Is it possible to export the client role(s) with the client?
If not, is there a workaround (for example modify manually the JSON before reimporting it ?) or another process that can be automated ?
Yes, you can but it's a little tricky.
You have to export entire realm and clean it leaving only this two items:
{
"roles": {
"client": {
"<client-name>": [
{
"name": <role-name>,
"clientRole": true,
...
},
]
}
},
"clients": [
{
"clientId": "<client-name>",
...
}
]
}
The only thing you cannot do in the same step is importing permissions because import process cannot import permissions based on roles that not exists.
Related
I am currently implementing the new Events for file operations in my language server, which have been introduced in LSP protocol version 3.16. My server shall be able to react on didRename, didDelete etc., but so far I am unable to get these notifications from VSCode.
First of all, in my server's capabilities, I list the file operations, to tell the client that I am interested in these events:
"capabilities": {
...
"workspace": {
"fileOperations": {
"didDelete": {
"filters": [
{
"pattern": {
"glob": "**/*.{rs,rd}"
}
}
]
},
"didRename": {
"filters": [
{
"pattern": {
"glob": "**/*.{rs,rd}"
}
}
]
}
}
}
}
Additionally, after initialization has been completed, the server sends a registerCapability request to the client, which gets confirmed by VSCode. I register these capabilities separately, because within the init message, VSCode says that dynamicRegistration for file operations shall be used.
{
"id": "register_caps",
"jsonrpc": "2.0",
"method": "client/registerCapability",
"params": {
"registrations": [
{
"id": "dhjas88-asdhjkahsd89as-dhas89",
"method": "workspace/didRenameFiles",
"registerOptions": {
"filters": [
{
"pattern": {
"glob": "**/*.{rs,rd}"
}
}
]
}
},
{
"id": "dhjas88-asdhjkahsd89as-dhas90",
"method": "workspace/didDeleteFiles",
"registerOptions": {
"filters": [
{
"pattern": {
"glob": "**/*.{rs,rd}"
}
}
]
}
}
]
}
}
Confirmation:
{"jsonrpc":"2.0","id":"register_caps","result":null}
According to the specification of LSP, I would now expect that VSCode sends the e.g. didRename notification, as soon as a file that matches with the glob is renamed within VSCode. Unfortunately, I never receive it. The notification is not sent by VSCode.
Any ideas or clues, what is still missing here? Which part of the protocol did I miss, which prevents VSCode to send the file operation notifications?
Were you able to find your issue?
I was in the same situation, and I found a few gotches wrt server notifications
VS Code allowes to define synchronize options in the extension. When those are set, some of the notifications cannot be registered via LSP... Removing those helped.
Make sure not to miss the **/ at the beginning of glob patterns or they will not match
There is no need to dynamically register didRename etc. if already registered statically, but if you do, make sure to send your register after you received the initialized event and not before.
I used multiple patterns - one for each extension - instead of braces.
Still I am not sure what exactly you are/were doing wrong...
I have succesfully integrated Keycloak into JBPM for user management and can login using keycloak into business central and case management. I have also successfully configured the kie-server using keycloak credentials and can deploy a stripped down version of the IT Orders sample application on the running sample-server kie-server. When I perform a GET/kie-server/services/rest/server/containers I can see my container itorders_1.0.0-SNAPSHOT is up and running in business central and also when I call GET /kie-server/services/rest/server/containers which gives the output below
{
"type": "SUCCESS",
"msg": "List of created containers",
"result": {
"kie-containers": {
"kie-container": [
{
"container-id": "itorders_1.0.0-SNAPSHOT",
"release-id": {
"group-id": "itorders",
"artifact-id": "itorders",
"version": "1.0.0-SNAPSHOT"
},
"resolved-release-id": {
"group-id": "itorders",
"artifact-id": "itorders",
"version": "1.0.0-SNAPSHOT"
},
"status": "STARTED",
"scanner": {
"status": "DISPOSED",
"poll-interval": null
},
"config-items": [
{
"itemName": "KBase",
"itemValue": "",
"itemType": "BPM"
},
{
"itemName": "KSession",
"itemValue": "",
"itemType": "BPM"
},
{
"itemName": "MergeMode",
"itemValue": "MERGE_COLLECTIONS",
"itemType": "BPM"
},
{
"itemName": "RuntimeStrategy",
"itemValue": "PER_CASE",
"itemType": "BPM"
}
],
"messages": [
{
"severity": "INFO",
"timestamp": {
"java.util.Date": 1598900747932
},
"content": [
"Release id successfully updated for container itorders_1.0.0-SNAPSHOT"
]
}
],
"container-alias": "itorders"
}
]
}
}
}
I can get the case definitions using GET /kie-server/services/rest/server/queries/cases
{
"definitions": [
{
"name": "Order for IT hardware",
"id": "itorders.orderhardware",
"version": "1.0",
"case-id-prefix": "IT",
"container-id": "itorders_1.0.0-SNAPSHOT",
"adhoc-fragments": [
{
"name": "Prepare hardware spec",
"type": "HumanTaskNode"
}
],
"roles": {
"owner": 1
},
"milestones": [],
"stages": []
}
]
}
I can then do a POST /kie-server/services/rest/server/containers/itorders_1.0.0-SNAPSHOT/cases/itorders.orderhardware/instances which correctly returns the Case ID of the case created e.g. IT-0000000014. The call returns http status code 201
However when I do a GET /kie-server/services/rest/server/queries/cases/instances there are no instances returned as per below
{
"instances": []
}
When I create a case in the JBPM Case Management showcase I get the green prompt to show the case was successfully created however no open cases appear in the grid even if I refresh the screen.
