docs(admin-ui): access control using cedarling docs #2444
Conversation
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
|
Caution Review failedThe pull request is closed. 📝 WalkthroughWalkthroughAdds Cedarling (TBAC)–based Admin UI access-control documentation, updates Token Server flow to use an Changes
Sequence Diagram(s)sequenceDiagram
participant User as User
participant UI as Admin UI
participant Auth as Auth Server (AT2)
participant Cedar as Cedarling (PDP)
participant PS as Policy Store
participant API as Config API
User->>UI: Open Admin UI
UI->>Auth: Request AT2 (update-token)
Auth->>Auth: Run update-token (validate UJWT, map roles→scopes)
Auth-->>UI: Return AT2 with scopes
UI->>Cedar: Evaluate (principal, action, resource)
Cedar->>PS: Read policies (remote or default store)
Cedar-->>UI: Allow / Deny
alt Allow
UI->>API: Call protected endpoint with AT2
API-->>UI: Return data
UI-->>User: Show resource
else Deny
UI-->>User: Show access denied
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~15 minutes
Possibly related issues
Possibly related PRs
Suggested reviewers
Poem
Pre-merge checks and finishing touches✅ Passed checks (5 passed)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: ASSERTIVE Plan: Pro 📒 Files selected for processing (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
mo-auto
added
area-documentation
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
⛔ Files ignored due to path filters (2)
docs/assets/admin-ui/admin-ui-policy-store.pngis excluded by!**/*.pngdocs/assets/admin-ui/cedarling-config.pngis excluded by!**/*.png
📒 Files selected for processing (4)
docs/admin/admin-ui/access-control.md(1 hunks)docs/admin/admin-ui/auth-server-interaction.md(2 hunks)docs/admin/admin-ui/configuration.md(3 hunks)mkdocs.yml(1 hunks)
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
📚 Learning: 2025-11-07T12:17:39.857Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Applied to files:
docs/admin/admin-ui/access-control.mddocs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-07T12:55:26.241Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
Applied to files:
docs/admin/admin-ui/access-control.mddocs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-11T15:45:04.151Z
Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2442
File: flex-linux-setup/flex_linux_setup/flex_setup.py:372-374
Timestamp: 2025-11-11T15:45:04.151Z
Learning: In flex-linux-setup/flex_linux_setup/flex_setup.py, the Admin UI policy store JSON file is downloaded from the main branch of the GluuFlexAdminUIPolicyStore repository (https://raw.githubusercontent.com/GluuFederation/GluuFlexAdminUIPolicyStore/refs/heads/main/2fb50e468d9dfefa142d1fce4fa9747efbd3a0f08de5.json). This file is regularly updated, so static checksums are not feasible. The download is handled by base.download() which includes built-in error handling, and JSON validation is performed after download to ensure file integrity before rendering the template.
Applied to files:
docs/admin/admin-ui/access-control.mddocs/admin/admin-ui/configuration.md
🪛 LanguageTool
docs/admin/admin-ui/access-control.md
[grammar] ~12-~12: Use a hyphen to join words.
Context: ...esource (feature). The Cedarling's Token Based Access Control (TBAC) is used for ...
(QB_NEW_EN_HYPHEN)
[grammar] ~25-~25: Ensure spelling is correct
Context: ...- Settings - Security - Webhooks - Assests - AuditLogs - AuthServer and configuration...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~35-~35: Ensure spelling is correct
Context: ...ties - Logging - SSA - Authn - ConfigAPIPropeties - Sesisons - Identity and Access - Users - Sc...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~43-~43: Ensure spelling is correct
Context: ...s - UserClaims - Service - Cache - Persistance - SMTP - SCIM - FIDO - SAML ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~134-~134: Use a hyphen to join words.
Context: ...es are rules which decides if the logged in user can perform Read, Write or Delet...
(QB_NEW_EN_HYPHEN)
docs/admin/admin-ui/configuration.md
[grammar] ~85-~85: Ensure spelling is correct
Context: ...eystoreEdit|Allow to edit SMTP keystore fileds. The default value is true.| |cedarli...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🪛 markdownlint-cli2 (0.18.1)
docs/admin/admin-ui/access-control.md
74-74: Ordered list item prefix
Expected: 5; Actual: 7; Style: 1/2/3
(MD029, ol-prefix)
120-120: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
121-121: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above
(MD022, blanks-around-headings)
155-155: Files should end with a single newline character
(MD047, single-trailing-newline)
docs/admin/admin-ui/configuration.md
30-30: Trailing spaces
Expected: 0 or 2; Actual: 1
(MD009, no-trailing-spaces)
80-80: Trailing spaces
Expected: 0 or 2; Actual: 1
(MD009, no-trailing-spaces)
🔇 Additional comments (6)
mkdocs.yml (1)
144-144: Navigation entry correctly positioned and formatted.The new "Access Control" entry is properly nested under Admin UI → Design & Implementation and correctly references the new documentation file. Navigation structure is sound.
docs/admin/admin-ui/auth-server-interaction.md (1)
100-104: Clarifies AT2 token handling with update-token script.The updates correctly describe how the Token Server uses an update-token script to validate UJWT and populate scopes based on role mappings. This provides clear guidance on the TBAC flow referenced in the new access-control documentation.
docs/admin/admin-ui/access-control.md (2)
51-122: Policy Store entity mapping examples are clear and well-structured.The JSON examples demonstrating how features are mapped to parent resource groups through default_entities are comprehensive and provide good guidance for administrators.
