From 987587aaf8683bc39e375e4a11e0eb73050207da Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 26 Jul 2023 16:37:55 -0400
Subject: [PATCH] Allow custom auth file to define valid roles

---
 confluent_server/confluent/auth.py                 | 3 +++
 confluent_server/confluent/config/configmanager.py | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/confluent_server/confluent/auth.py b/confluent_server/confluent/auth.py
index 5459a212..fd07a133 100644
--- a/confluent_server/confluent/auth.py
+++ b/confluent_server/confluent/auth.py
@@ -125,6 +125,9 @@ def add_roles(_allowed,_denied):
         loaded_file = yaml.safe_load(stream)
         try:
             allowed_loaded = loaded_file["allowedbyrole"]
+            for role in allowed_loaded:
+                if role not in configmanager._validroles:
+                    configmanager._validroles.append(role)
         except:
             pass
         try:
diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py
index 5282f7d9..5a392edd 100644
--- a/confluent_server/confluent/config/configmanager.py
+++ b/confluent_server/confluent/config/configmanager.py
@@ -127,7 +127,7 @@ _attraliases = {
     'bmcpass': 'secret.hardwaremanagementpassword',
     'switchpass': 'secret.hardwaremanagementpassword',
 }
-_validroles = ('Administrator', 'Operator', 'Monitor', 'Stub')
+_validroles = ['Administrator', 'Operator', 'Monitor', 'Stub']
 
 membership_callback = None