I can see the process instance associated with the case in the process instances view including the diagram which shows that the "Prepare hardware spec" is active and the current activity. However viewing the tasks associated with the process does not show any tasks. Similarly the task inboxes of the user I am expecting to get claim the task is also empty.
Take note that I am using token based authentication with Keycloak and executed the above rest calls using Postman
Why can I not view the case instance I created? Why can I not view the tasks associated with the process instance?
With this query GET /kie-server/services/rest/server/queries/cases/instances you can see only instances on which is your user setup as potential. Make sure that user used in token is setup as potential owner.
I just finished the pluralsigt course and completed the tutorial of the official project documentation without problems, but nevertheless using the CLI I could not use the functions get_acc_ast_tx, get_acc_tx, I checked that the peer keys and the configuration files and correspond to genesis file, where admin#test is allowed to use these functions and I get:
[2019-12-08 04: 55: 57.883070400] [E] [CLI/ResponseHandler/Query]: Query is stateless invalid.
The genesis file I use is the initial one of the git repository:
{
"blockV1": {
"payload": {
"transactions": [{
"payload": {
"reducedPayload": {
"commands": [{
"addPeer": {
"peer": {
"address": "127.0.0.1:10001",
"peerKey": "bddd58404d1315e0eb27902c5d7c8eb0602c16238f005773df406bc191308929"
}
}
}, {
"createRole": {
"roleName": "admin",
"permissions": ["can_add_peer", "can_add_signatory", "can_create_account", "can_create_domain", "can_get_all_acc_ast", "can_get_all_acc_ast_txs", "can_get_all_acc_detail", "can_get_all_acc_txs", "can_get_all_accounts", "can_get_all_signatories", "can_get_all_txs", "can_get_blocks", "can_get_roles", "can_read_assets", "can_remove_signatory", "can_set_quorum"]
}
}, {
"createRole": {
"roleName": "user",
"permissions": ["can_add_signatory", "can_get_my_acc_ast", "can_get_my_acc_ast_txs", "can_get_my_acc_detail", "can_get_my_acc_txs", "can_get_my_account", "can_get_my_signatories", "can_get_my_txs", "can_grant_can_add_my_signatory", "can_grant_can_remove_my_signatory", "can_grant_can_set_my_account_detail", "can_grant_can_set_my_quorum", "can_grant_can_transfer_my_assets", "can_receive", "can_remove_signatory", "can_set_quorum", "can_transfer"]
}
}, {
"createRole": {
"roleName": "money_creator",
"permissions": ["can_add_asset_qty", "can_create_asset", "can_receive", "can_transfer"]
}
}, {
"createDomain": {
"domainId": "test",
"defaultRole": "user"
}
}, {
"createAsset": {
"assetName": "coin",
"domainId": "test",
"precision": 2
}
}, {
"createAccount": {
"accountName": "admin",
"domainId": "test",
"publicKey": "313a07e6384776ed95447710d15e59148473ccfc052a681317a72a69f2a49910"
}
}, {
"createAccount": {
"accountName": "test",
"domainId": "test",
"publicKey": "716fe505f69f18511a1b083915aa9ff73ef36e6688199f3959750db38b8f4bfc"
}
}, {
"appendRole": {
"accountId": "admin#test",
"roleName": "admin"
}
}, {
"appendRole": {
"accountId": "admin#test",
"roleName": "money_creator"
}
}],
"quorum": 1
}
}
}],
"txNumber": 1,
"height": "1",
"prevBlockHash": "0000000000000000000000000000000000000000000000000000000000000000"
}
}
}
I use the hyperledger image of docker, in MAC OS CATALINA.
