move to subworkflow

3 years ago · 2fb8b37c7f
parent 587c491b99
commit 2fb8b37c7f
2 changed files with 8 additions and 19 deletions
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -9,7 +9,8 @@ workflows:
   - user-group_deleted
   - user-group-role_deleted
   - delete-user-account
-   - role_created 
+   - role_created
+   - add_role_policy_permission 
 keycloak_host: "https://accounts.dev.d4science.org/auth"
 keycloak: "{{ keycloak_host }}/realms"
 keycloak_realm: "d4science"
--- a/templates/role_created.json.j2
+++ b/templates/role_created.json.j2
@ -126,32 +126,20 @@
    },
    {
      "name": "LAMBDA_TASK",
-      "taskReferenceName": "reorder_roles",
+      "taskReferenceName": "build_policy_permission_tasks",
      "type": "LAMBDA",
      "inputParameters": {
-        "role" : "${workflow.input.role}",
-        "roles" : "${join_parallel_getting_back.output[*].body}",
-        "vres" : "${get_all_vres.output.body}",
-        "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+i}),inputs['create_role_policy_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/authz/resource-server/policy/role',body:{name:$.role +'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:$.roles[i].id,required:true}],'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize.output.body.access_token}','Content-Type' : 'application/json',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
-      }
-    },
-    {
-      "name": "LAMBDA_TASK",
-      "taskReferenceName": "build_add_policy_tasks",
-      "type": "LAMBDA",
-      "inputParameters": {
-        "role" : "${workflow.input.role}",
        "roles" : "${join_parallel_getting_back.output[*].body}",
-        "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+i}),inputs['create_role_policy_'+i]={url:'${init.input.keycloak_admin}/clients/' + r.containerId + '/authz/resource-server/policy/role',body:{name:$.role +'_policy',description:'Policy for being in ' + $.role,type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}],'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize.output.body.access_token}','Content-Type' : 'application/json',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
+        "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_policy_workflow_'+i, subWorkflowParam:{ name:'add_role_policy_permission'}}),inputs['call_policy_workflow_'+i]={role:Java.to(r,'java.util.Map')}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
      }
    },
    {
      "name" : "fork_dynamic",
      "type" : "FORK_JOIN_DYNAMIC",
-      "taskReferenceName" : "parallel_add_policy_role",
+      "taskReferenceName" : "parallel_call_policy_permission_workflow",
      "inputParameters" : {
-          "tasks" : "${build_add_policy_tasks.output.result.tasks}",
-          "inputs" : "${build_add_policy_tasks.output.result.inputs}"
+          "tasks" : "${build_policy_permission_tasks.output.result.tasks}",
+          "inputs" : "${build_policy_permission_tasks.output.result.inputs}"
      },
      "dynamicForkTasksParam": "tasks",
      "dynamicForkTasksInputParamName": "inputs"
@ -159,7 +147,7 @@
    {
        "name" : "join",
        "type" : "JOIN",
-        "taskReferenceName" : "join_parallel_policy_addition"
+        "taskReferenceName" : "join_parallel_policy_permission_addition"
    }
 	]
 }