gCubeSystem
/
ansible-role-conductor-workflows-user-management
17
0
Fork 0
Code Issues Pull Requests Releases 5 Wiki Activity

Compare commits

base: gCubeSystem:master
Branches Tags
gCubeSystem:master
gCubeSystem:r5.6.0
gCubeSystem:5.4.0
gCubeSystem:r5.2.0
gCubeSystem:r5.0.1
gCubeSystem:r5.0.0
..
compare: gCubeSystem:r5.0.1
Branches Tags
gCubeSystem:master
gCubeSystem:r5.6.0
gCubeSystem:5.4.0
gCubeSystem:r5.2.0
gCubeSystem:r5.0.1
gCubeSystem:r5.0.0

No commits in common. "master" and "r5.0.1" have entirely different histories.
master ... r5.0.1

32 changed files with 1243 additions and 4698 deletions
Show Stats Expand all files Collapse all files

41
defaults/main.yaml
View File

@ -1,36 +1,14 @@
---
workflows:
# - create-user-add-to-vre
# - group_deleted
# - user-group_created
- create-user-add-to-vre
- group_deleted
- user-group_created
- user-group-role_created
# - group_created
# - invitation-accepted
# - user-group_deleted
# - user-group-role_deleted
# - delete-user-account
# - role_deleted
# - role_created
# - add_role_policy_permission
# - add_all_member_roles
# - create_system_service
# - delete_system_service
# - add_all_system_services_to_vre
# - create_workspace_client
# - add_workspace_client_to_context
# - enable_workspace_clients_for_context
# - add_workspace_client_to_contexts
# - ghn_client_add_to_context
# - ghn_client_add_to_contexts
# - ghn_client_create
# - ghn_client_delete
# - ghn_client_remove_from_contexts
# - ghn_client_remove_from_context
# - jupyterhub_add_serveroptions_to_context
# - record_context_to_is
# - create_vre_folder_for_context
# - create_vre
- group_created
- invitation-accepted
- user-group_deleted
- user-group-role_deleted
- delete-user-account
keycloak_host: "https://accounts.dev.d4science.org/auth"
keycloak: "{{ keycloak_host }}/realms"
keycloak_realm: "d4science"
@ -39,6 +17,3 @@ keycloak_auth: "c93501bd-abeb-4228-bc28-afac38877338"
keycloak_auth_master: "7a64deb5-e8ea-4add-ba8d-26b339994cc9"
liferay: "https://next.d4science.org/api/jsonws"
liferay_auth: "bm90aWZpY2F0aW9uc0BkNHNjaWVuY2Uub3JnOmdjdWJlcmFuZG9tMzIx"
root_vo: "%2Fgcube"
ic_proxy: "https://node10-d-d4s.d4science.org"
is_url: "https://url.gcube.d4science.org"

6
tasks/main.yaml
View File

@ -15,9 +15,6 @@
uri:
url: "{{ conductor_workflowdef_endpoint }}/{{ item }}/1"
method: DELETE
force_basic_auth: yes
url_username: "{{ user }}"
url_password: "{{ password }}"
follow_redirects: yes
status_code: [200, 204, 404, 500]
loop:
@ -29,9 +26,6 @@
method: POST
src: "{{ target.path }}/{{ item }}.json"
body_format: json
force_basic_auth: yes
url_username: "{{ user }}"
url_password: "{{ password }}"
follow_redirects: yes
status_code: [200, 204]
loop:

76
templates/add_all_member_roles.json.j2
View File

@ -1,76 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "add_all_member_roles",
"createBy" : "Marco Lettere",
"description": "Add all member roles of every context to the KC system service client identified by client",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["context","client"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "1 == 1"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.context.id}/roles/Member",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${retrieve_member_role.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${workflow.input.client}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${to_array.output.resultList}"
}
}
]
}

190
templates/add_all_system_services_to_vre.json.j2
View File

@ -1,190 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "add_all_system_services_to_vre",
"createBy" : "Marco Lettere",
"description": "All system services retrieved from the IS through IC Proxy are added as Member to a VRE",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_resource_id"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"iC_proxy" : "{{ ic_proxy }}",
"evaluatorType" : "javascript",
"scriptExpression": "1 == 1"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize_on_realm",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize_with_uma_rpt",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json",
"Authorization" : "Bearer ${authorize_on_realm.output.body.access_token}"
},
"body" : {
"audience" : "{{ root_vo }}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "retrieve_system_services",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ ic_proxy }}/icproxy/gcube/service/ServiceEndpoint/SystemService",
"method" : "GET",
"headers" : {
"Accept" : "application/xml",
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
}
},
{
"name" : "pyeval",
"taskReferenceName" : "extract_system_service_names",
"type" : "SIMPLE",
"inputParameters" : {
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Name')))",
"xmlstring" : "${retrieve_system_services.output.body}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_vre",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.client_resource_id}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_get_system_services_tasks",
"type": "INLINE",
"inputParameters": {
"url" : "${init.input.keycloak_admin}/clients?search=true&clientId=",
"services" : "${extract_system_service_names.output.result}",
"evaluatorType" : "javascript",
"expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service' + i});inputs['get_system_service' + i] = {url: $.url + s,method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_get_system_services_tasks",
"inputParameters" : {
"tasks" : "${build_get_system_services_tasks.output.result.tasks}",
"inputs" : "${build_get_system_services_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_get_system_services_tasks"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_get_system_services_useraccount_tasks",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"url" : "${init.input.keycloak_admin}/clients",
"services" : "${join_parallel_get_system_services_tasks.output..body.*.id}",
"scriptExpression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service_useraccount' + i});inputs['get_system_service_useraccount' + i] = {url: $.url + '/' + s + '/service-account-user',method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_get_system_services_useraccount_tasks",
"inputParameters" : {
"tasks" : "${build_get_system_services_useraccount_tasks.output.result.tasks}",
"inputs" : "${build_get_system_services_useraccount_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_get_system_services_useraccount_tasks"
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "build_member_roles_assignment_tasks",
"type": "LAMBDA",
"inputParameters": {
"context" : "${get_vre.output.body}",
"service_ids" : "${join_parallel_get_system_services_useraccount_tasks.output..body.id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];for(var i=0;i<$.service_ids.length;i++)c=$.context,tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.service_ids[i]};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_member_roles_assignment_tasks",
"inputParameters" : {
"tasks" : "${build_member_roles_assignment_tasks.output.result.tasks}",
"inputs" : "${build_member_roles_assignment_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_build_member_roles_assignment_tasks"
}
]
}

152
templates/add_role_policy_permission.json.j2
View File

@ -1,152 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "add_role_policy_permission",
"createBy" : "Marco Lettere",
"description": "Atomically add a policy and a update client permission with new role",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["role"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "1 == 1"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "prepare_policy_and_permission",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "add_policy",
"retryCount" : 1,
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/policy/role",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
},
"body" : {
"name":"${workflow.input.role.name}_policy",
"description" : "Policy for having ${workflow.input.role.name} role",
"type":"role",
"logic" : "POSITIVE",
"decisionStrategy" : "UNANIMOUS",
"roles" : [{ "id" : "${workflow.input.role.id}", "required" : true}]
}
}
}
],
[
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_default_permission",
"retryCount" : 1,
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission?name=Default Permission",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_default_permission_policies",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body[0].id}/associatedPolicies",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_prepare_policy_and_permission",
"joinOn" : ["retrieve_default_permission_policies","add_policy"]
},
{
"name": "INLINE_TASK",
"taskReferenceName": "to_policy_array",
"type": "INLINE",
"inputParameters": {
"newpolicy": "${add_policy.output.body}",
"evaluatorType" : "javascript",
"prevpolicies" : "${retrieve_default_permission_policies.output.body}",
"expression": "Java.from($.prevpolicies).concat($.newpolicy)"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "count_check",
"inputParameters": {
"tocount": "${to_policy_array.output.result[*].id}",
"tocompare": "${retrieve_default_permission_policies.output.body}",
"evaluatorType": "javascript",
"expression": "if($.tocount.length < $.tocompare.length) throw 'Unexpected low value'; else $.tocount.length < $.tocompare.length"
},
"type": "INLINE",
"startDelay": 0,
"optional": false,
"asyncComplete": false
},
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body[0].id}",
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"policies" : "${to_policy_array.output.result[*].id}"
}
}
}
]
}

205
templates/add_workspace_client_to_context.json.j2
View File

@ -1,205 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "add_workspace_client_to_context",
"createBy" : "Marco Lettere",
"description": "A workspace client is made Member of a context and it's workspace folder is linked to context's shared folder",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"storagehub" : "{{ storagehub }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"ctx" : "${workflow.input.context}",
"evaluatorType": "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_root_vo : encodeURI($.root_vo), encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_ws_client",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_client.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_ws_client.output.result.id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_context",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${init.output.result.encoded_context}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_context",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_context.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "roles_to_assign",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${retrieve_member_role.output.body}",
"queryExpression" : ".role"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "shubify_context_name",
"type": "INLINE",
"inputParameters": {
"context_name" : "${extract_context.output.result.client.name}",
"evaluatorType" : "javascript",
"expression": "var s = $.context_name; function f(){return { shubified_context_name : (s[0] === '/' ? s.replace('/', '') : s).split('/').join('-')}} f()"
}
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"shubify_context_name"
]
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${roles_to_assign.output.resultList}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize_with_uma_rpt",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${init.input.root_vo}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "workspace_to_vre_folder",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.storagehub}/workspace/groups/${shubify_context_name.output.result.shubified_context_name}/users",
"method" : "PUT",
"expect" : [200, 400, 500],
"body" :{
"userId" : "${get_service_account_user.output.body.username}"
},
"headers" : {
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
}
}
]
}

52
templates/add_workspace_client_to_contexts.json.j2
View File

@ -1,52 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "add_workspace_client_to_contexts",
"createBy" : "Marco Lettere",
"description": "A workspace client is made Member of all the contexts passed as input by calling the add_workspace_client_to_context sub-workflow",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_tasks_to_add_ws_client_to_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_add_ws_client_to_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_add_ws_client_to_all_contexts"
}
]
}

83
templates/create-user-add-to-vre.json.j2
View File

@ -8,15 +8,14 @@
"inputParameters" : ["user", "first-name", "last-name", "email", "password", "group"],
"tasks" : [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"group" : "${workflow.input.group}",
"evaluatorType" : "javascript",
"expression": "function f(){var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}} f()"
"group" : "${workflow.input.group}",
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
}
},
{
@ -80,16 +79,15 @@
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
},
"type": "INLINE"
},
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "LAMBDA"
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
@ -121,23 +119,21 @@
{
"name" : "check_role_existance",
"taskReferenceName" : "check_role_existance",
"type" : "SWITCH",
"type" : "DECISION",
"inputParameters" :{
"previous_outcome" : "${get_client_roles.output.status}"
},
"evaluatorType" : "value-param",
"expression" : "previous_outcome",
"caseValueParam" : "previous_outcome",
"decisionCases" : {
"200" : [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "select_role",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"evaluatorType" : "javascript",
"role": "${workflow.input.role}",
"roles" : "${get_client_roles.output.body}",
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return $.roles[i]}} f()"
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}"
}
},
{
@ -153,43 +149,26 @@
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_groups",
"type": "INLINE",
"name": "LAMBDA_TASK",
"taskReferenceName": "extract_group",
"type": "LAMBDA",
"inputParameters": {
"evaluatorType" : "javascript",
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"expression": "function selectByPath(groups, path, level, acc){ for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {acc.push(groups[i]); if (level === path.length - 1) return acc;return selectByPath(groups[i].subGroups, path, level+1, acc)}} return []; } function f(){ return { 'groups' : Java.to(selectByPath($.groups, $.tree, 0, []),'java.util.Map[]')}} f()"
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_to_all_groups_tasks",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"groups" : "${extract_groups.output.result.groups}",
"auth" : "Bearer ${authorize.output.body.access_token}",
"kc_user_url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/",
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.groups.length;i++)group=$.groups[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'user_to_group_'+i}),inputs['user_to_group_'+i]={ url : $.kc_user_url + group.id, method : 'PUT', headers: { Authorization : $.auth} };return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f();"
"name" : "pyrest",
"taskReferenceName" : "assign_user_to_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/groups/${extract_group.output.result.group.id}",
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_user_to_groups",
"inputParameters" : {
"tasks" : "${build_add_to_all_groups_tasks.output.result.tasks}",
"inputs" : "${build_add_to_all_groups_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_user_to_groups"
}
]
}

116
templates/create_system_service.json.j2
View File

@ -1,116 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "create_system_service",
"createBy" : "Marco Lettere",
"description": "Create a confidential client for software procedures that need to be members of each VO and VRE",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "client_secret", "description"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"secret" : "${workflow.input.client_secret}",
"description" : "${workflow.input.description}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){ if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}}; f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"body" : "${init.output.result.client}",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"client_location" : "${create_client.output.headers.location}",
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_id' : client_id}}; f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_infra_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${retrieve_infra_member_role.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_infra_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/realm",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${to_array.output.resultList}"
}
}
]
}

656
templates/create_vre.json.j2
View File

@ -1,656 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "create_vre",
"createBy" : "Marco Lettere",
"description": "Handle workflow related to Portal event group_created",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["context", "folder_owner", "folder_admins"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"group" : "${workflow.input.context}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.group)) throw('Group must not be empty'); var tree = $.group.startsWith('%2F') ? $.group.split('%2F') : [$.group]; return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/'), encoded_root_vo : encodeURI($.root_vo)}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "preliminary_fork",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "create_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"body" : {
"clientId": "${init.input.group}",
"name": "${init.output.result.name}",
"description": "Client representation for ${init.output.result.name} context",
"rootUrl": "http://localhost${init.output.result.name}",
"enabled": true,
"serviceAccountsEnabled": true,
"standardFlowEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"fullScopeAllowed" : false,
"protocol": "openid-connect"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "INLINE",
"inputParameters": {
"client_location" : "${create_client.output.headers.location}",
"evaluatorType" : "javascript",
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_id' : client_id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "list_kc_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "prepare",
"type": "INLINE",
"inputParameters": {
"append": "${init.output.result.append}",
"groups": "${list_kc_groups.output.body}",
"evaluatorType" : "javascript",
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; function f(){return {'group' : $.append == '' ? '' : recurse($.groups)}} f()"
}
},
{
"name": "decide_task",
"taskReferenceName": "decide1",
"inputParameters": {
"groupid": "${prepare.output.result.group}"
},
"type": "SWITCH",
"evaluatorType" : "value-param",
"expression": "groupid",
"decisionCases": {
"": [
{
"name": "INLINE_TASK",
"taskReferenceName": "dummy",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"expression": "1"
}
}
]
},
"defaultCase": [
{
"name": "pyrest",
"taskReferenceName": "create_kc_group",
"inputParameters": {
"url": "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
"body": {
"name": "${init.output.result.child}"
},
"method": "POST",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Content-Type": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "INLINE_TASK",
"type": "INLINE",
"taskReferenceName": "prepare2",
"inputParameters": {
"location": "${create_kc_group.output.headers.location}",
"client_location": "${create_client.output.headers.location}",
"evaluatorType" : "javascript",
"expression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function f(){return {'newid' : newid, 'client_id' : client_id}} f()"
}
}
]
},
{
"name" : "pyrest",
"taskReferenceName" : "get_default_policies",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_default_resource",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/resource",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_default_policy1",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[0].id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_default_policy2",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[1].id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource",
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"resources" : ["${get_default_resource.output.body[0]._id}"]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo_roles",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "preliminary_fork_join",
"joinOn": [ "create_permission", "get_rootvo_roles"]
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize1",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_member.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_back_role_member.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "add_role_member_as_component_of_infrastructure_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member/composites",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : "${to_array.output.resultList}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "Member_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_member.output.body.id}",
"required" : true
}
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
}
}
},
{
"name": "decide_task",
"taskReferenceName": "decide2",
"inputParameters": {
"groupid": "${prepare.output.result.group}"
},
"type": "SWITCH",
"evaluatorType" : "value-param",
"expression": "groupid",
"decisionCases": {
"": [
{
"name": "INLINE_TASK",
"taskReferenceName": "dummy2",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"expression": "1"
}
}
]
},
"defaultCase": [
{
"name" : "pyrest",
"taskReferenceName" : "assign_client_member_role_to_kc_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups/${prepare2.output.result.newid}/role-mappings/clients/${prepare2.output.result.client_id}",
"method" : "POST",
"body" : ["${get_back_role_member.output.body}"],
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Accept" : "application/json",
"Content-Type" : "application/json"
}
}
}
]
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize2",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_role_tasks",
"type": "INLINE",
"inputParameters": {
"roles" : "${get_rootvo_roles.output.body}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k); function f(){return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_role",
"inputParameters" : {
"tasks" : "${build_add_role_tasks.output.result.tasks}",
"inputs" : "${build_add_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_role_addition"
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize3",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_get_back_role_tasks",
"type": "INLINE",
"inputParameters": {
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_get_back_role",
"inputParameters" : {
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_getting_back"
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize4",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_policy_tasks",
"type": "INLINE",
"inputParameters": {
"roles" : "${join_parallel_getting_back.output[*].body}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_policy_role",
"inputParameters" : {
"tasks" : "${build_add_policy_tasks.output.result.tasks}",
"inputs" : "${build_add_policy_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_policy_addition"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "policy_list",
"type": "INLINE",
"inputParameters": {
"memberpolicy" : "${create_role_policy_member.output.body.id}",
"otherpolicies" : "${join_parallel_policy_addition.output[*].body.id}",
"evaluatorType" : "javascript",
"expression": "function f(){return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize5",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource/${create_permission.output.body.id}",
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"policies" : "${policy_list.output.result}"
},
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize5.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "fork_subworkflows",
"type" : "FORK_JOIN",
"taskReferenceName" : "parallel_call_subworkflows",
"forkTasks" : [
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_enable_workspace_clients_for_context",
"subWorkflowParam": {
"name": "enable_workspace_clients_for_context"
},
"inputParameters": {
"context" : "${workflow.input.context}"
},
"type": "SUB_WORKFLOW"
}
],
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_jupyterhub_add_serveroptions_to_context",
"subWorkflowParam": {
"name": "jupyterhub_add_serveroptions_to_context"
},
"inputParameters": {
"context" : "${workflow.input.context}"
},
"type": "SUB_WORKFLOW"
}
],
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_record_context_to_is",
"subWorkflowParam": {
"name": "record_context_to_is"
},
"inputParameters": {
"context" : "${workflow.input.context}"
},
"type": "SUB_WORKFLOW"
}
],
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_create_vre_folder_for_context",
"subWorkflowParam": {
"name": "create_vre_folder_for_context"
},
"inputParameters": {
"context" : "${workflow.input.context}",
"folder_owner" : "${workflow.input.folder_owner}",
"folder_admins" : "${workflow.input.folder_admins}"
},
"type": "SUB_WORKFLOW"
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_call_subworkflows",
"joinOn" :[
"call_enable_workspace_clients_for_context",
"call_jupyterhub_add_serveroptions_to_context",
"call_record_context_to_is",
"call_create_vre_folder_for_context"
]
}
]
}

141
templates/create_vre_folder_for_context.json.j2
View File

@ -1,141 +0,0 @@
{
"createTime": 1689260185434,
"updateTime": 1689259167761,
"name": "create_vre_folder_for_context",
"description": "Upon creation of a new context, create also a vre folder on the workspace",
"version": 1,
"tasks": [
{
"name": "INLINE_TASK",
"type": "INLINE",
"taskReferenceName": "init",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"base_url": "https://url.gcube.d4science.org/",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"storagehub" : "{{ storagehub }}/workspace",
"ctx": "${workflow.input.context}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); return { shubified_context_name : ($.ctx[0] === '%' ? $.ctx.replace('%2F', '') : $.ctx).split('%2F').join('-') }} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize_with_uma_rpt",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${init.input.root_vo}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name": "pyrest",
"taskReferenceName": "create_vre_folder",
"inputParameters": {
"url": "${init.input.storagehub}/groups",
"method": "POST",
"headers": {
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}",
"Accept": "text/plain",
"Content-Type": "multipart/form-data"
},
"body": {
"accessType": [
"WRITE_OWNER",
"application/json"
],
"group": "${init.output.result.shubified_context_name}",
"folderOwner": "${workflow.input.folder_owner}"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_vre_folder_users_tasks",
"type": "INLINE",
"inputParameters": {
"admins" : "${workflow.input.folder_admins}",
"url": "${init.input.storagehub}/groups/${init.output.result.shubified_context_name}/users",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.admins.length;i++)a=$.admins[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'tu_'+i}),inputs['tu_'+i]={url:$.url,body:{userId:a},method:'PUT',headers:{Authorization:'Bearer ${authorize_with_uma_rpt.output.body.access_token}', Accept: 'text/plain'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_vre_folder_users",
"inputParameters" : {
"tasks" : "${build_add_vre_folder_users_tasks.output.result.tasks}",
"inputs" : "${build_add_vre_folder_users_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_add_vre_folder_users"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_vre_folder_admins_tasks",
"type": "INLINE",
"inputParameters": {
"admins" : "${workflow.input.folder_admins}",
"url": "${init.input.storagehub}/groups/${init.output.result.shubified_context_name}/admins",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.admins.length;i++)a=$.admins[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'ta_'+i}),inputs['ta_'+i]={url:$.url,body:{userId:a},method:'PUT',headers:{Authorization:'Bearer ${authorize_with_uma_rpt.output.body.access_token}', Accept: 'text/plain'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_vre_folder_admins",
"inputParameters" : {
"tasks" : "${build_add_vre_folder_admins_tasks.output.result.tasks}",
"inputs" : "${build_add_vre_folder_admins_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_add_vre_folder_admins"
}
],
"inputParameters": [
"context",
"folder_owner",
"folder_admins"
],
"outputParameters": {},
"schemaVersion": 2,
"restartable": true,
"workflowStatusListenerEnabled": false,
"ownerEmail": "example@email.com",
"timeoutPolicy": "ALERT_ONLY",
"timeoutSeconds": 0,
"variables": {},
"inputTemplate": {}
}

259
templates/create_workspace_client.json.j2
View File

@ -1,259 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "create_workspace_client",
"createBy" : "Marco Lettere",
"description": "Create a WorkSpace Client and hook it up to optional list ov contexts. Check or create the settings on Shub.",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "client_secret", "description", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"storagehub" : "{{ storagehub }}",
"id" : "${workflow.input.client_id}",
"secret" : "${workflow.input.client_secret}",
"description" : "${workflow.input.description}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "create_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"body" : "${init.output.result.client}",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "INLINE",
"inputParameters": {
"client_location" : "${create_client.output.headers.location}",
"evaluatorType" :"javascript",
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_resource_id' : client_id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_resource_id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo_member_role",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Member",
"method" : "GET",
"expect" : [200, 404],
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"get_rootvo_member_role"
]
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_rootvo_member_role.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${get_rootvo_member_role.output.body.containerId}",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${to_array.output.resultList}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize_with_uma_rpt",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${init.input.root_vo}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "${workflow.input.client_id}",
"client_secret" : "${init.output.result.client.secret}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "check_workspace",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.storagehub}/workspace",
"method" : "GET",
"expect" : [200, 406],
"headers" : {
"Accept" : "application/json",
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
}
},
{
"name": "decision",
"taskReferenceName": "check_workspace_existance",
"inputParameters": {
"status": "${check_workspace.output.status}"
},
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.status === 406 ? 'create' : 'exists')",
"decisionCases": {
"create": [
{
"name" : "pyrest",
"taskReferenceName" : "upgrade_orchestrator_token_to_uma",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json",
"Authorization" : "Bearer ${authorize.output.body.access_token}"
},
"body" : {
"audience" : "${init.input.root_vo}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_jcr_account",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.storagehub}/workspace/users",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${upgrade_orchestrator_token_to_uma.output.body.access_token}"
},
"body" : {
"user" : "${get_service_account_user.output.body.username}",
"password" : "r3u4h-ewrqwli!_m"
}
}
}
]
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_tasks_to_add_ws_client_to_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_add_ws_client_to_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_add_ws_client_to_all_contexts"
}
]
}

