diff --git a/ansible/roles/ansible-role-lr62-workflows/defaults/main.yaml b/ansible/roles/ansible-role-lr62-workflows/defaults/main.yaml index 5feadba..dd1207e 100644 --- a/ansible/roles/ansible-role-lr62-workflows/defaults/main.yaml +++ b/ansible/roles/ansible-role-lr62-workflows/defaults/main.yaml @@ -11,8 +11,12 @@ workflows: - group_created - invitation-accepted - user-group_deleted - - user-group-role_deleted + - user-group-role_deleted + - delete-user-account keycloak_realm: d4science keycloak_host: "https://accounts.dev.d4science.org/auth" keycloak: "{{ keycloak_host }}/realms/{{ keycloak_realm}}" keycloak_admin: "{{ keycloak_host }}/admin/realms/{{ keycloak_realm }}" +keycloak_auth: "c93501bd-abeb-4228-bc28-afac38877338" +liferay: "https://next.d4science.org/api/jsonws" +liferay_auth: "bm90aWZpY2F0aW9uc0BkNHNjaWVuY2Uub3JnOmdjdWJlcmFuZG9tMzIx" diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/create-user-add-to-vre.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/create-user-add-to-vre.json.j2 index 5e92bfe..58542e7 100644 --- a/ansible/roles/ansible-role-lr62-workflows/templates/create-user-add-to-vre.json.j2 +++ b/ansible/roles/ansible-role-lr62-workflows/templates/create-user-add-to-vre.json.j2 @@ -30,7 +30,7 @@ }, "body" : { "client_id" : "orchestrator", - "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/delete-user-account.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/delete-user-account.json.j2 new file mode 100644 index 0000000..b4c079a --- /dev/null +++ b/ansible/roles/ansible-role-lr62-workflows/templates/delete-user-account.json.j2 @@ -0,0 +1,181 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "delete-user-account", + "createBy" : "Marco Lettere", + "description": "Handle Admin events from Keycloak", + "version" : 1, + "ownerEmail" : "m.lettere@gmail.com", + "inputParameters" : [ "userid" ], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "keycloak": "{{ keycloak }}", + "keycloak_admin" : "{{ keycloak_admin }}", + "liferay": "{{ liferay }}", + "liferay_auth": "{{ liferay_auth }}", + "keycloak_userid" : "${workflow.input.userid}", + "scriptExpression": "1 == 1" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak}/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "{{ keycloak_auth }}", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "lookup_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "fork_join", + "taskReferenceName" : "global_delete_user", + "type" : "FORK_JOIN", + "forkTasks" : [ + [ + { + "name" : "pyrest", + "taskReferenceName" : "lookup_lr_company", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.liferay}/company/get-company-by-web-id", + "method" : "GET", + "params" : { "webId" : "liferay.com"}, + "headers" : { + "Authorization" : "Basic ${init.input.liferay_auth}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "lookup_lr_user_by_screenname", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.liferay}/user/get-user-by-screen-name", + "method" : "GET", + "params" : { + "companyId" : "${lookup_lr_company.output.body.companyId}", + "screenName" : "${lookup_user.output.body.username}" + }, + "headers" : { + "Authorization" : "Basic ${init.input.liferay_auth}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "lookup_lr_user_groups", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.liferay}/group/get-user-sites-groups", + "method" : "GET", + "params" : { + "classNames" : "[\"com.liferay.portal.model.Group\"]", + "userId" : "${lookup_lr_user_by_screenname.output.body.userId}", + "max" : "-1" + }, + "headers" : { + "Authorization" : "Basic ${init.input.liferay_auth}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "build_delete_group_tasks", + "type": "LAMBDA", + "inputParameters": { + "groups" : "${lookup_lr_user_groups.output.body.