": "[\"delete\",\"deleteAll\",\"view:token\",\"add\",\"update\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"task\"]", + "scopes": "[\"view\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" } }, { - "id": "e2d337e7-ea36-415b-88a4-1e66752c452d", - "name": "View Facts", + "name": "Add Groups to Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"fact\"]", - "scopes": "[\"view\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + "resources": "[\"project\"]", + "scopes": "[\"addGroup\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" } }, { - "id": "e3d3f53c-75cd-433f-b0f3-671e4d5fe16f", - "name": "Update Task", + "name": "Add Environment Variable to Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", - "scopes": "[\"update\"]", + "resources": "[\"env_var\"]", + "scopes": "[\"environment:add:development\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "ea3940d0-2a5e-45d7-b8b8-f18c28ce4018", - "name": "Update User", + "name": "View Environment Variable Value for Project", "type": "scope", "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"user\"]", - "scopes": "[\"update\"]", - "applyPolicies": "[\"[Lagoon] User has access to own data\",\"[Lagoon] Users role for realm is Platform Owner\"]" + "resources": "[\"env_var\"]", + "scopes": "[\"project:viewValue\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "ebf2d3b9-6ea0-429b-87dd-a822178cc727", - "name": "Add Task to Development Environment", + "name": "Run Drush sql-dump", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"task\"]", - "scopes": "[\"add:development\"]", + "scopes": "[\"drushSqlDump:production\",\"drushSqlDump:development\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "ec73200d-37df-48e5-a631-3ea48ac75ec2", - "name": "Run Drush cache-clear", + "name": "View Problems", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"task\"]", - "scopes": "[\"drushCacheClear:production\",\"drushCacheClear:development\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "resources": "[\"problem\"]", + "scopes": "[\"view\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "ed1a1f13-1b9e-4457-be60-01d421f9eaa4", - "name": "View Project Private Key", + "name": "Add Environment Variable to Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"project\"]", - "scopes": "[\"viewPrivateKey\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Owner\"]" + "resources": "[\"env_var\"]", + "scopes": "[\"environment:add:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "f108c909-c685-4cd2-9ebe-bdd944ed6809", - "name": "Delete All Groups", + "name": "Delete Fact", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"group\"]", - "scopes": "[\"deleteAll\"]", - "applyPolicies": "[\"[Lagoon] Users role for realm is Admin\"]" + "resources": "[\"fact\"]", + "scopes": "[\"delete\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "f3d8bc8d-1ddc-430a-bcb6-548674601e5a", - "name": "Delete Fact", + "name": "View Facts", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"fact\"]", - "scopes": "[\"delete\"]", + "scopes": "[\"view\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "f507c647-6154-4d21-85e9-031877ec7d5e", - "name": "View Environment Variable for Project", + "name": "Create Image Based Task", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"project:view\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + "resources": "[\"advanced_task\"]", + "scopes": "[\"create:advanced\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "f619d22b-fd0d-45d0-bb39-8df6616ba049", - "name": "Cancel Deployment", + "name": "Advanced Task Delete", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"deployment\"]", - "scopes": "[\"cancel\"]", - "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + "resources": "[\"advanced_task\"]", + "scopes": "[\"delete:advanced\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" } }, { - "id": "f7d94602-3d6e-4b30-ac50-c220815e1f9c", - "name": "Run Drush sql-sync from Any Environment", + "name": "Run Drush sql-sync to Production Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "resources": "[\"task\"]", - "scopes": "[\"drushSqlSync:source:development\",\"drushSqlSync:source:production\"]", + "scopes": "[\"drushSqlSync:destination:production\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + } + }, + { + "name": "Add Fact", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"fact\"]", + "scopes": "[\"add\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" } }, { - "id": "fc3bae8e-a1a1-4472-9353-d02b5df5c7dd", - "name": "Update Deployment", + "name": "Delete Environment Variable from Development Environment", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"deployment\"]", - "scopes": "[\"update\"]", + "resources": "[\"env_var\"]", + "scopes": "[\"environment:delete:development\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Developer\"]" + } + }, + { + "name": "View All Projects", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"project\"]", + "scopes": "[\"viewAll\"]", + "applyPolicies": "[\"[Lagoon] Users role for realm is Platform Owner\"]" + } + }, + { + "name": "Run Drush rsync to Production Environment", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"task\"]", + "scopes": "[\"drushRsync:destination:production\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } }, { - "id": "febb8c36-5745-47f3-ac59-8c6ed4bf34cd", - "name": "View Environment Variable Value for Project", + "name": "View Project", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { - "resources": "[\"env_var\"]", - "scopes": "[\"project:viewValue\"]", + "resources": "[\"project\"]", + "scopes": "[\"view\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Guest\"]" + } + }, + { + "name": "Remove Groups from Project", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"project\"]", + "scopes": "[\"removeGroup\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + } + }, + { + "name": "Invoke Task Maintainer", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"advanced_task\"]", + "scopes": "[\"invoke:maintainer\"]", + "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" + } + }, + { + "name": "Remove Notification from Project", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"project\"]", + "scopes": "[\"removeNotification\"]", "applyPolicies": "[\"[Lagoon] User has access to project\",\"[Lagoon] Users role for project is Maintainer\"]" } } ], "scopes": [ { - "id": "0112e01f-1029-4d8b-838e-ca513f707cc4", - "name": "viewAll" + "name": "drushSqlDump:development" }, { - "id": "02e0bee8-7bb2-44aa-bca2-0332685d47e7", - "name": "environment:delete:production" + "name": "deploy:development" }, { - "id": "0c64f54d-4443-480c-8c60-f98bf7a8f2fa", - "name": "drushRsync:destination:development" + "name": "addOrUpdate:production" }, { - "id": "0d2f7b80-42a0-49b6-a033-e23c59632228", - "name": "invoke:guest" + "name": "drushSqlSync:destination:development" }, { - "id": "0d7efbc6-6a43-4a4a-8384-421284de5f93", - "name": "removeUser" + "name": "deploy:production" }, { - "id": "0e5920f7-9acc-4abd-b0fb-91b609aba28d", - "name": "environment:view:production" + "name": "delete" }, { - "id": "177c4b61-6aa1-40df-bd2c-5786b3dc046d", - "name": "removeNotification" + "name": "cancel" }, { - "id": "1af8ab76-bbce-4f9a-935f-dbe02ab2833b", - "name": "view" + "name": "addProject" }, { - "id": "21619a22-71f0-4303-b434-691d862863a8", - "name": "invoke:maintainer" + "name": "drushArchiveDump:production" }, { - "id": "24c7c3d0-3a3b-45b5-9a6c-91cdbaefe6b7", - "name": "delete" + "name": "view:user" }, { - "id": "2706fc6f-123d-4725-bfc4-4eeeb8ab66a6", - "name": "drushCron:development" + "name": "viewGroup" }, { - "id": "27472c04-a0a4-41a8-859c-30413059bf14", - "name": "project:view" + "name": "removeUser" }, { - "id": "2907af44-533f-4a7c-b875-6a1e3154d80a", - "name": "getBySshKey" + "name": "drushRsync:source:production" }, { - "id": "2cd2de55-d584-491e-ad08-05aed07fcd8e", - "name": "cancel:production" + "name": "view:project" }, { - "id": "32f87879-0175-4e08-bb52-f1e17527113d", - "name": "update:production" + "name": "drushCacheClear:production" }, { - "id": "3351b785-1531-49e3-a86d-16363a52decb", - "name": "environment:viewValue:development" + "name": "drushCron:production" }, { - "id": "3447f393-0ca7-4baf-8c93-4df7cc232531", - "name": "view:token" + "name": "create:advanced" }, { - "id": "3535e5d3-ea8e-4f73-94ac-2b4366544078", - "name": "environment:add:development" + "name": "environment:delete:development" }, { - "id": "3a773912-b0ac-4604-b72b-7842b73a7ad8", - "name": "drushArchiveDump:production" + "name": "drushSqlSync:destination:production" }, { - "id": "44fe775b-e523-487c-bfd0-733579aee2b5", - "name": "environment:viewValue:production" + "name": "project:view" }, { - "id": "472f7da1-66bd-4cb0-a8bc-835e216193d5", - "name": "drushCacheClear:production" + "name": "viewUser" }, { - "id": "47f32441-03d0-47e4-aadc-30ad5895f76f", - "name": "drushSqlSync:destination:development" + "name": "environment:viewValue:production" }, { - "id": "502ff80b-830c-4233-a6d6-3fe12a04016b", - "name": "addUser" + "name": "viewUsers" }, { - "id": "505fc833-2735-4dc2-9cce-34a803350721", - "name": "deleteAll" + "name": "environment:view:production" }, { - "id": "56ec4ed7-5b33-4d8d-a6f1-e1ac9139ee09", - "name": "drushRsync:source:development" + "name": "drushSqlSync:source:production" }, { - "id": "599bf91c-b3d3-47be-96b3-117c90f6795d", - "name": "view:user" + "name": "drushSqlSync:source:development" }, { - "id": "5a7356bf-ea30-42ee-ab2c-3129bb022d57", - "name": "addNoExec" + "name": "drushRsync:destination:production" }, { - "id": "5aeb0b88-19ff-4c2a-98fe-a70b0b2c6bb4", - "name": "add:development" + "name": "environment:add:development" }, { - "id": "5d11f1ab-f078-4269-bd89-cd5625aa453d", - "name": "update" + "name": "drushCron:development" }, { - "id": "6367143f-adbb-4afc-a3ba-0007afd73c49", - "name": "drushSqlDump:production" + "name": "invoke:developer" }, { - "id": "638a5dc1-9f47-406e-9b27-173f5a2150aa", - "name": "deleteNoExec" + "name": "cancel:development" }, { - "id": "646a9046-5920-409e-a421-4eb5781697a5", - "name": "add:production" + "name": "removeGroup" }, { - "id": "6f26c4a5-4ec9-4816-98c9-96ea38987999", - "name": "delete:development" + "name": "project:delete" }, { - "id": "6fb3e1af-a531-41cc-90f5-1db4659728f7", - "name": "environment:add:production" + "name": "drushArchiveDump:development" }, { - "id": "747a74d5-1023-4e87-a241-f4b8f3ea20ee", - "name": "view:project" + "name": "update:production" }, { - "id": "74ffd476-dfb2-4d17-8e61-14eccd413776", - "name": "drushCron:production" + "name": "drushRsync:destination:development" }, { - "id": "762c380e-d654-4b11-b00f-3749e43599cd", - "name": "ssh:production" + "name": "delete:development" }, { - "id": "833b0312-23b9-4873-ad36-90efed220d10", - "name": "deploy:production" + "name": "addViewer" }, { - "id": "86f07150-aa50-469b-98dc-81924532a7c9", - "name": "ssh:development" + "name": "deleteProject" }, { - "id": "8ca6b9f3-d647-4894-853a-0f3d38b10ff8", - "name": "viewPrivateKey" + "name": "deleteNoExec" }, { - "id": "8fe73947-cd11-43e6-8e9b-25d89a7612cc", - "name": "drushSqlDump:development" + "name": "viewAll" }, { - "id": "94c6ef3c-5f8e-4cee-a6d5-32584444fa46", - "name": "invoke:developer" + "name": "delete:production" }, { - "id": "9b13338b-07f0-4769-ac11-e725da92640a", - "name": "addGroup" + "name": "add:production" }, { - "id": "a5385a8c-47d2-4454-800b-d8774f8726a1", - "name": "project:viewValue" + "name": "getBySshKey" }, { - "id": "a546726c-dea2-4080-b088-cfc1fbf77fa3", - "name": "drushUserLogin:production" + "name": "environment:delete:production" }, { - "id": "a94336b9-7b80-40f2-bacb-112b6fbcb34f", - "name": "cancel:development" + "name": "environment:add:production" }, { - "id": "ab303eb2-edf2-47fb-bdd6-31c9d1981755", - "name": "drushCacheClear:development" + "name": "addUser" }, { - "id": "ab4c96be-47ff-4ba2-a23a-711b8effdf36", - "name": "create:advanced" + "name": "add:development" }, { - "id": "b070ab12-8799-463f-bc7a-fee004e7f02f", - "name": "project:delete" + "name": "updateOrganization" }, { - "id": "b1c229f6-36ba-4d87-aab6-5cc8160cb6f0", - "name": "invoke" + "name": "update:development" }, { - "id": "b259f17a-8330-4569-b9ba-2cefd73ae446", - "name": "removeAll" + "name": "invoke:maintainer" }, { - "id": "b2877216-7d23-4a90-aed1-5691b94e0805", - "name": "addOrUpdate:development" + "name": "viewNotification" }, { - "id": "b4dcd0b2-f903-4867-ae20-40d6106108f4", - "name": "delete:advanced" + "name": "environment:viewValue:development" }, { - "id": "ba68ce90-2676-41e0-89ff-b5d63949dcdf", - "name": "environment:delete:development" + "name": "drushSqlDump:production" }, { - "id": "bd28d434-ee67-4941-8aee-88b0bacdd9bc", - "name": "drushRsync:destination:production" + "name": "addOrUpdate:development" }, { - "id": "c0a9aa25-a327-4fb8-8557-f145f4e457ba", - "name": "cancel" + "name": "project:add" }, { - "id": "c1ba1d66-8a2f-4dad-84fc-efeac7bcbfec", - "name": "drushSqlSync:source:development" + "name": "viewProject" }, { - "id": "c79329ef-0df1-4396-839b-a9971a016f1a", - "name": "drushRsync:source:production" + "name": "environment:view:development" }, { - "id": "d173f4ab-ca09-45e0-a7c1-b84d08ee23a1", - "name": "drushSqlSync:source:production" + "name": "ssh:development" }, { - "id": "d3469f33-6bbf-4261-9085-966f453e2d19", - "name": "addOrUpdate:production" + "name": "drushRsync:source:development" }, { - "id": "d77df2fe-73d3-47d3-972f-796f1cc6a716", - "name": "addNotification" + "name": "view" }, { - "id": "d84515b3-4c18-4493-b8f8-0ba6a940995e", - "name": "drushSqlSync:destination:production" + "name": "deleteAll" }, { - "id": "dd72dc0f-0217-4c5a-95e2-6c11d40936e8", - "name": "environment:view:development" + "name": "storage" }, { - "id": "de51aeaa-fb79-4da6-86c6-bafed7766ade", - "name": "drushArchiveDump:development" + "name": "project:viewValue" }, { - "id": "e7032108-df0f-4ad4-95c6-9d200e647ec1", - "name": "storage" + "name": "delete:advanced" }, { - "id": "e7ab2d20-8924-4538-90a6-f8067eee17ae", - "name": "delete:production" + "name": "ssh:production" }, { - "id": "e9b47512-6ee9-48be-97f0-a54c0923e082", - "name": "add" + "name": "drushUserLogin:development" }, { - "id": "e9e305db-dd88-4276-bac7-850389d911da", - "name": "removeGroup" + "name": "invoke" }, { - "id": "eb995021-b0a0-41dc-835a-ea8a51b55464", - "name": "deploy:development" + "name": "addOwner" }, { - "id": "f0f06680-cbac-4904-97ab-5b60386c2501", - "name": "update:development" + "name": "addGroup" }, { - "id": "f999fe22-26ac-4b70-82b2-5dfc071f0841", - "name": "drushUserLogin:development" + "name": "addNotification" }, { - "id": "faf82d4e-c282-405a-ada7-d1d35b8e486b", - "name": "project:add" + "name": "updateProject" + }, + { + "name": "cancel:production" + }, + { + "name": "drushCacheClear:development" + }, + { + "name": "view:token" + }, + { + "name": "invoke:guest" + }, + { + "name": "viewPrivateKey" + }, + { + "name": "updateNotification" + }, + { + "name": "update" + }, + { + "name": "drushUserLogin:production" + }, + { + "name": "add" + }, + { + "name": "removeAll" + }, + { + "name": "removeNotification" + }, + { + "name": "addNoExec" } ], "decisionStrategy": "UNANIMOUS" } }, { - "id": "0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", "clientId": "auth-server", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -2643,52 +2627,49 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "0fa291cd-59c3-4c56-b0e1-3555f14b44dc", - "name": "Client IP Address", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientId", "jsonType.label": "String" } }, { - "id": "017ea4f0-fdf7-40da-8b9f-8b163b7e6666", - "name": "Client ID", + "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientId", + "user.session.note": "clientHost", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientId", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "5d079b6e-b167-42c4-9f7b-5c56d018808e", - "name": "Client Host", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -2699,7 +2680,6 @@ ] }, { - "id": "05b7d6b9-8846-41d7-819a-c29f116a0486", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, @@ -2724,8 +2704,8 @@ "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -2736,13 +2716,11 @@ ] }, { - "id": "e9866d8a-4304-428a-b436-553101eaf4bb", "clientId": "lagoon-opendistro-security", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "**********", "redirectUris": [ "*" ], @@ -2765,7 +2743,6 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "de455107-ef50-4ff9-abfe-b82f0792780b", "name": "groups", "protocol": "openid-connect", "protocolMapper": "script-mappers/groups-and-roles.js", @@ -2782,8 +2759,8 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -2794,13 +2771,11 @@ ] }, { - "id": "0429e0c5-8a37-41be-bff5-dd9caac2e9a8", "clientId": "lagoon-opensearch-sync", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -2819,7 +2794,6 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "52b6d998-9dc3-4534-bcf5-d0868e41b47c", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -2833,7 +2807,6 @@ } }, { - "id": "82288f94-9082-484d-9247-b5827c415db6", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -2847,7 +2820,6 @@ } }, { - "id": "46dd6e28-93db-4906-83d9-c02c83d9302a", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -2863,8 +2835,8 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -2875,7 +2847,6 @@ ] }, { - "id": "1bf5aab1-9902-449a-9749-1748ef6afb28", "clientId": "lagoon-ui", "surrogateAuthRequired": false, "enabled": true, @@ -2903,7 +2874,6 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "36b4dbde-5463-4de0-a6a4-d45735665cdd", "name": "Lagoon User ID", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -2920,46 +2890,8 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "386e0c63-d2ef-44b4-a78b-e2869795c331", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "authorizationServicesEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", "roles", - "profile", "email" ], "optionalClientScopes": [ @@ -2967,391 +2899,9 @@ "phone", "offline_access", "microprofile-jwt" - ], - "authorizationSettings": { - "allowRemoteResourceManagement": false, - "policyEnforcementMode": "ENFORCING", - "resources": [ - { - "name": "Users", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "73365690-9659-4fe1-b9d7-3c2f0cecd52c", - "uris": [], - "scopes": [ - { - "name": "user-impersonated" - }, - { - "name": "manage-group-membership" - }, - { - "name": "view" - }, - { - "name": "impersonate" - }, - { - "name": "map-roles" - }, - { - "name": "manage" - } - ] - }, - { - "name": "client.resource.3fa7f7a6-a081-4367-ae52-17fee37985d9", - "type": "Client", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "7559ded2-cffe-4be4-a733-883a486457e0", - "uris": [], - "scopes": [ - { - "name": "view" - }, - { - "name": "map-roles-client-scope" - }, - { - "name": "map-roles" - }, - { - "name": "configure" - }, - { - "name": "manage" - }, - { - "name": "map-roles-composite" - }, - { - "name": "token-exchange" - } - ] - }, - { - "name": "client.resource.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", - "type": "Client", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "f5fc470c-91a9-4cd7-9d56-c096a3b6dd43", - "uris": [], - "scopes": [ - { - "name": "view" - }, - { - "name": "map-roles-client-scope" - }, - { - "name": "map-roles" - }, - { - "name": "configure" - }, - { - "name": "manage" - }, - { - "name": "map-roles-composite" - }, - { - "name": "token-exchange" - } - ] - } - ], - "policies": [ - { - "id": "29ff9091-3f94-4e0a-8672-e3508ef5778d", - "name": "Client service-api Policy", - "type": "client", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "clients": "[\"service-api\"]" - } - }, - { - "id": "31b7f2e7-4c6c-442a-93d0-0af62ddde0e3", - "name": "Client auth-server Policy", - "type": "client", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "clients": "[\"auth-server\"]" - } - }, - { - "id": "1d5119aa-86aa-4152-95c1-31f0dcbb0673", - "name": "map-roles.permission.client.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6\"]", - "scopes": "[\"map-roles\"]" - } - }, - { - "id": "2631ee14-ff50-4272-b916-aa42859dca88", - "name": "configure.permission.client.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6\"]", - "scopes": "[\"configure\"]" - } - }, - { - "id": "27daa0f3-f488-47e4-b8a5-69b8fab5b8c4", - "name": "map-roles-client-scope.permission.client.3fa7f7a6-a081-4367-ae52-17fee37985d9", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.3fa7f7a6-a081-4367-ae52-17fee37985d9\"]", - "scopes": "[\"map-roles-client-scope\"]" - } - }, - { - "id": "2b68b62a-1697-471c-be8d-fb65ac26793b", - "name": "manage.permission.client.3fa7f7a6-a081-4367-ae52-17fee37985d9", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.3fa7f7a6-a081-4367-ae52-17fee37985d9\"]", - "scopes": "[\"manage\"]" - } - }, - { - "id": "308eb6d0-b19b-432e-b654-aa02d3863d10", - "name": "manage.permission.users", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"Users\"]", - "scopes": "[\"manage\"]" - } - }, - { - "id": "33c582fe-5f63-4955-8101-968ff7601579", - "name": "admin-impersonating.permission.users", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "resources": "[\"Users\"]", - "scopes": "[\"impersonate\"]", - "applyPolicies": "[\"Client service-api Policy\",\"Client auth-server Policy\"]" - } - }, - { - "id": "3bb0fd46-80ba-4e53-9088-3542e831e137", - "name": "configure.permission.client.3fa7f7a6-a081-4367-ae52-17fee37985d9", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.3fa7f7a6-a081-4367-ae52-17fee37985d9\"]", - "scopes": "[\"configure\"]" - } - }, - { - "id": "4245d90d-c55a-40d8-bc08-245fc7baded5", - "name": "map-roles-composite.permission.client.3fa7f7a6-a081-4367-ae52-17fee37985d9", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.3fa7f7a6-a081-4367-ae52-17fee37985d9\"]", - "scopes": "[\"map-roles-composite\"]" - } - }, - { - "id": "4d8ac070-486c-45e6-a4a0-39367b0421ab", - "name": "view.permission.client.3fa7f7a6-a081-4367-ae52-17fee37985d9", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.3fa7f7a6-a081-4367-ae52-17fee37985d9\"]", - "scopes": "[\"view\"]" - } - }, - { - "id": "69d34aa7-26e0-47c7-b49f-7f2db1d131f5", - "name": "map-roles-client-scope.permission.client.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6\"]", - "scopes": "[\"map-roles-client-scope\"]" - } - }, - { - "id": "6c6ebea1-c573-4e69-b785-d97f9cb289c6", - "name": "manage-group-membership.permission.users", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"Users\"]", - "scopes": "[\"manage-group-membership\"]" - } - }, - { - "id": "806e8694-8d4c-4f31-81ec-b12e98d51e7a", - "name": "map-roles.permission.client.3fa7f7a6-a081-4367-ae52-17fee37985d9", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.3fa7f7a6-a081-4367-ae52-17fee37985d9\"]", - "scopes": "[\"map-roles\"]" - } - }, - { - "id": "b8c06998-7e2a-4b4a-a986-7e5a4b5190cd", - "name": "map-roles.permission.users", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"Users\"]", - "scopes": "[\"map-roles\"]" - } - }, - { - "id": "cbec1bd3-b566-444a-ba90-81842c14f482", - "name": "user-impersonated.permission.users", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"Users\"]", - "scopes": "[\"user-impersonated\"]" - } - }, - { - "id": "dfbe3ee1-72b0-47b5-8edd-334455cbdfc8", - "name": "token-exchange.permission.client.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6\"]", - "scopes": "[\"token-exchange\"]" - } - }, - { - "id": "e6a3382e-7834-430d-8c1d-4948b438adc3", - "name": "token-exchange.permission.client.3fa7f7a6-a081-4367-ae52-17fee37985d9", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.3fa7f7a6-a081-4367-ae52-17fee37985d9\"]", - "scopes": "[\"token-exchange\"]" - } - }, - { - "id": "e6af040d-984d-4cc9-b702-04ad9ac48d27", - "name": "view.permission.client.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6\"]", - "scopes": "[\"view\"]" - } - }, - { - "id": "efcc85db-934b-4f49-9bdb-803854602f63", - "name": "view.permission.users", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"Users\"]", - "scopes": "[\"view\"]" - } - }, - { - "id": "f56a3da2-c233-471a-a9ff-18932cda1482", - "name": "map-roles-composite.permission.client.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6\"]", - "scopes": "[\"map-roles-composite\"]" - } - }, - { - "id": "ff829664-2ef3-4821-8bdf-7358d6479c06", - "name": "manage.permission.client.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.0cbfaeac-2f01-450b-b34f-8a74c9c8a9f6\"]", - "scopes": "[\"manage\"]" - } - } - ], - "scopes": [ - { - "id": "00a4bbe2-cfe7-4046-a407-b396d5432c86", - "name": "token-exchange" - }, - { - "id": "0ad92642-a0dc-45a6-af90-dff9f17748d3", - "name": "manage" - }, - { - "id": "10032bf6-fb60-4ff5-8079-d3cfcb3f1ae6", - "name": "map-roles-client-scope" - }, - { - "id": "12385261-058f-495c-834e-dd8dd66688e1", - "name": "user-impersonated" - }, - { - "id": "45f93c3b-bb05-4371-9160-d2451f595be8", - "name": "impersonate" - }, - { - "id": "71603746-0347-4e25-931f-f346856429c2", - "name": "map-roles" - }, - { - "id": "769f55e1-cd9c-434f-bc3c-ccb4fd3ebc98", - "name": "configure" - }, - { - "id": "901b64f1-58e2-440a-992f-e7216809a145", - "name": "map-roles-composite" - }, - { - "id": "9c74d485-8583-4c59-8347-d8966ab088b7", - "name": "view" - }, - { - "id": "d646f276-9854-438c-be3e-1f5f61c46873", - "name": "manage-group-membership" - } - ], - "decisionStrategy": "UNANIMOUS" - } + ] }, { - "id": "f7915e64-2fbb-4e23-b89d-55898c300b97", "clientId": "security-admin-console", "name": "${client_security-admin-console}", "rootUrl": "${authAdminUrl}", @@ -3384,7 +2934,6 @@ "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "e46f7d02-aee4-493b-9754-0a7b86dc0f37", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -3401,8 +2950,8 @@ ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -3413,13 +2962,11 @@ ] }, { - "id": "3fa7f7a6-a081-4367-ae52-17fee37985d9", "clientId": "service-api", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -3438,66 +2985,74 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "17c9456d-b5c4-4573-a3cc-3d1804ae4da2", - "name": "Client Host", + "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientHost", + "user.session.note": "clientAddress", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientHost", + "claim.name": "clientAddress", "jsonType.label": "String" } }, { - "id": "54aa3330-b6c8-43f0-9a07-c33f89fe2bd9", - "name": "Client ID", + "name": "Group Lagoon Project IDs", "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.session.note": "clientId", - "id.token.claim": "true", + "aggregate.attrs": "true", + "multivalued": "true", + "userinfo.token.claim": "false", + "user.attribute": "group-lagoon-project-ids", + "id.token.claim": "false", "access.token.claim": "true", - "claim.name": "clientId", + "claim.name": "group_lagoon_project_ids", "jsonType.label": "String" } }, { - "id": "8c872868-1429-47c8-b4ec-35c331439ee2", - "name": "Group Lagoon Project IDs", + "name": "Group Membership", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-group-membership-mapper", "consentRequired": false, "config": { - "aggregate.attrs": "true", - "multivalued": "true", - "userinfo.token.claim": "false", - "user.attribute": "group-lagoon-project-ids", + "full.path": "true", "id.token.claim": "false", "access.token.claim": "true", - "claim.name": "group_lagoon_project_ids", + "claim.name": "group_membership", + "userinfo.token.claim": "false" + } + }, + { + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", "jsonType.label": "String" } }, { - "id": "a1972c6c-41e7-41ca-b75b-7e5df763c147", - "name": "Client IP Address", + "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", "consentRequired": false, "config": { - "user.session.note": "clientAddress", + "user.session.note": "clientId", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "clientAddress", + "claim.name": "clientId", "jsonType.label": "String" } }, { - "id": "3117d9b2-7236-4131-ab73-8c6deaee5488", "name": "User Realm Roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", @@ -3509,26 +3064,12 @@ "multivalued": "true", "userinfo.token.claim": "false" } - }, - { - "id": "d9eca3f7-688a-439b-86ad-cf32fdc4d5c9", - "name": "Group Membership", - "protocol": "openid-connect", - "protocolMapper": "oidc-group-membership-mapper", - "consentRequired": false, - "config": { - "full.path": "true", - "id.token.claim": "false", - "access.token.claim": "true", - "claim.name": "group_membership", - "userinfo.token.claim": "false" - } } ], "defaultClientScopes": [ "web-origins", - "roles", "profile", + "roles", "email" ], "optionalClientScopes": [ @@ -3541,7 +3082,6 @@ ], "clientScopes": [ { - "id": "09e54c2e-81b1-457b-8164-84444012aaad", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", @@ -3552,284 +3092,183 @@ }, "protocolMappers": [ { - "id": "46e6f488-7cc5-4e30-8868-904b3fbb6ca6", - "name": "phone number", + "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", + "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" } }, { - "id": "6ef33eff-4bad-4359-85c5-c5ad36d8013c", - "name": "phone number verified", + "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", + "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" + "claim.name": "phone_number", + "jsonType.label": "String" } } ] }, { - "id": "19f8f590-df1d-414f-ab1a-97a8a41ae3d5", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "false", + "include.in.token.scope": "true", "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" + "consent.screen.text": "${profileScopeConsentText}" }, "protocolMappers": [ { - "id": "805c68c6-df20-4cb2-ac66-f7f28fda6449", - "name": "client roles", + "name": "picture", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.attribute": "foo", + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" + "claim.name": "picture", + "jsonType.label": "String" } }, { - "id": "28aff74c-b27a-40e3-bcf7-0cb97b4b552b", - "name": "realm roles", + "name": "website", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "user.attribute": "foo", + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" + "claim.name": "website", + "jsonType.label": "String" } }, { - "id": "15a2531b-62ab-4eb0-84f9-a1c42471510d", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "58c74e65-3546-44d0-9bd2-53cfc2999805", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "519f17cd-004c-4397-90ba-a9bdb14a60ca", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "924807ba-28c5-410e-8267-11f6d9fc5998", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "02365622-42d3-4777-a900-5f5dc1537502", - "name": "email verified", + "name": "zoneinfo", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "emailVerified", + "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" + "claim.name": "zoneinfo", + "jsonType.label": "String" } }, { - "id": "f89cefa5-dd08-421e-a512-3c5716bf89a4", - "name": "email", + "name": "updated at", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "email", + "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email", + "claim.name": "updated_at", "jsonType.label": "String" } - } - ] - }, - { - "id": "d0104fb4-10be-4581-afbe-8c7b56c917d7", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ + }, { - "id": "156ddf84-0da0-4fd3-abd4-146ee2f6e666", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" } - } - ] - }, - { - "id": "3115f5a2-420a-4431-aa0d-2a256cca0678", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ + }, { - "id": "d9e8947a-ea19-4976-bf29-699575569b1f", - "name": "groups", + "name": "locale", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { - "multivalued": "true", - "user.attribute": "foo", + "userinfo.token.claim": "true", + "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "groups", + "claim.name": "locale", "jsonType.label": "String" } }, { - "id": "46c9832a-d257-4c6e-95b8-c9a118a88e43", - "name": "upn", + "name": "middle name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "username", + "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "upn", + "claim.name": "middle_name", "jsonType.label": "String" } - } - ] - }, - { - "id": "3cf31c0a-bc3d-48bd-b459-0d53a38cc8b6", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "cd8a0526-5909-4717-97e7-ce1b5c7708b8", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ + }, { - "id": "0d6ac5d2-ee0b-425c-b62b-51ace88b1b2b", - "name": "updated at", + "name": "username", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "updatedAt", + "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "updated_at", + "claim.name": "preferred_username", "jsonType.label": "String" } }, { - "id": "f8dc72c4-0d30-4cfa-9429-3d261f4dd115", - "name": "gender", + "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "gender", + "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "gender", + "claim.name": "nickname", "jsonType.label": "String" } }, { - "id": "a06ec0ba-9182-4180-9acc-ae7eb76829e1", - "name": "family name", + "name": "full name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" + "userinfo.token.claim": "true" } }, { - "id": "e7607473-87de-4c5c-8d63-32eccb9c3591", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -3844,65 +3283,74 @@ } }, { - "id": "6c3d1ff8-338e-4f02-bbd9-4da9ef376698", - "name": "middle name", + "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "middleName", + "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "middle_name", + "claim.name": "birthdate", "jsonType.label": "String" } }, { - "id": "9ac6ae06-28d0-4131-9259-c87941fc2470", - "name": "full name", + "name": "family name", "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "family_name", + "jsonType.label": "String" } }, { - "id": "77369438-75ac-4e10-a5b9-59f7a88051be", - "name": "picture", + "name": "given name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "picture", + "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "picture", + "claim.name": "given_name", "jsonType.label": "String" } - }, + } + ] + }, + { + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ { - "id": "1944c2f3-f36e-45c3-9de9-b9ace7cf47e2", - "name": "birthdate", + "name": "groups", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", + "multivalued": "true", + "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "birthdate", + "claim.name": "groups", "jsonType.label": "String" } }, { - "id": "1ed18875-3b11-43fd-8bda-933904b0968c", - "name": "username", + "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, @@ -3911,89 +3359,117 @@ "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "preferred_username", + "claim.name": "upn", "jsonType.label": "String" } - }, + } + ] + }, + { + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ { - "id": "7840a1e0-f034-4ba9-a261-dd8dced6b680", - "name": "website", + "name": "allowed web origins", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-allowed-origins-mapper", "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, + "config": {} + } + ] + }, + { + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ { - "id": "2d1e8a2a-ff82-4903-8cb2-f0b8579191e5", - "name": "nickname", + "name": "email", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "nickname", + "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "nickname", + "claim.name": "email", "jsonType.label": "String" } }, { - "id": "9698c7b8-b86c-49e6-922a-3364293adf3b", - "name": "given name", + "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "firstName", + "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" + "claim.name": "email_verified", + "jsonType.label": "boolean" } + } + ] + }, + { + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} }, { - "id": "fe6d237e-9927-4dfb-91c4-8579f7c25610", - "name": "locale", + "name": "realm roles", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", + "user.attribute": "foo", "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" } }, { - "id": "b3437504-5b3c-43f5-a7fb-8850f4ee23ed", - "name": "zoneinfo", + "name": "client roles", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", + "user.attribute": "foo", "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" } } ] }, { - "id": "56b186e4-24c2-473f-9e29-cbc4fe980c1d", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", @@ -4004,7 +3480,6 @@ }, "protocolMappers": [ { - "id": "67a5b3fe-0023-4b15-89ff-48866a50b2d7", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", @@ -4022,20 +3497,51 @@ } } ] + }, + { + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } } ], "defaultDefaultClientScopes": [ - "roles", - "web-origins", - "email", "profile", - "role_list" + "email", + "roles", + "role_list", + "web-origins" ], "defaultOptionalClientScopes": [ - "phone", "microprofile-jwt", "offline_access", - "address" + "address", + "phone" ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", @@ -4046,7 +3552,6 @@ "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, - "smtpServer": {}, "eventsEnabled": false, "eventsListeners": [ "jboss-logging" @@ -4059,53 +3564,35 @@ "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "d5514a68-07bc-4723-bc84-a1f2877fcef7", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", + "name": "Max Clients Limit", + "providerId": "max-clients", "subType": "anonymous", "subComponents": {}, "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-full-name-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper" + "max-clients": [ + "200" ] } }, { - "id": "bcee5f5c-33de-4271-8258-244f84101d67", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "08ff6d0d-bff4-42b3-bc6a-216113ce5017", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", - "subType": "authenticated", + "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper" + "oidc-address-mapper" ] } }, { - "id": "11bf37df-8aa5-4cdb-afdb-8c1d49a1b421", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "authenticated", @@ -4117,19 +3604,6 @@ } }, { - "id": "35fd438c-2ae3-43f6-95cb-77f2e33cc942", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "4b6e9ca5-120f-4efa-8c42-1c004eebc4ce", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", @@ -4144,29 +3618,51 @@ } }, { - "id": "bc2edb7b-ea8c-4590-9293-97f4b1976566", - "name": "Full Scope Disabled", - "providerId": "scope", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } + }, + { + "name": "Consent Required", + "providerId": "consent-required", "subType": "anonymous", "subComponents": {}, "config": {} }, { - "id": "a695a438-ea6b-4763-aa32-bbeb223f80d0", - "name": "Max Clients Limit", - "providerId": "max-clients", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", "subType": "anonymous", "subComponents": {}, "config": { - "max-clients": [ - "200" + "allow-default-scopes": [ + "true" ] } + }, + { + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], "org.keycloak.userprofile.UserProfileProvider": [ { - "id": "bacc9c6e-c708-4fc0-b3be-82c2e7b8a37f", "providerId": "declarative-user-profile", "subComponents": {}, "config": {} @@ -4174,9 +3670,8 @@ ], "org.keycloak.keys.KeyProvider": [ { - "id": "dd6d821d-fe08-4349-83b7-36b95d26492b", - "name": "aes-generated", - "providerId": "aes-generated", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ @@ -4185,37 +3680,34 @@ } }, { - "id": "ba560511-2adc-4e27-a5c5-836a4d09c7cd", - "name": "hmac-generated", - "providerId": "hmac-generated", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ - "HS256" + "RSA-OAEP" ] } }, { - "id": "f43a81e2-0676-479b-b1d9-f567e75825b8", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" ], "algorithm": [ - "RSA-OAEP" + "HS256" ] } }, { - "id": "b4cb5cbf-0d55-4a1e-abb1-bae3653284d7", - "name": "rsa-generated", - "providerId": "rsa-generated", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ @@ -4229,7 +3721,6 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "a989d3c5-8d49-48f4-93bd-eafe2cf46765", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -4255,7 +3746,6 @@ ] }, { - "id": "23990eac-06a0-4989-b049-4127a4d0cbae", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -4289,7 +3779,6 @@ ] }, { - "id": "c3d13e8c-3eab-4551-8914-cd46f0ec946f", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -4315,7 +3804,6 @@ ] }, { - "id": "47132bf4-d943-42d1-8bd8-78f5d8a3b122", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -4341,7 +3829,6 @@ ] }, { - "id": "fe26bf9a-90d7-47f2-9728-50214788ba9e", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -4367,7 +3854,6 @@ ] }, { - "id": "c9d7122f-d289-4b3a-94c7-4ef4b2faf4ef", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -4393,7 +3879,6 @@ ] }, { - "id": "6e41e172-8359-4ee9-9301-a878c189fabd", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -4419,7 +3904,6 @@ ] }, { - "id": "87335af1-de99-40cf-b96b-8fde69c8cc99", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -4446,7 +3930,6 @@ ] }, { - "id": "54fbbf4c-845b-4a84-b557-e1c84b64a46c", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -4472,7 +3955,6 @@ ] }, { - "id": "1b9d9580-8427-4242-82a5-9f4b7562e431", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -4514,7 +3996,6 @@ ] }, { - "id": "bb6fc324-4da1-4db5-befd-2d78a56e0b1d", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -4556,7 +4037,6 @@ ] }, { - "id": "8d02c587-1e66-43a6-933c-32b02109f4df", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -4590,7 +4070,6 @@ ] }, { - "id": "4f7b818d-1aaa-4db6-b9dc-6ea59203ee62", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -4608,7 +4087,6 @@ ] }, { - "id": "edf610a7-0d56-4c42-92f1-551cbd4dfdd3", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -4635,7 +4113,6 @@ ] }, { - "id": "caf1377d-46c4-42e2-a5d0-888771b41faf", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -4661,7 +4138,6 @@ ] }, { - "id": "231dfefa-aab3-41a8-a767-296e1b2ae959", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -4687,7 +4163,6 @@ ] }, { - "id": "f036d917-e522-4a16-bec9-40af7ee65108", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -4706,7 +4181,6 @@ ] }, { - "id": "6eda1365-2ede-4c70-9ce8-0a3616b235ca", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -4748,7 +4222,6 @@ ] }, { - "id": "575cd2cf-8b0a-445a-bdde-6e42596dc142", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -4790,7 +4263,6 @@ ] }, { - "id": "b2531adc-00b4-4e5c-83a3-ddccae829039", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -4810,14 +4282,12 @@ ], "authenticatorConfig": [ { - "id": "fd73f836-a24a-47a2-90db-b95370618d06", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "71ebca69-7205-4923-acce-82470f28251c", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" diff --git a/services/keycloak/startup-scripts/00-configure-lagoon.sh b/services/keycloak/startup-scripts/00-configure-lagoon.sh index cade4bb2a8..1d1ed821a6 100755 --- a/services/keycloak/startup-scripts/00-configure-lagoon.sh +++ b/services/keycloak/startup-scripts/00-configure-lagoon.sh @@ -48,16 +48,14 @@ function sync_client_secrets { # would've been created by the function, and halting execution if found. function import_test_realm { - # handle importing a realm from a snapshot of a raw install of 2.15.4 - if [ $KEYCLOAK_TEST_REALM_IMPORT ]; then - echo Importing test realm + # handle importing a realm from a snapshot of a raw install of 2.16.0 if /opt/jboss/keycloak/bin/kcadm.sh get realms/$KEYCLOAK_REALM --config $CONFIG_PATH > /dev/null; then echo "Realm $KEYCLOAK_REALM is already created, skipping initial setup" return 0 fi - /opt/jboss/keycloak/bin/kcadm.sh create realms --config $CONFIG_PATH -f /lagoon/keycloak/lagoon-test-realm-2.15.4.json - echo test realm import complete - fi + echo Importing realm + /opt/jboss/keycloak/bin/kcadm.sh create realms --config $CONFIG_PATH -f /lagoon/seed/lagoon-realm-2.16.0.json + echo realm import complete } function configure_lagoon_realm { @@ -2496,34 +2494,35 @@ function configure_keycloak { configure_admin_email configure_smtp_settings configure_realm_settings - configure_opendistro_security_client - configure_api_client - add_group_viewall - add_deployment_cancel - configure_task_cron - configure_task_uli - configure_problems_system - configure_facts_system - configure_harbor_scan_system - configure_advanced_task_system - remove_billing_modifier - update_openshift_view_permission - configure_service_api_client - configure_token_exchange - update_add_env_var_to_project - migrate_to_js_provider - add_delete_env_var_permissions - configure_lagoon_opensearch_sync_client - add_organization_permissions - update_env_var_view_permissions - add_user_viewall - add_update_additional_platform_owner_permissions - create_or_update_delete_advanced_task_permissions - change_groupadd_to_owner_role - change_project_groupadd_to_owner_role - add_development_task_cancel - add_production_task_cancel - add_organization_viewall + + # configure_opendistro_security_client + # configure_api_client + # add_group_viewall + # add_deployment_cancel + # configure_task_cron + # configure_task_uli + # configure_problems_system + # configure_facts_system + # configure_harbor_scan_system + # configure_advanced_task_system + # remove_billing_modifier + # update_openshift_view_permission + # configure_service_api_client + # configure_token_exchange + # update_add_env_var_to_project + # migrate_to_js_provider + # add_delete_env_var_permissions + # configure_lagoon_opensearch_sync_client + # add_organization_permissions + # update_env_var_view_permissions + # add_user_viewall + # add_update_additional_platform_owner_permissions + # create_or_update_delete_advanced_task_permissions + # change_groupadd_to_owner_role + # change_project_groupadd_to_owner_role + # add_development_task_cancel + # add_production_task_cancel + # add_organization_viewall #post 2.16.0+ migrations after this point