From 24e190c9570f9026215909013b1f1938490dce31 Mon Sep 17 00:00:00 2001 From: "m.lettere" Date: Tue, 1 Mar 2022 15:58:52 +0100 Subject: [PATCH] adapted delete user from group to also handle gateways --- defaults/main.yaml | 4 +- templates/user-group_deleted.json.j2 | 115 +++++++++++++++------------ 2 files changed, 67 insertions(+), 52 deletions(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index f81c05f..cd1a2a6 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -2,11 +2,11 @@ workflows: # - create-user-add-to-vre # - group_deleted - - user-group_created +# - user-group_created # - user-group-role_created # - group_created # - invitation-accepted -# - user-group_deleted + - user-group_deleted # - user-group-role_deleted # - delete-user-account # - role_deleted diff --git a/templates/user-group_deleted.json.j2 b/templates/user-group_deleted.json.j2 index 4b869b4..73779ec 100644 --- a/templates/user-group_deleted.json.j2 +++ b/templates/user-group_deleted.json.j2 @@ -5,7 +5,7 @@ "description": "Handle workflow related to Portal event user-group_deleted", "version" : 1, "ownerEmail" : "m.lettere@gmail.com", - "inputParameters" : ["role", "user", "group"], + "inputParameters" : ["user", "group"], "tasks" : [ { "name": "LAMBDA_TASK", @@ -14,8 +14,9 @@ "inputParameters": { "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", - "group" : "${workflow.input.group}", - "scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}" + "group" : "${workflow.input.group}", + "user" : "${workflow.input.user}", + "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.user) || e($.group)) throw('User and Group must not be empty'); $.group.startsWith('%2F') ? $.group.split('%2F').slice(1) : [$.group]; return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0], search : encodeURIComponent(path.slice(path.length-1)[0])}" } }, { @@ -79,6 +80,40 @@ ] } }, + { + "name" : "pyrest", + "taskReferenceName" : "look_up_groups", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.search}", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "extract_group", + "type": "LAMBDA", + "inputParameters": { + "tree" : "${init.output.result.tree}", + "groups" : "${look_up_groups.output.body}", + "scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "delete_user_from_group", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}", + "method" : "DELETE", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}" + } + } + }, { "name" : "pyrest", "taskReferenceName" : "lookup_client", @@ -100,6 +135,7 @@ "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles", "method" : "GET", + "expect" : [200, 404], "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" @@ -107,53 +143,32 @@ } }, { - "name" : "pyrest", - "taskReferenceName" : "remove_all_roles_from_user", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}", - "expect" : 204, - "method" : "DELETE", - "body" : "${get_client_roles.body}", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Content-Type" : "application/json" - } + "name" : "check_role_existance", + "taskReferenceName" : "check_role_existance", + "type" : "DECISION", + "inputParameters" :{ + "previous_outcome" : "${get_client_roles.output.status}" + }, + "caseValueParam" : "previous_outcome", + "decisionCases" : { + "200" : [ + { + "name" : "pyrest", + "taskReferenceName" : "remove_all_roles_from_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}", + "expect" : 204, + "method" : "DELETE", + "body" : "${get_client_roles.body}", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + } + ] } - }, - { - "name" : "pyrest", - "taskReferenceName" : "look_up_groups", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}", - "Accept" : "application/json" - } - } - }, - { - "name": "LAMBDA_TASK", - "taskReferenceName": "extract_group", - "type": "LAMBDA", - "inputParameters": { - "tree" : "${init.output.result.tree}", - "groups" : "${look_up_groups.output.body}", - "scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}" - } - }, - { - "name" : "pyrest", - "taskReferenceName" : "assign_user_to_group", - "type" : "SIMPLE", - "inputParameters" : { - "url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}", - "method" : "DELETE", - "headers" : { - "Authorization" : "Bearer ${authorize.output.body.access_token}" - } - } - } + } ] }