*.groupId}", + "userId" : "${lookup_lr_user_by_screenname.output.body.userId}", + "scriptExpression": "inputs = {}; tasks = []; for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs};" + } + }, + { + "name" : "fork_dynamic", + "type" : "FORK_JOIN_DYNAMIC", + "taskReferenceName" : "parallel_delete_group", + "inputParameters" : { + "tasks" : "${build_delete_group_tasks.output.result.tasks}", + "inputs" : "${build_delete_group_tasks.output.result.inputs}" + }, + "dynamicForkTasksParam": "tasks", + "dynamicForkTasksInputParamName": "inputs" + }, + { + "name" : "join", + "type" : "JOIN", + "taskReferenceName" : "join_parallel_group_deletion" + }, + { + "name" : "pyrest", + "taskReferenceName" : "delete_lr_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.liferay}/user/delete-user", + "method" : "POST", + "params" : { + "userId" : "${lookup_lr_user_by_screenname.output.body.userId}" + }, + "headers" : { + "Authorization" : "Basic ${init.input.liferay_auth}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "lr_final_task", + "type": "LAMBDA", + "inputParameters" : { + "scriptExpression" : "1 == 1" + } + } + ] + ] + }, + { + "name" : "join", + "type" : "JOIN", + "taskReferenceName" : "global_delete_user_join", + "joinOn": [ "lr_final_task"] + }, + { + "name" : "pyrest", + "taskReferenceName" : "delete_keycloak_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}", + "method" : "DELETE", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + } + ] +} diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/group_created.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/group_created.json.j2 index bc1c22b..e7cd250 100644 --- a/ansible/roles/ansible-role-lr62-workflows/templates/group_created.json.j2 +++ b/ansible/roles/ansible-role-lr62-workflows/templates/group_created.json.j2 @@ -30,7 +30,7 @@ }, "body" : { "client_id" : "orchestrator", - "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/group_deleted.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/group_deleted.json.j2 index 350e456..b06464c 100644 --- a/ansible/roles/ansible-role-lr62-workflows/templates/group_deleted.json.j2 +++ b/ansible/roles/ansible-role-lr62-workflows/templates/group_deleted.json.j2 @@ -30,7 +30,7 @@ }, "body" : { "client_id" : "orchestrator", - "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/invitation-accepted.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/invitation-accepted.json.j2 index 44d996c..36d812c 100644 --- a/ansible/roles/ansible-role-lr62-workflows/templates/invitation-accepted.json.j2 +++ b/ansible/roles/ansible-role-lr62-workflows/templates/invitation-accepted.json.j2 @@ -29,7 +29,7 @@ }, "body" : { "client_id" : "orchestrator", - "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/user-group-role_created.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/user-group-role_created.json.j2 index ab322a7..b7c6d7a 100644 --- a/ansible/roles/ansible-role-lr62-workflows/templates/user-group-role_created.json.j2 +++ b/ansible/roles/ansible-role-lr62-workflows/templates/user-group-role_created.json.j2 @@ -29,7 +29,7 @@ }, "body" : { "client_id" : "orchestrator", - "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/user-group-role_deleted.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/user-group-role_deleted.json.j2 index 6011fed..6d74330 100644 --- a/ansible/roles/ansible-role-lr62-workflows/templates/user-group-role_deleted.json.j2 +++ b/ansible/roles/ansible-role-lr62-workflows/templates/user-group-role_deleted.json.j2 @@ -29,7 +29,7 @@ }, "body" : { "client_id" : "orchestrator", - "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/user-group_created.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/user-group_created.json.j2 index 2224024..78148b3 100644 --- a/ansible/roles/ansible-role-lr62-workflows/templates/user-group_created.json.j2 +++ b/ansible/roles/ansible-role-lr62-workflows/templates/user-group_created.json.j2 @@ -30,7 +30,7 @@ }, "body" : { "client_id" : "orchestrator", - "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/user-group_deleted.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/user-group_deleted.json.j2 index a7cf7b6..6b1c2ac 100644 --- a/ansible/roles/ansible-role-lr62-workflows/templates/user-group_deleted.json.j2 +++ b/ansible/roles/ansible-role-lr62-workflows/templates/user-group_deleted.json.j2 @@ -30,7 +30,7 @@ }, "body" : { "client_id" : "orchestrator", - "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } }