Overview: Not all applications and corresponding capabilities/set are shown when creating/editing authorization roles

Steps to reproduce:

1. Login to PoC Preview environment

2. Go to “Settings“ → “Authorization roles“

3. Click “Actions“ button in second pane → Select “New“ option

4. Click “Select application“ button

5. In appeared modal, select checkboxes for all shown applications

6. Press “F12“ key to open browser DevTools

7. Click “Save & close“ button in modal

8. In DevTools, on “Network“ tab, note “totalRecords“ values in responses from /capabilities, /capability-sets

9. In Postman or similar application, make following API calls:

   1. GET <kong base URL>/capabilities?limit=5000

   2. GET <kong base URL>/capability-sets?limit=2000

10. Note “totalRecords“ values in responses for requests made at the previous Step

Expected result: “totalRecords“ values are the same in DevTools and in Postman (because all applications were selected)

Actual result: “totalRecords“ values in DevTools are significantly less that the ones received in Postman. Upon reviewing the responses, it is clear that a lot of capabilities/sets are assigned to applications which are not shown in “Select application“ modal. For example, "app-platform-complete-0.0.2" application has capabilities/sets assigned to it but it is not shown in “Select application“ modal

Additional information:

See attached screencast

It appears that the underlying problem here is related to application upgrades…

• capability is created when app v1 is enabled,

• some time later, app v2 is enabled

• The capability already exists, and isn’t recreated. It’s still linked to app v1.

• When the UI asks for capabilities associated with app v2 these capabilities are missing

Approach:

• TBD and the BE devs will fill in details after triage.

Workaround:

• Write & execute a script to update the associated application Id in capabilities