From 2d953718c0ea7fbea49b676f353f784d9a17af40 Mon Sep 17 00:00:00 2001 From: "m.lettere" Date: Fri, 13 Oct 2023 09:58:38 +0200 Subject: [PATCH] modernized system_service workflows --- defaults/main.yaml | 14 ++++++------ .../add_all_system_services_to_vre.json.j2 | 22 +++++++++++-------- templates/create_system_service.json.j2 | 16 ++++++++------ templates/delete_system_service.json.j2 | 22 ++++++++++--------- 4 files changed, 41 insertions(+), 33 deletions(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index 4421d61..32e214b 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -1,10 +1,10 @@ --- workflows: # - create-user-add-to-vre - - group_deleted + # - group_deleted # - user-group_created # - user-group-role_created - - group_created + # - group_created # - invitation-accepted # - user-group_deleted # - user-group-role_deleted @@ -13,12 +13,12 @@ workflows: # - role_created # - add_role_policy_permission # - add_all_member_roles - # - create_system_service - # - delete_system_service - # - add_all_system_services_to_vre + - create_system_service + - delete_system_service + - add_all_system_services_to_vre # - create_workspace_client # - add_workspace_client_to_context - - enable_workspace_clients_for_context + # - enable_workspace_clients_for_context # - add_workspace_client_to_contexts # - ghn_client_add_to_context # - ghn_client_add_to_contexts @@ -26,7 +26,7 @@ workflows: # - ghn_client_delete # - ghn_client_remove_from_contexts # - ghn_client_remove_from_context - - jupyterhub_add_serveroptions_to_context + # - jupyterhub_add_serveroptions_to_context # - record_context_to_is # - create_vre_folder_for_context # - create_vre diff --git a/templates/add_all_system_services_to_vre.json.j2 b/templates/add_all_system_services_to_vre.json.j2 index 06d400e..a6011cd 100644 --- a/templates/add_all_system_services_to_vre.json.j2 +++ b/templates/add_all_system_services_to_vre.json.j2 @@ -8,13 +8,14 @@ "inputParameters" : ["client_resource_id"], "tasks" : [ { - "name": "LAMBDA_TASK", + "name": "INLINE_TASK", "taskReferenceName": "init", - "type": "LAMBDA", + "type": "INLINE", "inputParameters": { "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "iC_proxy" : "{{ ic_proxy }}", + "evaluatorType" : "javascript", "scriptExpression": "1 == 1" } }, @@ -105,13 +106,14 @@ } }, { - "name": "LAMBDA_TASK", + "name": "INLINE_TASK", "taskReferenceName": "build_get_system_services_tasks", - "type": "LAMBDA", + "type": "INLINE", "inputParameters": { "url" : "${init.input.keycloak_admin}/clients?search=true&clientId=", "services" : "${extract_system_service_names.output.result}", - "scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service' + i});inputs['get_system_service' + i] = {url: $.url + s,method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};" + "evaluatorType" : "javascript", + "expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service' + i});inputs['get_system_service' + i] = {url: $.url + s,method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()" } }, { @@ -131,13 +133,14 @@ "taskReferenceName" : "join_parallel_get_system_services_tasks" }, { - "name": "LAMBDA_TASK", + "name": "INLINE_TASK", "taskReferenceName": "build_get_system_services_useraccount_tasks", - "type": "LAMBDA", + "type": "INLINE", "inputParameters": { + "evaluatorType" : "javascript", "url" : "${init.input.keycloak_admin}/clients", "services" : "${join_parallel_get_system_services_tasks.output..body.*.id}", - "scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service_useraccount' + i});inputs['get_system_service_useraccount' + i] = {url: $.url + '/' + s + '/service-account-user',method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};" + "scriptExpression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service_useraccount' + i});inputs['get_system_service_useraccount' + i] = {url: $.url + '/' + s + '/service-account-user',method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};" } }, { @@ -163,7 +166,8 @@ "inputParameters": { "context" : "${get_vre.output.body}", "service_ids" : "${join_parallel_get_system_services_useraccount_tasks.output..body.id}", - "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.service_ids.length;i++)c=$.context,tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.service_ids[i]};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};" + "evaluatorType" : "javascript", + "expression": "inputs={},tasks=[];for(var i=0;i<$.service_ids.length;i++)c=$.context,tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.service_ids[i]};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()" } }, { diff --git a/templates/create_system_service.json.j2 b/templates/create_system_service.json.j2 index 3998c55..d344f60 100644 --- a/templates/create_system_service.json.j2 +++ b/templates/create_system_service.json.j2 @@ -8,16 +8,17 @@ "inputParameters" : ["client_id", "client_secret", "description"], "tasks" : [ { - "name": "LAMBDA_TASK", + "name": "INLINE_TASK", "taskReferenceName": "init", - "type": "LAMBDA", + "type": "INLINE", "inputParameters": { "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "id" : "${workflow.input.client_id}", "secret" : "${workflow.input.client_secret}", "description" : "${workflow.input.description}", - "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }" + "evaluatorType" : "javascript", + "expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){ if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}}; f()" } }, { @@ -52,12 +53,13 @@ } }, { - "name": "LAMBDA_TASK", + "name": "INLINE_TASK", "taskReferenceName": "extract_client_id", - "type": "LAMBDA", + "type": "INLINE", "inputParameters": { - "client_location" : "${create_client.output.headers.location}", - "scriptExpression": "var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}" + "evaluatorType" : "javascript", + "client_location" : "${create_client.output.headers.location}", + "expression": "var client_id = $.client_location.split('/').pop(); functio f(){return {'client_id' : client_id}}; f()" } }, { diff --git a/templates/delete_system_service.json.j2 b/templates/delete_system_service.json.j2 index 7e2e1b9..f0b1c0e 100644 --- a/templates/delete_system_service.json.j2 +++ b/templates/delete_system_service.json.j2 @@ -8,14 +8,15 @@ "inputParameters" : ["client_id"], "tasks" : [ { - "name": "LAMBDA_TASK", + "name": "INLINE_TASK", "taskReferenceName": "init", - "type": "LAMBDA", + "type": "INLINE", "inputParameters": { - "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", - "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", - "id" : "${workflow.input.client_id}", - "scriptExpression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty');" + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", + "id" : "${workflow.input.client_id}", + "evaluatorType" : "javascript", + "expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()" } }, { @@ -50,12 +51,13 @@ } }, { - "name": "LAMBDA_TASK", + "name": "INLINE_TASK", "taskReferenceName": "check", - "type": "LAMBDA", + "type": "INLINE", "inputParameters": { - "list" : "${lookup_client.output.body}", - "scriptExpression" : "if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')" + "list" : "${lookup_client.output.body}", + "evaluatorType" : "javascript", + "expression" : "function f(){if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')} f()" } }, {