diff --git a/templates/group_created.json.j2 b/templates/group_created.json.j2 index ec41f94..2ced2b2 100644 --- a/templates/group_created.json.j2 +++ b/templates/group_created.json.j2 @@ -331,124 +331,441 @@ } } ], - [{ - "name" : "pyrest", - "taskReferenceName" : "create_role_catalogueadmin", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${create_client.output.headers.location}/roles", - "body" : { - "clientRole" : true, "name" : "Catalogue-Admin", "description" : "Catalogue-Admin for ${init.output.result.name}" - }, - "method" : "POST", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Content-Type" : "application/json" - } - } - }], - [{ - "name" : "pyrest", - "taskReferenceName" : "create_role_catalogueeditor", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${create_client.output.headers.location}/roles", - "body" : { - "clientRole" : true, "name" : "Catalogue-Editor", "description" : "Catalogue-Editor for ${init.output.result.name}" - }, - "method" : "POST", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Content-Type" : "application/json" - } - } - }], - [{ - "name" : "pyrest", - "taskReferenceName" : "create_role_datamanager", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${create_client.output.headers.location}/roles", - "body" : { - "clientRole" : true, "name" : "Data-Manager", "description" : "Data-Manager for ${init.output.result.name}" - }, - "method" : "POST", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Content-Type" : "application/json" - } - } - }], - [{ - "name" : "pyrest", - "taskReferenceName" : "create_role_dataminermanager", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${create_client.output.headers.location}/roles", - "body" : { - "clientRole" : true, "name" : "Dataminer-Manager", "description" : "Dataminer-Manager for ${init.output.result.name}" - }, - "method" : "POST", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Content-Type" : "application/json" - } - } - }], - [{ - "name" : "pyrest", - "taskReferenceName" : "create_role_voadmin", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${create_client.output.headers.location}/roles", - "body" : { - "clientRole" : true, "name" : "VO-Admin", "description" : "VO-Admin for ${init.output.result.name}" - }, - "method" : "POST", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Content-Type" : "application/json" - } - } - }], - [{ - "name" : "pyrest", - "taskReferenceName" : "create_role_vredesigner", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${create_client.output.headers.location}/roles", - "body" : { - "clientRole" : true, "name" : "VRE-Designer", "description" : "VRE-Designer for ${init.output.result.name}" - }, - "method" : "POST", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Content-Type" : "application/json" - } - } - }], - [{ - "name" : "pyrest", - "taskReferenceName" : "create_role_vremanager", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${create_client.output.headers.location}/roles", - "body" : { - "clientRole" : true, "name" : "VRE-Manager", "description" : "VRE-Manager for ${init.output.result.name}" - }, - "method" : "POST", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Content-Type" : "application/json" - } - } - }] + [ + { + "name" : "pyrest", + "taskReferenceName" : "create_role_catalogueadmin", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_client.output.headers.location}/roles", + "body" : { + "clientRole" : true, "name" : "Catalogue-Admin", "description" : "Catalogue-Admin for ${init.output.result.name}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_back_role_catalogueadmin", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_role_catalogueadmin.output.headers.location}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_role_policy_catalogueadmin", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role", + "body" : { + "name": "Catalogue-Admin_policy", + "description": "", + "type" : "role", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "roles" : [ + { + "id" : "${get_back_role_catalogueadmin.output.body.id}", + "required" : true + } + ] + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "create_role_catalogueeditor", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_client.output.headers.location}/roles", + "body" : { + "clientRole" : true, "name" : "Catalogue-Editor", "description" : "Catalogue-Editor for ${init.output.result.name}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_back_role_catalogueeditor", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_role_catalogueeditor.output.headers.location}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_role_policy_catalogueeditor", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role", + "body" : { + "name": "Catalogue-Editor_policy", + "description": "", + "type" : "role", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "roles" : [ + { + "id" : "${get_back_role_catalogueeditor.output.body.id}", + "required" : true + } + ] + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "create_role_datamanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_client.output.headers.location}/roles", + "body" : { + "clientRole" : true, "name" : "Data-Manager", "description" : "Data-Manager for ${init.output.result.name}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_back_role_datamanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_role_datamanager.output.headers.location}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_role_policy_datamanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role", + "body" : { + "name": "Data-Manager_policy", + "description": "", + "type" : "role", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "roles" : [ + { + "id" : "${get_back_role_datamanager.output.body.id}", + "required" : true + } + ] + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "create_role_dataminermanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_client.output.headers.location}/roles", + "body" : { + "clientRole" : true, "name" : "Dataminer-Manager", "description" : "Dataminer-Manager for ${init.output.result.name}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_back_role_dataminermanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_role_dataminermanager.output.headers.location}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_role_policy_dataminermanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role", + "body" : { + "name": "DataMiner-Manager_policy", + "description": "", + "type" : "role", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "roles" : [ + { + "id" : "${get_back_role_dataminermanager.output.body.id}", + "required" : true + } + ] + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "create_role_voadmin", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_client.output.headers.location}/roles", + "body" : { + "clientRole" : true, "name" : "VO-Admin", "description" : "VO-Admin for ${init.output.result.name}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_back_role_voadmin", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_role_voadmin.output.headers.location}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_role_policy_voadmin", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role", + "body" : { + "name": "VO-Admin_policy", + "description": "", + "type" : "role", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "roles" : [ + { + "id" : "${get_back_role_voadmin.output.body.id}", + "required" : true + } + ] + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "create_role_vredesigner", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_client.output.headers.location}/roles", + "body" : { + "clientRole" : true, "name" : "VRE-Designer", "description" : "VRE-Designer for ${init.output.result.name}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_back_role_vredesigner", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_role_vredesigner.output.headers.location}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_role_policy_vredesigner", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role", + "body" : { + "name": "VRE-Designer_policy", + "description": "", + "type" : "role", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "roles" : [ + { + "id" : "${get_back_role_vredesigner.output.body.id}", + "required" : true + } + ] + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "create_role_vremanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_client.output.headers.location}/roles", + "body" : { + "clientRole" : true, "name" : "VRE-Manager", "description" : "VRE-Manager for ${init.output.result.name}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_back_role_vremanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_role_vremanager.output.headers.location}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_role_policy_vremanager", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role", + "body" : { + "name": "VRE-Manager_policy", + "description": "", + "type" : "role", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "roles" : [ + { + "id" : "${get_back_role_vremanager.output.body.id}", + "required" : true + } + ] + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } + ] ] }, { "name" : "join", "taskReferenceName" : "join_role_creation", "type" : "JOIN" - } + }, + { + "name" : "pyrest", + "taskReferenceName" : "finalize_permission", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource", + "body" : { + "name": "Default Permission", + "description": "", + "type" : "resource", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", + "policies" : [ + "${create_role_policy_accountingmanager.output.body.id}", + "${create_role_policy_catalogueadmin.output.body.id}", + "${create_role_policy_catalogueeditor.output.body.id}", + "${create_role_policy_datamanager.output.body.id}", + "${create_role_policy_dataminermanager.output.body.id}", + "${create_role_policy_voadmin.output.body.id}", + "${create_role_policy_vredesigner.output.body.id}", + "${create_role_policy_vremanager.output.body.id}" + ] + }, + "method" : "PUT", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } ] }