gCubeSystem
/
ansible-role-conductor-workflows-user-management
17
0
Fork 0
Code Issues Pull Requests Releases 5 Wiki Activity

modernized system_service workflows

This commit is contained in:
Marco Lettere 2023-10-13 09:58:38 +02:00
parent 3febc0751b
commit 2d953718c0
4 changed files with 41 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
defaults/main.yaml
View File

@ -1,10 +1,10 @@
--- ---
workflows: workflows:
# - create-user-add-to-vre # - create-user-add-to-vre
- group_deleted # - group_deleted
# - user-group_created # - user-group_created
# - user-group-role_created # - user-group-role_created
- group_created # - group_created
# - invitation-accepted # - invitation-accepted
# - user-group_deleted # - user-group_deleted
# - user-group-role_deleted # - user-group-role_deleted
@ -13,12 +13,12 @@ workflows:
# - role_created # - role_created
# - add_role_policy_permission # - add_role_policy_permission
# - add_all_member_roles # - add_all_member_roles
# - create_system_service - create_system_service
# - delete_system_service - delete_system_service
# - add_all_system_services_to_vre - add_all_system_services_to_vre
# - create_workspace_client # - create_workspace_client
# - add_workspace_client_to_context # - add_workspace_client_to_context
- enable_workspace_clients_for_context # - enable_workspace_clients_for_context
# - add_workspace_client_to_contexts # - add_workspace_client_to_contexts
# - ghn_client_add_to_context # - ghn_client_add_to_context
# - ghn_client_add_to_contexts # - ghn_client_add_to_contexts
@ -26,7 +26,7 @@ workflows:
# - ghn_client_delete # - ghn_client_delete
# - ghn_client_remove_from_contexts # - ghn_client_remove_from_contexts
# - ghn_client_remove_from_context # - ghn_client_remove_from_context
- jupyterhub_add_serveroptions_to_context # - jupyterhub_add_serveroptions_to_context
# - record_context_to_is # - record_context_to_is
# - create_vre_folder_for_context # - create_vre_folder_for_context
# - create_vre # - create_vre

22
templates/add_all_system_services_to_vre.json.j2
View File

@ -8,13 +8,14 @@
"inputParameters" : ["client_resource_id"], "inputParameters" : ["client_resource_id"],
"tasks" : [ "tasks" : [
{ {
"name": "LAMBDA_TASK", "name": "INLINE_TASK",
"taskReferenceName": "init", "taskReferenceName": "init",
"type": "LAMBDA", "type": "INLINE",
"inputParameters": { "inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"iC_proxy" : "{{ ic_proxy }}", "iC_proxy" : "{{ ic_proxy }}",
"evaluatorType" : "javascript",
"scriptExpression": "1 == 1" "scriptExpression": "1 == 1"
} }
}, },
@ -105,13 +106,14 @@
} }
}, },
{ {
"name": "LAMBDA_TASK", "name": "INLINE_TASK",
"taskReferenceName": "build_get_system_services_tasks", "taskReferenceName": "build_get_system_services_tasks",
"type": "LAMBDA", "type": "INLINE",
"inputParameters": { "inputParameters": {
"url" : "${init.input.keycloak_admin}/clients?search=true&clientId=", "url" : "${init.input.keycloak_admin}/clients?search=true&clientId=",
"services" : "${extract_system_service_names.output.result}", "services" : "${extract_system_service_names.output.result}",
"scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service' + i});inputs['get_system_service' + i] = {url: $.url + s,method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};" "evaluatorType" : "javascript",
"expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service' + i});inputs['get_system_service' + i] = {url: $.url + s,method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()"
} }
}, },
{ {
@ -131,13 +133,14 @@
"taskReferenceName" : "join_parallel_get_system_services_tasks" "taskReferenceName" : "join_parallel_get_system_services_tasks"
}, },
{ {
"name": "LAMBDA_TASK", "name": "INLINE_TASK",
"taskReferenceName": "build_get_system_services_useraccount_tasks", "taskReferenceName": "build_get_system_services_useraccount_tasks",
"type": "LAMBDA", "type": "INLINE",
"inputParameters": { "inputParameters": {
"evaluatorType" : "javascript",
"url" : "${init.input.keycloak_admin}/clients", "url" : "${init.input.keycloak_admin}/clients",
"services" : "${join_parallel_get_system_services_tasks.output..body.*.id}", "services" : "${join_parallel_get_system_services_tasks.output..body.*.id}",
"scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service_useraccount' + i});inputs['get_system_service_useraccount' + i] = {url: $.url + '/' + s + '/service-account-user',method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};" "scriptExpression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service_useraccount' + i});inputs['get_system_service_useraccount' + i] = {url: $.url + '/' + s + '/service-account-user',method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};"
} }
}, },
{ {
@ -163,7 +166,8 @@
"inputParameters": { "inputParameters": {
"context" : "${get_vre.output.body}", "context" : "${get_vre.output.body}",
"service_ids" : "${join_parallel_get_system_services_useraccount_tasks.output..body.id}", "service_ids" : "${join_parallel_get_system_services_useraccount_tasks.output..body.id}",
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.service_ids.length;i++)c=$.context,tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.service_ids[i]};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};" "evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];for(var i=0;i<$.service_ids.length;i++)c=$.context,tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.service_ids[i]};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
} }
}, },
{ {

