feat: adjust technical user creation check

Refs: #1240

src/marketplace/Services.Service/ServiceSettings.cs

@@ -169,10 +169,6 @@ public class ServiceSettings
     [DistinctValues("x => x.ClientId")]
     public IEnumerable<UserRoleConfig> DimUserRoles { get; set; } = null!;
 
-    [Required]
-    [DistinctValues("x => x.ClientId")]
-    public IEnumerable<UserRoleConfig> UserRolesAccessibleByProviderOnly { get; set; } = null!;
-
     [Required(AllowEmptyStrings = true)]
     public string DecentralIdentityManagementAuthUrl { get; set; } = null!;
 

src/portalbackend/PortalBackend.Migrations/Migrations/20250122083539_new_technicaluser_type_id.cs

@@ -1,5 +1,5 @@
-/********************************************************************************
- * Copyright (c) 2024 Contributors to the Eclipse Foundation
+/********************************************************************************
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.

src/portalbackend/PortalBackend.Migrations/Migrations/PortalDbContextModelSnapshot.cs

@@ -1,5 +1,5 @@
-/********************************************************************************
- * Copyright (c) 2024 Contributors to the Eclipse Foundation
+/********************************************************************************
+ * Copyright (c) 2023 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.

src/provisioning/Provisioning.Library/Service/TechnicalUserCreation.cs

@@ -63,21 +63,15 @@ public class TechnicalUserCreation(
         var userProviderRoles = _settings.UserRolesAccessibleByProviderOnly.SelectMany(x => x.UserRoleNames.Select(userRoleName => (x.ClientId, userRoleName)));
 
         var serviceAccounts = ImmutableList.CreateBuilder<CreatedServiceAccountData>();
-
+        var typeId = userRoleData.IntersectBy(userProviderRoles, providerData => (providerData.ClientClientId, providerData.UserRoleText)).Any() && technicalUserTypeId == TechnicalUserTypeId.MANAGED
+                ? TechnicalUserTypeId.PROVIDER_OWNED
+                : technicalUserTypeId;
         if (userRoleData.ExceptBy(dimConfigRoles, roleData => (roleData.ClientClientId, roleData.UserRoleText)).IfAny(
             async roleData =>
             {
                 var keycloakRoleData = roleData.ToImmutableList();
                 var (clientId, enhancedName, serviceAccountData) = await CreateKeycloakServiceAccount(bpns, enhanceTechnicalUserName, enabled, name, description, iamClientAuthMethod, keycloakRoleData).ConfigureAwait(ConfigureAwaitOptions.None);
-                var serviceAccountId = Guid.Empty;
-                if (!(userRoleData.IntersectBy(userProviderRoles, providerData => (providerData.ClientClientId, providerData.UserRoleText)).Any() && technicalUserTypeId == TechnicalUserTypeId.MANAGED))
-                {
-                    serviceAccountId = CreateDatabaseServiceAccount(companyId, UserStatusId.ACTIVE, technicalUserTypeId, TechnicalUserKindId.INTERNAL, name, clientId, description, keycloakRoleData, technicalUserRepository, userRolesRepository, setOptionalParameter);
-                }
-                else
-                {
-                    serviceAccountId = CreateDatabaseServiceAccount(companyId, UserStatusId.ACTIVE, TechnicalUserTypeId.PROVIDER_OWNED, TechnicalUserKindId.INTERNAL, name, clientId, description, keycloakRoleData, technicalUserRepository, userRolesRepository, setOptionalParameter);
-                }
+                var serviceAccountId = CreateDatabaseServiceAccount(companyId, UserStatusId.ACTIVE, typeId, TechnicalUserKindId.INTERNAL, name, clientId, description, keycloakRoleData, technicalUserRepository, userRolesRepository, setOptionalParameter);
                 serviceAccounts.Add(new CreatedServiceAccountData(
                     serviceAccountId,
                     enhancedName,
@@ -98,7 +92,7 @@ public class TechnicalUserCreation(
             {
                 var dimRoleData = roleData.ToImmutableList();
                 var dimSaName = $"dim-{name}";
-                var dimServiceAccountId = CreateDatabaseServiceAccount(companyId, UserStatusId.PENDING, technicalUserTypeId, TechnicalUserKindId.EXTERNAL, dimSaName, null, description, dimRoleData, technicalUserRepository, userRolesRepository, setOptionalParameter);
+                var dimServiceAccountId = CreateDatabaseServiceAccount(companyId, UserStatusId.PENDING, typeId, TechnicalUserKindId.EXTERNAL, dimSaName, null, description, dimRoleData, technicalUserRepository, userRolesRepository, setOptionalParameter);
                 var processStepRepository = portalRepositories.GetInstance<IProcessStepRepository>();
                 if (processData?.ProcessTypeId is not null)
                 {

tests/provisioning/Provisioning.Library.Tests/Extensions/TechnicalUserCreationTests.cs

@@ -279,7 +279,7 @@ public async Task CreateServiceAccountAsync_WithValidDimData_ReturnsExpected()
     }
 
     [Fact]
-    public async Task CreateServiceAccountAsync_WithValidProviderRolesData_ReturnsExpected()
+    public async Task CreateServiceAccountAsync_ContainsProviderRolesData_ReturnsExpected()
     {
         // Arrange
         var serviceAccounts = new List<TechnicalUser>();