multiple reinforced authorize for reducing expiration risks
This commit is contained in:
parent
ad0c83c83c
commit
be6a71b283
|
@ -409,13 +409,30 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize3",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "build_add_role_tasks",
|
||||
"type": "LAMBDA",
|
||||
"inputParameters": {
|
||||
"roles" : "${get_rootvo_roles.output.body}",
|
||||
"scriptExpression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k);return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
"scriptExpression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k);return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -434,13 +451,30 @@
|
|||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_parallel_role_addition"
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize4",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "build_get_back_role_tasks",
|
||||
"type": "LAMBDA",
|
||||
"inputParameters": {
|
||||
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
|
||||
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -459,13 +493,30 @@
|
|||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_parallel_getting_back"
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize5",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "build_add_policy_tasks",
|
||||
"type": "LAMBDA",
|
||||
"inputParameters": {
|
||||
"roles" : "${join_parallel_getting_back.output[*].body}",
|
||||
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize5.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -494,6 +545,23 @@
|
|||
"scriptExpression": "return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize6",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "finalize_permission",
|
||||
|
@ -510,7 +578,7 @@
|
|||
},
|
||||
"method" : "PUT",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize2.output.body.access_token}",
|
||||
"Authorization" : "Bearer ${authorize6.output.body.access_token}",
|
||||
"Content-Type" : "application/json"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue