From bd23d0b65f0fc0c95c7b12e4f74b971f7aa69402 Mon Sep 17 00:00:00 2001 From: "m.lettere" Date: Thu, 7 Oct 2021 11:13:08 +0200 Subject: [PATCH] add system service gets only one realm wide role --- defaults/main.yaml | 28 ++++++------ templates/create_system_service.json.j2 | 58 ++++++++++++------------- 2 files changed, 42 insertions(+), 44 deletions(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index c598883..033f6ae 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -1,20 +1,20 @@ --- workflows: - - create-user-add-to-vre - - group_deleted - - user-group_created - - user-group-role_created - - group_created - - invitation-accepted - - user-group_deleted - - user-group-role_deleted - - delete-user-account - - role_deleted - - role_created - - add_role_policy_permission - - add_all_member_roles +# - create-user-add-to-vre +# - group_deleted +# - user-group_created +# - user-group-role_created +# - group_created +# - invitation-accepted +# - user-group_deleted +# - user-group-role_deleted +# - delete-user-account +# - role_deleted +# - role_created +# - add_role_policy_permission +# - add_all_member_roles - create_system_service - - add_all_system_services_to_vre +# - add_all_system_services_to_vre keycloak_host: "https://accounts.dev.d4science.org/auth" keycloak: "{{ keycloak_host }}/realms" keycloak_realm: "d4science" diff --git a/templates/create_system_service.json.j2 b/templates/create_system_service.json.j2 index a58e198..f9911fa 100644 --- a/templates/create_system_service.json.j2 +++ b/templates/create_system_service.json.j2 @@ -84,42 +84,40 @@ }, { "name" : "pyrest", - "taskReferenceName" : "get_all_contexts", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${init.input.keycloak_admin}/clients?clientId=%252F&search=true", - "method" : "GET", + "type" : "SIMPLE", + "taskReferenceName": "retrieve_infra_manager_role", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/roles/Infrastructure-Manager", + "method" :"GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" - } - } + } + } }, { - "name": "LAMBDA_TASK", - "taskReferenceName": "build_member_roles_assignment_tasks", - "type": "LAMBDA", - "inputParameters": { - "contexts" : "${get_all_contexts.output.body}", - "id" : "${get_service_account_user.output.body.id}", - "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.contexts.length;i++)c=$.contexts[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.id};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};" - } - }, + "name": "jq_1", + "taskReferenceName": "to_array", + "type": "JSON_JQ_TRANSFORM", + "inputParameters": { + "role": "${retrieve_infra_manager_role.output.body}", + "queryExpression" : ".role" + } + }, { - "name" : "fork_dynamic", - "type" : "FORK_JOIN_DYNAMIC", - "taskReferenceName" : "parallel_build_member_roles_assignment_tasks", - "inputParameters" : { - "tasks" : "${build_member_roles_assignment_tasks.output.result.tasks}", - "inputs" : "${build_member_roles_assignment_tasks.output.result.inputs}" - }, - "dynamicForkTasksParam": "tasks", - "dynamicForkTasksInputParamName": "inputs" - }, - { - "name" : "join", - "type" : "JOIN", - "taskReferenceName" : "join_parallel_build_member_roles_assignment_tasks" + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "assign_infra_manager_role", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/${retrieve_infra_manager_role}", + "method" :"POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json", + "Accept":"application/json" + }, + "body" : "${to_array.output.resultList}" + } } ] }