Skip to content

keycloak_swh_setup: Assign swh.deposit.api role to hal user

Antoine R. Dumont requested to merge generated-differential-D5203-source into generated-differential-D5203-target

It's been pending work in my stash for a while. It's working in my docker tryouts for swh-deposit!399 (closed). Might as well land it, one less thing to worry about.

Related to swh-deposit#2858 (closed)

Test Plan

docker is happy

$ swh-doco-keycloak exec swh-deposit /bin/bash
+ cd /home/tony/work/inria/repo/swh/swh-environment/docker
+ docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml exec swh-deposit /bin/bash
swh@7910820d6ef2:/$ pip install ipython
Collecting ipython
...
$ ipython
In [1]: from swh.auth.keycloak import KeycloakOpenIDConnect
...
In [19]: kc = KeycloakOpenIDConnect(server_url="http://keycloak:8080/keycloak/auth/", realm_name="SoftwareHeritage", client_id="swh-deposit")

In [20]: token = kc.login("hal", "test")

In [21]: decoded_token = kc.decode_token(token['access_token'])

In [22]: decoded_token["resource_access"]
Out[22]:
{'swh-deposit': {'roles': ['swh.deposit.api']},
 'account': {'roles': ['manage-account',
   'manage-account-links',
   'view-profile']}}


----
*Migrated from D5203 ([view on Phabricator](https://forge.softwareheritage.org/D5203))*

Merge request reports