Skip to content

feat(jans-linux-setup): update the renamed scopes in role-to-scope mapping #12899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
duttarnab merged 1 commit into from
Dec 25, 2025
Merged

feat(jans-linux-setup): update the renamed scopes in role-to-scope mapping #12899

duttarnab merged 1 commit into from
Dec 25, 2025

Conversation

@duttarnab
Copy link
Contributor

@duttarnab duttarnab commented Dec 25, 2025
edited by coderabbitai bot
Loading

Prepare

Description

Target issue

closes #12898

Implementation Details

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Summary by CodeRabbit

  • Chores
    • Updated asset-related permission identifiers across authorization configuration files to reflect revised naming conventions for read, write, and admin access levels.

✏️ Tip: You can customize this high-level summary in your review settings.

@duttarnab
feat: update the renamed scopes in role-to-scope mapping
e0a8003 
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 25, 2025
edited
Loading

📝 Walkthrough

Walkthrough

This PR updates asset-related permission identifiers in the role-scope-mappings configuration file to follow a consistent naming convention, replacing jans_asset_* prefixed identifiers with asset.* suffixed identifiers to align with scope standardization efforts.

Changes

Cohort / File(s) Change Summary
Asset Permission Identifier Updates
jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json		 Renamed three asset permission identifiers: jans_asset_readasset.readonly, jans_asset_writeasset.write, jans_asset_deleteasset.admin. Updates applied consistently across both the public permissions list and admin rolePermissionMapping.permissions array.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

Suggested labels

kind-feature, comp-jans-linux-setup

Suggested reviewers

  • iromli
  • yurem
  • yuriyzz
  • yuriyz

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The PR title accurately describes the main change: updating renamed scopes in role-to-scope mapping configuration.
Description check ✅ Passed The PR description includes the target issue (#12898) and follows the template structure, though implementation details are minimal.
Linked Issues check ✅ Passed The PR addresses issue #12898 requirements by updating asset scope mappings (jans_asset-read/write/delete to asset.readonly/write/admin) in the role-scope-mappings.json file.
Out of Scope Changes check ✅ Passed All changes are within scope: only the three asset-related permission identifiers were updated in the specified configuration file.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch jans-linux-setup-12898
📜 Recent review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8cc3ab and e0a8003.

📒 Files selected for processing (1)
  • jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings 
Learnt from: pujavs
Repo: JanssenProject/jans PR: 12736
File: jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/util/Constants.java:16-17
Timestamp: 2025-12-22T15:34:36.425Z
Learning: In the Jans project's config-api component, there is an intentional shift in OAuth scope URL naming convention to exclude the "jans-" prefix from scope identifiers. Scope URLs like `https://jans.io/oauth/config/link.admin` (without "jans-link") are preferred over `https://jans.io/oauth/config/jans-link.admin`. This is part of a deliberate renaming effort to exclude the project name from scope names.
📚 Learning: 2025-12-22T15:34:36.425Z 
Learnt from: pujavs
Repo: JanssenProject/jans PR: 12736
File: jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/util/Constants.java:16-17
Timestamp: 2025-12-22T15:34:36.425Z
Learning: In the Jans project's config-api component, there is an intentional shift in OAuth scope URL naming convention to exclude the "jans-" prefix from scope identifiers. Scope URLs like `https://jans.io/oauth/config/link.admin` (without "jans-link") are preferred over `https://jans.io/oauth/config/jans-link.admin`. This is part of a deliberate renaming effort to exclude the project name from scope names.

Applied to files:

  • jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
📚 Learning: 2025-12-18T12:50:04.709Z 
Learnt from: pujavs
Repo: JanssenProject/jans PR: 12736
File: jans-config-api/docs/jans-config-api-swagger.yaml:0-0
Timestamp: 2025-12-18T12:50:04.709Z
Learning: In the Jans project's jans-config-api component, the scope `https://jans.io/auth/ssa.admin` is specified by the jans-auth component for SSA (Software Statement Assertion) endpoints and is out of scope for the Config API.

Applied to files:

  • jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
📚 Learning: 2025-12-24T06:56:54.128Z 
Learnt from: pujavs
Repo: JanssenProject/jans PR: 12736
File: jans-config-api/profiles/local/test.properties:2-2
Timestamp: 2025-12-24T06:56:54.128Z
Learning: In jans-config-api test configuration files (like test.properties), the scopes `https://jans.io/auth/ssa.admin`, `https://jans.io/auth/ssa.portal`, and `https://jans.io/auth/ssa.developer` are required for test cases to execute successfully, even though these scopes are managed by the jans-auth component. Test configurations can include scopes from other components when needed for integration testing.

Applied to files:

  • jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: label PR
  • GitHub Check: check_pr_for_docs
  • GitHub Check: sonar scan (jans-cli-tui)
  • GitHub Check: sonar scan (jans-lock)
  • GitHub Check: sonar scan (jans-linux-setup)
  • GitHub Check: sonar scan (jans-link)
🔇 Additional comments (2)
jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json (2)

1068-1070: Old asset scope naming patterns must be updated throughout the codebase to match new format.

The migration from jans_asset-(write/delete/read) to asset.(write/readonly/admin) is incomplete. Functional code in terraform-provider-jans/jans/jans_asset.go still uses the old naming (lines 85, 107, 122, 136), along with 14 other files including test configurations and example documentation. Update all references to use the new format consistently.

788-807: This file does not require the OpenID and UMA scope updates mentioned in the original review comment. A comprehensive search of the jans-linux-setup directory found no old hyphenated scope patterns (openid-read, uma-read, etc.). The OpenID and UMA permission URLs that exist in this file already use the correct dot-separated format (e.g., https://jans.io/oauth/config/openid/clients.readonly, https://jans.io/oauth/config/uma/resources.readonly). All other scopes in the file are consistently formatted. The PR objectives may reference different scope identifiers or configuration files.

Likely an incorrect or invalid review comment.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mo-auto
Copy link
Member

mo-auto commented Dec 25, 2025

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@duttarnab duttarnab changed the title feat(jans-linus-setup): update the renamed scopes in role-to-scope mapping feat(jans-linux-setup): update the renamed scopes in role-to-scope mapping Dec 25, 2025
@mo-auto mo-auto added comp-jans-linux-setup Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Dec 25, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 25, 2025

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

coderabbitai[bot]
coderabbitai bot reviewed Dec 25, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json (1)

788-807: Update asset permission tags to match the naming convention used throughout the file.

The tags for the three asset permissions should be changed from "jans_asset" to "asset" to maintain consistency with the pattern used for all other permissions in this file. Every other permission entry uses tags that match the service name without the "jans_" prefix (e.g., "attributes", "scopes", "scripts", "clients", etc.), while asset permissions are the only ones using the "jans_asset" prefix.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8cc3ab and e0a8003.

📒 Files selected for processing (1)
  • jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings 
Learnt from: pujavs
Repo: JanssenProject/jans PR: 12736
File: jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/util/Constants.java:16-17
Timestamp: 2025-12-22T15:34:36.425Z
Learning: In the Jans project's config-api component, there is an intentional shift in OAuth scope URL naming convention to exclude the "jans-" prefix from scope identifiers. Scope URLs like `https://jans.io/oauth/config/link.admin` (without "jans-link") are preferred over `https://jans.io/oauth/config/jans-link.admin`. This is part of a deliberate renaming effort to exclude the project name from scope names.
📚 Learning: 2025-12-22T15:34:36.425Z 
Learnt from: pujavs
Repo: JanssenProject/jans PR: 12736
File: jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/util/Constants.java:16-17
Timestamp: 2025-12-22T15:34:36.425Z
Learning: In the Jans project's config-api component, there is an intentional shift in OAuth scope URL naming convention to exclude the "jans-" prefix from scope identifiers. Scope URLs like `https://jans.io/oauth/config/link.admin` (without "jans-link") are preferred over `https://jans.io/oauth/config/jans-link.admin`. This is part of a deliberate renaming effort to exclude the project name from scope names.

Applied to files:

  • jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
📚 Learning: 2025-12-18T12:50:04.709Z 
Learnt from: pujavs
Repo: JanssenProject/jans PR: 12736
File: jans-config-api/docs/jans-config-api-swagger.yaml:0-0
Timestamp: 2025-12-18T12:50:04.709Z
Learning: In the Jans project's jans-config-api component, the scope `https://jans.io/auth/ssa.admin` is specified by the jans-auth component for SSA (Software Statement Assertion) endpoints and is out of scope for the Config API.

Applied to files:

  • jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
📚 Learning: 2025-12-24T06:56:54.128Z 
Learnt from: pujavs
Repo: JanssenProject/jans PR: 12736
File: jans-config-api/profiles/local/test.properties:2-2
Timestamp: 2025-12-24T06:56:54.128Z
Learning: In jans-config-api test configuration files (like test.properties), the scopes `https://jans.io/auth/ssa.admin`, `https://jans.io/auth/ssa.portal`, and `https://jans.io/auth/ssa.developer` are required for test cases to execute successfully, even though these scopes are managed by the jans-auth component. Test configurations can include scopes from other components when needed for integration testing.

Applied to files:

  • jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: label PR
  • GitHub Check: check_pr_for_docs
  • GitHub Check: sonar scan (jans-cli-tui)
  • GitHub Check: sonar scan (jans-lock)
  • GitHub Check: sonar scan (jans-linux-setup)
  • GitHub Check: sonar scan (jans-link)
🔇 Additional comments (2)
jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json (2)

1068-1070: Old asset scope naming patterns must be updated throughout the codebase to match new format.

The migration from jans_asset-(write/delete/read) to asset.(write/readonly/admin) is incomplete. Functional code in terraform-provider-jans/jans/jans_asset.go still uses the old naming (lines 85, 107, 122, 136), along with 14 other files including test configurations and example documentation. Update all references to use the new format consistently.

788-807: This file does not require the OpenID and UMA scope updates mentioned in the original review comment. A comprehensive search of the jans-linux-setup directory found no old hyphenated scope patterns (openid-read, uma-read, etc.). The OpenID and UMA permission URLs that exist in this file already use the correct dot-separated format (e.g., https://jans.io/oauth/config/openid/clients.readonly, https://jans.io/oauth/config/uma/resources.readonly). All other scopes in the file are consistently formatted. The PR objectives may reference different scope identifiers or configuration files.

Likely an incorrect or invalid review comment.

@duttarnab duttarnab merged commit ec72a0f into main Dec 25, 2025
5 checks passed
@duttarnab duttarnab deleted the jans-linux-setup-12898 branch December 25, 2025 14:50
@devrimyatar devrimyatar mentioned this pull request Dec 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devrimyatar devrimyatar devrimyatar approved these changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

@yuriyz yuriyz Awaiting requested review from yuriyz yuriyz is a code owner

@yurem yurem Awaiting requested review from yurem yurem is a code owner

@yuriyzz yuriyzz Awaiting requested review from yuriyzz yuriyzz is a code owner

@iromli iromli Awaiting requested review from iromli iromli is a code owner

Assignees

No one assigned

Labels

comp-jans-linux-setup Component affected by issue or PR kind-feature Issue or PR is a new feature request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: change in caller code as config-api scopes renamed

4 participants

@duttarnab @mo-auto @devrimyatar