dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(seed): grant Design + Deployment to multi-role in primary seed-sites.sh

Browse Source 
A fresh ScadaBridgeConfig has only the Admin LdapGroupMappings row
(InitialSchema migration ships one row, SecurityConfiguration.HasData
declares four). docker-env2/seed-sites.sh already inserts the missing
three idempotently; docker/seed-sites.sh did not, so multi-role got
Admin only on a primary cutover. Mirror the env2 insert block.
This commit is contained in:
Joseph Doherty
2026-05-28 10:11:21 -04:00
parent 1aa5da4eca
commit d73f1b103a
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-env2/seed-sites.sh
+1 -2
View File
@@ -37,8 +37,7 @@ echo "Seeding LDAP group mappings (Design + Deployment)..."
# SecurityConfiguration.HasData declares 4 mappings but the InitialSchema # SecurityConfiguration.HasData declares 4 mappings but the InitialSchema
# migration only inserts the Admin row, so a fresh ScadaBridgeConfig2 starts # migration only inserts the Admin row, so a fresh ScadaBridgeConfig2 starts
# with multi-role getting Admin only -- no Design and no Deployment access. # with multi-role getting Admin only -- no Design and no Deployment access.
# Insert the missing three idempotently. (Same divergence exists on the # Insert the missing three idempotently. (Mirror of docker/seed-sites.sh.)
# primary, but primary's database has the rows from earlier history.)
docker exec -i scadabridge-mssql /opt/mssql-tools18/bin/sqlcmd \ docker exec -i scadabridge-mssql /opt/mssql-tools18/bin/sqlcmd \
-S localhost -U sa -P 'ScadaBridge_Dev1#' -C \ -S localhost -U sa -P 'ScadaBridge_Dev1#' -C \
-d ScadaBridgeConfig2 -Q " -d ScadaBridgeConfig2 -Q "
docker/seed-sites.sh
+21
View File
@@ -56,7 +56,28 @@ $CLI $URL $AUTH site create \
--grpc-node-b-address "http://scadabridge-site-c-b:8083" \ --grpc-node-b-address "http://scadabridge-site-c-b:8083" \
|| echo " (Site-C may already exist)" || echo " (Site-C may already exist)"
echo ""
echo "Seeding LDAP group mappings (Design + Deployment)..."
# SecurityConfiguration.HasData declares 4 mappings but the InitialSchema
# migration only inserts the Admin row, so a fresh ScadaBridgeConfig starts
# with multi-role getting Admin only -- no Design and no Deployment access.
# Insert the missing three idempotently.
docker exec -i scadabridge-mssql /opt/mssql-tools18/bin/sqlcmd \
-S localhost -U sa -P 'ScadaBridge_Dev1#' -C \
-d ScadaBridgeConfig -Q "
SET IDENTITY_INSERT LdapGroupMappings ON;
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 2)
INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (2, 'SCADA-Designers', 'Design');
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 3)
INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (3, 'SCADA-Deploy-All', 'Deployment');
IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 4)
INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (4, 'SCADA-Deploy-SiteA', 'Deployment');
SET IDENTITY_INSERT LdapGroupMappings OFF;
"
echo "" echo ""
echo "=== Site seeding complete ===" echo "=== Site seeding complete ==="
echo "" echo ""
echo "Verify with: $CLI $URL $AUTH site list" echo "Verify with: $CLI $URL $AUTH site list"
echo "Multi-role test user has Admin + Design + Deployment."
echo "Sign out and back in to refresh session role claims."