# Computate Smart Cloud Builder

## About the open source GPL3 license and copyright for this product

Copyright © 2024 Computate Limited Liability Company in Utah, USA

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.

ADDITIONAL TERMS

As stated in section 7. c) and e) of the GPL3 license, 
"you may supplement the terms of this License with terms," 
Computate has added the following additional terms to the license: 

  7 c) Prohibiting misrepresentation of the origin of that material, and
    requiring that modified versions of such material be marked in
    reasonable ways as different from the original version;

  7 e) Declining to grant rights under trademark law for use of some
    trade names, trademarks, or service marks;

Please do not redistribute this course until you have built your own platform with these tools, 
separate from the computate.org platform, and reconfigure your fork of this repo to deploy 
your own platform instead of the computate.org platform. 

QUESTIONS

For questions about this open source license, please contact our public mailing list at computate@group.computate.org


## Create a Keycloak auth resource for WeatherObserved


Create a Keycloak auth Resource for WeatherObserved data in the site. 

In [None]:
%%bash
eval $(env SITE_NAMESPACE="$(oc project -q)" ./vars.py)
CLASS_SIMPLE_NAME=WeatherObserved

ACCESS_TOKEN=$(curl -k -s -X POST -d "username=admin" -d "grant_type=password" -d "client_id=admin-cli" \
  -d "password=$(oc get secret/keycloak-initial-admin -o jsonpath={.data.admin-password} | base64 -d)" \
  $AUTH_URL/realms/master/protocol/openid-connect/token | jq -r ".access_token")

curl -k -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $ACCESS_TOKEN" \
  "$AUTH_URL/admin/realms/$AUTH_REALM/clients/$AUTH_CLIENT/authz/resource-server/resource" \
  --data '{"name":"'"$CLASS_SIMPLE_NAME"'","displayName":"'"$CLASS_SIMPLE_NAME"'","scopes":["POST","PATCH","GET","DELETE","'"$AUTH_SCOPE_ADMIN"'","'"$AUTH_SCOPE_SUPER_ADMIN"'"]}'

echo DONE

## Grant POST, PATCH, GET, SiteAdmin permissions for SiteAdmins to your new model


Create a Keycloak auth Permission for SiteAdmins to use the POST, PATCH, GET and SiteAdmin scopes of your model. 

In [None]:
%%bash
eval $(env SITE_NAMESPACE="$(oc project -q)" ./vars.py)
CLASS_SIMPLE_NAME=WeatherObserved

ACCESS_TOKEN=$(curl -k -s -X POST -d "username=admin" -d "grant_type=password" -d "client_id=admin-cli" \
  -d "password=$(oc get secret/keycloak-initial-admin -o jsonpath={.data.admin-password} | base64 -d)" \
  $AUTH_URL/realms/master/protocol/openid-connect/token | jq -r ".access_token")

curl -k -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $ACCESS_TOKEN" \
  "$AUTH_URL/admin/realms/$AUTH_REALM/clients/$AUTH_CLIENT/authz/resource-server/permission/scope" \
  --data '{"name":"group-'"$AUTH_SCOPE_ADMIN"'-resource-'"$CLASS_SIMPLE_NAME"'"
      ,"decisionStrategy":"AFFIRMATIVE"
      ,"description":"'"$AUTH_SCOPE_ADMIN"' group access to all '"$CLASS_SIMPLE_NAME"'"
      ,"resources":["'"$CLASS_SIMPLE_NAME"'"]
      ,"policies":["'"$AUTH_REALM"'-group-'"$AUTH_SCOPE_ADMIN"'"]
      ,"scopes":["'"$AUTH_REALM"'-POST","'"$AUTH_REALM"'-PATCH","'"$AUTH_REALM"'-GET","'"$AUTH_REALM"'-DELETE","'"$AUTH_REALM"'-'"$AUTH_SCOPE_ADMIN"'"]
      }'

echo DONE

## Grant POST, PATCH, GET, SiteAdmin, SuperAdmin permissions for SuperAdmins to your new model


Create a Keycloak auth Permission for SuperAdmins to use the POST, PATCH, GET, SiteAdmin, and SuperAdmin scopes of your model. 

In [None]:
%%bash
eval $(env SITE_NAMESPACE="$(oc project -q)" ./vars.py)
CLASS_SIMPLE_NAME=WeatherObserved

ACCESS_TOKEN=$(curl -k -s -X POST -d "username=admin" -d "grant_type=password" -d "client_id=admin-cli" \
  -d "password=$(oc get secret/keycloak-initial-admin -o jsonpath={.data.admin-password} | base64 -d)" \
  $AUTH_URL/realms/master/protocol/openid-connect/token | jq -r ".access_token")

curl -k -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $ACCESS_TOKEN" \
  "$AUTH_URL/admin/realms/$AUTH_REALM/clients/$AUTH_CLIENT/authz/resource-server/permission/scope" \
  --data '{"name":"group-'"$AUTH_SCOPE_SUPER_ADMIN"'-resource-'"$CLASS_SIMPLE_NAME"'"
      ,"decisionStrategy":"AFFIRMATIVE"
      ,"description":"'"$AUTH_SCOPE_SUPER_ADMIN"' group access to all '"$CLASS_SIMPLE_NAME"'"
      ,"resources":["'"$CLASS_SIMPLE_NAME"'"]
      ,"policies":["'"$AUTH_REALM"'-group-'"$AUTH_SCOPE_SUPER_ADMIN"'"]
      ,"scopes":["'"$AUTH_REALM"'-POST","'"$AUTH_REALM"'-PATCH","'"$AUTH_REALM"'-GET","'"$AUTH_REALM"'-DELETE","'"$AUTH_REALM"'-'"$AUTH_SCOPE_ADMIN"'","'"$AUTH_REALM"'-'"$AUTH_SCOPE_SUPER_ADMIN"'"]
      }'

echo DONE