376
templates/delete-user-account.json.j2
View File

@ -7,233 +7,175 @@
"ownerEmail" : "m.lettere@gmail.com",
"inputParameters" : [ "userid" ],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/${workflow.input.realm}",
"keycloak_admin" : "{{ keycloak_admin }}/${workflow.input.realm}",
"liferay": "{{ liferay }}",
"liferay_auth": "{{ liferay_auth }}",
"keycloak_userid" : "${workflow.input.userid}",
"evaluatorType" : "javascript",
"expression": "function f(){ return { 'decoded_root_vo' : $.root_vo.replace('%2F','/'), 'encoded_root_vo' : encodeURIComponent($.root_vo)}} f()"
}
{
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/${workflow.input.realm}",
"keycloak_admin" : "{{ keycloak_admin }}/${workflow.input.realm}",
"liferay": "{{ liferay }}",
"liferay_auth": "{{ liferay_auth }}",
"keycloak_userid" : "${workflow.input.userid}",
"scriptExpression": "1 == 1"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "global_delete_user",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_lr_company",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.liferay}/company/get-company-by-web-id",
"method" : "GET",
"params" : { "webId" : "liferay.com"},
"headers" : {
"Authorization" : "Basic ${init.input.liferay_auth}",
"Accept" : "application/json"
},
{
"name" : "fork_join",
"taskReferenceName" : "global_delete_user",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_lr_company",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.liferay}/company/get-company-by-web-id",
"method" : "GET",
"params" : { "webId" : "liferay.com"},
"headers" : {
"Authorization" : "Basic ${init.input.liferay_auth}",
"Accept" : "application/json"
}
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_lr_user_by_screenname",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.liferay}/user/get-user-by-screen-name",
"method" : "GET",
"params" : {
"companyId" : "${lookup_lr_company.output.body.companyId}",
"screenName" : "${lookup_user.output.body.username}"
},
"headers" : {
"Authorization" : "Basic ${init.input.liferay_auth}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_lr_user_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.liferay}/group/get-user-sites-groups",
"method" : "GET",
"params" : {
"classNames" : "[\"com.liferay.portal.model.Group\"]",
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
"max" : "-1"
},
"headers" : {
"Authorization" : "Basic ${init.input.liferay_auth}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_delete_group_tasks",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"groups" : "${lookup_lr_user_groups.output.body.*.groupId}",
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
"expression": "inputs = {}; tasks = []; function f(){ for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs}} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_delete_group",
"inputParameters" : {
"tasks" : "${build_delete_group_tasks.output.result.tasks}",
"inputs" : "${build_delete_group_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_group_deletion"
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_lr_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.liferay}/user/delete-user",
"method" : "POST",
"params" : {
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}"
{
"name" : "pyrest",
"taskReferenceName" : "lookup_lr_user_by_screenname",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.liferay}/user/get-user-by-screen-name",
"method" : "GET",
"params" : {
"companyId" : "${lookup_lr_company.output.body.companyId}",
"screenName" : "${lookup_user.output.body.username}"
},
"headers" : {
"Authorization" : "Basic ${init.input.liferay_auth}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_lr_user_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.liferay}/group/get-user-sites-groups",
"method" : "GET",
"params" : {
"classNames" : "[\"com.liferay.portal.model.Group\"]",
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
"max" : "-1"
},
"headers" : {
"Authorization" : "Basic ${init.input.liferay_auth}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "build_delete_group_tasks",
"type": "LAMBDA",
"inputParameters": {
"groups" : "${lookup_lr_user_groups.output.body.*.groupId}",
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
"scriptExpression": "inputs = {}; tasks = []; for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs};"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_delete_group",
"inputParameters" : {
"tasks" : "${build_delete_group_tasks.output.result.tasks}",
"inputs" : "${build_delete_group_tasks.output.result.inputs}"
},
"headers" : {
"Authorization" : "Basic ${init.input.liferay_auth}",
"Accept" : "application/json"
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_group_deletion"
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_lr_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.liferay}/user/delete-user",
"method" : "POST",
"params" : {
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}"
},
"headers" : {
"Authorization" : "Basic ${init.input.liferay_auth}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "lr_final_task",
"type": "LAMBDA",
"inputParameters" : {
"scriptExpression" : "1 == 1"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "lr_final_task",
"type": "INLINE",
"inputParameters" : {
"evaluatorType" : "javascript",
"expression" : "1 == 1"
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo_roles",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
"method" : "GET",
"expect" : [200, 404],
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo_infra_managers",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Infrastructure-Manager/users",
"method" : "GET",
"expect" : [200, 404],
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "global_delete_user_join",
"joinOn": [ "lr_final_task"]
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_keycloak_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "global_delete_user_join",
"joinOn": [ "lr_final_task", "get_rootvo_infra_managers"]
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_keycloak_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pymail",
"taskReferenceName" : "notify_infra_managers",
"type" : "SIMPLE",
"inputParameters" : {
"subject" : "User account REMOVAL notification",
"from" : "noreply@d4science.org",
"to" : "${get_rootvo_infra_managers.output.body.*.email}",
"html" : "<html><body><p>Dear ${init.output.result.decoded_root_vo} Infrastructure Manager,</p><p>${lookup_user.output.body.firstName} ${lookup_user.output.body.lastName} (${lookup_user.output.body.username}) removed his/her account from the portal with the following email: ${lookup_user.output.body.email}</p><p>You received this email because you are an Infrastructure Manager.</p><p>WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.</p></body></html>"
}
}
]
}

76
templates/delete_system_service.json.j2
View File

@ -1,76 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "delete_system_service",
"createBy" : "Marco Lettere",
"description": "Delete a system service from KC and IS",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "check",
"type": "INLINE",
"inputParameters": {
"list" : "${lookup_client.output.body}",
"evaluatorType" : "javascript",
"expression" : "function f(){if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
}
]
}

101
templates/enable_workspace_clients_for_context.json.j2
View File

@ -1,101 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "enable_workspace_clients_for_context",
"createBy" : "Marco Lettere",
"description": "All workspace clients registered on Information system for given context are enabled for VRE by calling add_workspace_client_to_context",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["filter", "context"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"ctx" : "${workflow.input.context}",
"filter" : "${workflow.input.filter}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); f=$.filter; if(e(f)) f = []; else if(typeof(f) === 'string') f=[f]; else f=Java.from(f); return { encoded_root_vo : encodeURI($.root_vo), filter : Java.to(f,'java.lang.String[]')}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize_with_uma_rpt",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${workflow.input.context}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "query_workspace_clients_on_icproxy",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ ic_proxy }}/icproxy/gcube/service/ServiceEndpoint/SystemWorkspaceClient",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
}
},
{
"name" : "pyeval",
"taskReferenceName" : "extract_workspace_client_names",
"type" : "SIMPLE",
"inputParameters" : {
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Name')))",
"xmlstring" : "${query_workspace_clients_on_icproxy.output.body}"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "filtered_workspace_client_names",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"names" : "${extract_workspace_client_names.output.result}",
"filter" : "${init.output.result.filter}",
"expression": "names=Java.from($.names); filt=Java.from($.filter); function f(){if(filt.length === 0) output=names; else { output=[]; for(i=0;i<names.length;i++){ if(filt.indexOf(names[i]) !== -1) output.push(names[i])}} return { 'names' : Java.to(output, 'java.lang.String[]')}} f()"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_workspace_client_to_context_tasks",
"type": "INLINE",
"inputParameters": {
"context" : "${workflow.input.context}",
"names" : "${filtered_workspace_client_names.output.result.names}",
"evaluatorType" : "javascript",
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.names.length;i++){tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_ws_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}});inputs['call_add_ws_client_to_context_'+i]={client_id:$.names[i], context:$.context}} return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_workspace_client_to_context_tasks",
"inputParameters" : {
"tasks" : "${build_add_workspace_client_to_context_tasks.output.result.tasks}",
"inputs" : "${build_add_workspace_client_to_context_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_add_workspace_client_to_context_tasks"
}
]
}

