Revert "docs(admin): remove readonly role references"

This reverts commit 763ccf031e.
1 week ago · 53300a1ffe
2 changed files with 8 additions and 3 deletions
--- a/weed/admin/README.md
+++ b/weed/admin/README.md
@ -172,7 +172,7 @@ redirect_url = "https://admin.example.com/login/oidc/callback"
 scopes = ["openid", "profile", "email"]

 [admin.oidc.role_mapping]
-default_role = "admin"
+default_role = "readonly"

 [[admin.oidc.role_mapping.rules]]
 claim = "groups"
@ -180,7 +180,7 @@ value = "seaweedfs-admin"
 role = "admin"
 ```

-Role mapping must resolve to `admin`.
+Role mapping must resolve to either `admin` or `readonly`.
 OIDC sessions are capped to the ID token expiration time.

 ### Docker Usage
--- a/weed/command/scaffold/security.toml
+++ b/weed/command/scaffold/security.toml
@ -180,13 +180,18 @@ tls_ca_cert = ""                  # optional absolute path for custom CA bundle
 tls_insecure_skip_verify = false  # testing only; do not use in production

 [admin.oidc.role_mapping]
-default_role = "admin"
+default_role = "readonly"

 [[admin.oidc.role_mapping.rules]]
 claim = "groups"
 value = "seaweedfs-admin"
 role = "admin"

+[[admin.oidc.role_mapping.rules]]
+claim = "groups"
+value = "seaweedfs-readonly"
+role = "readonly"
+
 # white list. It's checking request ip address.
 [guard]
 white_list = ""