gCubeSystem
/
ansible-role-conductor-workflows-user-management
16
0
Fork 0
Code Issues Pull Requests Releases 5 Wiki Activity

added new keycloak delete account workflow

This commit is contained in:
Marco Lettere 2024-05-15 15:32:00 +02:00
parent eda7375677
commit 872358fcc8
2 changed files with 308 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yaml
View File

@ -3,12 +3,13 @@ workflows:
# - create-user-add-to-vre
# - group_deleted
# - user-group_created
- user-group-role_created
# - user-group-role_created
# - group_created
# - invitation-accepted
# - user-group_deleted
# - user-group-role_deleted
# - delete-user-account
- keycloak_delete_account
# - role_deleted
# - role_created
# - add_role_policy_permission

306
templates/keycloak_delete_account.json.j2 Normal file
View File

@ -0,0 +1,306 @@
{
"ownerApp": "Orchestrator",
"createTime": 1712929588891,
"updateTime": 1712930905661,
"accessPolicy": {},
"name": "keycloak_delete_account",
"description": "Handle Admin events from Keycloak",
"version": 4,
"tasks": [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/${workflow.input.realm}",
"keycloak_admin": "{{ keycloak_admin }}/${workflow.input.realm}",
"liferay": "{{ liferay }}",
"liferay_auth": "{{ liferay_auth }}",
"keycloak_username": "${workflow.input.username}",
"evaluatorType": "javascript",
"expression": "function f(){ return { 'decoded_root_vo' : $.root_vo.replace('%2F','/'), 'encoded_root_vo' : encodeURIComponent($.root_vo)}} f()"
},
"type": "INLINE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "pyrest",
"taskReferenceName": "authorize",
"inputParameters": {
"url": "${init.input.keycloak}/protocol/openid-connect/token",
"method": "POST",
"headers": {
"Accept": "application/json"
},
"body": {
"client_id": "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type": "client_credentials"
}
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "fork_join",
"taskReferenceName": "global_delete_user",
"inputParameters": {},
"type": "FORK_JOIN",
"forkTasks": [
[
{
"name": "pyrest",
"taskReferenceName": "lookup_lr_company",
"inputParameters": {
"url": "${init.input.liferay}/company/get-company-by-web-id",
"method": "GET",
"params": {
"webId": "liferay.com"
},
"headers": {
"Authorization": "Basic ${init.input.liferay_auth}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "pyrest",
"taskReferenceName": "lookup_lr_user_by_screenname",
"inputParameters": {
"url": "${init.input.liferay}/user/get-user-by-screen-name",
"method": "GET",
"params": {
"companyId": "${lookup_lr_company.output.body.companyId}",
"screenName": "${init.input.keycloak_username}"
},
"headers": {
"Authorization": "Basic ${init.input.liferay_auth}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "pyrest",
"taskReferenceName": "lookup_lr_user_groups",
"inputParameters": {
"url": "${init.input.liferay}/group/get-user-sites-groups",
"method": "GET",
"params": {
"classNames": "[\"com.liferay.portal.model.Group\"]",
"userId": "${lookup_lr_user_by_screenname.output.body.userId}",
"max": "-1"
},
"headers": {
"Authorization": "Basic ${init.input.liferay_auth}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_delete_group_tasks",
"inputParameters": {
"evaluatorType": "javascript",
"groups": "${lookup_lr_user_groups.output.body.*.groupId}",
"userId": "${lookup_lr_user_by_screenname.output.body.userId}",
"expression": "inputs = {}; tasks = []; function f(){ for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs}} f()"
},
"type": "INLINE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "fork_dynamic",
"taskReferenceName": "parallel_delete_group",
"inputParameters": {
"tasks": "${build_delete_group_tasks.output.result.tasks}",
"inputs": "${build_delete_group_tasks.output.result.inputs}"
},
"type": "FORK_JOIN_DYNAMIC",
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "join",
"taskReferenceName": "join_parallel_group_deletion",
"inputParameters": {},
"type": "JOIN",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "pyrest",
"taskReferenceName": "delete_lr_user",
"inputParameters": {
"url": "${init.input.liferay}/user/delete-user",
"method": "POST",
"params": {
"userId": "${lookup_lr_user_by_screenname.output.body.userId}"
},
"headers": {
"Authorization": "Basic ${init.input.liferay_auth}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "INLINE_TASK",
"taskReferenceName": "lr_final_task",
"inputParameters": {
"evaluatorType": "javascript",
"expression": "1 == 1"
},
"type": "INLINE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
}
],
[
{
"name": "pyrest",
"taskReferenceName": "get_rootvo",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "pyrest",
"taskReferenceName": "get_rootvo_roles",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
"method": "GET",
"expect": [
200,
404
],
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "pyrest",
"taskReferenceName": "get_rootvo_infra_managers",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Infrastructure-Manager/users",
"method": "GET",
"expect": [
200,
404
],
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
}
]
],
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "join",
"taskReferenceName": "global_delete_user_join",
"inputParameters": {},
"type": "JOIN",
"startDelay": 0,
"joinOn": [
"lr_final_task",
"get_rootvo_infra_managers"
],
"optional": false,
"asyncComplete": false,
"permissive": false
},
{
"name": "pymail",
"taskReferenceName": "notify_infra_managers",
"inputParameters": {
"subject": "User account REMOVAL notification",
"from": "noreply@d4science.org",
"to": "${get_rootvo_infra_managers.output.body.*.email}",
"html": "<html><body><p>Dear ${init.output.result.decoded_root_vo} Infrastructure Manager,</p><p>'${
lookup_lr_user_by_screenname.output.body.firstName} ${
lookup_lr_user_by_screenname.output.body.lastName} (${
lookup_lr_user_by_screenname.output.body.screenName})' removed his/her account from the IAM</p><p>You received this email because you are an Infrastructure Manager.</p><p>WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.</p></body></html>"
},
"type": "SIMPLE",
"startDelay": 0,
"optional": false,
"asyncComplete": false,
"permissive": false
}
],
"inputParameters": [
"userid"
],
"outputParameters": {},
"schemaVersion": 2,
"restartable": true,
"workflowStatusListenerEnabled": false,
"ownerEmail": "mauro.mugnaini@nubisware.com",
"timeoutPolicy": "ALERT_ONLY",
"timeoutSeconds": 0,
"variables": {},
"inputTemplate": {}
}