159
templates/ghn_client_add_to_context.json.j2
View File

@ -1,159 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_add_to_context",
"createBy" : "Marco Lettere",
"description": "A GHN client is made Member of a context and it's workspace folder is linked to context's shared folder",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"ctx" : "${workflow.input.context}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_ghn_client",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_client.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_context",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${init.output.result.encoded_context}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_context",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_context.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "roles_to_assign",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${retrieve_member_role.output.body}",
"queryExpression" : ".role"
}
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"roles_to_assign"
]
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${roles_to_assign.output.resultList}"
}
}
]
}

51
templates/ghn_client_add_to_contexts.json.j2
View File

@ -1,51 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_add_to_contexts",
"createBy" : "Marco Lettere",
"description": "A client for a GHN is made Member of all the contexts passed as input by calling the ghn_client_add_to_context sub-workflow",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_tasks_to_add_ghn_client_to_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_ghn_client_to_context_'+i, subWorkflowParam:{ name:'ghn_client_add_to_context'}}),inputs['add_ghn_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_add_ghn_client_to_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_add_ghn_client_to_all_contexts"
}
]
}

180
templates/ghn_client_create.json.j2
View File

@ -1,180 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_create",
"createBy" : "Marco Lettere",
"description": "Create a client on IAM to represent SmartGears based GHNodes",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "client_secret", "description", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"storagehub" : "{{ storagehub }}",
"id" : "${workflow.input.client_id}",
"secret" : "${workflow.input.client_secret}",
"description" : "${workflow.input.description}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "create_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"body" : "${init.output.result.client}",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "INLINE",
"inputParameters": {
"client_location" : "${create_client.output.headers.location}",
"evaluatorType" : "javascript",
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_resource_id' : client_id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_resource_id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo_member_role",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Member",
"method" : "GET",
"expect" : [200, 404],
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"get_rootvo_member_role"
]
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_rootvo_member_role.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${get_rootvo_member_role.output.body.containerId}",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${to_array.output.resultList}"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_tasks_to_add_ghn_client_to_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_ghn_client_to_context_'+i, subWorkflowParam:{ name:'ghn_client_add_to_context'}}),inputs['add_ghn_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_add_ghn_client_to_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_add_ghn_client_to_all_contexts"
}
]
}

76
templates/ghn_client_delete.json.j2
View File

@ -1,76 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_delete",
"createBy" : "Marco Lettere",
"description": "Delete a GHN client from IAM",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "check",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"list" : "${lookup_client.output.body}",
"expression" : "if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
}
]
}

159
templates/ghn_client_remove_from_context.json.j2
View File

@ -1,159 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_remove_from_context",
"createBy" : "Marco Lettere",
"description": "The role Memeber of the give context is removed from a GHN client on IAM.",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"ctx" : "${workflow.input.context}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_ghn_client",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_client.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_context",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${init.output.result.encoded_context}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_context",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_context.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "roles_to_remove",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${retrieve_member_role.output.body}",
"queryExpression" : ".role"
}
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"roles_to_remove"
]
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "remove_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
"method" :"DELETE",
"expect" : 204,
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : "${roles_to_remove.output.resultList}"
}
}
]
}

51
templates/ghn_client_remove_from_contexts.json.j2
View File

@ -1,51 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_remove_from_contexts",
"createBy" : "Marco Lettere",
"description": "The role Member for of all the passed contexts is removed from a GHN client",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
}
},
{
"name": "INLINE",
"taskReferenceName": "build_tasks_to_remove_ghn_client_from_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[]; function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'remove_ghn_client_from_context_'+i, subWorkflowParam:{ name:'ghn_client_remove_from_context'}}),inputs['remove_ghn_client_from_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_remove_ghn_client_from_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_remove_ghn_client_from_all_contexts"
}
]
}

1438
templates/group_created.json.j2
View File

File diff suppressed because it is too large Load Diff

14
templates/group_deleted.json.j2
View File

@ -8,15 +8,14 @@
"inputParameters" : ["user", "group"],
"tasks" : [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"group" : "${workflow.input.group}",
"evaluatorType" : "javascript",
"expression" : "function f(){return $.group.split('%2F').join('/')} f()"
"scriptExpression" : "return $.group.split('%2F').join('/')"
}
},
{
@ -76,14 +75,13 @@
}
},
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "find_group_by_path",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"evaluatorType" : "javascript",
"path" : "${init.output.result}",
"groups" : "${list_kc_groups.output.body}",
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.path) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; recurse($.groups)"
"scriptExpression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.path) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; return recurse($.groups)"
}
},
{

9
templates/invitation-accepted.json.j2
View File

@ -8,14 +8,13 @@
"inputParameters" : ["user", "first-name", "last-name", "email", "password"],
"tasks" : [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "1"
"scriptExpression": "1"
}
},
{
@ -41,7 +40,7 @@
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users",
"expect" : [201, 409],
"expect" : 201,
"method" : "POST",
"body" : {
"username": "${workflow.input.user}",

385
templates/jupyterhub_add_serveroptions_to_context.json.j2
View File

@ -1,385 +0,0 @@
{
"createTime": 1657617957794,
"updateTime": 1657639881455,
"name": "jupyterhub_add_serveroptions_to_context",
"description": "Reflects the JupyterHub ServerOptions from a given IS Context to the AuthZ on the IAM",
"version": 1,
"tasks": [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin": "{{ keycloak_admin }}/{{ keycloak_realm }}",
"ctx": "${workflow.input.context}",
"jupyterhub_clientid" : "jupyterhub1",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.ctx)) throw('Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
},
"type": "INLINE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "authorize",
"inputParameters": {
"url": "{{ keycloak }}/master/protocol/openid-connect/token",
"method": "POST",
"headers": {
"Accept": "application/json"
},
"body": {
"client_id": "orchestrator",
"client_secret": "{{ keycloak_auth_master }}",
"grant_type": "client_credentials"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "fork_join",
"taskReferenceName": "pre-query",
"inputParameters": {},
"type": "FORK_JOIN",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [
[
{
"name": "pyrest",
"taskReferenceName": "lookup_client",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients",
"params": {
"clientId": "${init.output.result.encoded_context}"
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "pyrest",
"taskReferenceName": "get_client_member_role",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles/Member",
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "jq_1",
"taskReferenceName": "role_to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_client_member_role.output.body}",
"queryExpression" : ".role"
}
}
],
[
{
"name": "pyrest",
"taskReferenceName": "lookup_jupyterhub",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients",
"params": {
"clientId": "${init.input.jupyterhub_clientid}"
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "lookup_jupyterhub_resources",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource",
"params": {
"clientId": "${init.input.jupyterhub_clientid}"
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
],
[
{
"name": "pyrest",
"taskReferenceName": "authorize_with_uma_rpt",
"inputParameters": {
"url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method": "POST",
"headers": {
"Accept": "application/json"
},
"body": {
"audience": "${init.output.result.encoded_context}",
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id": "orchestrator",
"client_secret": "{{ keycloak_auth }}"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "lookup_resources_on_icproxy",
"inputParameters": {
"url": "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/JupyterHub",
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyeval",
"taskReferenceName": "extract_authids",
"inputParameters": {
"code": "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/ServerOption/AuthId')))",
"xmlstring": "${lookup_resources_on_icproxy.output.body}"
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
]
],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "join",
"taskReferenceName": "join-pre-query",
"inputParameters": {},
"type": "JOIN",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [
"lookup_jupyterhub_resources",
"extract_authids"
],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "INLINE_TASK",
"taskReferenceName": "check",
"inputParameters": {
"evaluatorType" : "javascript",
"param": "ok",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.param)) throw('Param must not be empty'); else return $.param} f()"
},
"type": "INLINE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "INLINE_TASK",
"taskReferenceName": "filter_and_update",
"inputParameters": {
"evaluatorType" : "javascript",
"allowed": "${extract_authids.output.result}",
"res": "${lookup_jupyterhub_resources.output.body}",
"ctx": "${init.output.result.encoded_context}",
"expression": "var ret = []; function f(){for(var r=0; r < $.res.length; r++){ if($.allowed.indexOf($.res[r].name) !== -1){ $.res[r].attributes[$.ctx] = Java.to(['true'], 'java.lang.String[]'); ret.push($.res[r]) } } return Java.to(ret, 'java.util.Map[]')} f()"
},
"type": "INLINE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_parallel_tasks",
"inputParameters": {
"evaluatorType" : "javascript",
"res": "${filter_and_update.output.result}",
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource/",
"expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.res.length; i++){s = $.res[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 't' + i});inputs['t' + i] = {url: $.url + $.res[i]._id,method: 'PUT', body: $.res[i], headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', 'Content-Type': 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()"
},
"type": "INLINE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "fork_dynamic",
"taskReferenceName": "parallel_tasks",
"inputParameters": {
"tasks": "${build_parallel_tasks.output.result.tasks}",
"inputs": "${build_parallel_tasks.output.result.inputs}"
},
"type": "FORK_JOIN_DYNAMIC",
"decisionCases": {},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs",
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "join",
"taskReferenceName": "join_parallel_tasks",
"inputParameters": {},
"type": "JOIN"
},
{
"name": "check_at_least_one",
"taskReferenceName": "check_at_least_one",
"inputParameters": {
"tasks": "${join_parallel_tasks.input.*}"
},
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.tasks.length > 0 ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name": "pyrest",
"taskReferenceName": "enable_jupyterhub_scope_for_context",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/scope-mappings/clients/${lookup_client.output.body[0].id}",
"method": "POST",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Content-Type": "application/json"
},
"body": "${role_to_array.output.resultList}"
},
"type": "SIMPLE"
}
]
},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
],
"inputParameters": [
"context"
],
"outputParameters": {},
"schemaVersion": 2,
"restartable": true,
"workflowStatusListenerEnabled": false,
"ownerEmail": "example@email.com",
"timeoutPolicy": "ALERT_ONLY",
"timeoutSeconds": 0,
"variables": {},
"inputTemplate": {}
}

179
templates/record_context_to_is.json.j2
View File

@ -1,179 +0,0 @@
{
"createTime": 1689254203836,
"updateTime": 1689259676819,
"name": "record_context_to_is",
"description": "Upon creation of a new context, record it to the Information System",
"version": 1,
"tasks": [
{
"name": "INLINE_TASK",
"type" : "INLINE",
"taskReferenceName": "init",
"inputParameters": {
"base_url": "{{is_url}}/resource-registry/contexts",
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"ctx": "${workflow.input.context}",
"ic_proxy" : "{{ ic_proxy }}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); var tree = $.ctx.split('%2F'); return { child : tree[tree.length - 1], parent : tree[tree.length-2], decoded_root_vo : $.root_vo.replace('%2F', '/') }} f()"
}
},
{
"name" : "parallel_ic_proxy_queries",
"taskReferenceName" : "parallel_ic_proxy_queries",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "authorize_uma_rootvo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${init.input.root_vo}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "retrieve_infrastructure",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/INFRASTRUCTURE",
"method" : "GET",
"headers" : {
"Accept" : "application/xml",
"Authorization" : "Bearer ${authorize_uma_rootvo.output.body.access_token}"
}
}
},
{
"name" : "pyeval",
"taskReferenceName" : "extract_infrastructure_id",
"type" : "SIMPLE",
"inputParameters" : {
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/infrastructures/infrastructure/vos/vo[scope=\\'${init.output.result.decoded_root_vo}/${init.output.result.parent}\\'].id')))",
"xmlstring" : "${retrieve_infrastructure.output.body}"
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "authorize_uma_parent_vo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${init.input.root_vo}%2F${init.output.result.parent}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "retrieve_vre",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/VRE/${init.output.result.child}",
"method" : "GET",
"headers" : {
"Accept" : "application/xml",
"Authorization" : "Bearer ${authorize_uma_parent_vo.output.body.access_token}"
}
}
},
{
"name" : "pyeval",
"taskReferenceName" : "extract_vre_id",
"type" : "SIMPLE",
"inputParameters" : {
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/ID')))",
"xmlstring" : "${retrieve_vre.output.body}"
}
}
]
]
},
{
"name": "notification_join",
"taskReferenceName": "notification_join_ref",
"type": "JOIN",
"joinOn": ["extract_infrastructure_id", "extract_vre_id"]
},
{
"type" : "INLINE",
"name": "INLINE_TASK",
"taskReferenceName": "check",
"inputParameters": {
"vre": "${extract_vre_id.output.result[0]}",
"infra": "${extract_infrastructure_id.output.result[0]}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.vre) || e($.infra)) throw('VRE ID and Infra ID must not be empty');} f()"
}
},
{
"name": "pyrest",
"taskReferenceName": "write_to_is",
"inputParameters": {
"url": "${init.input.base_url}/${extract_vre_id.output.result[0]}",
"method": "PUT",
"headers": {
"Authorization": "Bearer ${authorize_uma_rootvo.output.body.access_token}",
"Content-Type": "application/json",
"Accept" : "application/json"
},
"body": {
"type": "Context",
"id": "${extract_vre_id.output.result[0]}",
"name": "${init.output.result.child}",
"parent": {
"type": "IsParentOf",
"source": {
"type": "Context",
"id": "${extract_infrastructure_id.output.result[0]}"
}
}
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
],
"inputParameters": [
"context"
],
"outputParameters": {},
"schemaVersion": 2,
"restartable": true,
"workflowStatusListenerEnabled": false,
"ownerEmail": "example@email.com",
"timeoutPolicy": "ALERT_ONLY",
"timeoutSeconds": 0,
"variables": {},
"inputTemplate": {}
}

173
templates/role_created.json.j2
View File

@ -1,173 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "role_created",
"createBy" : "Marco Lettere",
"description": "Handle workflow related to Portal event role_created",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["role", "first", "max"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "1 == 1"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_all_vres",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=%252F&search=true",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize2",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_role_tasks",
"type": "INLINE",
"inputParameters": {
"role" : "${workflow.input.role}",
"vres" : "${get_all_vres.output.body}",
"evaluatorType" : "javascript",
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_'+i}),inputs['create_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles',body:{clientRole:true,name:$.role,description: $.role + ' role'},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_role",
"inputParameters" : {
"tasks" : "${build_add_role_tasks.output.result.tasks}",
"inputs" : "${build_add_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_role_addition"
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize3",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_get_back_role_tasks",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+i}),inputs['get_back_'+i]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_get_back_role",
"inputParameters" : {
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_getting_back"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_policy_permission_tasks",
"inputParameters": {
"evaluatorType": "javascript",
"roles": "${join_parallel_getting_back.output[*].body}",
"iam_master": "{{ keycloak }}/master/protocol/openid-connect/token",
"iam_admin": "${init.input.keycloak_admin}",
"user": "orchestrator",
"pass": "{{ keycloak_auth_master }}",
"playbook": "LSBuYW1lOiB0ZXN0CiAgaG9zdHM6IGxvY2FsaG9zdAogIHRhc2tzOgogICAgLSBuYW1lOiAiQXV0aG9yaXplIgogICAgICB1cmk6IAogICAgICAgIHVybDogInt7aWFtX21hc3Rlcn19IgogICAgICAgIHVzZXI6ICJ7e3VzZXJ9fSIKICAgICAgICBwYXNzd29yZCA6ICJ7e3Bhc3N3fX0iCiAgICAgICAgZm9yY2VfYmFzaWNfYXV0aDogdHJ1ZQogICAgICAgIG1ldGhvZDogUE9TVAogICAgICAgIGJvZHlfZm9ybWF0OiAiZm9ybS11cmxlbmNvZGVkIiAKICAgICAgICBib2R5OgogICAgICAgICAgLSBbZ3JhbnRfdHlwZSxjbGllbnRfY3JlZGVudGlhbHNdCiAgICAgIHJlZ2lzdGVyOiBhdXRoX3Jlc3AKICAgIAogICAgLSBzZXRfZmFjdDoKICAgICAgICB0b2sgOiAie3sgYXV0aF9yZXNwLmpzb24uYWNjZXNzX3Rva2VuIH19IgoKICAgIC0gbmFtZTogIlJldHJpZXZlIGRlZmF1bHQgcGVybWlzc2lvbiIKICAgICAgdXJpOgogICAgICAgIHVybDogInt7IGlhbV9hZG1pbiB9fS9jbGllbnRzL3t7IHJvbGUuY29udGFpbmVySWQgfX0vYXV0aHovcmVzb3VyY2Utc2VydmVyL3Blcm1pc3Npb24/bmFtZT17eydEZWZhdWx0IFBlcm1pc3Npb24nfHVybGVuY29kZX19IgogICAgICAgIG1ldGhvZDogIkdFVCIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgIHJlZ2lzdGVyOiBkZWZhdWx0X3Blcm1pc3Npb25fcmVzcAoKICAgIC0gc2V0X2ZhY3Q6CiAgICAgICAgZGVmYXVsdF9wZXJtIDogInt7IGRlZmF1bHRfcGVybWlzc2lvbl9yZXNwLmpzb24gfX0iCiAgICAgIGZhaWxlZF93aGVuOgogICAgICAgIGRlZmF1bHRfcGVybWlzc2lvbl9yZXNwLmpzb258bGVuZ3RoICE9IDEKCiAgICAtIG5hbWU6ICJSZXRyaWV2ZSBkZWZhdWx0IHBlcm1pc3Npb24gcG9saWNpZXMiCiAgICAgIHVyaToKICAgICAgICB1cmw6ICJ7eyBpYW1fYWRtaW4gfX0vY2xpZW50cy97eyByb2xlLmNvbnRhaW5lcklkIH19L2F1dGh6L3Jlc291cmNlLXNlcnZlci9wZXJtaXNzaW9uL3t7ZGVmYXVsdF9wZXJtWzBdLmlkfX0vYXNzb2NpYXRlZFBvbGljaWVzIgogICAgICAgIG1ldGhvZDogIkdFVCIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgIHJlZ2lzdGVyOiBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcAoKICAgIC0gc2V0X2ZhY3Q6CiAgICAgICAgcHJldl9wb2xpY2llcyA6ICJ7eyBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcC5qc29uIH19IgogICAgICBmYWlsZWRfd2hlbjoKICAgICAgICBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcC5qc29ufGxlbmd0aCA9PSAwCgogICAgLSBuYW1lOiAiQWRkIHBvbGljeSIKICAgICAgdXJpOgogICAgICAgIHVybDogInt7IGlhbV9hZG1pbiB9fS9jbGllbnRzL3t7IHJvbGUuY29udGFpbmVySWQgfX0vYXV0aHovcmVzb3VyY2Utc2VydmVyL3BvbGljeS9yb2xlIgogICAgICAgIG1ldGhvZDogIlBPU1QiCiAgICAgICAgYm9keV9mb3JtYXQ6ICJqc29uIgogICAgICAgIGJvZHk6ICJ7IFwibmFtZVwiIDogXCJ7eyByb2xlLm5hbWV9fV9wb2xpY3lcIiwgXCJkZXNjcmlwdGlvblwiIDogXCJQb2xpY3kgZm9yIGhhdmluZyB7e3JvbGUubmFtZX19IHJvbGVcIiwgXCJ0eXBlXCIgOiBcInJvbGVcIiwgXCJsb2dpY1wiIDogXCJQT1NJVElWRVwiLCBcImRlY2lzaW9uU3RyYXRlZ3lcIiA6IFwiVU5BTklNT1VTXCIsIFwicm9sZXNcIiA6IFt7IFwiaWRcIiA6IFwie3tyb2xlLmlkfX1cIiwgXCJyZXF1aXJlZFwiIDogdHJ1ZX1dfSIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgICAgc3RhdHVzX2NvZGU6IDIwMQogICAgICByZWdpc3RlcjogYWRkX3BvbGljeV9yZXNwCgogICAgLSBzZXRfZmFjdDoKICAgICAgICBuZXdfcG9saWN5IDogInt7YWRkX3BvbGljeV9yZXNwLmpzb259fSIKCiAgICAtIHNldF9mYWN0OgogICAgICAgIGZpbmFsX3BvbGljaWVzOiAie3sgKHByZXZfcG9saWNpZXMgKyBbbmV3X3BvbGljeV0pIHwgbWFwKGF0dHJpYnV0ZT0naWQnKSB9fSIKCiAgICAtIG5hbWU6ICJGaW5hbGl6ZSBwZXJtaXNzaW9uIgogICAgICB1cmk6CiAgICAgICAgdXJsOiAie3sgaWFtX2FkbWluIH19L2NsaWVudHMve3sgcm9sZS5jb250YWluZXJJZCB9fS9hdXRoei9yZXNvdXJjZS1zZXJ2ZXIvcGVybWlzc2lvbi97e2RlZmF1bHRfcGVybVswXS5pZH19IgogICAgICAgIG1ldGhvZDogIlBVVCIKICAgICAgICBib2R5X2Zvcm1hdDogImpzb24iCiAgICAgICAgYm9keTogInsgXCJuYW1lXCIgOiBcIkRlZmF1bHQgUGVybWlzc2lvblwiLCBcImRlc2NyaXB0aW9uXCIgOiBcIlwiLCBcInR5cGVcIiA6IFwicmVzb3VyY2VcIiwgXCJsb2dpY1wiIDogXCJQT1NJVElWRVwiLCBcImRlY2lzaW9uU3RyYXRlZ3lcIiA6IFwiQUZGSVJNQVRJVkVcIiwgXCJwb2xpY2llc1wiIDoge3tmaW5hbF9wb2xpY2llc319IH0iCiAgICAgICAgaGVhZGVyczoKICAgICAgICAgIEF1dGhvcml6YXRpb246ICJCZWFyZXIge3sgdG9rIH19IgogICAgICAgIHN0YXR1c19jb2RlOiAyMDEKICAgICAgcmVnaXN0ZXI6IGFkZF9wb2xpY3lfcmVzcAoKICAgIAoKCg==",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],tasks.push({name:'pyansible',type:'SIMPLE',taskReferenceName:'call_policy_workflow_'+i}),inputs['call_policy_workflow_'+i]={playbook:$.playbook, extra_vars : {role:r, iam_master:$.iam_master,iam_admin:$.iam_admin,user:$.user,passw:$.pass}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
},
"type": "INLINE",
"startDelay": 0,
"optional": false,
"asyncComplete": false
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_call_policy_permission_workflow",
"inputParameters" : {
"tasks" : "${build_policy_permission_tasks.output.result.tasks}",
"inputs" : "${build_policy_permission_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_policy_permission_addition"
}
]
}

79
templates/role_deleted.json.j2
View File

@ -1,79 +0,0 @@
{
"ownerApp" : "Orchestrator",
"name" : "role_deleted",
"createBy" : "Marco Lettere",
"description": "Handle workflow related to Portal event role_deleted",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["role"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "1 == 1"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_all_vres",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=%252F&search=true&first=0&max=500",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_delete_role_tasks",
"type": "INLINE",
"inputParameters": {
"role" : "${workflow.input.role}",
"vres" : "${get_all_vres.output.body}",
"evaluatorType" : "javascript",
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'delete_role_'+i}),inputs['delete_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles/' + $.role,method:'DELETE', expect:Java.to([204,404],'int[]'),headers:{Authorization:'Bearer ${authorize.output.body.access_token}'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_delete_role",
"inputParameters" : {
"tasks" : "${build_delete_role_tasks.output.result.tasks}",
"inputs" : "${build_delete_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_role_deletion"
}
]
}

81
templates/user-group-role_created.json.j2
View File

@ -8,14 +8,13 @@
"inputParameters" : ["role", "user", "group"],
"tasks" : [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"expression": "1",
"evaluatorType" : "javascript"
"scriptExpression": "1"
}
},
{
@ -49,38 +48,36 @@
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers" : "${lookup_user.output.body}",
"username" : "${workflow.input.user}",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()",
"evaluatorType" : "javascript"
},
"type": "INLINE"
},
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers" : "${lookup_user.output.body}",
"username" : "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "LAMBDA"
},
{
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result}"
},
"type": "SWITCH",
"evaluatorType": "javascript",
"expression": "$.user == null ? 'true' : 'false'",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result[0]}"
},
"type": "DECISION",
"caseExpression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
@ -115,20 +112,18 @@
"inputParameters": {
"prev_status": "${get_client_roles.output.status}"
},
"type": "SWITCH",
"evaluatorType": "value-param",
"expression": "prev_status",
"type": "DECISION",
"caseValueParam": "prev_status",
"decisionCases": {
"200": [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "select_role",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"role": "${workflow.input.role}",
"roles" : "${get_client_roles.output.body}",
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}} f()",
"evaluatorType" : "javascript"
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}"
}
},
{
@ -136,7 +131,7 @@
"taskReferenceName" : "assign_role_to_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"expect" : [204, 404],
"method" : "POST",
"body" : "${select_role.output.result}",

64
templates/user-group-role_deleted.json.j2
View File

@ -8,14 +8,13 @@
"inputParameters" : ["role", "user", "group"],
"tasks" : [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"expression": "1",
"evaluatorType" : "javascript"
"scriptExpression": "1"
}
},
{
@ -49,38 +48,36 @@
}
},
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "INLINE"
"type": "LAMBDA"
},
{
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"users": "${select_user.output.result}"
},
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.user != null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result[0]}"
},
"type": "DECISION",
"caseExpression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
@ -109,14 +106,13 @@
}
},
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "select_role",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"role": "${workflow.input.role}",
"roles" : "${get_client_roles.output.body}",
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}} f()"
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}"
}
},
{
@ -124,7 +120,7 @@
"taskReferenceName" : "remove_role_from_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"expect" : 204,
"method" : "DELETE",
"body" : "${select_role.output.result}",

141
templates/user-group_created.json.j2
View File

@ -8,16 +8,14 @@
"inputParameters" : ["user", "group"],
"tasks" : [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"user" : "${workflow.input.user}",
"group" : "${workflow.input.group}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.user) || e($.group)) throw('User and Group must not be empty'); function f(){ var path = $.group.startsWith('%2F') ? $.group.split('%2F').slice(1) : [$.group]; return { 'tree' : Java.to(path, 'java.lang.String[]'), 'name' : path.slice(path.length-1)[0], 'search' : encodeURIComponent(path.slice(path.length-1)[0])}} f()"
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
}
},
{
@ -51,78 +49,91 @@
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
},
"type": "INLINE"
},
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "LAMBDA"
},
{
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result}"
},
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.search}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_group",
"type": "INLINE",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"expression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } function f() { return { 'group' : selectByPath($.groups, $.tree, 0)}} f()",
"evaluatorType" : "javascript"
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.group}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "check_group_existance",
"taskReferenceName" : "check_group_existance",
"type" : "SWITCH",
"evaluatorType" : "javascript",
"name" : "pyrest",
"taskReferenceName" : "get_client_roles",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
"expect" : [200, 404],
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "check_role_existance",
"taskReferenceName" : "check_role_existance",
"type" : "DECISION",
"inputParameters" :{
"group" : "${extract_group.output.result.group}"
"previous_outcome" : "${get_client_roles.output.status}"
},
"expression": "(($.group != null) ? 'assign' : 'skip')",
"caseValueParam" : "previous_outcome",
"decisionCases" : {
"assign" : [
"200" : [
{
"name": "LAMBDA_TASK",
"taskReferenceName": "select_role",
"type": "LAMBDA",
"inputParameters": {
"role": "${workflow.input.role}",
"roles" : "${get_client_roles.output.body}",
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "extract_group",
"type": "LAMBDA",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "assign_user_to_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/${extract_group.output.result.group.id}",
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/groups/${extract_group.output.result.group.id}",
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"

172
templates/user-group_deleted.json.j2
View File

@ -5,19 +5,17 @@
"description": "Handle workflow related to Portal event user-group_deleted",
"version" : 1,
"ownerEmail" : "m.lettere@gmail.com",
"inputParameters" : ["user", "group"],
"inputParameters" : ["role", "user", "group"],
"tasks" : [
{
"name": "INLINE_TASK",
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"group" : "${workflow.input.group}",
"user" : "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.user) || e($.group)) throw('User and Group must not be empty'); function f(){var path = $.group.startsWith('%2F') ? $.group.split('%2F').slice(1) : [$.group]; return { 'tree' : Java.to(path, 'java.lang.String[]'), 'name' : path.slice(path.length-1)[0], search : encodeURIComponent(path.slice(path.length-1)[0])}} f()"
"group" : "${workflow.input.group}",
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
}
},
{
@ -50,26 +48,24 @@
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
},
"type": "INLINE"
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "LAMBDA"
},
{
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result}"
"user": "${select_user.output.result[0]}"
},
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.user == null ? 'true' : 'false')",
"type": "DECISION",
"caseExpression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
@ -83,63 +79,6 @@
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.search}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_group",
"type": "INLINE",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"evaluatorType" : "javascript",
"expression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } function f() { return { 'group' : selectByPath($.groups, $.tree, 0)}} f()"
}
},
{
"name" : "check_group_existance",
"taskReferenceName" : "check_group_existance",
"type" : "SWITCH",
"inputParameters" :{
"group" : "${extract_group.output.result.group}"
},
"evaluatorType" : "javascript",
"expression": "(($.group != null) ? 'delete' : 'skip')",
"decisionCases" : {
"skip" : [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_group",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_user_from_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/${extract_group.output.result.group.id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
@ -161,7 +100,6 @@
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
"method" : "GET",
"expect" : [200, 404],
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
@ -169,33 +107,53 @@
}
},
{
"name" : "check_role_existance",
"taskReferenceName" : "check_role_existance",
"type" : "SWITCH",
"evaluatorType" : "value-param",
"inputParameters" :{
"previous_outcome" : "${get_client_roles.output.status}"
},
"expression" : "previous_outcome",
"decisionCases" : {
"200" : [
{
"name" : "pyrest",
"taskReferenceName" : "remove_all_roles_from_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"expect" : 204,
"method" : "DELETE",
"body" : "${get_client_roles.body}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
]
"name" : "pyrest",
"taskReferenceName" : "remove_all_roles_from_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"expect" : 204,
"method" : "DELETE",
"body" : "${get_client_roles.body}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "extract_group",
"type": "LAMBDA",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "assign_user_to_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
}
]
}