diff --git a/templates/add_all_member_roles.json.j2 b/templates/add_all_member_roles.json.j2 new file mode 100644 index 0000000..8925024 --- /dev/null +++ b/templates/add_all_member_roles.json.j2 @@ -0,0 +1,65 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "add_all_member_roles", + "createBy" : "Marco Lettere", + "description": "Add all member roles of every context to the system client identified by ", + "version" : 1, + "ownerEmail" : "marco.lettere@nubisware.com", + "inputParameters" : ["context","client"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", + "scriptExpression": "1 == 1" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "{{ keycloak }}/master/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "{{ keycloak_auth_master }}", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "retrieve_member_role", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${workflow.input.context.id}/roles/Member", + "method" :"GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "assign_member_role", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${workflow.input.client}/role-mappings/clients/${retrieve_member_role.output.body.containerId}", + "method" :"POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + }, + "body" : "${retrieve_member_role.output.body}" + } + } + +} diff --git a/templates/create_system_service.json.j2 b/templates/create_system_service.json.j2 new file mode 100644 index 0000000..cc2a7d6 --- /dev/null +++ b/templates/create_system_service.json.j2 @@ -0,0 +1,112 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "create_system_client", + "createBy" : "Marco Lettere", + "description": "Create a confidential client for software procedures that need to be members of each VO and VRE", + "version" : 1, + "ownerEmail" : "marco.lettere@nubisware.com", + "inputParameters" : ["client_id", "first", "max"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", + "scriptExpression": "1 == 1" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "{{ keycloak }}/master/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "{{ keycloak_auth_master }}", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_client", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients", + "body" : { + "clientId": "${workflow.input.client_id}", + "name": "${workflow.input.client_id}", + "description": "${workflow.input.client_id}", + "rootUrl": "", + "enabled": true, + "serviceAccountsEnabled": true, + "standardFlowEnabled": true, + "authorizationServicesEnabled": false, + "publicClient": false, + "fullScopeAllowed" : true, + "protocol": "openid-connect" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "extract_client_id", + "type": "LAMBDA", + "inputParameters": { + "client_location" : "${create_client.output.headers.location}", + "scriptExpression": "var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_all_contexts", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients?clientId=%252F&search=true&first=${workflow.input.first}&max=${workflow.input.max}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "build_member_roles_assignment_tasks", + "type": "LAMBDA", + "inputParameters": { + "contexts" : "${get_all_contexts.body}", + "id" : "${extract_client_id.output.result.client_id}", + "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.contexts.length;i++)c=$.contexts[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['add_all_member_roles_'+i]={context:c, client:$.id};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};" + } + }, + { + "name" : "fork_dynamic", + "type" : "FORK_JOIN_DYNAMIC", + "taskReferenceName" : "parallel_build_member_roles_assignment_tasks", + "inputParameters" : { + "tasks" : "${build_member_roles_assignment_tasks.output.result.tasks}", + "inputs" : "${build_member_roles_assignment_tasks.output.result.inputs}" + }, + "dynamicForkTasksParam": "tasks", + "dynamicForkTasksInputParamName": "inputs" + }, + { + "name" : "join", + "type" : "JOIN", + "taskReferenceName" : "parallel_build_member_roles_assignment_tasks" + } + ] +}