create-uaa-clients
Inputs
| arg name | JSON type | example | description |
| uaa_uri | string | "https://079e5b8e-3d78-4140-b27c-ba038918ffea.predix-uaa.run.asv-pr.ice.predix.io" | uaa url |
| uaa_client_secret | string | "REMOVED" | uaa admin secret |
| client_payloads | list | client payloads as per the UAA API | list of client payloads |
| user_payloads | list | user payloads as per the UAA API | list of user payloads |
| group_payloads | list | group payloads as per the UAA API | list of group payloads |
| group_mems | list | (see example below) | group membership spec |
For reference on the client, user, group payloads, consult the uaa REST api: https://docs.cloudfoundry.org/api/uaa/
Examples:
- create uaa clients for ui-app-hub's config manager
{
"uaa_uri": "https://079e5b8e-3d78-4140-b27c-ba038918ffea.predix-uaa.run.asv-pr.ice.predix.io",
"uaa_client_secret": "***REMOVED***",
"client_payloads" : [{
"client_id": "cm_client_id",
"client_secret": "***REMOVED***",
"authorized_grant_types": ["client_credentials"],
"autoapprove": ["openid"],
"scope": ["uaa.none", "openid", "hub.config.read", "hub.config.write", "hub.config.admin"],
"authorities": ["openid", "hub.config.read", "hub.config.write", "hub.config.admin"],
}, {
"client_id": "sb_client_id",
"client_secret": "***REMOVED***",
"authorized_grant_types": ["client_credentials"],
"autoapprove": ["openid"],
"scope": ["uaa.none", "openid", "hub.config.write"],
"authorities": ["openid", "hub.config.write"],
}, {
"client_id": "***REMOVED***_client_id",
"client_secret": "***REMOVED***",
"authorized_grant_types": ["client_credentials"],
"autoapprove": ["openid"],
"scope": ["uaa.none", "openid", "hub.config.read"],
"authorities": ["openid", "hub.config.read"],
}, {
"client_id": "acs_client_id",
"client_secret": "acs_client_secret",
"authorized_grant_types": ["client_credentials"],
"autoapprove": ["openid"],
"scope": ["uaa.none", "openid", "acs.policies.read", "acs.policies.write", "acs.attributes.read", "acs.attributes.write", "acs_zone"],
"authorities": ["openid", "acs.policies.read", "acs.policies.write", "acs.attributes.read", "acs.attributes.write", "uaa.resource", "uaa.none", "acs_oauth_scope"],
}]
}
- create a uaa with a sample test user, a sample group, and add the test user to the test group
{
"uaa_uri": "https://651b3f38-9af3-4784-8622-304cb9219164.predix-uaa.run.aws-usw02-pr.ice.predix.io",
"user_payloads": [
{
"userName": "ernesto@ge.com",
"password": "**REMOVED***",
"name": {
"givenName": "Ernesto",
"familyName": "Ernesto"
},
"emails": [
{
"primary": true,
"value": "ernesto@ge.com"
}
]
}
],
"client_payloads": [
{
"authorized_grant_types": [
"client_credentials",
"authorization_code"
],
"autoapprove": [
"openid"
],
"client_id": "framework-client",
"scope": [
"openid",
"uaa.user",
"uaa.none",
"analytics.zones.74734c7a-bd0f-4e12-95d6-ca51526a8aff.user"
],
"authorities": [
"openid",
"uaa.user",
"uaa.none",
"analytics.zones.74734c7a-bd0f-4e12-95d6-ca51526a8aff.user"
],
"client_secret": "ernesto"
}
],
"uaa_client_secret": "ernesto",
"group_payloads": [
{
"displayName": "analytics.zones.74734c7a-bd0f-4e12-95d6-ca51526a8aff.user"
}
],
"group_mems": [
{
"group": {
"displayName": "analytics.zones.74734c7a-bd0f-4e12-95d6-ca51526a8aff.user"
},
"users": [
{
"userName": "ernesto@ge.com",
"email": "ernesto@ge.com"
}
]
}
]
}
Output
{}
Idempotence
The script may be called any number of times. If a client/user/group exists, it is deleted and re-created, to ensure it has the specified payload.