feat(flex-linux-setup):update the renamed scopes in adminUIResourceScopeMapping table

[duttarnab]

closes #2539

Summary by CodeRabbit

• Chores
  • Updated asset resource permission scope mappings to align with standardized naming conventions for READ, WRITE, and DELETE operations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

A single LDIF template file is updated to rename three asset-related OAuth scope endpoints, replacing legacy jans_asset-* identifiers with standardized asset.* naming conventions. No functional behavior changes.

Changes

Cohort / File(s)	Summary
Asset Scope Renaming flex-linux-setup/flex_linux_setup/templates/adminUIResourceScopesMapping.ldif	Updated three jansScope values: jans_asset-read → asset.readonly, jans_asset-write → asset.write, jans_asset-delete → asset.admin

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• feat: add permission to read/write admin-ui config in read-security and write-security capabilities #2451 — Modifies adminUIResourceScopesMapping.ldif with asset scope adjustments in the same configuration file
• chore(cloud-native): sync admin-ui resource scope mapping #2456 — Updates admin-ui resource scope mapping templates alongside this scope endpoint synchronization

Suggested labels

comp-flex-linux-setup, kind-feature

Suggested reviewers

• devrimyatar
• moabu

Poem

🐰 ✨ A scoping tale so neat and clean,
Old asset names swapped for new routines,
From jans_asset to asset.* they flow,
OAuth endpoints reborn, all aglow! 🌟

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the main change: updating renamed scopes in the adminUIResourceScopeMapping table, which matches the actual code changes in the pull request.
Linked Issues check	✅ Passed	The code changes successfully update the scope names in adminUIResourceScopeMapping.ldif file, addressing the requirement from linked issue #2539 to reflect renamed scopes.
Out of Scope Changes check	✅ Passed	The pull request contains only changes to scope mappings in the adminUIResourceScopeMapping.ldif file, which is directly aligned with the linked issue objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch flex-linux-setup-2539

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed for 'flex_linux_setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 87536ab and 29f565d.

📒 Files selected for processing (1)

• flex-linux-setup/flex_linux_setup/templates/adminUIResourceScopesMapping.ldif

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-11-11T15:17:34.651Z

Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2440
File: flex-linux-setup/flex_linux_setup/flex_setup.py:519-519
Timestamp: 2025-11-11T15:17:34.651Z
Learning: In flex-linux-setup/flex_linux_setup/flex_setup.py, the webhook LDIF (aui_webhook.ldif) should only be imported during fresh Admin UI installations, not during updates. The import is correctly guarded by the check `client_check_result['2001.'] == -1` which ensures it only runs when the Admin UI Web Client doesn't already exist. Docker update workflows differ from Linux update workflows in this regard.

Applied to files:

• flex-linux-setup/flex_linux_setup/templates/adminUIResourceScopesMapping.ldif

🔇 Additional comments (1)

flex-linux-setup/flex_linux_setup/templates/adminUIResourceScopesMapping.ldif (1)

94-94: Confirm the semantic intent of asset.admin versus the standard .delete suffix for DELETE operations.

The scope renaming is confirmed—old jans_asset-* references have been removed. However, line 113 uses asset.admin for DELETE access, which is inconsistent with the standard pattern used elsewhere in the file (e.g., clients.delete, scopes.delete, user.delete).

While ssa.admin also uses .admin for DELETE operations (lines 597, 607), suggesting this may be intentional, the semantic difference between .admin and .delete should be clarified. Does .admin grant broader permissions than .delete, or should this be aligned with the standard .delete suffix?

Verify that OAuth scope definitions in the authorization server configuration have been updated to include these new scope names.