Skip to content

reproducer no group defined in OIDC user #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Dzuming wants to merge 2 commits into from
Closed

reproducer no group defined in OIDC user #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b5a3c5a
reproducer
Dzuming Apr 23, 2026
3633f1b
update ROR_ES_VERSION
Dzuming Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions ror-demo-cluster/.env-showcase
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
# Dockerfile-use-ror-binaries-from-api - download ROR plugin from API (requires ROR_ES_VERSION / ROR_KBN_VERSION)
# Dockerfile-use-ror-binaries-from-file - use a local plugin file (requires ES_ROR_FILE / KBN_ROR_FILE)

#ES_VERSION=8.19.11
#ES_DOCKERFILE=Dockerfile-use-ror-binaries-from-file
#ES_ROR_FILE=readonlyrest-1.69.0-pre01_es8.19.11.zip
ES_VERSION=9.3.3
ES_DOCKERFILE=Dockerfile-use-ror-binaries-from-api
ROR_ES_VERSION=1.69.1

#KBN_VERSION=8.19.11
#KBN_DOCKERFILE=Dockerfile-use-ror-binaries-from-api
#ROR_KBN_VERSION=1.68.0
KBN_VERSION=9.3.3
KBN_DOCKERFILE=Dockerfile-use-ror-binaries-from-api
ROR_KBN_VERSION=1.69.1
2 changes: 1 addition & 1 deletion ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ server.ssl.redirectHttpFromPort: 80

xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key"

readonlyrest_kbn.logLevel: info
readonlyrest_kbn.logLevel: trace
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Trace logging appropriate for reproducer.

Bumping readonlyrest_kbn.logLevel to trace is reasonable for this RORDEV-2009 reproducer to capture why the metadata request is rejected for extUser1. Just make sure this change is not merged to master as-is — trace is noisy and may surface sensitive auth/token data in logs in a showcase environment.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml` at line 17,
The config sets readonlyrest_kbn.logLevel to trace which is fine for reproducing
RORDEV-2009 but must not land in master; change this value back to a safe level
(e.g., info or warn) before merging or gate the trace setting behind an
environment-specific override (e.g., check an env var or branch flag) so that
readonlyrest_kbn.logLevel is only trace in local/dev runs and never in
production/master; reference the readonlyrest_kbn.logLevel entry in the YAML and
add a short comment explaining the temporary nature of the change.

readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm'
readonlyrest_kbn:
auth:
Expand Down
2 changes: 1 addition & 1 deletion ror-demo-cluster/conf/keycloak/ror-realm.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@
"enabled": true,
"emailVerified": true,
"credentials": [ { "type": "password", "value": "extUser1", "temporary": false } ],
"groups": ["extEndUsers", "extBusinessUsers"],
"groups": [],
"realmRoles": ["extEndUsers", "extBusinessUsers"]
},
{
Expand Down