New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: Zone creation fails when allow list does not contain all default groups #2870
base: develop
Are you sure you want to change the base?
Fix: Zone creation fails when allow list does not contain all default groups #2870
Conversation
…ed in a zone that are mentioned in the groups allow list
… are mentioned in the allow list for groups
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/187563344 The labels on this github issue will be updated when the story is started. |
…es-not-contain-all-default-groups
…psUsageShouldSucceed
This reverts commit 884416d.
…psUsageShouldSucceed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We had to adjust the integration tests due to missing assertions in some IntegrationTestUtils
methods, see issue #2889.
Before this PR, the tests were successful even though there were failures in the underlying requests. With the zone creation now working, the tests failed since the subsequent requests in the test cases now fail - as expected.
see issue #2505
With PR #2606, we introduced an allow list for the groups in an identity zone. This PR fixes the issue that the creation of a zone fails whenever the allow list does not contain all system scopes ("scim.read/write", "sps.read/write", etc.).
Now, we only create those groups during zone creation that are part of the effectively allowed groups, i.e., all default groups and all groups in the allowlist.