|
|
|
|
@ -392,13 +392,30 @@
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name" : "pyrest",
|
|
|
|
|
"taskReferenceName" : "authorize2",
|
|
|
|
|
"type" : "SIMPLE",
|
|
|
|
|
"inputParameters" : {
|
|
|
|
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
|
|
|
|
"method" : "POST",
|
|
|
|
|
"headers" : {
|
|
|
|
|
"Accept" : "application/json"
|
|
|
|
|
},
|
|
|
|
|
"body" : {
|
|
|
|
|
"client_id" : "orchestrator",
|
|
|
|
|
"client_secret" : "{{ keycloak_auth_master }}",
|
|
|
|
|
"grant_type" : "client_credentials"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name": "LAMBDA_TASK",
|
|
|
|
|
"taskReferenceName": "build_add_role_tasks",
|
|
|
|
|
"type": "LAMBDA",
|
|
|
|
|
"inputParameters": {
|
|
|
|
|
"roles" : "${get_rootvo_roles.output.body}",
|
|
|
|
|
"scriptExpression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k);return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
|
|
|
|
"scriptExpression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k);return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
@ -423,7 +440,7 @@
|
|
|
|
|
"type": "LAMBDA",
|
|
|
|
|
"inputParameters": {
|
|
|
|
|
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
|
|
|
|
|
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
|
|
|
|
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
@ -448,7 +465,7 @@
|
|
|
|
|
"type": "LAMBDA",
|
|
|
|
|
"inputParameters": {
|
|
|
|
|
"roles" : "${join_parallel_getting_back.output[*].body}",
|
|
|
|
|
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
|
|
|
|
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
@ -477,23 +494,6 @@
|
|
|
|
|
"scriptExpression": "return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')"
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name" : "pyrest",
|
|
|
|
|
"taskReferenceName" : "authorize2",
|
|
|
|
|
"type" : "SIMPLE",
|
|
|
|
|
"inputParameters" : {
|
|
|
|
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
|
|
|
|
"method" : "POST",
|
|
|
|
|
"headers" : {
|
|
|
|
|
"Accept" : "application/json"
|
|
|
|
|
},
|
|
|
|
|
"body" : {
|
|
|
|
|
"client_id" : "orchestrator",
|
|
|
|
|
"client_secret" : "{{ keycloak_auth_master }}",
|
|
|
|
|
"grant_type" : "client_credentials"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name" : "pyrest",
|
|
|
|
|
"taskReferenceName" : "finalize_permission",
|
|
|
|
|
|
