Skip to content

fix(flex-linux-setup): setup imports aui_webhook.ldif #2440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
duttarnab merged 1 commit into from
Nov 11, 2025
Merged

fix(flex-linux-setup): setup imports aui_webhook.ldif #2440

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion flex-linux-setup/flex_linux_setup/flex_setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -516,7 +516,7 @@ def install_gluu_admin_ui(self):
print("\033[1mAdmin UI Web Client ID:\033[0m", Config.admin_ui_client_id)
print("\033[1mAdmin UI Web Client Secret:\033[0m", Config.admin_ui_client_pw)

self.dbUtils.import_ldif([client_tmp_fn])
self.dbUtils.import_ldif([client_tmp_fn, self.admin_ui_web_hook_ldif_fn])
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Webhook LDIF import is conditional on first-time setup only.

The webhook LDIF file is only imported when client_check_result['2001.'] == -1 (line 491), meaning it will only be imported during fresh installations when the Admin UI Web Client doesn't exist.

This could be problematic because:

  1. Upgrade scenarios: If a user upgrades an existing Flex installation, the client already exists, so this block is skipped and the webhook entries won't be imported.
  2. Partial state: If the client exists but webhook entries are missing (the exact issue fix(jans-linux-setup): missing contnets in table auiFeatures #2439 describes), re-running setup won't fix it.

Consider one of these approaches:

  • Import the webhook LDIF unconditionally (outside the conditional block)
  • Add a separate check to verify webhook entries exist before skipping the import
  • Import in both branches (when client exists and when it doesn't)

Verify whether this import should happen only on first-time setup or also during upgrades:

🏁 Script executed:

#!/bin/bash
# Description: Check if there are other installation/upgrade paths that handle webhook import

# Search for other references to webhook LDIF
rg -n "webhook" --type py -C 3

# Search for upgrade-related logic
rg -n "update|upgrade" --type py -C 3 flex-linux-setup/

# Check if there's logic to handle existing clients
ast-grep --pattern $'if client_check_result[$_] == 1:
  $$$'

Length of output: 8601

🏁 Script executed:

#!/bin/bash
# Get full context around the webhook import logic
sed -n '480,530p' flex-linux-setup/flex_linux_setup/flex_setup.py

echo "---"
echo "Search for all import_ldif calls:"
rg -n "import_ldif" --type py -B 2 -A 2

echo "---"
echo "Check update_admin_ui path execution:"
sed -n '820,850p' flex-linux-setup/flex_linux_setup/flex_setup.py

Length of output: 6885

Webhook LDIF import is only on first install and skipped entirely during updates.

The webhook LDIF is only imported when client_check_result['2001.'] == -1 (line 491), meaning it only runs during fresh installation when the Admin UI Web Client doesn't exist.

Critical issues:

  1. Upgrade scenarios: The --update-admin-ui path (line 820) calls download_files(), install_config_api_plugin(), and unpack_gluu_admin_ui_archive() but never calls install_gluu_admin_ui(), which contains the webhook import. Webhook entries are completely skipped on updates.

  2. Re-running setup: If the client exists, the entire block (lines 491-519) is skipped, so webhook entries won't be imported if missing from an existing setup.

  3. Inconsistent with Docker bootstrap: The docker-admin-ui bootstrap imports webhook.ldif unconditionally as part of ldif_files, showing the intended behavior.

Fix: Either move webhook LDIF import outside the conditional block, or ensure it's also imported in the update path by calling install_gluu_admin_ui() or a separate webhook import method.

🤖 Prompt for AI Agents 
In flex-linux-setup/flex_linux_setup/flex_setup.py around lines 491-519 (and
reference line ~820), the webhook LDIF import is guarded by a check that only
runs on fresh installs so webhook entries are skipped during --update-admin-ui
and when re-running setup; fix by making the webhook import unconditional or
ensuring the update path invokes it: either move the
self.dbUtils.import_ldif([client_tmp_fn, self.admin_ui_web_hook_ldif_fn]) call
outside the client_exists conditional so it always runs, or add a dedicated
import step invoked from the --update-admin-ui flow (e.g., call
install_gluu_admin_ui() or a new import_webhook_ldif() from the update-admin-ui
branch after unpack_gluu_admin_ui_archive()) so webhook.ldif is always applied
on updates and re-runs.

Copy link
Contributor Author

@devrimyatar devrimyatar Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@coderabbitai Webhook LDIF should only be imported for fresh installations. Docker update is different than linux update

Copy link
Contributor

@coderabbitai coderabbitai bot Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@devrimyatar Thank you for the clarification! I understand now that the webhook LDIF import on fresh installations only is the intended design for Linux setup, and that Docker and Linux update processes have different requirements. The current implementation correctly reflects this behavior.

I appreciate you explaining the distinction between Docker and Linux update workflows—this helps ensure future reviews align with the project's design decisions.

✏️ Learnings added 
Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2440
File: flex-linux-setup/flex_linux_setup/flex_setup.py:519-519
Timestamp: 2025-11-11T15:17:34.639Z
Learning: In flex-linux-setup/flex_linux_setup/flex_setup.py, the webhook LDIF (aui_webhook.ldif) should only be imported during fresh Admin UI installations, not during updates. The import is correctly guarded by the check `client_check_result['2001.'] == -1` which ensures it only runs when the Admin UI Web Client doesn't already exist. Docker update workflows differ from Linux update workflows in this regard.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.


client_check_result = config_api_installer.check_clients([('admin_ui_web_client_id', '2002.')])
if client_check_result['2002.'] == -1:
Expand Down
Loading