weaviate
diff --git a/‎.github/workflows/main.yaml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/main.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎ci/compose.sh
100644100755 b/‎ci/compose.sh
100644100755
diff --git a/‎ci/docker-compose-rbac.yml
Lines changed: 6 additions & 0 deletions b/‎ci/docker-compose-rbac.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/classifications/scheduler.ts
Lines changed: 1 addition & 1 deletion b/‎src/classifications/scheduler.ts
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/connection/http.ts
Lines changed: 36 additions & 38 deletions b/‎src/connection/http.ts
Lines changed: 36 additions & 38 deletions
diff --git a/‎src/openapi/schema.ts
Lines changed: 66 additions & 66 deletions b/‎src/openapi/schema.ts
Lines changed: 66 additions & 66 deletions
diff --git a/‎src/roles/util.ts
Lines changed: 14 additions & 6 deletions b/‎src/roles/util.ts
Lines changed: 14 additions & 6 deletions
@@ -18,7 +18,7 @@ env:
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
-  
+
 jobs:
   checks:
     runs-on: ubuntu-latest
@@ -139,4 +139,4 @@ jobs:
         uses: softprops/action-gh-release@v1
         with:
           generate_release_notes: true
-          draft: true
+          draft: true
@@ -28,4 +28,10 @@ services:
       AUTHORIZATION_RBAC_ENABLED: "true"
       AUTHORIZATION_ADMIN_USERS: "admin-user"
       AUTHORIZATION_VIEWER_USERS: "viewer-user"
+      AUTHENTICATION_DB_USERS_ENABLED: "true"
+      AUTHENTICATION_OIDC_ENABLED: "true"
+      AUTHENTICATION_OIDC_CLIENT_ID: "wcs"
+      AUTHENTICATION_OIDC_ISSUER: "https://auth.wcs.api.weaviate.io/auth/realms/SeMI"
+      AUTHENTICATION_OIDC_USERNAME_CLAIM: "email"
+      AUTHENTICATION_OIDC_GROUPS_CLAIM: "groups"
 ...
@@ -101,7 +101,7 @@ export default class ClassificationsScheduler extends CommandBase {
         reject(
           new Error(
             "classification didn't finish within configured timeout, " +
-            'set larger timeout with .withWaitTimeout(timeout)'
+              'set larger timeout with .withWaitTimeout(timeout)'
           )
         );
       }, this.waitTimeout);
 
@@ -115,9 +115,7 @@ export default class ConnectionREST {
 
   postReturn = <B, T>(path: string, payload: B): Promise<T> => {
     if (this.authEnabled) {
-      return this.login().then((token) =>
-        this.http.post<B, T>(path, payload, true, token) as T
-      );
+      return this.login().then((token) => this.http.post<B, T>(path, payload, true, token) as T);
     }
     return this.http.post<B, T>(path, payload, true, '') as Promise<T>;
   };
@@ -376,46 +374,46 @@ const makeUrl = (basePath: string) => (path: string) => basePath + path;
 
 const checkStatus =
   <T>(expectResponseBody: boolean) =>
-    (res: Response) => {
-      if (res.status >= 400) {
-        return res.text().then((errText: string) => {
-          let err: string;
-          try {
-            // in case of invalid json response (like empty string)
-            err = JSON.stringify(JSON.parse(errText));
-          } catch (e) {
-            err = errText;
-          }
-          if (res.status === 401) {
-            return Promise.reject(new WeaviateUnauthenticatedError(err));
-          } else if (res.status === 403) {
-            return Promise.reject(new WeaviateInsufficientPermissionsError(403, err));
-          } else {
-            return Promise.reject(new WeaviateUnexpectedStatusCodeError(res.status, err));
-          }
-        });
-      }
-      if (expectResponseBody) {
-        return res.json() as Promise<T>;
-      }
-      return Promise.resolve(undefined);
-    };
+  (res: Response) => {
+    if (res.status >= 400) {
+      return res.text().then((errText: string) => {
+        let err: string;
+        try {
+          // in case of invalid json response (like empty string)
+          err = JSON.stringify(JSON.parse(errText));
+        } catch (e) {
+          err = errText;
+        }
+        if (res.status === 401) {
+          return Promise.reject(new WeaviateUnauthenticatedError(err));
+        } else if (res.status === 403) {
+          return Promise.reject(new WeaviateInsufficientPermissionsError(403, err));
+        } else {
+          return Promise.reject(new WeaviateUnexpectedStatusCodeError(res.status, err));
+        }
+      });
+    }
+    if (expectResponseBody) {
+      return res.json() as Promise<T>;
+    }
+    return Promise.resolve(undefined);
+  };
 
 const handleHeadResponse =
   <T>(expectResponseBody: boolean) =>
-    (res: Response) => {
-      if (res.status == 200 || res.status == 204 || res.status == 404) {
-        return Promise.resolve(res.status == 200 || res.status == 204);
-      }
-      return checkStatus<T>(expectResponseBody)(res);
-    };
+  (res: Response) => {
+    if (res.status == 200 || res.status == 204 || res.status == 404) {
+      return Promise.resolve(res.status == 200 || res.status == 204);
+    }
+    return checkStatus<T>(expectResponseBody)(res);
+  };
 
 const getAuthHeaders = (config: InternalConnectionParams, bearerToken: string) =>
   bearerToken
     ? {
-      Authorization: `Bearer ${bearerToken}`,
-      'X-Weaviate-Cluster-Url': config.host,
-      //  keeping for backwards compatibility for older clusters for now. On newer clusters, Embedding Service reuses Authorization header.
-      'X-Weaviate-Api-Key': bearerToken,
-    }
+        Authorization: `Bearer ${bearerToken}`,
+        'X-Weaviate-Cluster-Url': config.host,
+        //  keeping for backwards compatibility for older clusters for now. On newer clusters, Embedding Service reuses Authorization header.
+        'X-Weaviate-Api-Key': bearerToken,
+      }
     : undefined;
@@ -386,30 +386,30 @@ export interface definitions {
      * @enum {string}
      */
     action:
-    | 'manage_backups'
-    | 'read_cluster'
-    | 'create_data'
-    | 'read_data'
-    | 'update_data'
-    | 'delete_data'
-    | 'read_nodes'
-    | 'create_roles'
-    | 'read_roles'
-    | 'update_roles'
-    | 'delete_roles'
-    | 'create_collections'
-    | 'read_collections'
-    | 'update_collections'
-    | 'delete_collections'
-    | 'assign_and_revoke_users'
-    | 'create_users'
-    | 'read_users'
-    | 'update_users'
-    | 'delete_users'
-    | 'create_tenants'
-    | 'read_tenants'
-    | 'update_tenants'
-    | 'delete_tenants';
+      | 'manage_backups'
+      | 'read_cluster'
+      | 'create_data'
+      | 'read_data'
+      | 'update_data'
+      | 'delete_data'
+      | 'read_nodes'
+      | 'create_roles'
+      | 'read_roles'
+      | 'update_roles'
+      | 'delete_roles'
+      | 'create_collections'
+      | 'read_collections'
+      | 'update_collections'
+      | 'delete_collections'
+      | 'assign_and_revoke_users'
+      | 'create_users'
+      | 'read_users'
+      | 'update_users'
+      | 'delete_users'
+      | 'create_tenants'
+      | 'read_tenants'
+      | 'update_tenants'
+      | 'delete_tenants';
   };
   /** @description list of roles */
   RolesListResponse: definitions['Role'][];
@@ -787,15 +787,15 @@ export interface definitions {
      * @enum {string}
      */
     tokenization?:
-    | 'word'
-    | 'lowercase'
-    | 'whitespace'
-    | 'field'
-    | 'trigram'
-    | 'gse'
-    | 'kagome_kr'
-    | 'kagome_ja'
-    | 'gse_ch';
+      | 'word'
+      | 'lowercase'
+      | 'whitespace'
+      | 'field'
+      | 'trigram'
+      | 'gse'
+      | 'kagome_kr'
+      | 'kagome_ja'
+      | 'gse_ch';
     /** @description The properties of the nested object(s). Applies to object and object[] data types. */
     nestedProperties?: definitions['NestedProperty'][];
   };
@@ -816,15 +816,15 @@ export interface definitions {
     indexRangeFilters?: boolean;
     /** @enum {string} */
     tokenization?:
-    | 'word'
-    | 'lowercase'
-    | 'whitespace'
-    | 'field'
-    | 'trigram'
-    | 'gse'
-    | 'kagome_kr'
-    | 'kagome_ja'
-    | 'gse_ch';
+      | 'word'
+      | 'lowercase'
+      | 'whitespace'
+      | 'field'
+      | 'trigram'
+      | 'gse'
+      | 'kagome_kr'
+      | 'kagome_ja'
+      | 'gse_ch';
     /** @description The properties of the nested object(s). Applies to object and object[] data types. */
     nestedProperties?: definitions['NestedProperty'][];
   };
@@ -1505,19 +1505,19 @@ export interface definitions {
      * @enum {string}
      */
     operator?:
-    | 'And'
-    | 'Or'
-    | 'Equal'
-    | 'Like'
-    | 'NotEqual'
-    | 'GreaterThan'
-    | 'GreaterThanEqual'
-    | 'LessThan'
-    | 'LessThanEqual'
-    | 'WithinGeoRange'
-    | 'IsNull'
-    | 'ContainsAny'
-    | 'ContainsAll';
+      | 'And'
+      | 'Or'
+      | 'Equal'
+      | 'Like'
+      | 'NotEqual'
+      | 'GreaterThan'
+      | 'GreaterThanEqual'
+      | 'LessThan'
+      | 'LessThanEqual'
+      | 'WithinGeoRange'
+      | 'IsNull'
+      | 'ContainsAny'
+      | 'ContainsAll';
     /**
      * @description path to the property currently being filtered
      * @example [
@@ -1618,16 +1618,16 @@ export interface definitions {
      * @enum {string}
      */
     activityStatus?:
-    | 'ACTIVE'
-    | 'INACTIVE'
-    | 'OFFLOADED'
-    | 'OFFLOADING'
-    | 'ONLOADING'
-    | 'HOT'
-    | 'COLD'
-    | 'FROZEN'
-    | 'FREEZING'
-    | 'UNFREEZING';
+      | 'ACTIVE'
+      | 'INACTIVE'
+      | 'OFFLOADED'
+      | 'OFFLOADING'
+      | 'ONLOADING'
+      | 'HOT'
+      | 'COLD'
+      | 'FROZEN'
+      | 'FREEZING'
+      | 'UNFREEZING';
   };
   /** @description attributes representing a single tenant response within weaviate */
   TenantResponse: definitions['Tenant'] & {
@@ -4187,4 +4187,4 @@ export interface operations {
   };
 }
 
-export interface external { }
+export interface external {}
@@ -1,4 +1,9 @@
-import { WeaviateDBUser, Permission as WeaviatePermission, Role as WeaviateRole, WeaviateUser } from '../openapi/types.js';
+import {
+  WeaviateDBUser,
+  Permission as WeaviatePermission,
+  Role as WeaviateRole,
+  WeaviateUser,
+} from '../openapi/types.js';
 import { User, UserDB } from '../users/types.js';
 import {
   BackupsAction,
@@ -136,19 +141,18 @@ export class Map {
   static user = (user: WeaviateUser): User => ({
     id: user.username,
     roles: user.roles?.map(Map.roleFromWeaviate),
-  })
+  });
   static dbUser = (user: WeaviateDBUser): UserDB => ({
     userType: user.dbUserType,
     id: user.userId,
     roleNames: user.roles,
     active: user.active,
-  })
+  });
   static dbUsers = (users: WeaviateDBUser[]): UserDB[] =>
     users.reduce((acc, user) => {
       acc.push(Map.dbUser(user));
       return acc;
-    }, [] as UserDB[])
-    ;
+    }, [] as UserDB[]);
 }
 
 class PermissionsMapping {
@@ -172,7 +176,11 @@ class PermissionsMapping {
   public static use = (role: WeaviateRole) => new PermissionsMapping(role);
 
   public map = (): Role => {
-    this.role.permissions.forEach(this.permissionFromWeaviate);
+    // If truncated roles are requested (?includeFullRoles=false),
+    // role.permissions are not present.
+    if (this.role.permissions !== null) {
+      this.role.permissions.forEach(this.permissionFromWeaviate);
+    }
     return {
       name: this.role.name,
       backupsPermissions: Object.values(this.mappings.backups),
Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ export default class ClassificationsScheduler extends CommandBase {`
`101`	`101`	`reject(`
`102`	`102`	`new Error(`
`103`	`103`	`"classification didn't finish within configured timeout, " +`
`104`		`- 'set larger timeout with .withWaitTimeout(timeout)'`
	`104`	`+ 'set larger timeout with .withWaitTimeout(timeout)'`
`105`	`105`	`)`
`106`	`106`	`);`
`107`	`107`	`}, this.waitTimeout);`