2022-07-12 18:10:11 +02:00
{
"createTime": 1657617957794,
"updateTime": 1657639881455,
"name": "jupyterhub_add_serveroptions_to_context",
"description": "Reflects the JupyterHub ServerOptions from a given IS Context to the AuthZ on the IAM",
"version": 1,
"tasks": [
{
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin": "{{ keycloak_admin }}/{{ keycloak_realm }}",
"ctx": "${workflow.input.context}",
2022-07-14 12:41:24 +02:00
"jupyterhub_clientid" : "jupyterhub-prod",
2022-07-12 18:10:11 +02:00
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.ctx)) throw('Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}"
},
"type": "LAMBDA",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "authorize",
"inputParameters": {
2022-07-12 18:16:57 +02:00
"url": "{{ keycloak }}/master/protocol/openid-connect/token",
2022-07-12 18:10:11 +02:00
"method": "POST",
"headers": {
"Accept": "application/json"
},
"body": {
"client_id": "orchestrator",
2022-07-12 18:18:44 +02:00
"client_secret": "{{ keycloak_auth_master }}",
2022-07-12 18:10:11 +02:00
"grant_type": "client_credentials"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "fork_join",
"taskReferenceName": "pre-query",
"inputParameters": {},
"type": "FORK_JOIN",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [
2022-07-22 14:55:55 +02:00
[
{
"name": "pyrest",
"taskReferenceName": "lookup_client",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients",
"params": {
"clientId": "${init.output.result.encoded_context}"
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "pyrest",
"taskReferenceName": "get_client_member_role",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles/Member",
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "jq_1",
"taskReferenceName": "role_to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_client_member_role.output.body}",
"queryExpression" : ".role"
}
}
],
2022-07-12 18:10:11 +02:00
[
{
"name": "pyrest",
"taskReferenceName": "lookup_jupyterhub",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients",
"params": {
2022-07-13 14:14:36 +02:00
"clientId": "${init.input.jupyterhub_clientid}"
2022-07-12 18:10:11 +02:00
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "lookup_jupyterhub_resources",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource",
"params": {
2022-07-13 14:14:36 +02:00
"clientId": "${init.input.jupyterhub_clientid}"
2022-07-12 18:10:11 +02:00
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
],
[
{
"name": "pyrest",
"taskReferenceName": "authorize_with_uma_rpt",
"inputParameters": {
"url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method": "POST",
"headers": {
"Accept": "application/json"
},
"body": {
"audience": "${init.output.result.encoded_context}",
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id": "orchestrator",
2022-07-13 15:44:13 +02:00
"client_secret": "0cf47f19-0db3-45f3-90ee-ed580eaba177"
2022-07-12 18:10:11 +02:00
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "lookup_resources_on_icproxy",
"inputParameters": {
"url": "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/JupyterHub",
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyeval",
"taskReferenceName": "extract_authids",
"inputParameters": {
"code": "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/ServerOption/AuthId')))",
"xmlstring": "${lookup_resources_on_icproxy.output.body}"
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
]
],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "join",
"taskReferenceName": "join-pre-query",
"inputParameters": {},
"type": "JOIN",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [
"lookup_jupyterhub_resources",
"extract_authids"
],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "check",
"inputParameters": {
"param": "ok",
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.param)) throw('Param must not be empty'); else return $.param"
},
"type": "LAMBDA",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "filter_and_update",
"inputParameters": {
"allowed": "${extract_authids.output.result}",
"res": "${lookup_jupyterhub_resources.output.body}",
"ctx": "${init.output.result.encoded_context}",
"scriptExpression": "var ret = []; for(var r=0; r < $.res.length; r++){ if($.allowed.indexOf($.res[r].name) !== -1){ $.res[r].attributes[$.ctx] = Java.to(['true'], 'java.lang.String[]'); ret.push($.res[r]) } } return Java.to(ret, 'java.util.Map[]')"
},
"type": "LAMBDA",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "build_parallel_tasks",
"inputParameters": {
"res": "${filter_and_update.output.result}",
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource/",
"scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.res.length; i++){s = $.res[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 't' + i});inputs['t' + i] = {url: $.url + $.res[i]._id,method: 'PUT', body: $.res[i], headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', 'Content-Type': 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};"
},
"type": "LAMBDA",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "fork_dynamic",
"taskReferenceName": "parallel_tasks",
"inputParameters": {
"tasks": "${build_parallel_tasks.output.result.tasks}",
"inputs": "${build_parallel_tasks.output.result.inputs}"
},
"type": "FORK_JOIN_DYNAMIC",
"decisionCases": {},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs",
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "join",
"taskReferenceName": "join_parallel_tasks",
"inputParameters": {},
2022-07-22 14:55:55 +02:00
"type": "JOIN"
},
{
"name": "check_at_least_one",
"taskReferenceName": "check_at_least_one",
"inputParameters": {
"tasks": "${join_parallel_tasks.input.*}"
},
"type": "DECISION",
"caseExpression": "($.tasks.length > 0 ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name": "pyrest",
"taskReferenceName": "enable_jupyterhub_scope_for_context",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/scope-mappings/clients/${lookup_client.output.body[0].id}",
"method": "POST",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Content-Type": "application/json"
},
"body": "${role_to_array.output.resultList}"
},
"type": "SIMPLE"
}
]
},
2022-07-12 18:10:11 +02:00
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
],
"inputParameters": [
"context"
],
"outputParameters": {},
"schemaVersion": 2,
"restartable": true,
"workflowStatusListenerEnabled": false,
"ownerEmail": "example@email.com",
"timeoutPolicy": "ALERT_ONLY",
"timeoutSeconds": 0,
"variables": {},
"inputTemplate": {}
}