From 7dce372bd44a28eafb7b65a32ec4942f2bec5bad Mon Sep 17 00:00:00 2001 From: dcore94 Date: Wed, 24 Mar 2021 12:03:39 +0100 Subject: [PATCH] move to subworkflow --- templates/add_role_policy_permission.json.j2 | 102 +++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 templates/add_role_policy_permission.json.j2 diff --git a/templates/add_role_policy_permission.json.j2 b/templates/add_role_policy_permission.json.j2 new file mode 100644 index 0000000..dca6472 --- /dev/null +++ b/templates/add_role_policy_permission.json.j2 @@ -0,0 +1,102 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "add_role_policy_permission", + "createBy" : "Marco Lettere", + "description": "Atomically add a policy and a update client permission with new role", + "version" : 1, + "ownerEmail" : "marco.lettere@nubisware.com", + "inputParameters" : ["role"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", + "scriptExpression": "1 == 1" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "{{ keycloak }}/master/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "{{ keycloak_auth_master }}", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "fork_join", + "taskReferenceName" : "prepare_policy_and_permission", + "type" : "FORK_JOIN", + "forkTasks" : [ + [ + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "add_policy", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/policy/role", + "method" :"POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json", + "Accept" : "application/json" + }, + "body" : { + "name":"${workflow.input.role.name}_policy", + "description" : "Policy for having ${workflow.input.role.name} role", + "type":"role", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "roles" : [{id:r.id,required:true}] + } + } + } + ], + [ + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "retrieve_default_permission", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission?name=Default Permission", + "method" :"GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "retrieve_default_permission_policies", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body.id}", + "method" :"GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + } + ] + ] + }, + { + "name" : "join", + "type" : "JOIN", + "taskReferenceName" : "join_prepare_policy_and_permission" + } + ] +}