[BUG] - Keycloak not showing scopes for some default roles

[marcelovilla]

Describe the bug

When navigating to different Keycloak roles, I don't see a list of their scopes on some of the. For example, here are the attributes for the conda_store_developer role in the conda_store client, not showing any of the scopes it includes:

On the other hand, here are the attributes for the allow-read-access-to-services role in the jupyterhub client, showing the scopes it includes:

Expected behavior

I'd like to see all scopes that are included by default for any given role that was created when deploying Nebari

OS and architecture in which you are running Nebari

Not relevant

How to Reproduce the problem?

See bug description

Command output

No response

Versions and dependencies used.

No response

Compute environment

None

Integrations

No response

Anything else?

No response

[kcpevey]

For conda-store in particular, I came across this last week when I was trying to modify conda-store permissions for a user (copied from internal communication):

Me:
there is some magic happening behind the scenes somewhere that I cant see. Somehow users get "read" access to the environments in their namespace (aka conda store "developer" scope) by default. I can't tell where that's coming from. It seems like that might be the appropriate setting to modify instead of creating an all new role.

Vini:
that might be coming from here https://github.com/nebari-dev/nebari/blob/develop/src/_nebari/stages/kubernetes_se[…]es/kubernetes/services/conda-store/config/conda_store_config.py its where the main parsing happens for the roles/groups coming from keycloak to conda-store