ansible-role-conductor-work.../templates/add_workspace_client_to_con...

159 lines
4.9 KiB
Plaintext
Raw Normal View History

{
"ownerApp" : "Orchestrator",
"name" : "add_workspace_client_to_contexts",
"createBy" : "Marco Lettere",
"description": "A workspace client is made Member of a context and it's workspace folder is linked to context's shared folder",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"storagehub" : "{{ storagehub }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"ctx" : "${wokflow.input.context}",
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_root_vo : encodeURI($.root_vo)}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "extract_ws_client",
"type": "LAMBDA",
"inputParameters": {
"client" : "${lookup_client.output.body}",
"scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_ws_client.output.result.id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_context",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.context}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "extract_context",
"type": "LAMBDA",
"inputParameters": {
"client" : "${lookup_context.output.body}",
"scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_context.id}/roles/Member",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "roles_to_assign",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${retrieve_member_role.output.body}",
"queryExpression" : ".role"
}
2021-11-23 12:07:18 +01:00
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"roles_to_assign"
]
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${roles_to_assign.output.resultList}"
}
}
]
}