ansible-role-conductor-work.../templates/add_role_policy_permission....

136 lines
4.7 KiB
Plaintext
Raw Normal View History

2021-03-24 12:03:39 +01:00
{
"ownerApp" : "Orchestrator",
"name" : "add_role_policy_permission",
"createBy" : "Marco Lettere",
"description": "Atomically add a policy and a update client permission with new role",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["role"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1 == 1"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "prepare_policy_and_permission",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "add_policy",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/policy/role",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
},
2021-03-24 12:58:07 +01:00
"expect" : [201, 409],
2021-03-24 12:03:39 +01:00
"body" : {
"name":"${workflow.input.role.name}_policy",
"description" : "Policy for having ${workflow.input.role.name} role",
"type":"role",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
2021-03-24 12:06:00 +01:00
"roles" : [{ "id" : "${workflow.input.role.id}", "required" : true}]
2021-03-24 12:03:39 +01:00
}
}
2021-03-24 13:26:59 +01:00
}
2021-03-24 12:03:39 +01:00
],
[
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_default_permission",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission?name=Default Permission",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_default_permission_policies",
"inputParameters" : {
2021-03-24 12:39:56 +01:00
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body[0].id}/associatedPolicies",
2021-03-24 12:03:39 +01:00
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
2021-03-24 12:34:52 +01:00
"taskReferenceName" : "join_prepare_policy_and_permission",
2021-03-24 13:26:59 +01:00
"joinOn" : ["retrieve_default_permission_policies","add_policy"]
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "to_policy_array",
"type": "LAMBDA",
"inputParameters": {
"newpolicy": "${add_policy.output.body}",
2021-03-24 13:28:24 +01:00
"prevpolicies" : "${retrieve_default_permission_policies.output.body}",
2021-03-24 13:33:52 +01:00
"scriptExpression": "return Java.to(Java.from($.prevpolicies).concat($.newpolicy),'java.util.Map[]')"
2021-03-24 13:26:59 +01:00
}
2021-03-24 12:34:52 +01:00
},
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",
"type" : "SIMPLE",
"inputParameters" : {
2021-03-24 13:04:00 +01:00
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body[0].id}",
2021-03-24 12:34:52 +01:00
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
2021-03-24 13:38:48 +01:00
"policies" : "${to_policy_array.output.result[*].id}"
2021-03-24 12:34:52 +01:00
}
}
}
2021-03-24 12:03:39 +01:00
]
}