diff --git a/defaults/main.yaml b/defaults/main.yaml index 967b6ce..4c33b77 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -4,7 +4,7 @@ workflows: # - group_deleted # - user-group_created # - user-group-role_created - - group_created +# - group_created # - invitation-accepted # - user-group_deleted # - user-group-role_deleted @@ -13,10 +13,11 @@ workflows: # - role_created # - add_role_policy_permission # - add_all_member_roles - - create_system_service - - delete_system_service +# - create_system_service +# - delete_system_service # - add_all_system_services_to_vre -# - create_workspace_client + - create_workspace_client + - add_workspace_client_to_context keycloak_host: "https://accounts.dev.d4science.org/auth" keycloak: "{{ keycloak_host }}/realms" keycloak_realm: "d4science" diff --git a/templates/add_workspace_client_to_context.json.j2 b/templates/add_workspace_client_to_context.json.j2 new file mode 100644 index 0000000..ed32116 --- /dev/null +++ b/templates/add_workspace_client_to_context.json.j2 @@ -0,0 +1,158 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "add_workspace_client_to_contexts", + "createBy" : "Marco Lettere", + "description": "A workspace client is made Member of a context and it's workspace folder is linked to context's shared folder", + "version" : 1, + "ownerEmail" : "marco.lettere@nubisware.com", + "inputParameters" : ["client_id", "context"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "root_vo": "{{ root_vo }}", + "storagehub" : "{{ storagehub }}", + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", + "id" : "${workflow.input.client_id}", + "ctx" : "${wokflow.input.context}", + "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_root_vo : encodeURI($.root_vo)}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "{{ keycloak }}/master/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "{{ keycloak_auth_master }}", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "fork_join", + "taskReferenceName" : "fork1", + "type" : "FORK_JOIN", + "forkTasks" : [ + [ + { + "name" : "pyrest", + "taskReferenceName" : "lookup_client", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients", + "params" : { "clientId" : "${workflow.input.client_id}"}, + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "extract_ws_client", + "type": "LAMBDA", + "inputParameters": { + "client" : "${lookup_client.output.body}", + "scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_service_account_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_ws_client.output.result.id}/service-account-user", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + } + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "lookup_context", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients", + "params" : { "clientId" : "${workflow.input.context}"}, + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "extract_context", + "type": "LAMBDA", + "inputParameters": { + "client" : "${lookup_context.output.body}", + "scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}" + } + }, + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "retrieve_member_role", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_context.id}/roles/Member", + "method" :"GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "jq_1", + "taskReferenceName": "roles_to_assign", + "type": "JSON_JQ_TRANSFORM", + "inputParameters": { + "role": "${retrieve_member_role.output.body}", + "queryExpression" : ".role" + } + }, + ] + ] + }, + { + "name": "join", + "taskReferenceName": "join1", + "type": "JOIN", + "joinOn": [ + "get_service_account_user", + "roles_to_assign" + ] + }, + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "assign_member_role", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}", + "method" :"POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json", + "Accept":"application/json" + }, + "body" : "${roles_to_assign.output.resultList}" + } + } + ] +}