I followed the tutorial according to this manual: https://iroha.readthedocs.io/en/latest/build/index.html
Thank you very much for the help.
Unfortunately, CLI is rather outdated – we are working on new solution for it, but meanwhile it is better to use one of the SDKs available – for Java, Python, JS or iOS (if you prefer mobile development).
All of them contain examples, so it should not be too tricky to use those. Although, if you encounter any issues, please contact us using one of the chats here.
This is due to outdated cli. A newer version that is developed will replace it, but is not yet ready.
The exact problem is that there was pagination metadata added for these queries in iroha, but the cli was not updated to set it properly. Protobuf transport allows cli to send a query without some fields that were added later, but iroha refuses to handle it.
You can use one of client libraries that are always kept up to date: https://iroha.readthedocs.io/en/latest/develop/libraries.html.
I am creating a web application using MongoDB and Go, which includes role based access control. I am storing the information regarding this in 2 collections, permissions and roles.
This is how these two collections look like.
Permissions
{
"operation": "create",
"resource": "project"
}
{
"operation": "read",
"resource": "project"
}
{
"operation": "update",
"resource": "project"
}
{
"operation": "delete",
"resource": "project"
}
{
"operation": "create",
"resource": "user"
}
resource is something on which an operation is performed. So if there is some operation which cannot be performed on some resource, then, I needn't store it. For example user can only be created hence only create user need to be stored.
Currently there are only 4 operations(create, read, update, delete) in the scope of the application, but could increase, like upload could come into picture.
Roles
{
"role": "admin",
"display_name": "Administrator",
"permissions": [
{
"operation": "create",
"resource": "project"
},
{
"operation": "read",
"resource": "project"
},
{
"operation": "update",
"resource": "project"
},
{
"operation": "delete",
"resource": "project"
}
]
}
Roles contain role, the name of role to be displayed on UI and the set of permissions that role has.
I need to send this information to UI using a REST API in a specific format, which would describe whether a specific role can perform an operation on a resource or not using the checked flag and whether a specific operation on a resource is editable or not by using the flag isEditable.
For example the permissions collection doesn't contain an operation delete on resource user, so it should not be editable, hence flag is set to false. Similarly user can be created, hence it is set to true.
{
display_name: "System Administrator",
role: "admin",
permissions: [
{
resource: "user",
privilages: {
create: { checked: false, isEditable: true },
delete: { checked: false, isEditable: false },
update: { checked: false, isEditable: false },
read: { checked: false, isEditable: false }
}
},
{
resource: "project",
privilages: {
create: { checked: true, isEditable: true },
delete: { checked: true, isEditable: true },
update: { checked: true, isEditable: true },
read: { checked: true, isEditable: true }
}
}
]
}
Is it possible to perform this using mongo aggregations? Or do I need to make modifications in my schema, If yes, then what modifications should I make.
I was able to solve the problem in 3 steps:
Include all the permissions for every role and add a flag called checked. This increased data redundancy but that wasn't a big issue.
Do a group by on resource field in roles collection.
Populate the missing privileges for every resource with isEditable set to false on server side.
I had to traverse the data on server side, but this was the most efficient way I could think of.
I'm trying to create an endpoint with many path parameters:
/api/v1/{option1}
/api/v1/{option1}/{option2}
/api/v1/{option1}/{option2}/{option3}
Using JAWS awsm.json, I want to create GET methods for all 3 routes. How(if possible) can I accomplish this using Serverless Framework?
CF:
{
"lambda": {
"envVars": [],
"deploy": true,
"package": {
"optimize": {
"builder": "browserify",
"minify": true,
"ignore": [],
"exclude": [
"aws-sdk"
],
"includePaths": []
},
"excludePatterns": []
},
"cloudFormation": {
"Description": "",
"Handler": "aws_modules/static/handler.handler",
"MemorySize": 1024,
"Runtime": "nodejs",
"Timeout": 6
}
},
"apiGateway": {
..path => /api/v1/{firstname}..
}
}
atm, there is no way to do this via Serverless Framework.
one thing i found out was that u can omit values in the url so itll be considered blank.
ex:
api/v1/option1//option3
so this considers option2 as blank. so this kinda solves the issue except user would need to add the additional /s