gCubeSystem
/
ansible-role-conductor-workflows-user-management
17
0
Fork 0
Code Issues Pull Requests Releases 5 Wiki Activity

finalization of new permission with policies

This commit is contained in:
dcore94 2021-03-03 20:09:01 +01:00
parent 0bcbba23c7
commit b99719a63d
1 changed files with 430 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

543
templates/group_created.json.j2
View File

@ -331,124 +331,441 @@
} }
} }
], ],
[{ [
"name" : "pyrest", {
"taskReferenceName" : "create_role_catalogueadmin", "name" : "pyrest",
"type" : "SIMPLE", "taskReferenceName" : "create_role_catalogueadmin",
"inputParameters" : { "type" : "SIMPLE",
"url" : "${create_client.output.headers.location}/roles", "inputParameters" : {
"body" : { "url" : "${create_client.output.headers.location}/roles",
"clientRole" : true, "name" : "Catalogue-Admin", "description" : "Catalogue-Admin for ${init.output.result.name}" "body" : {
}, "clientRole" : true, "name" : "Catalogue-Admin", "description" : "Catalogue-Admin for ${init.output.result.name}"
"method" : "POST", },
"headers" : { "method" : "POST",
"Authorization" : "Bearer ${authorize.output.body.access_token}", "headers" : {
"Content-Type" : "application/json" "Authorization" : "Bearer ${authorize.output.body.access_token}",
} "Content-Type" : "application/json"
} }
}], }
[{ },
"name" : "pyrest", {
"taskReferenceName" : "create_role_catalogueeditor", "name" : "pyrest",
"type" : "SIMPLE", "taskReferenceName" : "get_back_role_catalogueadmin",
"inputParameters" : { "type" : "SIMPLE",
"url" : "${create_client.output.headers.location}/roles", "inputParameters" : {
"body" : { "url" : "${create_role_catalogueadmin.output.headers.location}",
"clientRole" : true, "name" : "Catalogue-Editor", "description" : "Catalogue-Editor for ${init.output.result.name}" "method" : "GET",
}, "headers" : {
"method" : "POST", "Authorization" : "Bearer ${authorize.output.body.access_token}",
"headers" : { "Accept" : "application/json"
"Authorization" : "Bearer ${authorize.output.body.access_token}", }
"Content-Type" : "application/json" }
} },
} {
}], "name" : "pyrest",
[{ "taskReferenceName" : "create_role_policy_catalogueadmin",
"name" : "pyrest", "type" : "SIMPLE",
"taskReferenceName" : "create_role_datamanager", "inputParameters" : {
"type" : "SIMPLE", "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"inputParameters" : { "body" : {
"url" : "${create_client.output.headers.location}/roles", "name": "Catalogue-Admin_policy",
"body" : { "description": "",
"clientRole" : true, "name" : "Data-Manager", "description" : "Data-Manager for ${init.output.result.name}" "type" : "role",
}, "logic": "POSITIVE",
"method" : "POST", "decisionStrategy": "UNANIMOUS",
"headers" : { "roles" : [
"Authorization" : "Bearer ${authorize.output.body.access_token}", {
"Content-Type" : "application/json" "id" : "${get_back_role_catalogueadmin.output.body.id}",
} "required" : true
} }
}], ]
[{ },
"name" : "pyrest", "method" : "POST",
"taskReferenceName" : "create_role_dataminermanager", "headers" : {
"type" : "SIMPLE", "Authorization" : "Bearer ${authorize.output.body.access_token}",
"inputParameters" : { "Content-Type" : "application/json"
"url" : "${create_client.output.headers.location}/roles", }
"body" : { }
"clientRole" : true, "name" : "Dataminer-Manager", "description" : "Dataminer-Manager for ${init.output.result.name}" }
}, ],
"method" : "POST", [
"headers" : { {
"Authorization" : "Bearer ${authorize.output.body.access_token}", "name" : "pyrest",
"Content-Type" : "application/json" "taskReferenceName" : "create_role_catalogueeditor",
} "type" : "SIMPLE",
} "inputParameters" : {
}], "url" : "${create_client.output.headers.location}/roles",
[{ "body" : {
"name" : "pyrest", "clientRole" : true, "name" : "Catalogue-Editor", "description" : "Catalogue-Editor for ${init.output.result.name}"
"taskReferenceName" : "create_role_voadmin", },
"type" : "SIMPLE", "method" : "POST",
"inputParameters" : { "headers" : {
"url" : "${create_client.output.headers.location}/roles", "Authorization" : "Bearer ${authorize.output.body.access_token}",
"body" : { "Content-Type" : "application/json"
"clientRole" : true, "name" : "VO-Admin", "description" : "VO-Admin for ${init.output.result.name}" }
}, }
"method" : "POST", },
"headers" : { {
"Authorization" : "Bearer ${authorize.output.body.access_token}", "name" : "pyrest",
"Content-Type" : "application/json" "taskReferenceName" : "get_back_role_catalogueeditor",
} "type" : "SIMPLE",
} "inputParameters" : {
}], "url" : "${create_role_catalogueeditor.output.headers.location}",
[{ "method" : "GET",
"name" : "pyrest", "headers" : {
"taskReferenceName" : "create_role_vredesigner", "Authorization" : "Bearer ${authorize.output.body.access_token}",
"type" : "SIMPLE", "Accept" : "application/json"
"inputParameters" : { }
