From ac6b3254860e81d3cedde859ee8a8c7aac3872e6 Mon Sep 17 00:00:00 2001 From: "m.lettere" Date: Tue, 12 Jul 2022 18:10:11 +0200 Subject: [PATCH] added workflow for jh resource enablement --- defaults/main.yaml | 3 +- ...erhub_add_serveroptions_to_context.json.j2 | 313 ++++++++++++++++++ 2 files changed, 315 insertions(+), 1 deletion(-) create mode 100644 templates/jupyterhub_add_serveroptions_to_context.json.j2 diff --git a/defaults/main.yaml b/defaults/main.yaml index 0b9ea73..269e372 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -10,7 +10,7 @@ workflows: # - user-group-role_deleted # - delete-user-account # - role_deleted - - role_created +# - role_created # - add_role_policy_permission # - add_all_member_roles # - create_system_service @@ -26,6 +26,7 @@ workflows: # - ghn_client_delete # - ghn_client_remove_from_contexts # - ghn_client_remove_from_context + - jupyterhub_add_serveroptions_to_context keycloak_host: "https://accounts.dev.d4science.org/auth" keycloak: "{{ keycloak_host }}/realms" diff --git a/templates/jupyterhub_add_serveroptions_to_context.json.j2 b/templates/jupyterhub_add_serveroptions_to_context.json.j2 new file mode 100644 index 0000000..19d99e0 --- /dev/null +++ b/templates/jupyterhub_add_serveroptions_to_context.json.j2 @@ -0,0 +1,313 @@ +{ + "createTime": 1657617957794, + "updateTime": 1657639881455, + "name": "jupyterhub_add_serveroptions_to_context", + "description": "Reflects the JupyterHub ServerOptions from a given IS Context to the AuthZ on the IAM", + "version": 1, + "tasks": [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "inputParameters": { + "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", + "keycloak_admin": "{{ keycloak_admin }}/{{ keycloak_realm }}", + "ctx": "${workflow.input.context}", + "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.ctx)) throw('Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}" + }, + "type": "LAMBDA", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "pyrest", + "taskReferenceName": "authorize", + "inputParameters": { + "url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token", + "method": "POST", + "headers": { + "Accept": "application/json" + }, + "body": { + "client_id": "orchestrator", + "client_secret": "{{ keycloak_auth }}", + "grant_type": "client_credentials" + } + }, + "type": "SIMPLE", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "fork_join", + "taskReferenceName": "pre-query", + "inputParameters": {}, + "type": "FORK_JOIN", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [ + [ + { + "name": "pyrest", + "taskReferenceName": "lookup_jupyterhub", + "inputParameters": { + "url": "${init.input.keycloak_admin}/clients", + "params": { + "clientId": "jupyterhub1" + }, + "method": "GET", + "headers": { + "Authorization": "Bearer ${authorize.output.body.access_token}", + "Accept": "application/json" + } + }, + "type": "SIMPLE", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "pyrest", + "taskReferenceName": "lookup_jupyterhub_resources", + "inputParameters": { + "url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource", + "params": { + "clientId": "jupyterhub1" + }, + "method": "GET", + "headers": { + "Authorization": "Bearer ${authorize.output.body.access_token}", + "Accept": "application/json" + } + }, + "type": "SIMPLE", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + } + ], + [ + { + "name": "pyrest", + "taskReferenceName": "authorize_with_uma_rpt", + "inputParameters": { + "url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token", + "method": "POST", + "headers": { + "Accept": "application/json" + }, + "body": { + "audience": "${init.output.result.encoded_context}", + "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket", + "client_id": "orchestrator", + "client_secret": "c93501bd-abeb-4228-bc28-afac38877338" + } + }, + "type": "SIMPLE", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "pyrest", + "taskReferenceName": "lookup_resources_on_icproxy", + "inputParameters": { + "url": "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/JupyterHub", + "method": "GET", + "headers": { + "Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}" + } + }, + "type": "SIMPLE", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "pyeval", + "taskReferenceName": "extract_authids", + "inputParameters": { + "code": "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/ServerOption/AuthId')))", + "xmlstring": "${lookup_resources_on_icproxy.output.body}" + }, + "type": "SIMPLE", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + } + ] + ], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "join", + "taskReferenceName": "join-pre-query", + "inputParameters": {}, + "type": "JOIN", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [ + "lookup_jupyterhub_resources", + "extract_authids" + ], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "check", + "inputParameters": { + "param": "ok", + "scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.param)) throw('Param must not be empty'); else return $.param" + }, + "type": "LAMBDA", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "filter_and_update", + "inputParameters": { + "allowed": "${extract_authids.output.result}", + "res": "${lookup_jupyterhub_resources.output.body}", + "ctx": "${init.output.result.encoded_context}", + "scriptExpression": "var ret = []; for(var r=0; r < $.res.length; r++){ if($.allowed.indexOf($.res[r].name) !== -1){ $.res[r].attributes[$.ctx] = Java.to(['true'], 'java.lang.String[]'); ret.push($.res[r]) } } return Java.to(ret, 'java.util.Map[]')" + }, + "type": "LAMBDA", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "build_parallel_tasks", + "inputParameters": { + "res": "${filter_and_update.output.result}", + "url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource/", + "scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.res.length; i++){s = $.res[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 't' + i});inputs['t' + i] = {url: $.url + $.res[i]._id,method: 'PUT', body: $.res[i], headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', 'Content-Type': 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};" + }, + "type": "LAMBDA", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "fork_dynamic", + "taskReferenceName": "parallel_tasks", + "inputParameters": { + "tasks": "${build_parallel_tasks.output.result.tasks}", + "inputs": "${build_parallel_tasks.output.result.inputs}" + }, + "type": "FORK_JOIN_DYNAMIC", + "decisionCases": {}, + "dynamicForkTasksParam": "tasks", + "dynamicForkTasksInputParamName": "inputs", + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + }, + { + "name": "join", + "taskReferenceName": "join_parallel_tasks", + "inputParameters": {}, + "type": "JOIN", + "decisionCases": {}, + "defaultCase": [], + "forkTasks": [], + "startDelay": 0, + "joinOn": [], + "optional": false, + "defaultExclusiveJoinTask": [], + "asyncComplete": false, + "loopOver": [] + } + ], + "inputParameters": [ + "context" + ], + "outputParameters": {}, + "schemaVersion": 2, + "restartable": true, + "workflowStatusListenerEnabled": false, + "ownerEmail": "example@email.com", + "timeoutPolicy": "ALERT_ONLY", + "timeoutSeconds": 0, + "variables": {}, + "inputTemplate": {} +}