gCubeSystem
/
ansible-role-conductor-workflows-user-management
16
0
Fork 0
Code Issues Pull Requests Releases 5 Wiki Activity
ansible-role-conductor-work.../templates/add_role_policy_permission....

125 lines
4.2 KiB
Django/Jinja
Raw Blame History

{
"ownerApp" : "Orchestrator",
"name" : "add_role_policy_permission",
"createBy" : "Marco Lettere",
"description": "Atomically add a policy and a update client permission with new role",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["role"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1 == 1"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "prepare_policy_and_permission",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "add_policy",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/policy/role",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
},
"body" : {
"name":"${workflow.input.role.name}_policy",
"description" : "Policy for having ${workflow.input.role.name} role",
"type":"role",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"roles" : [{ "id" : "${workflow.input.role.id}", "required" : true}]
}
}
}
],
[
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_default_permission",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission?name=Default Permission",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_default_permission_policies",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body.id}/associatedPolicies",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_prepare_policy_and_permission",
"joinOn" : ["retrieve_default_permission_policies","add_policy"]
},
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body.id}",
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"policies" : "${join_prepare_policy_and_permission.output.body[*].id}"
}
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink