multiple reinforced authorize for reducing expiration risks
This commit is contained in:
parent
be6a71b283
commit
5d6a17d2f5
|
|
@ -409,30 +409,13 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize3",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "build_add_role_tasks",
|
||||
"type": "LAMBDA",
|
||||
"inputParameters": {
|
||||
"roles" : "${get_rootvo_roles.output.body}",
|
||||
"scriptExpression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k);return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
"scriptExpression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k);return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -453,7 +436,7 @@
|
|||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize4",
|
||||
"taskReferenceName" : "authorize3",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
|
|
@ -474,7 +457,7 @@
|
|||
"type": "LAMBDA",
|
||||
"inputParameters": {
|
||||
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
|
||||
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -495,7 +478,7 @@
|
|||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize5",
|
||||
"taskReferenceName" : "authorize4",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
|
|
@ -516,7 +499,7 @@
|
|||
"type": "LAMBDA",
|
||||
"inputParameters": {
|
||||
"roles" : "${join_parallel_getting_back.output[*].body}",
|
||||
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize5.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
@ -547,7 +530,7 @@
|
|||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize6",
|
||||
"taskReferenceName" : "authorize5",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
|
|
@ -578,7 +561,7 @@
|
|||
},
|
||||
"method" : "PUT",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize6.output.body.access_token}",
|
||||
"Authorization" : "Bearer ${authorize5.output.body.access_token}",
|
||||
"Content-Type" : "application/json"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue