From 9ca9ad4e54a3ccd3d726888f5d37327775209937 Mon Sep 17 00:00:00 2001 From: "m.lettere" Date: Thu, 17 Mar 2022 15:39:02 +0100 Subject: [PATCH] refactoring plus addition of delete ghn from contexts --- defaults/main.yaml | 8 +- templates/ghn_client_add_to_context.json.j2 | 4 +- templates/ghn_client_add_to_contexts.json.j2 | 1 - .../ghn_client_remove_from_context.json.j2 | 156 ++++++++++++++++++ .../ghn_client_remove_from_contexts.json.j2 | 49 ++++++ 5 files changed, 211 insertions(+), 7 deletions(-) create mode 100644 templates/ghn_client_remove_from_context.json.j2 create mode 100644 templates/ghn_client_remove_from_contexts.json.j2 diff --git a/defaults/main.yaml b/defaults/main.yaml index 9346b39..c328037 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -20,10 +20,12 @@ workflows: # - add_workspace_client_to_context # - enable_workspace_clients_for_context # - add_workspace_client_to_contexts -# - ghn_client_add_to_context -# - ghn_client_add_to_contexts -# - ghn_client_create + - ghn_client_add_to_context + - ghn_client_add_to_contexts + - ghn_client_create - ghn_client_delete + - ghn_client_remove_from_to_contexts + - ghn_client_remove_from_context keycloak_host: "https://accounts.dev.d4science.org/auth" keycloak: "{{ keycloak_host }}/realms" diff --git a/templates/ghn_client_add_to_context.json.j2 b/templates/ghn_client_add_to_context.json.j2 index 85a80b4..07e411c 100644 --- a/templates/ghn_client_add_to_context.json.j2 +++ b/templates/ghn_client_add_to_context.json.j2 @@ -12,13 +12,11 @@ "taskReferenceName": "init", "type": "LAMBDA", "inputParameters": { - "root_vo": "{{ root_vo }}", - "storagehub" : "{{ storagehub }}", "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "id" : "${workflow.input.client_id}", "ctx" : "${workflow.input.context}", - "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_root_vo : encodeURI($.root_vo), encoded_context : $.ctx.replaceAll('/', '%2F')}" + "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}" } }, { diff --git a/templates/ghn_client_add_to_contexts.json.j2 b/templates/ghn_client_add_to_contexts.json.j2 index 88b8ba0..3d6af36 100644 --- a/templates/ghn_client_add_to_contexts.json.j2 +++ b/templates/ghn_client_add_to_contexts.json.j2 @@ -12,7 +12,6 @@ "taskReferenceName": "init", "type": "LAMBDA", "inputParameters": { - "root_vo": "{{ root_vo }}", "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "id" : "${workflow.input.client_id}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", diff --git a/templates/ghn_client_remove_from_context.json.j2 b/templates/ghn_client_remove_from_context.json.j2 new file mode 100644 index 0000000..b8d27de --- /dev/null +++ b/templates/ghn_client_remove_from_context.json.j2 @@ -0,0 +1,156 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "ghn_client_remove_from_context", + "createBy" : "Marco Lettere", + "description": "The role Memeber of the give context is removed from a GHN client on IAM.", + "version" : 1, + "ownerEmail" : "marco.lettere@nubisware.com", + "inputParameters" : ["client_id", "context"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", + "id" : "${workflow.input.client_id}", + "ctx" : "${workflow.input.context}", + "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "{{ keycloak }}/master/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "{{ keycloak_auth_master }}", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "fork_join", + "taskReferenceName" : "fork1", + "type" : "FORK_JOIN", + "forkTasks" : [ + [ + { + "name" : "pyrest", + "taskReferenceName" : "lookup_client", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients", + "params" : { "clientId" : "${workflow.input.client_id}"}, + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "extract_ghn_client", + "type": "LAMBDA", + "inputParameters": { + "client" : "${lookup_client.output.body}", + "scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_service_account_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + } + ], + [ + { + "name" : "pyrest", + "taskReferenceName" : "lookup_context", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients", + "params" : { "clientId" : "${init.output.result.encoded_context}"}, + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "extract_context", + "type": "LAMBDA", + "inputParameters": { + "client" : "${lookup_context.output.body}", + "scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }" + } + }, + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "retrieve_member_role", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member", + "method" :"GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "jq_1", + "taskReferenceName": "roles_to_remove", + "type": "JSON_JQ_TRANSFORM", + "inputParameters": { + "role": "${retrieve_member_role.output.body}", + "queryExpression" : ".role" + } + } + ] + ] + }, + { + "name": "join", + "taskReferenceName": "join1", + "type": "JOIN", + "joinOn": [ + "get_service_account_user", + "roles_to_remove" + ] + }, + { + "name" : "pyrest", + "type" : "SIMPLE", + "taskReferenceName": "remove_member_role", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}", + "method" :"DELETE", + "expect" : 204, + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + }, + "body" : "${roles_to_remove.output.resultList}" + } + } + ] +} diff --git a/templates/ghn_client_remove_from_contexts.json.j2 b/templates/ghn_client_remove_from_contexts.json.j2 new file mode 100644 index 0000000..2e2081f --- /dev/null +++ b/templates/ghn_client_remove_from_contexts.json.j2 @@ -0,0 +1,49 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "ghn_client_remove_from_contexts", + "createBy" : "Marco Lettere", + "description": "The role Member for of all the passed contexts is removed from a GHN client", + "version" : 1, + "ownerEmail" : "marco.lettere@nubisware.com", + "inputParameters" : ["client_id", "context_list"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "id" : "${workflow.input.client_id}", + "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", + "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty'); return { }" + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "build_tasks_to_delete_ghn_client_from_all_contexts", + "type": "LAMBDA", + "inputParameters": { + "context_list" : "${workflow.input.context_list}", + "client_id" : "${workflow.input.client_id}", + "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'remove_ghn_client_from_context_'+i, subWorkflowParam:{ name:'ghn_client_remove_from_context'}}),inputs['remove_ghn_client_from_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};" + } + }, + { + "name" : "fork_dynamic", + "type" : "FORK_JOIN_DYNAMIC", + "taskReferenceName" : "parallel_build_tasks_to_remove_ghn_client_from_all_contexts", + "inputParameters" : { + "tasks" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.tasks}", + "inputs" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.inputs}" + }, + "dynamicForkTasksParam": "tasks", + "dynamicForkTasksInputParamName": "inputs" + }, + { + "name" : "join", + "type" : "JOIN", + "taskReferenceName" : "join_build_tasks_to_remove_ghn_client_from_all_contexts" + } + ] +} +