-
Notifications
You must be signed in to change notification settings - Fork 57
/
Copy pathrun
56 lines (52 loc) · 2.53 KB
/
run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/bash
set -e # exit immediately if a simple command exits with a non-zero status
set -u # report the usage of uninitialized variables
<%
system_domain = nil
if_p('create-uaa-client.cloudfoundry.system_domain') do |prop|
system_domain = prop
end.else do
system_domain = link('cloud_controller').p('system_domain')
end
%>
# Create UAA client: <%= p('create-uaa-client.oauth2_client_id')%> if not already exists
ACCESS_TOKEN=$(\
curl -s -D - -k -d "" \
-u <%= p('create-uaa-client.cloudfoundry.uaa_admin_client_id')%>:<%= p('create-uaa-client.cloudfoundry.uaa_admin_client_secret')%> \
-H "Accept:application/json" \
-X POST 'https://uaa.<%= system_domain %>/oauth/token?grant_type=client_credentials&response_type=token&client_id=<%= p('create-uaa-client.cloudfoundry.uaa_admin_client_id')%>&redirect_uri=http://dummy.com' \
| sed -n 's/.*access_token":"\([^"]*\).*/\1/p' \
)
CLIENT_EXISTS=$(\
curl -s -k -w "%{http_code}" -o /dev/null \
-H "Authorization:Bearer $ACCESS_TOKEN" \
-H"Content-Type:application/json" \
-H"Accept:application/json" \
-X GET https://uaa.<%= system_domain %>/oauth/clients/<%= p('create-uaa-client.oauth2_client_id') %> \
)
# Since we cannot update client_id and client_secret without keeping track of previous state we delete the old client, and recreate it.
if [ $CLIENT_EXISTS != "404" ]; then
echo "Deleting old OAuth2 client: <%= p('create-uaa-client.oauth2_client_id')%>"
curl -s -k -w "%{http_code}" \
-H "Authorization:Bearer $ACCESS_TOKEN" \
-H"Content-Type:application/json" \
-H"Accept:application/json" \
-XDELETE \
https://uaa.<%= system_domain %>/oauth/clients/<%= p('create-uaa-client.oauth2_client_id') %>
fi
echo "Creating new OAuth2 client: <%= p('create-uaa-client.oauth2_client_id') %>"
curl -s -k -H "Authorization:Bearer $ACCESS_TOKEN" \
-H"Content-Type:application/json" \
-H"Accept:application/json" \
-d '{
"client_id" : "<%= p('create-uaa-client.oauth2_client_id') %>",
"client_secret" : "<%= p('create-uaa-client.oauth2_client_secret') %>",
"autoapprove" : "<%= p('create-uaa-client.oauth2_autoapprove') %>",
"scope" : ["openid","oauth.approvals","scim.userids","cloud_controller.read"],
"authorities" : ["uaa.none"],
"resource_ids" : ["none"],
"authorized_grant_types" : ["authorization_code", "refresh_token"],
"access_token_validity": 43200,
"redirect_uri": ["https://<%= p('create-uaa-client.kibana_host') %>.<%= system_domain %>/login","http://<%= p('create-uaa-client.kibana_host') %>.<%= system_domain %>/login"]
}' \
-X POST https://uaa.<%= system_domain %>/oauth/clients