create-uaa-clients

Inputs

arg name JSON type example description
uaa_uri string "https://079e5b8e-3d78-4140-b27c-ba038918ffea.predix-uaa.run.asv-pr.ice.predix.io" uaa url
uaa_client_secret string "REMOVED" uaa admin secret
client_payloads list client payloads as per the UAA API list of client payloads
user_payloads list user payloads as per the UAA API list of user payloads
group_payloads list group payloads as per the UAA API list of group payloads
group_mems list (see example below) group membership spec

For reference on the client, user, group payloads, consult the uaa REST api: https://docs.cloudfoundry.org/api/uaa/

Examples:

  • create uaa clients for ui-app-hub's config manager
{
   "uaa_uri": "https://079e5b8e-3d78-4140-b27c-ba038918ffea.predix-uaa.run.asv-pr.ice.predix.io",
   "uaa_client_secret": "***REMOVED***",
   "client_payloads" : [{
      "client_id": "cm_client_id",
      "client_secret": "***REMOVED***",
      "authorized_grant_types": ["client_credentials"],
      "autoapprove": ["openid"],
      "scope": ["uaa.none", "openid", "hub.config.read", "hub.config.write", "hub.config.admin"],
      "authorities": ["openid", "hub.config.read", "hub.config.write", "hub.config.admin"],
   }, {
      "client_id": "sb_client_id",
      "client_secret": "***REMOVED***",
      "authorized_grant_types": ["client_credentials"],
      "autoapprove": ["openid"],
      "scope": ["uaa.none", "openid", "hub.config.write"],
      "authorities": ["openid", "hub.config.write"],
   }, {
      "client_id": "***REMOVED***_client_id",
      "client_secret": "***REMOVED***",
      "authorized_grant_types": ["client_credentials"],
      "autoapprove": ["openid"],
      "scope": ["uaa.none", "openid", "hub.config.read"],
      "authorities": ["openid", "hub.config.read"],
   }, {
      "client_id": "acs_client_id",
      "client_secret": "acs_client_secret",
      "authorized_grant_types": ["client_credentials"],
      "autoapprove": ["openid"],
      "scope": ["uaa.none", "openid", "acs.policies.read", "acs.policies.write", "acs.attributes.read", "acs.attributes.write", "acs_zone"],
      "authorities": ["openid", "acs.policies.read", "acs.policies.write", "acs.attributes.read", "acs.attributes.write", "uaa.resource", "uaa.none", "acs_oauth_scope"],
   }]
}
  • create a uaa with a sample test user, a sample group, and add the test user to the test group
{
  "uaa_uri": "https://651b3f38-9af3-4784-8622-304cb9219164.predix-uaa.run.aws-usw02-pr.ice.predix.io",
  "user_payloads": [
    {
      "userName": "ernesto@ge.com",
      "password": "**REMOVED***",
      "name": {
	"givenName": "Ernesto",
	"familyName": "Ernesto"
      },
      "emails": [
	{
	  "primary": true,
	  "value": "ernesto@ge.com"
	}
      ]
    }
  ],

  "client_payloads": [
    {
      "authorized_grant_types": [
	"client_credentials",
	"authorization_code"
      ],
      "autoapprove": [
	"openid"
      ],
      "client_id": "framework-client",
      "scope": [
	"openid",
	"uaa.user",
	"uaa.none",
	"analytics.zones.74734c7a-bd0f-4e12-95d6-ca51526a8aff.user"
      ],
      "authorities": [
	"openid",
	"uaa.user",
	"uaa.none",
	"analytics.zones.74734c7a-bd0f-4e12-95d6-ca51526a8aff.user"
      ],
      "client_secret": "ernesto"
    }
  ],
  "uaa_client_secret": "ernesto",
  "group_payloads": [
    {
      "displayName": "analytics.zones.74734c7a-bd0f-4e12-95d6-ca51526a8aff.user"
    }
  ],
  "group_mems": [
    {
      "group": {
	"displayName": "analytics.zones.74734c7a-bd0f-4e12-95d6-ca51526a8aff.user"
      },
      "users": [
	{
	  "userName": "ernesto@ge.com",
	  "email": "ernesto@ge.com"
	}
      ]
    }
  ]
}

Output

{}

Idempotence

The script may be called any number of times. If a client/user/group exists, it is deleted and re-created, to ensure it has the specified payload.