"url" : "${create_client.output.headers.location}/roles", }
"body" : { },
"clientRole" : true, "name" : "VRE-Designer", "description" : "VRE-Designer for ${init.output.result.name}" {
}, "name" : "pyrest",
"method" : "POST", "taskReferenceName" : "create_role_policy_catalogueeditor",
"headers" : { "type" : "SIMPLE",
"Authorization" : "Bearer ${authorize.output.body.access_token}", "inputParameters" : {
"Content-Type" : "application/json" "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
} "body" : {
} "name": "Catalogue-Editor_policy",
}], "description": "",
[{ "type" : "role",
"name" : "pyrest", "logic": "POSITIVE",
"taskReferenceName" : "create_role_vremanager", "decisionStrategy": "UNANIMOUS",
"type" : "SIMPLE", "roles" : [
"inputParameters" : { {
"url" : "${create_client.output.headers.location}/roles", "id" : "${get_back_role_catalogueeditor.output.body.id}",
"body" : { "required" : true
"clientRole" : true, "name" : "VRE-Manager", "description" : "VRE-Manager for ${init.output.result.name}" }
}, ]
"method" : "POST", },
"headers" : { "method" : "POST",
"Authorization" : "Bearer ${authorize.output.body.access_token}", "headers" : {
"Content-Type" : "application/json" "Authorization" : "Bearer ${authorize.output.body.access_token}",
} "Content-Type" : "application/json"
} }
}] }
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "create_role_datamanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "Data-Manager", "description" : "Data-Manager for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_datamanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_datamanager.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_datamanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "Data-Manager_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_datamanager.output.body.id}",
"required" : true
}
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "create_role_dataminermanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "Dataminer-Manager", "description" : "Dataminer-Manager for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_dataminermanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_dataminermanager.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_dataminermanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "DataMiner-Manager_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_dataminermanager.output.body.id}",
"required" : true
}
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "create_role_voadmin",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "VO-Admin", "description" : "VO-Admin for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_voadmin",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_voadmin.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_voadmin",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "VO-Admin_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_voadmin.output.body.id}",
"required" : true
}
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "create_role_vredesigner",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "VRE-Designer", "description" : "VRE-Designer for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_vredesigner",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_vredesigner.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_vredesigner",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "VRE-Designer_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_vredesigner.output.body.id}",
"required" : true
}
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "create_role_vremanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "VRE-Manager", "description" : "VRE-Manager for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_vremanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_vremanager.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_vremanager",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "VRE-Manager_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_vremanager.output.body.id}",
"required" : true
}
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
]
] ]
}, },
{ {
"name" : "join", "name" : "join",
"taskReferenceName" : "join_role_creation", "taskReferenceName" : "join_role_creation",
"type" : "JOIN" "type" : "JOIN"
} },
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource",
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"policies" : [
"${create_role_policy_accountingmanager.output.body.id}",
"${create_role_policy_catalogueadmin.output.body.id}",
"${create_role_policy_catalogueeditor.output.body.id}",
"${create_role_policy_datamanager.output.body.id}",
"${create_role_policy_dataminermanager.output.body.id}",
"${create_role_policy_voadmin.output.body.id}",
"${create_role_policy_vredesigner.output.body.id}",
"${create_role_policy_vremanager.output.body.id}"
]
},
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
] ]
} }