I am attempting to deploy spring-cloud-data-flow-server on cloud foundry, and to use role-mapping to map the default roles to my own scopes.
In order to do so, I'm following https://docs.spring.io/spring-cloud-dataflow/docs/2.3.0.BUILD-SNAPSHOT/reference/htmlsingle/#configuration-security-role-mapping which states map-oauth-scopes is to be set to true and afterwards all 7 Spring Cloud Data Flow roles should be mapped to scopes.
I've noticed you can configure said properties using the manifest.yml, under the env object, with some modifications to the key. As stated in https://github.com/spring-cloud/spring-cloud-dataflow/blob/master/spring-cloud-dataflow-docs/src/main/asciidoc/configuration-cloudfoundry.adoc this hierarchy:
spring:
cloud:
dataflow:
security:
authorization:
map-oauth-scopes: true
role-mappings:
ROLE_CREATE: dataflow.create
ROLE_DEPLOY: dataflow.deploy
ROLE_DESTROY: dataflow.destoy
ROLE_MANAGE: dataflow.manage
ROLE_MODIFY: dataflow.modify
ROLE_SCHEDULE: dataflow.schedule
ROLE_VIEW: dataflow.view
Can be represented like so in manifest.yml:
- env:
SPRING_CLOUD_DATAFLOW_SECURITY_AUTHORIZATION_MAP-OAUTH-SCOPES: true
SPRING_CLOUD_DATAFLOW_SECURITY_AUTHORIZATION_ROLE-MAPPINGS_ROLE_CREATE: <my-scope>
...
map-oauth-scopes is properly set, however the role mapping isn't. I suspect is has something to do with the underscore in the role prefix (e.g ROLE_CREATE), since the 'translation' to the env format requires underscores as hierarchy.
What am I missing? How can I set the role mapping using the manifest.yml?
Thanks in advance!