Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Remove empty scopemaps #3170

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

chore: Remove empty scopemaps #3170

wants to merge 2 commits into from

Conversation

CEbbinghaus
Copy link
Collaborator

Change summary

This change removes the ability to create or update a scope map with a list of scopes that is empty. It also deletes a scope map that is inserted and empty.

Fixes #3167
Fixes #3168

Checklist

  • This PR contains no AI generated code
  • book chapter included (if relevant)
  • design document included (if relevant)

@CEbbinghaus CEbbinghaus added this to the 1.5.0 milestone Nov 1, 2024
@yaleman
Copy link
Member

yaleman commented Nov 2, 2024

If an empty change is inherently a delete in the internal interface then why not match this in the API?

@CEbbinghaus
Copy link
Collaborator Author

Wouldn't want someone to run kanidm system oauth2 update-scope-map service group and run kanidm system oauth2 get service and not see group. An empty scope is useless so they should be deleted but creating an empty scope map is pointless too so it should be disallowed from the API.

It should be very clear when a scope map is created / updated or deleted and we wouldn't want someone to accidentally create a scope map just to find it missing because it was empty and therefore deleted.

Firstyear
Firstyear requested changes Nov 5, 2024
View reviewed changes
server/core/src/https/v1_oauth2.rs
@@ -200,6 +200,11 @@ pub(crate) async fn oauth2_id_scopemap_post(
Json(scopes): Json<Vec<String>>,
) -> Result<Json<()>, WebError> {
let filter = oauth2_id(&rs_name);

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I think we don't need this error here, if you set an empty scope map via the api, you're saying "it doesn't need to be set". I think just the changes to valueset suffice here since the cli has some other ux guards now.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we want to delete the entire delete endpoint then as a delete would become a empty update? Depricate the api and switch over the cli?

@Firstyear
Copy link
Member

@CEbbinghaus Any issues if I finish this PR for you? I reckon I could smash it out tomorrow.

@CEbbinghaus
Copy link
Collaborator Author

Oh shit. I forgot I still had this open. Let me check but I'd like to finish what I started. Gotta get my contrib score up somehow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Firstyear Firstyear Firstyear requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Organising Everything
Status: 📋 Backlog
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.

Prevent empty scope list in update-scope-map Ensure scope-maps are deleted when empty
3 participants
@CEbbinghaus @yaleman @Firstyear