move to subworkflow
This commit is contained in:
parent
2fb8b37c7f
commit
7dce372bd4
|
@ -0,0 +1,102 @@
|
|||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "add_role_policy_permission",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "Atomically add a policy and a update client permission with new role",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["role"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "LAMBDA",
|
||||
"inputParameters": {
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"scriptExpression": "1 == 1"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_join",
|
||||
"taskReferenceName" : "prepare_policy_and_permission",
|
||||
"type" : "FORK_JOIN",
|
||||
"forkTasks" : [
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"type" : "SIMPLE",
|
||||
"taskReferenceName": "add_policy",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/policy/role",
|
||||
"method" :"POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type" : "application/json",
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"name":"${workflow.input.role.name}_policy",
|
||||
"description" : "Policy for having ${workflow.input.role.name} role",
|
||||
"type":"role",
|
||||
"logic" : "POSITIVE",
|
||||
"decisionStrategy" : "UNANIMOUS",
|
||||
"roles" : [{id:r.id,required:true}]
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"type" : "SIMPLE",
|
||||
"taskReferenceName": "retrieve_default_permission",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission?name=Default Permission",
|
||||
"method" :"GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"type" : "SIMPLE",
|
||||
"taskReferenceName": "retrieve_default_permission_policies",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body.id}",
|
||||
"method" :"GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_prepare_policy_and_permission"
|
||||
}
|
||||
]
|
||||
}
|
Loading…
Reference in New Issue