From 676f68463041ac40f95baf99ec989275644192e7 Mon Sep 17 00:00:00 2001 From: "m.lettere" Date: Mon, 22 Nov 2021 15:23:59 +0100 Subject: [PATCH] added create_workspace_client workflow --- templates/create_workspace_client.json.j2 | 125 ++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 templates/create_workspace_client.json.j2 diff --git a/templates/create_workspace_client.json.j2 b/templates/create_workspace_client.json.j2 new file mode 100644 index 0000000..f0b601d --- /dev/null +++ b/templates/create_workspace_client.json.j2 @@ -0,0 +1,125 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "", + "createBy" : "Marco Lettere", + "description": "Create a WorkSpace Client and hook it up to optional list ov contexts. Check or create the settings on Shub.", + "version" : 1, + "ownerEmail" : "marco.lettere@nubisware.com", + "inputParameters" : ["client_id", "client_secret", "description", "context_list"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "root_vo": "{{ root_vo }}", + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", + "id" : "${workflow.input.client_id}", + "secret" : "${workflow.input.client_secret}", + "description" : "${workflow.input.description}", + "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak}/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "{{ keycloak_auth }}", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "fork_join", + "taskReferenceName" : "fork1", + "type" : "FORK_JOIN", + "forkTasks : [ + [ + { + "name" : "pyrest", + "taskReferenceName" : "create_client", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients", + "body" : "${init.output.result.client}", + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "extract_client_id", + "type": "LAMBDA", + "inputParameters": { + "client_location" : "${create_client.output.headers.location}", + "scriptExpression": "var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_service_account_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/service-account-user", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "get_rootvo", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_rootvo_roles", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles", + "method" : "GET", + "expect" : [200, 404], + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + } + ] + ] + } + }, + { + "name": "join", + "taskReferenceName": "join1", + "type": "JOIN", + "joinOn": [ + "get_service_account_user", + "get_rootvo_roles" + ] + } +} +