From 78a761230608b2245636c1c718e136f7d60b67b8 Mon Sep 17 00:00:00 2001
From: "m.lettere" <marco.lettere@nubisware.com>
Date: Thu, 7 Oct 2021 14:02:16 +0200
Subject: [PATCH] handle secret and description as inputs

---
 templates/create_system_service.json.j2 | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/templates/create_system_service.json.j2 b/templates/create_system_service.json.j2
index 766fe47..863c869 100644
--- a/templates/create_system_service.json.j2
+++ b/templates/create_system_service.json.j2
@@ -5,7 +5,7 @@
 	"description": "Create a confidential client for software procedures that need to be members of each VO and VRE",
 	"version" : 1,
 	"ownerEmail" : "marco.lettere@nubisware.com",
-	"inputParameters" : ["client_id"],
+	"inputParameters" : ["client_id", "client_secret", "description"],
 	"tasks" : [
     	{
 			"name": "LAMBDA_TASK",
@@ -14,7 +14,10 @@
 			"inputParameters": {
 				  "keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
 				  "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
-				  "scriptExpression": "1 == 1"
+				  "id" : "${workflow.input.client_id}",
+				  "secret" : "${workflow.input.client_secret}",
+				  "description" : "${workflow.input.description}",
+				  "scriptExpression": "return { 'client' : { clientId : $.id, description : $.description ? $.description : $.id, 'secret' : $.secret ? $.secret : Java.type('java.util.UUID.randomUUID().toString()'), rootUrl : '', enabled : true, serviceAccountEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }"
 			}
 		},
 		{
@@ -40,19 +43,7 @@
 		    "type" : "SIMPLE",
 		    "inputParameters" : {
 			    "url" : "${init.input.keycloak_admin}/clients",
-			    "body" : { 
-				    "clientId": "${workflow.input.client_id}",
-				    "name": "${workflow.input.client_id}",
-				    "description": "${workflow.input.client_id}",
-					    "rootUrl": "",
-					    "enabled": true,
-					    "serviceAccountsEnabled": true,
-					    "standardFlowEnabled": true,
-					    "authorizationServicesEnabled": false,
-					    "publicClient": false,
-					    "fullScopeAllowed" : true,
-					    "protocol": "openid-connect"
-			    },
+			    "body" : "${init.output.result.client}",
 			    "method" : "POST",
 			    "headers" : {
 				    "Authorization" : "Bearer ${authorize.output.body.access_token}",