added workflow for jh resource enablement
This commit is contained in:
parent
3bd3eefd4b
commit
ac6b325486
|
@ -10,7 +10,7 @@ workflows:
|
|||
# - user-group-role_deleted
|
||||
# - delete-user-account
|
||||
# - role_deleted
|
||||
- role_created
|
||||
# - role_created
|
||||
# - add_role_policy_permission
|
||||
# - add_all_member_roles
|
||||
# - create_system_service
|
||||
|
@ -26,6 +26,7 @@ workflows:
|
|||
# - ghn_client_delete
|
||||
# - ghn_client_remove_from_contexts
|
||||
# - ghn_client_remove_from_context
|
||||
- jupyterhub_add_serveroptions_to_context
|
||||
|
||||
keycloak_host: "https://accounts.dev.d4science.org/auth"
|
||||
keycloak: "{{ keycloak_host }}/realms"
|
||||
|
|
|
@ -0,0 +1,313 @@
|
|||
{
|
||||
"createTime": 1657617957794,
|
||||
"updateTime": 1657639881455,
|
||||
"name": "jupyterhub_add_serveroptions_to_context",
|
||||
"description": "Reflects the JupyterHub ServerOptions from a given IS Context to the AuthZ on the IAM",
|
||||
"version": 1,
|
||||
"tasks": [
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"inputParameters": {
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin": "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"ctx": "${workflow.input.context}",
|
||||
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.ctx)) throw('Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}"
|
||||
},
|
||||
"type": "LAMBDA",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "authorize",
|
||||
"inputParameters": {
|
||||
"url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||
"method": "POST",
|
||||
"headers": {
|
||||
"Accept": "application/json"
|
||||
},
|
||||
"body": {
|
||||
"client_id": "orchestrator",
|
||||
"client_secret": "{{ keycloak_auth }}",
|
||||
"grant_type": "client_credentials"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "fork_join",
|
||||
"taskReferenceName": "pre-query",
|
||||
"inputParameters": {},
|
||||
"type": "FORK_JOIN",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [
|
||||
[
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "lookup_jupyterhub",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.keycloak_admin}/clients",
|
||||
"params": {
|
||||
"clientId": "jupyterhub1"
|
||||
},
|
||||
"method": "GET",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept": "application/json"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "lookup_jupyterhub_resources",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource",
|
||||
"params": {
|
||||
"clientId": "jupyterhub1"
|
||||
},
|
||||
"method": "GET",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept": "application/json"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "authorize_with_uma_rpt",
|
||||
"inputParameters": {
|
||||
"url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||
"method": "POST",
|
||||
"headers": {
|
||||
"Accept": "application/json"
|
||||
},
|
||||
"body": {
|
||||
"audience": "${init.output.result.encoded_context}",
|
||||
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||
"client_id": "orchestrator",
|
||||
"client_secret": "c93501bd-abeb-4228-bc28-afac38877338"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "lookup_resources_on_icproxy",
|
||||
"inputParameters": {
|
||||
"url": "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/JupyterHub",
|
||||
"method": "GET",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "pyeval",
|
||||
"taskReferenceName": "extract_authids",
|
||||
"inputParameters": {
|
||||
"code": "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/ServerOption/AuthId')))",
|
||||
"xmlstring": "${lookup_resources_on_icproxy.output.body}"
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
}
|
||||
]
|
||||
],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "join",
|
||||
"taskReferenceName": "join-pre-query",
|
||||
"inputParameters": {},
|
||||
"type": "JOIN",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [
|
||||
"lookup_jupyterhub_resources",
|
||||
"extract_authids"
|
||||
],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "check",
|
||||
"inputParameters": {
|
||||
"param": "ok",
|
||||
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.param)) throw('Param must not be empty'); else return $.param"
|
||||
},
|
||||
"type": "LAMBDA",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "filter_and_update",
|
||||
"inputParameters": {
|
||||
"allowed": "${extract_authids.output.result}",
|
||||
"res": "${lookup_jupyterhub_resources.output.body}",
|
||||
"ctx": "${init.output.result.encoded_context}",
|
||||
"scriptExpression": "var ret = []; for(var r=0; r < $.res.length; r++){ if($.allowed.indexOf($.res[r].name) !== -1){ $.res[r].attributes[$.ctx] = Java.to(['true'], 'java.lang.String[]'); ret.push($.res[r]) } } return Java.to(ret, 'java.util.Map[]')"
|
||||
},
|
||||
"type": "LAMBDA",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "LAMBDA_TASK",
|
||||
"taskReferenceName": "build_parallel_tasks",
|
||||
"inputParameters": {
|
||||
"res": "${filter_and_update.output.result}",
|
||||
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource/",
|
||||
"scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.res.length; i++){s = $.res[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 't' + i});inputs['t' + i] = {url: $.url + $.res[i]._id,method: 'PUT', body: $.res[i], headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', 'Content-Type': 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};"
|
||||
},
|
||||
"type": "LAMBDA",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "fork_dynamic",
|
||||
"taskReferenceName": "parallel_tasks",
|
||||
"inputParameters": {
|
||||
"tasks": "${build_parallel_tasks.output.result.tasks}",
|
||||
"inputs": "${build_parallel_tasks.output.result.inputs}"
|
||||
},
|
||||
"type": "FORK_JOIN_DYNAMIC",
|
||||
"decisionCases": {},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs",
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "join",
|
||||
"taskReferenceName": "join_parallel_tasks",
|
||||
"inputParameters": {},
|
||||
"type": "JOIN",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
}
|
||||
],
|
||||
"inputParameters": [
|
||||
"context"
|
||||
],
|
||||
"outputParameters": {},
|
||||
"schemaVersion": 2,
|
||||
"restartable": true,
|
||||
"workflowStatusListenerEnabled": false,
|
||||
"ownerEmail": "example@email.com",
|
||||
"timeoutPolicy": "ALERT_ONLY",
|
||||
"timeoutSeconds": 0,
|
||||
"variables": {},
|
||||
"inputTemplate": {}
|
||||
}
|
Loading…
Reference in New Issue