addition of policies for roles

templates/group_created.json.j2

@@ -253,7 +253,8 @@
 					}
 				}
 				],
-				[{
+				[
+				  {
 					  "name" : "pyrest",
 					  "taskReferenceName" : "create_role_accountingmanager",
 					  "type" : "SIMPLE",
@@ -268,7 +269,43 @@
 							  "Content-Type" : "application/json"
 						  }
 					  }
-				}],
+				  },
+				  {
+              "name": "LAMBDA_TASK",
+              "taskReferenceName": "extract_accountimgmanager_role_id",
+              "type": "LAMBDA",
+              "inputParameters": {
+                  "role_location" : "${create_role_accountingmanager.output.headers.location}",
+                  "scriptExpression": "var role_id = $.role_location.split('/').pop(); return {'role_id' : role_id}"
+              }
+          },
+				  {
+					  "name" : "pyrest",
+					  "taskReferenceName" : "create_role_policy_accountingmanager",
+					  "type" : "SIMPLE",
+					  "inputParameters" : {
+						  "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
+						  "body" : {
+                 "name": "Accounting-Manager_policy",
+                 "description": "",
+                 "type" : "role",
+                 "logic": "POSITIVE",
+                 "decisionStrategy": "UNANIMOUS",
+                 "roles" : [
+                    {
+                      "id" : "${extract_accountimgmanager_role_id.output.result.role_id}",
+                      "required" : true
+                    }
+                 ]
+              },
+						  "method" : "POST",
+						  "headers" : {
+							  "Authorization" : "Bearer ${authorize.output.body.access_token}",
+							  "Content-Type" : "application/json"
+						  }
+					  }
+				  }
+				],
 				[{
 					"name" : "pyrest",
 					"taskReferenceName" : "create_role_catalogueadmin",