-
Notifications
You must be signed in to change notification settings - Fork 824
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: Zone creation fails when allow list does not contain all default groups #2870
Fix: Zone creation fails when allow list does not contain all default groups #2870
Conversation
…ed in a zone that are mentioned in the groups allow list
… are mentioned in the allow list for groups
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/187563344 The labels on this github issue will be updated when the story is started. |
…es-not-contain-all-default-groups
…psUsageShouldSucceed
This reverts commit 884416d.
…psUsageShouldSucceed
.../test/java/org/cloudfoundry/identity/uaa/integration/ScimGroupEndpointsIntegrationTests.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please rebase this , since some time has gone
…es-not-contain-all-default-groups
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
see issue #2505
With PR #2606, we introduced an allow list for the groups in an identity zone. This PR fixes the issue that the creation of a zone fails whenever the allow list does not contain all system scopes ("scim.read/write", "sps.read/write", etc.).
Now, we only create those groups during zone creation that are part of the effectively allowed groups, i.e., all default groups and all groups in the allowlist.