From f1c3019eca530dfb2fd25881ae6efbce55d51019 Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Sun, 24 May 2026 08:01:06 -0400 Subject: [PATCH] fix(docker-env2): seed Design + Deployment LDAP mappings post-deploy SecurityConfiguration.HasData declares 4 LdapGroupMapping seed rows (Admin / Design / Deployment-All / Deployment-SiteA) but the InitialSchema migration only INSERTs the Admin row -- the other three were never captured into a migration. A fresh ScadaLinkConfig2 starts with multi-role getting Admin only, no Design or Deployment access. (The same divergence exists on primary's ScadaLinkConfig, but it has the rows from earlier history.) Insert the missing three idempotently from seed-sites.sh so env2's fresh deploys end up role-aligned with the running primary cluster. The longer-term fix is a new EF migration that captures the HasData diff -- intentionally not done here to avoid touching the primary cluster's existing rows. --- docker-env2/seed-sites.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docker-env2/seed-sites.sh b/docker-env2/seed-sites.sh index 6292271..183bc6f 100755 --- a/docker-env2/seed-sites.sh +++ b/docker-env2/seed-sites.sh @@ -32,7 +32,29 @@ $CLI $URL $AUTH site create \ --grpc-node-b-address "http://scadalink-env2-site-x-b:8083" \ || echo " (Site-X may already exist)" +echo "" +echo "Seeding LDAP group mappings (Design + Deployment)..." +# SecurityConfiguration.HasData declares 4 mappings but the InitialSchema +# migration only inserts the Admin row, so a fresh ScadaLinkConfig2 starts +# with multi-role getting Admin only -- no Design and no Deployment access. +# Insert the missing three idempotently. (Same divergence exists on the +# primary, but primary's database has the rows from earlier history.) +docker exec -i scadalink-mssql /opt/mssql-tools18/bin/sqlcmd \ + -S localhost -U sa -P 'ScadaLink_Dev1#' -C \ + -d ScadaLinkConfig2 -Q " +SET IDENTITY_INSERT LdapGroupMappings ON; +IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 2) + INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (2, 'SCADA-Designers', 'Design'); +IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 3) + INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (3, 'SCADA-Deploy-All', 'Deployment'); +IF NOT EXISTS (SELECT 1 FROM LdapGroupMappings WHERE Id = 4) + INSERT INTO LdapGroupMappings (Id, LdapGroupName, Role) VALUES (4, 'SCADA-Deploy-SiteA', 'Deployment'); +SET IDENTITY_INSERT LdapGroupMappings OFF; +" + echo "" echo "=== Env2 site seeding complete ===" echo "" echo "Verify with: $CLI $URL $AUTH site list" +echo "Multi-role test user now has Admin + Design + Deployment in env2." +echo "Sign out and back in to refresh session role claims."