smlx
commented
1 month ago Does this get automatically applied on upgrade? Or do we need to add instructions to the release notes to manually update the permissions for the service account in keycloak?
Closed smlx closed 1 month ago
smlx
commented
1 month ago Does this get automatically applied on upgrade? Or do we need to add instructions to the release notes to manually update the permissions for the service account in keycloak?
With the recent change in Lagoon to move project membership of groups from Keycloak group annotations into the Lagoon API DB, the ssh-portal-api can no longer rely on group annotations embedded in user tokens to extract project-group membership.
Since v0.35.0, ssh-portal-api gets the project membership information from the Lagoon API DB. But that is stored as group IDs, not group names. So to map group IDs back to group names the ssh-portal-api now queries Keycloak for a list of groups (IDs and names).
This new permission allows the service-api client used by ssh-portal-api to query the Keycloak groups API.