From 8c5342cbfeee07c1ea0083df1ca26c976d97776e Mon Sep 17 00:00:00 2001 From: Jefferson Rodrigues Date: Sat, 23 May 2026 14:36:49 -0300 Subject: [PATCH] fix(plugin-access-manager): set Casdoor initDataNewOnly=true to preserve API state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Casdoor v2.206.0 defaults to initDataNewOnly=false, which causes the backend to DELETE+INSERT every entity present in init_data.json on every restart (applications, roles, groups, permissions, etc.). Any runtime modification performed via the Casdoor UI/API on a JSON-listed entity — including application↔permission associations, role/user bindings, and resource lists — is silently reset to the JSON state at that point. This was confirmed in production after a recent plugin-auth deploy: applications kept their identity but lost the permission associations that had been wired up via the Casdoor API. Source reference: casdoor/casdoor@v2.206.0 object/init_data.go:initDefinedApplication (and initDefinedPermission). With initDataNewOnly=true, existing entries are skipped — only new entries (entities in JSON but not in DB) are inserted, preserving everything an operator has touched via API/UI. Trade-offs: - ✅ API/UI-managed associations survive restarts - ✅ First-time installs (empty DB) still bootstrap from JSON correctly - ✅ Adding new entries to init_data.json still works on next restart - ⚠️ Updating an EXISTING entry's actions/resources via init_data.json becomes a no-op on environments that already have it. Updates must go through casdoor-migrations SQL scripts (the canonical path that init/casdoor-migrations/migrations/ already uses). Plan-to-rollout: - Merge to main → propagates via helmfile to dev/sandbox/stg/prd - Develop deploys to Firmino — QA validates that: 1. App↔permission associations persist after a Casdoor pod restart 2. New seed entries added via init_data.json still get created on fresh installs 3. No regression in user→role→group→app flow X-Lerian-Ref: 0x1 --- .../templates/auth-backend/configmap.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/plugin-access-manager/templates/auth-backend/configmap.yaml b/charts/plugin-access-manager/templates/auth-backend/configmap.yaml index 42793b60..da43385e 100644 --- a/charts/plugin-access-manager/templates/auth-backend/configmap.yaml +++ b/charts/plugin-access-manager/templates/auth-backend/configmap.yaml @@ -19,4 +19,5 @@ data: enableGzip: "true" quota: '{"organization": -1, "user": -1, "application": -1, "provider": -1}' logConfig: '{"filename": "logs/casdoor.log", "maxdays": 99999, "perm": "0770"}' - initDataFile: {{ .Values.auth.backend.initDataFile | default "./init_data.json" | quote }} \ No newline at end of file + initDataFile: {{ .Values.auth.backend.initDataFile | default "./init_data.json" | quote }} + initDataNewOnly: {{ .Values.auth.backend.initDataNewOnly | default "true" | quote }}