(airavata) branch master updated: seed(keycloak): rename gateway roles to admin-rw/admin-ro/user; grant default-admin admin-rw (#683)

Sat, 13 Jun 2026 19:07:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

yasithdev pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/master by this push:
     new 5688a8a14a seed(keycloak): rename gateway roles to 
admin-rw/admin-ro/user; grant default-admin admin-rw (#683)
5688a8a14a is described below

commit 5688a8a14a7ab10dcf8f7abc5dc8bde6a3b9deb7
Author: Yasith Jayawardana <[email protected]>
AuthorDate: Sat Jun 13 22:06:57 2026 -0400

    seed(keycloak): rename gateway roles to admin-rw/admin-ro/user; grant 
default-admin admin-rw (#683)
    
    Rename the dev realm's coarse-authorization roles (admin->admin-rw,
    admin-read-only->admin-ro, gateway-user->user), add `user` to the realm
    default-role composite so every authenticated user inherits it, and grant
    default-admin the admin-rw role. First step of moving gateway-admin
    determination from the sharing-registry group lookup to Keycloak realm roles
    carried in the JWT.
---
 conf/keycloak/realm-default.json | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/conf/keycloak/realm-default.json b/conf/keycloak/realm-default.json
index f97bb46f6a..037d879454 100644
--- a/conf/keycloak/realm-default.json
+++ b/conf/keycloak/realm-default.json
@@ -65,7 +65,8 @@
         "composites": {
           "realm": [
             "offline_access",
-            "uma_authorization"
+            "uma_authorization",
+            "user"
           ],
           "client": {
             "account": [
@@ -89,7 +90,7 @@
       },
       {
         "id": "61fafc5e-96fc-4644-98a9-94f9baf654e6",
-        "name": "admin",
+        "name": "admin-rw",
         "description": "",
         "composite": false,
         "clientRole": false,
@@ -98,7 +99,7 @@
       },
       {
         "id": "1f03206b-d918-491b-a33f-ee96147b310d",
-        "name": "admin-read-only",
+        "name": "admin-ro",
         "description": "",
         "composite": false,
         "clientRole": false,
@@ -125,7 +126,7 @@
       },
       {
         "id": "a2acdfe6-eb2a-4104-bb6a-be961e380d97",
-        "name": "gateway-user",
+        "name": "user",
         "description": "",
         "composite": false,
         "clientRole": false,
@@ -591,7 +592,8 @@
       "disableableCredentialTypes": [],
       "requiredActions": [],
       "realmRoles": [
-        "default-roles-10000000"
+        "default-roles-10000000",
+        "admin-rw"
       ],
       "notBefore": 0,
       "groups": []

Reply via email to