128-188: Cedar policy examples effectively demonstrate access control patterns.The three policy examples (admin, viewer, auditor roles) clearly illustrate principal-action-resource patterns and provide practical reference for writing custom policies. The explanations of Cedar policy components are well-organized.
docs/admin/admin-ui/configuration.md (2)
14-39: Cedarling configuration section provides clear guidance on Policy Retrieval Point modes.The documentation effectively explains the distinction between Remote and Default modes and provides step-by-step instructions for configuring a remote Policy Store via Agama Lab. The workflow is practical and well-organized. This aligns with the policy store retrieval mechanism documented in learnings from flex-linux-setup.
80-90: New uiConfig attributes properly documented.The expanded table documenting new Cedarling-related uiConfig fields (cedarlingLogType, auiPolicyStoreUrl, auiDefaultPolicyStorePath, cedarlingPolicyStoreRetrievalPoint) is clear and includes appropriate descriptions and default values. Aligns well with the configuration retrieval workflow.
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (3)
docs/admin/admin-ui/access-control.md (3)
12-12: Fix spelling and hyphenation errors (re-flagged from previous review).Multiple typos and hyphenation issues remain unfixed:
- Line 12: "Token Based" → "Token-based"
- Line 26: "Assests" → "Assets"
- Line 35: "ConfigAPIPropeties" → "ConfigAPIProperties"
- Line 37: "Sesisons" → "Sessions"
- Line 43: "Persistance" → "Persistence"
- Line 166: "MAnage" → "Manage"
- Line 168: "logged in" → "logged-in" (appears twice on this line and in line 12)
Apply these corrections:
-The role of the user logged-in to Gluu Flex Admin UI decides if the user will have access to a certain Admin UI's feature or not. After user authentication the user's role and other claims are packed in bundle of tokens (access_token, id_token and userinfo_token). [Cedarling](https://docs.jans.io/stable/cedarling) PDP embedded with GUI, processes the tokens and decides if the action (like Read, Write or Delete) is allowed on this resource (feature). The Cedarling's Token Based Access Control (TBAC) is used for managing access control in Gluu Flex Admin UI. +The role of the user logged-in to Gluu Flex Admin UI decides if the user will have access to a certain Admin UI's feature or not. After user authentication the user's role and other claims are packed in bundle of tokens (access_token, id_token and userinfo_token). [Cedarling](https://docs.jans.io/stable/cedarling) PDP embedded with GUI, processes the tokens and decides if the action (like Read, Write or Delete) is allowed on this resource (feature). The Cedarling's Token-based Access Control (TBAC) is used for managing access control in Gluu Flex Admin UI.- - Assests + - Assets- - ConfigAPIPropeties + - ConfigAPIProperties- - Sesisons + - Sessions- - Persistance + - Persistence-### MAnage the access control in Admin UI +### Manage the access control in Admin UI-The Cedar policies are rules which decides if the logged in user can perform Read, Write or Delete action on a feature or not. By writing the appropriate cedar policies the administrator can manage access control in Admin UI. For e.g the below policy allows the user with role **admin** to perform **Read**, **Write** or **Delete** actions on all the features under the parent group **AuthServerAndConfiguration**. +The Cedar policies are rules which decide if the logged-in user can perform Read, Write or Delete action on a feature or not. By writing the appropriate cedar policies the administrator can manage access control in Admin UI. For e.g the below policy allows the user with role **admin** to perform **Read**, **Write** or **Delete** actions on all the features under the parent group **AuthServerAndConfiguration**.Also applies to: 26-26, 35-35, 37-37, 43-43, 166-166, 168-168
18-49: Fix markdown list indentation.Nested list items use 4-space indentation but markdown-lint requires 2 spaces for unordered lists. Apply consistent 2-space indentation:
- System and monitoring - - Dashboard - - Health - - License - - MAU - - Settings - - Security - - Webhooks - - Assests - - AuditLogs - AuthServer and configuration - - Clients - - Scopes - - Keys - - AuthServerProperties - - Logging - - SSA - - Authn - - ConfigAPIProperties - - Sesisons - Identity and Access - - Users - - Scripts - - UserClaims - Service - - Cache - - Persistance - - SMTP - - SCIM - - FIDO - - SAML - - Lock + System and monitoring + - Dashboard + - Health + - License + - MAU + - Settings + - Security + - Webhooks + - Assets + - AuditLogs + AuthServer and configuration + - Clients + - Scopes + - Keys + - AuthServerProperties + - Logging + - SSA + - Authn + - ConfigAPIProperties + - Sessions + Identity and Access + - Users + - Scripts + - UserClaims + Service + - Cache + - Persistence + - SMTP + - SCIM + - FIDO + - SAML + - Lock
222-222: Add blank line after final code fence and ensure single trailing newline.Line 222 ends a code fence immediately before the next heading (line 223 in the mermaid section context), and the file should end with exactly one newline character.
); \`\`\` + ### Adding new Roles in Admin UIEnsure the file ends with a single newline after line 230.
Also applies to: 230-230
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
docs/admin/admin-ui/access-control.md(1 hunks)
🧰 Additional context used
🧠 Learnings (3)
📓 Common learnings
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
📚 Learning: 2025-11-07T12:17:39.857Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Applied to files:
docs/admin/admin-ui/access-control.md
📚 Learning: 2025-11-07T12:55:26.241Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
Applied to files:
docs/admin/admin-ui/access-control.md
🪛 LanguageTool
docs/admin/admin-ui/access-control.md
[grammar] ~12-~12: Use a hyphen to join words.
Context: ...esource (feature). The Cedarling's Token Based Access Control (TBAC) is used for ...
(QB_NEW_EN_HYPHEN)
[grammar] ~25-~25: Ensure spelling is correct
Context: ...- Settings - Security - Webhooks - Assests - AuditLogs - AuthServer and configuration...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~35-~35: Ensure spelling is correct
Context: ...ties - Logging - SSA - Authn - ConfigAPIPropeties - Sesisons - Identity and Access - Users - Sc...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~43-~43: Ensure spelling is correct
Context: ...s - UserClaims - Service - Cache - Persistance - SMTP - SCIM - FIDO - SAML ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~168-~168: Use a hyphen to join words.
Context: ...es are rules which decides if the logged in user can perform Read, Write or Delet...
(QB_NEW_EN_HYPHEN)
🪛 markdownlint-cli2 (0.18.1)
docs/admin/admin-ui/access-control.md
19-19: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
20-20: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
21-21: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
22-22: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
23-23: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
24-24: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
25-25: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
26-26: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
27-27: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
29-29: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
30-30: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
31-31: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
32-32: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
33-33: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
34-34: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
35-35: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
36-36: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
37-37: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
39-39: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
40-40: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
41-41: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
43-43: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
44-44: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
45-45: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
46-46: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
47-47: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
48-48: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
49-49: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
55-55: Hard tabs
Column: 1
(MD010, no-hard-tabs)
56-56: Hard tabs
Column: 1
(MD010, no-hard-tabs)
57-57: Hard tabs
Column: 1
(MD010, no-hard-tabs)
58-58: Hard tabs
Column: 1
(MD010, no-hard-tabs)
59-59: Hard tabs
Column: 1
(MD010, no-hard-tabs)
60-60: Hard tabs
Column: 1
(MD010, no-hard-tabs)
61-61: Hard tabs
Column: 1
(MD010, no-hard-tabs)
62-62: Hard tabs
Column: 1
(MD010, no-hard-tabs)
63-63: Hard tabs
Column: 1
(MD010, no-hard-tabs)
64-64: Hard tabs
Column: 1
(MD010, no-hard-tabs)
65-65: Hard tabs
Column: 1
(MD010, no-hard-tabs)
66-66: Hard tabs
Column: 1
(MD010, no-hard-tabs)
67-67: Hard tabs
Column: 1
(MD010, no-hard-tabs)
68-68: Hard tabs
Column: 1
(MD010, no-hard-tabs)
69-69: Hard tabs
Column: 1
(MD010, no-hard-tabs)
70-70: Hard tabs
Column: 1
(MD010, no-hard-tabs)
71-71: Hard tabs
Column: 1
(MD010, no-hard-tabs)
72-72: Hard tabs
Column: 1
(MD010, no-hard-tabs)
73-73: Hard tabs
Column: 1
(MD010, no-hard-tabs)
74-74: Hard tabs
Column: 1
(MD010, no-hard-tabs)
75-75: Hard tabs
Column: 1
(MD010, no-hard-tabs)
76-76: Hard tabs
Column: 1
(MD010, no-hard-tabs)
77-77: Hard tabs
Column: 1
(MD010, no-hard-tabs)
78-78: Hard tabs
Column: 1
(MD010, no-hard-tabs)
79-79: Hard tabs
Column: 1
(MD010, no-hard-tabs)
80-80: Hard tabs
Column: 1
(MD010, no-hard-tabs)
81-81: Hard tabs
Column: 1
(MD010, no-hard-tabs)
82-82: Hard tabs
Column: 1
(MD010, no-hard-tabs)
83-83: Hard tabs
Column: 1
(MD010, no-hard-tabs)
84-84: Hard tabs
Column: 1
(MD010, no-hard-tabs)
85-85: Hard tabs
Column: 1
(MD010, no-hard-tabs)
86-86: Hard tabs
Column: 1
(MD010, no-hard-tabs)
87-87: Hard tabs
Column: 1
(MD010, no-hard-tabs)
88-88: Hard tabs
Column: 1
(MD010, no-hard-tabs)
89-89: Hard tabs
Column: 1
(MD010, no-hard-tabs)
90-90: Hard tabs
Column: 1
(MD010, no-hard-tabs)
91-91: Hard tabs
Column: 1
(MD010, no-hard-tabs)
92-92: Hard tabs
Column: 1
(MD010, no-hard-tabs)
93-93: Hard tabs
Column: 1
(MD010, no-hard-tabs)
94-94: Hard tabs
Column: 1
(MD010, no-hard-tabs)
95-95: Hard tabs
Column: 1
(MD010, no-hard-tabs)
96-96: Hard tabs
Column: 1
