Skip to content

feat: remove pas.plugins.imio and clean authentic plugin#28

Merged
bsuttor merged 3 commits into
mainfrom
KEYC-77_remove-ppimio
Jun 16, 2026
Merged

feat: remove pas.plugins.imio and clean authentic plugin#28
bsuttor merged 3 commits into
mainfrom
KEYC-77_remove-ppimio

Conversation

@remdub

@remdub remdub commented Jun 16, 2026

Copy link
Copy Markdown
Member

KEYC-77

Summary by CodeRabbit

  • Bug Fixes

    • Fixed persistent 403 Forbidden token-authentication failures caused by incorrect JWKS client caching across realms.
    • Added per-realm JWKS fetch backoff to prevent retry storms during key retrieval failures.
  • New Features

    • Updated SSO user synchronization to import only users from municipality groups (configurable via SSO_APPS_MUNICIPALITY_GROUPS / control panel); when unset, behavior remains unrestricted.
    • Removed deprecated pas.plugins.imio and the “authentic” authentication plugin during upgrade.
  • Tests / Documentation

    • Updated release notes and the expected default profile version in tests.

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d5b03809-1cd3-4d3e-bd4f-f9f23186b0ba

📥 Commits

Reviewing files that changed from the base of the PR and between 61f096f and 5604596.

📒 Files selected for processing (1)
  • src/pas/plugins/kimug/utils.py

📝 Walkthrough

Walkthrough

Adds a GenericSetup upgrade step (profile version 1005→1006) that removes pas.plugins.imio and the authentic plugin from acl_users. Enhances remove_authentic_plugin() to conditionally verify the uninstall profile exists before running import steps. Cleans up commented-out dead code in the setup handler and realigns the keycloak_realm env lookup. Updates the changelog for the 1.7.0 release.

Changes

Plugin Removal Upgrade Step

Layer / File(s) Summary
Upgrade step implementation and ZCML wiring
src/pas/plugins/kimug/upgrades/__init__.py, src/pas/plugins/kimug/utils.py, src/pas/plugins/kimug/upgrades/configure.zcml, src/pas/plugins/kimug/profiles/default/metadata.xml, src/pas/plugins/kimug/setuphandlers/__init__.py, tests/setup/test_setup_install.py
Adds remove_pas_plugins_imio(context) function importing and delegating to remove_authentic_plugin(); updates remove_authentic_plugin() to conditionally check portal_setup.profileExists() before running uninstall profile import steps, logging when unavailable; registers it as a genericsetup:upgradeStep from 1005 to 1006; bumps profile metadata version to 1006; removes commented-out remove_authentic_plugin import and call from setuphandlers while realigning keycloak_realm env lookup inside the varenvs_exist() guard; updates test assertion to expect version 1006.
Changelog and news file
CHANGES.md, news/municipality-groups.feature.md
Adds a 1.7.0 (unreleased) section documenting the plugin removal, municipality-groups sync restriction, and JWKS caching bug fixes; removes the consumed news fragment.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐇 Hop hop, the authentic plugin's gone,
No more imio to carry on!
The upgrade step bumps version high,
From 1005 to 1006 we fly.
Clean code, no comments left behind —
A tidy warren, what a find! 🌿

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title 'feat: remove pas.plugins.imio and clean authentic plugin' accurately summarizes the main changes: removal of pas.plugins.imio and cleanup of the authentic plugin, which are the primary objectives of this changeset.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch KEYC-77_remove-ppimio

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/pas/plugins/kimug/upgrades/__init__.py`:
- Around line 48-50: The `remove_pas_plugins_imio()` function unconditionally
calls `remove_authentic_plugin()`, which attempts to run the uninstall profile
for `pas.plugins.imio`. Since this package is not in `install_requires`, the
profile will not be available and the upgrade will fail. Guard the call to
`remove_authentic_plugin()` by checking whether `pas.plugins.imio` is actually
installed before attempting to remove it, or wrap the call in a try-except block
to gracefully handle the case where the package is not available.

In `@src/pas/plugins/kimug/upgrades/configure.zcml`:
- Around line 60-66: The upgrade step handler ".remove_pas_plugins_imio" defined
in the upgrades configure.zcml is not registered because the upgrades package
itself is not included in the main configure.zcml file. Navigate to the main
configure.zcml in the root pas.plugins.kimug package and add an include
directive for the upgrades package, placing it alongside the existing include
statements for browser, controlpanel, indexers, subscribers, and vocabularies.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2b1e2e4e-918b-40fc-a2cb-232fd94f2dd8

📥 Commits

Reviewing files that changed from the base of the PR and between fe823c5 and 483f707.

📒 Files selected for processing (6)
  • CHANGES.md
  • news/municipality-groups.feature.md
  • src/pas/plugins/kimug/profiles/default/metadata.xml
  • src/pas/plugins/kimug/setuphandlers/__init__.py
  • src/pas/plugins/kimug/upgrades/__init__.py
  • src/pas/plugins/kimug/upgrades/configure.zcml
💤 Files with no reviewable changes (2)
  • news/municipality-groups.feature.md
  • src/pas/plugins/kimug/setuphandlers/init.py

Comment thread src/pas/plugins/kimug/upgrades/__init__.py
Comment thread src/pas/plugins/kimug/upgrades/configure.zcml
@remdub remdub requested a review from bsuttor June 16, 2026 08:43

@bsuttor bsuttor left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bsuttor bsuttor merged commit c0c334d into main Jun 16, 2026
8 checks passed
@remdub remdub deleted the KEYC-77_remove-ppimio branch June 30, 2026 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants