[patch] Fix support for facilities in initial user creation

tomklapiscak · tomklapiscak · commit 0f89be22d7a7 · 2025-12-16T15:00:36.000Z
diff --git a/src/mas/devops/users.py b/src/mas/devops/users.py
@@ -817,7 +817,7 @@ def create_initial_users_for_saas(self, initial_users):
         for primary_user in primary_users:
             self.logger.info("")
             try:
-                self.logger.info(f"Syncing primary user {primary_user['email']}")
+                self.logger.info(f"Syncing primary user with email {primary_user['email']}")
                 self.create_initial_user_for_saas(primary_user, "PRIMARY")
                 completed.append(primary_user)
                 self.logger.info(f"Completed sync of primary user {primary_user['email']}")
@@ -829,7 +829,7 @@ def create_initial_users_for_saas(self, initial_users):
             self.logger.info("")
             try:
                 self.logger.info("")
-                self.logger.info(f"Syncing secondary user {secondary_user['email']}")
+                self.logger.info(f"Syncing secondary user with email {secondary_user['email']}")
                 self.create_initial_user_for_saas(secondary_user, "SECONDARY")
                 completed.append(secondary_user)
                 self.logger.info(f"Completed sync of secondary user {secondary_user['email']}")
@@ -855,8 +855,13 @@ def create_initial_user_for_saas(self, user, user_type):
         user_given_name = user["given_name"]
         user_family_name = user["family_name"]
 
-        user_id = user_email
-        username = user_email
+        if "id" in user:
+            user_id = user["id"]
+        else:
+            # default to email if no id provided
+            user_id = user_email
+
+        username = user_id
         # display_name = re.search('^([^@]+)@', user_email).group(1) # local part of the email
         display_name = f"{user_given_name} {user_family_name}"
 
@@ -874,6 +879,7 @@ def create_initial_user_for_saas(self, user, user_type):
             }
             is_workspace_admin = True
             application_role = "ADMIN"
+            facilities_role = "PREMIUM"
             # TODO: check which security groups primary users should be members of
             manage_security_groups = ["MAXADMIN"]
         elif user_type == "SECONDARY":
@@ -889,6 +895,7 @@ def create_initial_user_for_saas(self, user, user_type):
             }
             is_workspace_admin = False
             application_role = "USER"
+            facilities_role = "BASE"
             # TODO: check which security groups secondary users should be members of
             manage_security_groups = []
         else:
@@ -906,6 +913,8 @@ def create_initial_user_for_saas(self, user, user_type):
                     "primary": True
                 }
             ],
+            "phoneNumbers": [],
+            "addresses": [],
             "displayName": display_name,
             "issuer": "local",
             "permissions": permissions,
@@ -923,6 +932,8 @@ def create_initial_user_for_saas(self, user, user_type):
             if mas_application_id == "manage":
                 # special case for manage; role is always "MANAGEUSER"
                 role = "MANAGEUSER"
+            if mas_application_id == "facilities":
+                role = facilities_role
             else:
                 # otherwise grant the user the appropriate role for their user_type
                 role = application_role