16
templates/create_system_service.json.j2
View File

@ -8,16 +8,17 @@
"inputParameters" : ["client_id", "client_secret", "description"], "inputParameters" : ["client_id", "client_secret", "description"],
"tasks" : [ "tasks" : [
{ {
"name": "LAMBDA_TASK", "name": "INLINE_TASK",
"taskReferenceName": "init", "taskReferenceName": "init",
"type": "LAMBDA", "type": "INLINE",
"inputParameters": { "inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}", "id" : "${workflow.input.client_id}",
"secret" : "${workflow.input.client_secret}", "secret" : "${workflow.input.client_secret}",
"description" : "${workflow.input.description}", "description" : "${workflow.input.description}",
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }" "evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){ if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}}; f()"
} }
}, },
{ {
@ -52,12 +53,13 @@
} }
}, },
{ {
"name": "LAMBDA_TASK", "name": "INLINE_TASK",
"taskReferenceName": "extract_client_id", "taskReferenceName": "extract_client_id",
"type": "LAMBDA", "type": "INLINE",
"inputParameters": { "inputParameters": {
"client_location" : "${create_client.output.headers.location}", "evaluatorType" : "javascript",
"scriptExpression": "var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}" "client_location" : "${create_client.output.headers.location}",
"expression": "var client_id = $.client_location.split('/').pop(); functio f(){return {'client_id' : client_id}}; f()"
} }
}, },
{ {

22
templates/delete_system_service.json.j2
View File

@ -8,14 +8,15 @@
"inputParameters" : ["client_id"], "inputParameters" : ["client_id"],
"tasks" : [ "tasks" : [
{ {
"name": "LAMBDA_TASK", "name": "INLINE_TASK",
"taskReferenceName": "init", "taskReferenceName": "init",
"type": "LAMBDA", "type": "INLINE",
"inputParameters": { "inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}", "id" : "${workflow.input.client_id}",
"scriptExpression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty');" "evaluatorType" : "javascript",
"expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()"
} }
}, },
{ {
@ -50,12 +51,13 @@
} }
}, },
{ {
"name": "LAMBDA_TASK", "name": "INLINE_TASK",
"taskReferenceName": "check", "taskReferenceName": "check",
"type": "LAMBDA", "type": "INLINE",
"inputParameters": { "inputParameters": {
"list" : "${lookup_client.output.body}", "list" : "${lookup_client.output.body}",
"scriptExpression" : "if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')" "evaluatorType" : "javascript",
"expression" : "function f(){if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')} f()"
} }
}, },
{ {