(MD010, no-hard-tabs)
97-97: Hard tabs
Column: 1
(MD010, no-hard-tabs)
98-98: Hard tabs
Column: 1
(MD010, no-hard-tabs)
99-99: Hard tabs
Column: 1
(MD010, no-hard-tabs)
100-100: Hard tabs
Column: 1
(MD010, no-hard-tabs)
101-101: Hard tabs
Column: 1
(MD010, no-hard-tabs)
102-102: Hard tabs
Column: 1
(MD010, no-hard-tabs)
103-103: Hard tabs
Column: 1
(MD010, no-hard-tabs)
104-104: Hard tabs
Column: 1
(MD010, no-hard-tabs)
105-105: Hard tabs
Column: 1
(MD010, no-hard-tabs)
106-106: Hard tabs
Column: 1
(MD010, no-hard-tabs)
107-107: Hard tabs
Column: 1
(MD010, no-hard-tabs)
108-108: Hard tabs
Column: 1
(MD010, no-hard-tabs)
109-109: Hard tabs
Column: 1
(MD010, no-hard-tabs)
110-110: Hard tabs
Column: 1
(MD010, no-hard-tabs)
111-111: Hard tabs
Column: 1
(MD010, no-hard-tabs)
112-112: Hard tabs
Column: 1
(MD010, no-hard-tabs)
113-113: Hard tabs
Column: 1
(MD010, no-hard-tabs)
114-114: Hard tabs
Column: 1
(MD010, no-hard-tabs)
115-115: Hard tabs
Column: 1
(MD010, no-hard-tabs)
116-116: Hard tabs
Column: 1
(MD010, no-hard-tabs)
117-117: Hard tabs
Column: 1
(MD010, no-hard-tabs)
118-118: Hard tabs
Column: 1
(MD010, no-hard-tabs)
119-119: Hard tabs
Column: 1
(MD010, no-hard-tabs)
170-170: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
183-183: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
194-194: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
213-213: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
222-222: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
230-230: Files should end with a single newline character
(MD047, single-trailing-newline)
🔇 Additional comments (1)
docs/admin/admin-ui/access-control.md (1)
1-230: Overall: Documentation content is comprehensive and well-aligned.The documentation clearly explains Cedarling-based access control, policy stores, resource categorization, and Cedar policy semantics. The structure, examples, and references are appropriate for the intended audience. Once formatting and spelling issues are resolved, this will be a solid addition to the Admin UI documentation.
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (8)
docs/admin/admin-ui/configuration.md (2)
30-30: Remove trailing whitespace (recurring issue).Lines 30 and 80 have trailing spaces flagged by the linter. Remove all trailing whitespace at the end of these lines.
- #### Steps to configure Remote Policy Store URL + #### Steps to configure Remote Policy Store URL - uiConfig + uiConfigAlso applies to: 80-80
84-85: Fix spelling errors in uiConfig table (recurring issue).These typos were flagged in the previous review and need to be corrected:
- |sessionTimeoutInMins|Admin UI Frontend sesiion out time| + |sessionTimeoutInMins|Admin UI Frontend session timeout duration| - |allowSmtpKeystoreEdit|Allow to edit SMTP keystore fileds. The default value is `true`.| + |allowSmtpKeystoreEdit|Allow to edit SMTP keystore fields. The default value is `true`.|docs/admin/admin-ui/access-control.md (6)
12-12: Fix hyphenation: "Token Based" should be "Token-based".Apply standard English grammar for compound adjectives:
- The Cedarling's Token Based Access Control (TBAC) is used for managing access control in Gluu Flex Admin UI. + The Cedarling's Token-based Access Control (TBAC) is used for managing access control in Gluu Flex Admin UI.
26-26: Fix spelling errors in feature parent groups list (recurring issue).Multiple spelling errors were flagged in the previous review and need correction:
- System and monitoring - Dashboard - Health - License - MAU - Settings - Security - Webhooks - - Assests + - Assets - AuditLogs - AuthServer and configuration - Clients - Scopes - Keys - AuthServerProperties - Logging - SSA - Authn - - ConfigAPIPropeties - - Sesisons + - ConfigAPIProperties + - Sessions - Identity and Access - Users - Scripts - UserClaims - Service - Cache - - Persistance + - Persistence - SMTP - SCIM - FIDO - SAML - LockAlso applies to: 36-37, 44-44
53-122: Replace hard tabs with spaces in JSON code block (recurring issue).The JSON example uses hard tab characters for indentation. Replace all tabs with spaces (2 or 4 spaces per indent level) for markdown consistency and portability.
Convert all tab characters in the JSON block (lines 53–122) to spaces, then verify the code block renders correctly in the markdown preview.
170-170: Specify "cedar" language identifier for Cedar policy code blocks (recurring issue).All Cedar policy code blocks are missing language specifications. Add
cedarafter the opening triple backticks for proper syntax highlighting and markdown compliance.- ``` + ```cedar @id("AdminCanManageAuthServerConfiguration") permit ( principal in Gluu::Flex::AdminUI::Role::"admin",Apply the same change (replace
```with```cedar) to lines 183, 194, and 213.Also applies to: 183-183, 194-194, 213-213
168-168: Fix hyphenation and subject-verb agreement.Line 168 has two grammar issues:
- The Cedar policies are rules which decides if the logged in user can perform Read, Write or Delete action on a feature or not. + The Cedar policies are rules which decide if the logged-in user can perform Read, Write or Delete action on a feature or not.Note: "rules" (plural) requires "decide" (plural verb), and "logged-in" uses hyphenation as a compound adjective.
74-74: Fix markdown formatting violations (recurring issues).Multiple markdown issues were flagged in the previous review:
- Line 74: Ordered list numbering is incorrect. Change list item prefix from 7 to 5.
- Line 120: Missing blank line before the code fence.
- Line 121: Missing blank line above the heading.
- End of file: File should end with exactly one newline.
These fixes are necessary for markdown compliance (MD029, MD012, MD040).
Also applies to: 120-121, 253-253
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
docs/admin/admin-ui/access-control.md(1 hunks)docs/admin/admin-ui/configuration.md(3 hunks)
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
📚 Learning: 2025-11-07T12:17:39.857Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Applied to files:
docs/admin/admin-ui/configuration.mddocs/admin/admin-ui/access-control.md
📚 Learning: 2025-11-07T12:55:26.241Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
Applied to files:
docs/admin/admin-ui/configuration.mddocs/admin/admin-ui/access-control.md
📚 Learning: 2025-11-11T15:45:04.151Z
Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2442
File: flex-linux-setup/flex_linux_setup/flex_setup.py:372-374
Timestamp: 2025-11-11T15:45:04.151Z
Learning: In flex-linux-setup/flex_linux_setup/flex_setup.py, the Admin UI policy store JSON file is downloaded from the main branch of the GluuFlexAdminUIPolicyStore repository (https://raw.githubusercontent.com/GluuFederation/GluuFlexAdminUIPolicyStore/refs/heads/main/2fb50e468d9dfefa142d1fce4fa9747efbd3a0f08de5.json). This file is regularly updated, so static checksums are not feasible. The download is handled by base.download() which includes built-in error handling, and JSON validation is performed after download to ensure file integrity before rendering the template.
Applied to files:
docs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-10T14:18:58.310Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:107-109
Timestamp: 2025-11-10T14:18:58.310Z
Learning: In the Cedarling configuration page (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), console.error calls should be kept in catch blocks when there are multiple operations in the try block, as they help print the whole error object with details for debugging unexpected errors.
Applied to files:
docs/admin/admin-ui/access-control.md
🪛 LanguageTool
docs/admin/admin-ui/configuration.md
[grammar] ~85-~85: Ensure spelling is correct
Context: ...eystoreEdit|Allow to edit SMTP keystore fileds. The default value is true.| |cedarli...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
docs/admin/admin-ui/access-control.md
[grammar] ~25-~25: Ensure spelling is correct
Context: ...- Settings - Security - Webhooks - Assests - AuditLogs - AuthServer and configuration...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~35-~35: Ensure spelling is correct
Context: ...ties - Logging - SSA - Authn - ConfigAPIPropeties - Sesisons - Identity and Access - Users - Sc...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~43-~43: Ensure spelling is correct
Context: ...s - UserClaims - Service - Cache - Persistance - SMTP - SCIM - FIDO - SAML ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~168-~168: Use a hyphen to join words.
Context: ...es are rules which decides if the logged in user can perform Read, Write or Delet...
(QB_NEW_EN_HYPHEN)
🔇 Additional comments (1)
docs/admin/admin-ui/access-control.md (1)
1-253: Strong documentation of Cedarling TBAC for Admin UI access control.The new access-control documentation provides comprehensive coverage of:
- Feature categorization into parent groups and individual features
- Policy Store management (default vs. remote retrieval points)
- Cedar policy writing with concrete examples for admin/viewer/auditor roles
- Guidance on adding new roles and writing policies for parent groups vs. specific features
- System architecture diagram showing interactions between Admin UI, Cedarling PDP, and policy stores
The documentation aligns well with the Cedarling-focused configuration changes and supports the PR objective. After addressing the formatting and spelling issues flagged separately, this will be ready to merge.
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
docs/admin/admin-ui/configuration.md (1)
153-173: Add missing newline at end of file.The file currently ends with backticks (
```) without a trailing newline, violating the convention that files should end with a single newline character. The file ends with}\n}\n```when it should end with}\n}\n` ``````\n`.
♻️ Duplicate comments (1)
docs/admin/admin-ui/configuration.md (1)
24-24: Fix typo: "mods" should be "modes".- There are 2 mods. + There are 2 modes.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
docs/admin/admin-ui/access-control.md(1 hunks)docs/admin/admin-ui/auth-server-interaction.md(2 hunks)docs/admin/admin-ui/configuration.md(3 hunks)
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
📚 Learning: 2025-11-07T12:17:39.857Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Applied to files:
docs/admin/admin-ui/access-control.mddocs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-07T12:55:26.241Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
Applied to files:
docs/admin/admin-ui/access-control.mddocs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-10T14:18:58.310Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:107-109
Timestamp: 2025-11-10T14:18:58.310Z
Learning: In the Cedarling configuration page (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), console.error calls should be kept in catch blocks when there are multiple operations in the try block, as they help print the whole error object with details for debugging unexpected errors.
Applied to files:
docs/admin/admin-ui/access-control.md
📚 Learning: 2025-11-11T15:45:04.151Z
Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2442
File: flex-linux-setup/flex_linux_setup/flex_setup.py:372-374
Timestamp: 2025-11-11T15:45:04.151Z
Learning: In flex-linux-setup/flex_linux_setup/flex_setup.py, the Admin UI policy store JSON file is downloaded from the main branch of the GluuFlexAdminUIPolicyStore repository (https://raw.githubusercontent.com/GluuFederation/GluuFlexAdminUIPolicyStore/refs/heads/main/2fb50e468d9dfefa142d1fce4fa9747efbd3a0f08de5.json). This file is regularly updated, so static checksums are not feasible. The download is handled by base.download() which includes built-in error handling, and JSON validation is performed after download to ensure file integrity before rendering the template.
