157 lines
4.8 KiB
Plaintext
157 lines
4.8 KiB
Plaintext
|
{
|
||
|
"ownerApp" : "Orchestrator",
|
||
|
"name" : "ghn_client_remove_from_context",
|
||
|
"createBy" : "Marco Lettere",
|
||
|
"description": "The role Memeber of the give context is removed from a GHN client on IAM.",
|
||
|
"version" : 1,
|
||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||
|
"inputParameters" : ["client_id", "context"],
|
||
|
"tasks" : [
|
||
|
{
|
||
|
"name": "LAMBDA_TASK",
|
||
|
"taskReferenceName": "init",
|
||
|
"type": "LAMBDA",
|
||
|
"inputParameters": {
|
||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||
|
"id" : "${workflow.input.client_id}",
|
||
|
"ctx" : "${workflow.input.context}",
|
||
|
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name" : "pyrest",
|
||
|
"taskReferenceName" : "authorize",
|
||
|
"type" : "SIMPLE",
|
||
|
"inputParameters" : {
|
||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||
|
"method" : "POST",
|
||
|
"headers" : {
|
||
|
"Accept" : "application/json"
|
||
|
},
|
||
|
"body" : {
|
||
|
"client_id" : "orchestrator",
|
||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||
|
"grant_type" : "client_credentials"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name" : "fork_join",
|
||
|
"taskReferenceName" : "fork1",
|
||
|
"type" : "FORK_JOIN",
|
||
|
"forkTasks" : [
|
||
|
[
|
||
|
{
|
||
|
"name" : "pyrest",
|
||
|
"taskReferenceName" : "lookup_client",
|
||
|
"type" : "SIMPLE",
|
||
|
"inputParameters" : {
|
||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||
|
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||
|
"method" : "GET",
|
||
|
"headers" : {
|
||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||
|
"Accept" : "application/json"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "LAMBDA_TASK",
|
||
|
"taskReferenceName": "extract_ghn_client",
|
||
|
"type": "LAMBDA",
|
||
|
"inputParameters": {
|
||
|
"client" : "${lookup_client.output.body}",
|
||
|
"scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name" : "pyrest",
|
||
|
"taskReferenceName" : "get_service_account_user",
|
||
|
"type" : "SIMPLE",
|
||
|
"inputParameters" : {
|
||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
|
||
|
"method" : "GET",
|
||
|
"headers" : {
|
||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||
|
"Accept" : "application/json"
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
],
|
||
|
[
|
||
|
{
|
||
|
"name" : "pyrest",
|
||
|
"taskReferenceName" : "lookup_context",
|
||
|
"type" : "SIMPLE",
|
||
|
"inputParameters" : {
|
||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||
|
"params" : { "clientId" : "${init.output.result.encoded_context}"},
|
||
|
"method" : "GET",
|
||
|
"headers" : {
|
||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||
|
"Accept" : "application/json"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "LAMBDA_TASK",
|
||
|
"taskReferenceName": "extract_context",
|
||
|
"type": "LAMBDA",
|
||
|
"inputParameters": {
|
||
|
"client" : "${lookup_context.output.body}",
|
||
|
"scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }"
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name" : "pyrest",
|
||
|
"type" : "SIMPLE",
|
||
|
"taskReferenceName": "retrieve_member_role",
|
||
|
"inputParameters" : {
|
||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
|
||
|
"method" :"GET",
|
||
|
"headers" : {
|
||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||
|
"Accept" : "application/json"
|
||
|
}
|
||
|
}
|
||
|
},
|
||
|
{
|
||
|
"name": "jq_1",
|
||
|
"taskReferenceName": "roles_to_remove",
|
||
|
"type": "JSON_JQ_TRANSFORM",
|
||
|
"inputParameters": {
|
||
|
"role": "${retrieve_member_role.output.body}",
|
||
|
"queryExpression" : ".role"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"name": "join",
|
||
|
"taskReferenceName": "join1",
|
||
|
"type": "JOIN",
|
||
|
"joinOn": [
|
||
|
"get_service_account_user",
|
||
|
"roles_to_remove"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"name" : "pyrest",
|
||
|
"type" : "SIMPLE",
|
||
|
"taskReferenceName": "remove_member_role",
|
||
|
"inputParameters" : {
|
||
|
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
|
||
|
"method" :"DELETE",
|
||
|
"expect" : 204,
|
||
|
"headers" : {
|
||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||
|
"Content-Type" : "application/json"
|
||
|
},
|
||
|
"body" : "${roles_to_remove.output.resultList}"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|