Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Zone creation fails when allow list does not contain all default groups #2870

Merged
merged 10 commits into from
Jun 9, 2024
Merged

Fix: Zone creation fails when allow list does not contain all default groups #2870

merged 10 commits into from
Jun 9, 2024

Conversation

adrianhoelzl-sap
Copy link
Contributor

@adrianhoelzl-sap adrianhoelzl-sap commented May 7, 2024
edited

see issue #2505

With PR #2606, we introduced an allow list for the groups in an identity zone. This PR fixes the issue that the creation of a zone fails whenever the allow list does not contain all system scopes ("scim.read/write", "sps.read/write", etc.).

Now, we only create those groups during zone creation that are part of the effectively allowed groups, i.e., all default groups and all groups in the allowlist.

@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/187563344

The labels on this github issue will be updated when the story is started.

@adrianhoelzl-sap adrianhoelzl-sap marked this pull request as ready for review May 14, 2024 07:58
@adrianhoelzl-sap adrianhoelzl-sap requested a review from a team May 14, 2024 13:09
strehle
strehle reviewed Jun 4, 2024
View reviewed changes
Copy link
Member

@strehle strehle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please rebase this , since some time has gone

model/src/main/java/org/cloudfoundry/identity/uaa/zone/UserConfig.java Show resolved Hide resolved
@strehle strehle requested a review from a team June 4, 2024 18:43
@strehle strehle linked an issue Jun 8, 2024 that may be closed by this pull request
Missing user management from custom IdZ to CC #2505
Closed
@strehle strehle removed a link to an issue Jun 8, 2024
Missing user management from custom IdZ to CC #2505
Closed
@strehle strehle linked an issue Jun 8, 2024 that may be closed by this pull request
Missing Response Status Checks in IntegrationTestUtils #2889
Closed
strehle
strehle approved these changes Jun 8, 2024
View reviewed changes
Copy link
Member

@strehle strehle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@strehle strehle merged commit 0b1b722 into develop Jun 9, 2024
20 checks passed
@strehle strehle deleted the fix/zone-creation-fails-when-allowlist-does-not-contain-all-default-groups branch June 9, 2024 06:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@strehle strehle strehle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Foundational Infrastructure Working Group
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Missing Response Status Checks in IntegrationTestUtils
3 participants
@adrianhoelzl-sap @cf-gitbot @strehle