-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sync Cryptomator Hub CLI client user to Hub #239
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works as intended, but shouldn't we also create this client via the dev realm json?
Maybe we can even set a fixed uuid for the service account user for easier testing.
Sollten dann den realm-json-Generator auch aktualisieren (würde auch in älteren Hub-Versionen nicht stören) |
Totally agree, but should we also set a fixed secret in the dev realm so that we can reuse our CLI calls and not have to look up the secret like with the admin password? Something like
But IMO the default shouldn't be touched because I assume 99.9% won't use the CLI tool and for the others we could introduce a checkbox that if checked will add those changes to the realm-json. |
Agree
Disagree 😉 Without a fixed secret of course, then the client is there if needed but wont hurt. Maybe it can be added and be disabled? |
A deactivated client would not do any harm, that is correct, but in order for the syncer to have access to the clients, its permissions must be extended (
I'll test this, but it would be cool to offer a partial realm import where the client is created and the syncer gets more permissions if a user wants to use Cryptomator Hub CLI. Existing clients could then use this as well. See if it works. |
Ok let's leave it as is, adding the client manually if needed (maybe add an article to the docs). Nevertheless I guess we should eventually replace the syncer user with a system client, which has further permissions, allowing stuff like managing certain Keycloak entities directly via Hub's UI. |
For Cryptomator Hub CLI to work, we need to have the user account of the client available in Hub.
If the Cryptomator Hub CLI is used, you need to
cryptomatorhub-cli
and setService accounts roles
view-clients
role to thesyncer
realm role