test implicit flow

Tiltfile

@@ -29,6 +29,6 @@ helm_resource(
   )
 k8s_resource(workload=neo4j_workload_name,
   links=[
-      neo4j_workload_name + '.neo4j-dev.k8s.dev.linkurious.net',
+      neo4j_release_name + '.neo4j-dev.k8s.dev.linkurious.net',
   ]
 )

charts/neo4jv5-internal/Chart.yaml

@@ -21,10 +21,10 @@ version: 0.0.2
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "5.3.0"
+appVersion: "5.5.0"
 dependencies:
   - name: neo4j
-    version: 5.3.0
+    version: 5.5.0
     repository: https://helm.neo4j.com/neo4j
 maintainers:
   - name: enys

charts/neo4jv5-internal/values.yaml

@@ -21,16 +21,20 @@ neo4j:
     dbms.security.authentication_providers: oidc-azure,native
     dbms.security.authorization_providers: oidc-azure,native
     dbms.security.oidc.azure.display_name: Azure
-    dbms.security.oidc.azure.auth_flow: pkce
+    dbms.security.oidc.azure.auth_flow: implicit
     dbms.security.oidc.azure.well_known_discovery_uri: https://login.microsoftonline.com/9c0acfe4-4dba-44f4-b8ae-c39d9aa8d991/v2.0/.well-known/openid-configuration
-    dbms.security.oidc.azure.audience: 53d9ec2c-b8dd-4e1e-96a2-b9c484205353
-    dbms.security.oidc.azure.claims.username: email
+    dbms.security.oidc.azure.audience: 38968079-7d93-4e73-b264-63c90120daaa
+    dbms.security.oidc.azure.claims.username: upn
     dbms.security.oidc.azure.claims.groups: groups
-    dbms.security.oidc.azure.params: "client_id=53d9ec2c-b8dd-4e1e-96a2-b9c484205353;response_type=code;scope=openid profile email"
-    dbms.security.oidc.azure.config: "token_type_principal=id_token;token_type_authentication=id_token"
+    dbms.security.oidc.azure.params: "client_id=38968079-7d93-4e73-b264-63c90120daaa;response_type=token;scope=openid profile email GroupMember.Read.All"
+    dbms.security.oidc.azure.config: "principal=upn;token_type_principal=access_token;token_type_authentication=access_token"
+    dbms.security.oidc.azure.token_params: "client_secret=Wql8Q~yaYlkng7Qwi74HG675capP6dq.xSdLwaiQ"
     dbms.security.oidc.azure.authorization.group_to_role_mapping: |
       "86b0df6b-ec62-41f6-9250-d22e951755fa" = admin; \
+      "admins" = admin; \
       "1e27ad10-142d-4921-8408-055b422f32f5" = reader
+    dbms.security.oidc.azure.get_groups_from_user_info: "false"
+    dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled: "true"
     metrics.prometheus.enabled: 'true'
     server.metrics.prometheus.enabled: 'true'
     server.metrics.prometheus.endpoint: '0.0.0.0:2004'
@@ -91,6 +95,72 @@ neo4j:
     # - "-XX:HeapDumpPath=/logs/neo4j.hprof"
     # - "-XX:MaxMetaspaceSize=180m"
     # - "-XX:ReservedCodeCacheSize=40m"
+
+  logging:
+    serverLogsXml: |-
+      <?xml version="1.0" encoding="UTF-8"?>
+      <!-- Example JSON logging configuration -->
+      <Configuration status="ERROR" monitorInterval="30" packages="org.neo4j.logging.log4j">
+          <Appenders>
+              <!-- Default debug.log, please keep -->
+              <RollingRandomAccessFile name="DebugLog" fileName="${config:server.directories.logs}/debug.log"
+                                        filePattern="$${config:server.directories.logs}/debug.log.%02i">
+                  <JsonTemplateLayout eventTemplateUri="classpath:org/neo4j/logging/StructuredLayoutWithMessage.json"/>
+                  <Policies>
+                      <SizeBasedTriggeringPolicy size="20 MB"/>
+                  </Policies>
+                  <DefaultRolloverStrategy fileIndex="min" max="7"/>
+              </RollingRandomAccessFile>
+
+              <RollingRandomAccessFile name="HttpLog" fileName="${config:server.directories.logs}/http.log"
+                                        filePattern="$${config:server.directories.logs}/http.log.%02i">
+                  <JsonTemplateLayout eventTemplateUri="classpath:org/neo4j/logging/StructuredLayoutWithMessage.json"/>
+                  <Policies>
+                      <SizeBasedTriggeringPolicy size="20 MB"/>
+                  </Policies>
+                  <DefaultRolloverStrategy fileIndex="min" max="5"/>
+              </RollingRandomAccessFile>
+
+              <RollingRandomAccessFile name="QueryLog" fileName="${config:server.directories.logs}/query.log"
+                                        filePattern="$${config:server.directories.logs}/query.log.%02i">
+                  <JsonTemplateLayout eventTemplateUri="classpath:org/neo4j/logging/QueryLogJsonLayout.json"/>
+                  <Policies>
+                      <SizeBasedTriggeringPolicy size="20 MB"/>
+                  </Policies>
+                  <DefaultRolloverStrategy fileIndex="min" max="7"/>
+              </RollingRandomAccessFile>
+
+              <RollingRandomAccessFile name="SecurityLog" fileName="${config:server.directories.logs}/security.log"
+                                        filePattern="$${config:server.directories.logs}/security.log.%02i">
+                  <JsonTemplateLayout eventTemplateUri="classpath:org/neo4j/logging/StructuredLayoutWithMessage.json"/>
+                  <Policies>
+                      <SizeBasedTriggeringPolicy size="20 MB"/>
+                  </Policies>
+                  <DefaultRolloverStrategy fileIndex="min" max="7"/>
+              </RollingRandomAccessFile>
+          </Appenders>
+
+          <Loggers>
+              <!-- Log levels. One of DEBUG, INFO, WARN, ERROR or OFF -->
+
+              <!-- The debug log is used as the root logger to catch everything -->
+              <Root level="INFO">
+                  <AppenderRef ref="DebugLog"/> <!-- Keep this -->
+              </Root>
+              <!-- The query log, must be named "QueryLogger" -->
+              <Logger name="QueryLogger" level="INFO" additivity="false">
+                  <AppenderRef ref="QueryLog"/>
+              </Logger>
+              <!-- The http request log, must be named "HttpLogger" -->
+              <Logger name="HttpLogger" level="INFO" additivity="false">
+                  <AppenderRef ref="HttpLog"/>
+              </Logger>
+              <!-- The security log, must be named "SecurityLogger" -->
+              <Logger name="SecurityLogger" level="DEBUG" additivity="false">
+                  <AppenderRef ref="SecurityLog"/>
+              </Logger>
+          </Loggers>
+      </Configuration>
 
 ##### Top level lke chart
 nameOverride: "neo4j"