Applied to files:
docs/admin/admin-ui/configuration.md
🪛 markdownlint-cli2 (0.18.1)
docs/admin/admin-ui/access-control.md
74-74: Ordered list item prefix
Expected: 5; Actual: 7; Style: 1/2/3
(MD029, ol-prefix)
120-120: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
121-121: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Above
(MD022, blanks-around-headings)
155-155: Files should end with a single newline character
(MD047, single-trailing-newline)
docs/admin/admin-ui/configuration.md
155-155: Files should end with a single newline character
(MD047, single-trailing-newline)
🔇 Additional comments (2)
docs/admin/admin-ui/access-control.md (2)
120-124: Markdown formatting is already compliant; no changes needed.The verification confirms that the code is already properly formatted. Line 123 contains a blank line between the closing code fence (line 122) and the heading (line 124), which correctly complies with markdown formatting standards.
248-253: <!-- [scratchpad_start]
[task verify_file_ending 1/1]
[observations]
- File: docs/admin/admin-ui/access-control.md
- File size: 10520 bytes
tail -c 1 | wc -creturned 1 (confirming last byte exists and is 1 byte)- hexdump and od not available in sandbox
- Previous Python script had syntax error with backslash in f-string
[analysis]
- The fact that
tail -c 1 | wc -creturned 1 suggests file ends with a single byte (likely newline)- Need to correct Python syntax to avoid backslash-in-f-string error
- Can use variable assignment or alternative string formatting
[pending]
- Verify final character is exactly newline (0x0A)
- Confirm only one newline at end, not multiple
- Check for trailing whitespace
[actions]
- Generate corrected Python script with proper syntax (avoid backslashes in f-strings)
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
docs/admin/admin-ui/configuration.md (2)
75-89: Clarify uiConfig table structure to avoid duplication.The documentation has two separate tables for
uiConfig(lines 75–78 and 82–89), which creates structural ambiguity. Line 80 appears to be an attempt at a sub-heading but uses plain text instead of markdown syntax.Consider consolidating these into a single, clear table or, if intentional, add proper markdown heading syntax (e.g.,
#### uiConfig) on line 80 with explanatory text to distinguish the two sections.-|Attribute Name|Description| -|--------------|-----------| -|uiConfig|Object with UI configuration attributes| -|sessionTimeoutInMins|The admin UI will auto-logout after a period of inactivity defined in this field.| - -uiConfig - +#### uiConfig + |Attribute Name|Description| |--------------|-----------|
137-137: Fix JSON syntax error in sample configuration.Line 137 has a period (
.) after theclientSecretvalue where a comma (,) is required for valid JSON. This will cause parsing errors if users copy this sample.- "clientSecret": "GGO4t1uixrTpl4Rizt3zag==". + "clientSecret": "GGO4t1uixrTpl4Rizt3zag==",
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
docs/admin/admin-ui/configuration.md(3 hunks)
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
📚 Learning: 2025-11-07T12:17:39.857Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Applied to files:
docs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-07T12:55:26.241Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
Applied to files:
docs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-11T15:45:04.151Z
Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2442
File: flex-linux-setup/flex_linux_setup/flex_setup.py:372-374
Timestamp: 2025-11-11T15:45:04.151Z
Learning: In flex-linux-setup/flex_linux_setup/flex_setup.py, the Admin UI policy store JSON file is downloaded from the main branch of the GluuFlexAdminUIPolicyStore repository (https://raw.githubusercontent.com/GluuFederation/GluuFlexAdminUIPolicyStore/refs/heads/main/2fb50e468d9dfefa142d1fce4fa9747efbd3a0f08de5.json). This file is regularly updated, so static checksums are not feasible. The download is handled by base.download() which includes built-in error handling, and JSON validation is performed after download to ensure file integrity before rendering the template.
Applied to files:
docs/admin/admin-ui/configuration.md
🪛 markdownlint-cli2 (0.18.1)
docs/admin/admin-ui/configuration.md
30-30: Trailing spaces
Expected: 0 or 2; Actual: 1
(MD009, no-trailing-spaces)
80-80: Trailing spaces
Expected: 0 or 2; Actual: 1
(MD009, no-trailing-spaces)
🔇 Additional comments (1)
docs/admin/admin-ui/configuration.md (1)
22-38: Policy Retrieval Point documentation looks good.The two-mode explanation (Remote vs Default) is clear and actionable. The configuration steps appropriately reference the GluuFlexAdminUIPolicyStore repository and Agama Lab's Policy Designer, providing users with clear guidance on obtaining the policy store URL and enabling remote mode.
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
docs/admin/admin-ui/configuration.md (1)
137-137: Fix JSON syntax error: replace period with comma.Line 137 has a period at the end of the clientSecret value, which breaks JSON syntax. It should be a comma to separate fields.
- "clientSecret": "GGO4t1uixrTpl4Rizt3zag==". + "clientSecret": "GGO4t1uixrTpl4Rizt3zag==",
♻️ Duplicate comments (1)
docs/admin/admin-ui/configuration.md (1)
80-80: Remove trailing whitespace for markdown linting compliance.Line 80 has a trailing space that violates MD009 (no-trailing-spaces).
-uiConfig +uiConfig
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
docs/admin/admin-ui/configuration.md(3 hunks)
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
📚 Learning: 2025-11-07T12:17:39.857Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Applied to files:
docs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-07T12:55:26.241Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
Applied to files:
docs/admin/admin-ui/configuration.md
📚 Learning: 2025-11-11T15:45:04.151Z
Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2442
File: flex-linux-setup/flex_linux_setup/flex_setup.py:372-374
Timestamp: 2025-11-11T15:45:04.151Z
Learning: In flex-linux-setup/flex_linux_setup/flex_setup.py, the Admin UI policy store JSON file is downloaded from the main branch of the GluuFlexAdminUIPolicyStore repository (https://raw.githubusercontent.com/GluuFederation/GluuFlexAdminUIPolicyStore/refs/heads/main/2fb50e468d9dfefa142d1fce4fa9747efbd3a0f08de5.json). This file is regularly updated, so static checksums are not feasible. The download is handled by base.download() which includes built-in error handling, and JSON validation is performed after download to ensure file integrity before rendering the template.
Applied to files:
docs/admin/admin-ui/configuration.md
🪛 markdownlint-cli2 (0.18.1)
docs/admin/admin-ui/configuration.md
80-80: Trailing spaces
Expected: 0 or 2; Actual: 1
(MD009, no-trailing-spaces)
🔇 Additional comments (3)
docs/admin/admin-ui/configuration.md (3)
10-10: Content looks accurate and well-structured.The Cedarling Configuration section clearly explains the purpose, policy store synchronization, and the Policy Retrieval Point modes. Descriptions align with the learnings from PR #2378 regarding auiPolicyStoreUrl scope and functionality.
Also applies to: 14-29
30-38: Steps are clear and actionable.The remote policy store configuration instructions properly guide users through forking, modifying policies, and configuring the Admin UI. References to GluuFlexAdminUIPolicyStore and Agama Lab are helpful.
154-159: Sample uiConfig properly reflects documented fields.The sample configuration correctly includes all new Cedarling-related fields (auiPolicyStoreUrl, auiDefaultPolicyStorePath, cedarlingPolicyStoreRetrievalPoint, cedarlingLogType, allowSmtpKeystoreEdit) with appropriate default values matching the table definitions above.
Signed-off-by: duttarnab <arnab.bdutta@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 2
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
docs/admin/admin-ui/access-control.md(1 hunks)
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
📚 Learning: 2025-11-07T12:17:39.857Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:43-149
Timestamp: 2025-11-07T12:17:39.857Z
Learning: In the Cedarling configuration UI PR (#2378), the `configApiPolicyStoreUrl` field is intentionally out of scope. It relates to config API configuration and will be covered in a separate PR. The current PR focuses on the Admin UI policy store URL (`auiPolicyStoreUrl`).
Applied to files:
docs/admin/admin-ui/access-control.md
📚 Learning: 2025-11-07T12:55:26.241Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:93-104
Timestamp: 2025-11-07T12:55:26.241Z
Learning: In the Cedarling configuration feature (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), the sync role to scopes mappings operation depends on the `auiPolicyStoreUrl`. The backend fetches content from this URL and syncs roles based on the response. Therefore, the audit log for the sync operation should include the `auiPolicyStoreUrl` in its payload to provide proper audit context.
Applied to files:
docs/admin/admin-ui/access-control.md
📚 Learning: 2025-11-10T14:18:58.310Z
Learnt from: kdhttps
Repo: GluuFederation/flex PR: 2378
File: admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx:107-109
Timestamp: 2025-11-10T14:18:58.310Z
Learning: In the Cedarling configuration page (admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx), console.error calls should be kept in catch blocks when there are multiple operations in the try block, as they help print the whole error object with details for debugging unexpected errors.
Applied to files:
docs/admin/admin-ui/access-control.md
🪛 markdownlint-cli2 (0.18.1)
docs/admin/admin-ui/access-control.md
19-19: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
20-20: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
21-21: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
22-22: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
23-23: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
24-24: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
25-25: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
26-26: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
27-27: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
29-29: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
30-30: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
31-31: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
32-32: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
33-33: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
34-34: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
35-35: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
36-36: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
37-37: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
39-39: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
40-40: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
41-41: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
43-43: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
44-44: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
45-45: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
46-46: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
47-47: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
48-48: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
49-49: Unordered list indentation
Expected: 2; Actual: 4
(MD007, ul-indent)
55-55: Hard tabs
Column: 1
(MD010, no-hard-tabs)
56-56: Hard tabs
Column: 1
(MD010, no-hard-tabs)
57-57: Hard tabs
Column: 1
(MD010, no-hard-tabs)
58-58: Hard tabs
Column: 1
(MD010, no-hard-tabs)
59-59: Hard tabs
Column: 1
(MD010, no-hard-tabs)
60-60: Hard tabs
Column: 1
(MD010, no-hard-tabs)
61-61: Hard tabs
Column: 1
(MD010, no-hard-tabs)
62-62: Hard tabs
Column: 1
(MD010, no-hard-tabs)
63-63: Hard tabs
Column: 1
(MD010, no-hard-tabs)
64-64: Hard tabs
Column: 1
(MD010, no-hard-tabs)
65-65: Hard tabs
Column: 1
(MD010, no-hard-tabs)
66-66: Hard tabs
Column: 1
(MD010, no-hard-tabs)
67-67: Hard tabs
Column: 1
(MD010, no-hard-tabs)
68-68: Hard tabs
Column: 1
(MD010, no-hard-tabs)
69-69: Hard tabs
Column: 1
(MD010, no-hard-tabs)
70-70: Hard tabs
Column: 1
(MD010, no-hard-tabs)
71-71: Hard tabs
Column: 1
(MD010, no-hard-tabs)
72-72: Hard tabs
Column: 1
(MD010, no-hard-tabs)
73-73: Hard tabs
Column: 1
(MD010, no-hard-tabs)
74-74: Hard tabs
Column: 1
(MD010, no-hard-tabs)
75-75: Hard tabs
Column: 1
(MD010, no-hard-tabs)
76-76: Hard tabs
Column: 1
(MD010, no-hard-tabs)
77-77: Hard tabs
Column: 1
(MD010, no-hard-tabs)
78-78: Hard tabs
Column: 1
(MD010, no-hard-tabs)
79-79: Hard tabs
Column: 1
(MD010, no-hard-tabs)
80-80: Hard tabs
Column: 1
(MD010, no-hard-tabs)
81-81: Hard tabs
Column: 1
(MD010, no-hard-tabs)
82-82: Hard tabs
Column: 1
(MD010, no-hard-tabs)
83-83: Hard tabs
Column: 1
(MD010, no-hard-tabs)
84-84: Hard tabs
Column: 1
(MD010, no-hard-tabs)
85-85: Hard tabs
Column: 1
(MD010, no-hard-tabs)
86-86: Hard tabs
Column: 1
(MD010, no-hard-tabs)
87-87: Hard tabs
Column: 1
(MD010, no-hard-tabs)
88-88: Hard tabs
Column: 1
(MD010, no-hard-tabs)
89-89: Hard tabs
Column: 1
(MD010, no-hard-tabs)
90-90: Hard tabs
Column: 1
(MD010, no-hard-tabs)
91-91: Hard tabs
Column: 1
(MD010, no-hard-tabs)
92-92: Hard tabs
Column: 1
(MD010, no-hard-tabs)
93-93: Hard tabs
Column: 1
(MD010, no-hard-tabs)
94-94: Hard tabs
Column: 1
(MD010, no-hard-tabs)
95-95: Hard tabs
Column: 1
(MD010, no-hard-tabs)
96-96: Hard tabs
Column: 1
(MD010, no-hard-tabs)
97-97: Hard tabs
Column: 1
(MD010, no-hard-tabs)
98-98: Hard tabs
Column: 1
(MD010, no-hard-tabs)
99-99: Hard tabs
Column: 1
(MD010, no-hard-tabs)
100-100: Hard tabs
Column: 1
(MD010, no-hard-tabs)
101-101: Hard tabs
Column: 1
(MD010, no-hard-tabs)
102-102: Hard tabs
Column: 1
(MD010, no-hard-tabs)
103-103: Hard tabs
Column: 1
(MD010, no-hard-tabs)
104-104: Hard tabs
Column: 1
(MD010, no-hard-tabs)
105-105: Hard tabs
Column: 1
(MD010, no-hard-tabs)
106-106: Hard tabs
Column: 1
(MD010, no-hard-tabs)
107-107: Hard tabs
Column: 1
(MD010, no-hard-tabs)
108-108: Hard tabs
Column: 1
(MD010, no-hard-tabs)
109-109: Hard tabs
Column: 1
(MD010, no-hard-tabs)
110-110: Hard tabs
Column: 1
(MD010, no-hard-tabs)
111-111: Hard tabs
Column: 1
(MD010, no-hard-tabs)
112-112: Hard tabs
Column: 1
(MD010, no-hard-tabs)
113-113: Hard tabs
Column: 1
(MD010, no-hard-tabs)
114-114: Hard tabs
Column: 1
(MD010, no-hard-tabs)
115-115: Hard tabs
Column: 1
(MD010, no-hard-tabs)
116-116: Hard tabs
Column: 1
(MD010, no-hard-tabs)
117-117: Hard tabs
Column: 1
(MD010, no-hard-tabs)
118-118: Hard tabs
Column: 1
(MD010, no-hard-tabs)
119-119: Hard tabs
Column: 1
(MD010, no-hard-tabs)
222-222: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
245-245: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
🔇 Additional comments (3)
docs/admin/admin-ui/access-control.md (3)
160-161: Blank lines around code fences are properly placed.The code blocks are correctly surrounded by blank lines (e.g., lines 159-160 before mermaid fence, lines 222-224 after cedar fence). This satisfies the MD031 markdown requirement.
Also applies to: 203-204, 222-223
170-179: Cedar code blocks have proper language identifiers.All Cedar policy examples are correctly tagged with the
cedarlanguage identifier (```cedar), enabling syntax highlighting and satisfying markdown best practices.Also applies to: 183-190, 194-203, 213-222
10-127: Access control documentation is clear and well-structured.The overview and policy store management sections effectively explain Cedarling TBAC integration, role-to-scope mapping, and the distinction between default and remote policy stores. The reference to Cedarling configuration for setting the remote policy store URL is appropriate and aligns with related documentation.
|
|
4 participants
closes #2322
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.