Compare commits
406 Commits
Author | SHA1 | Date |
---|---|---|
Marco Lettere | e5b4adbbb9 | |
Marco Lettere | 50aa6a47ec | |
Marco Lettere | 1bc11702a5 | |
Marco Lettere | 4da946f250 | |
Marco Lettere | 345d8511db | |
Marco Lettere | c28f8127f2 | |
Marco Lettere | 37eab7505d | |
Marco Lettere | 7f029c1a39 | |
Marco Lettere | 1bdb4c1430 | |
Marco Lettere | 872358fcc8 | |
Marco Lettere | eda7375677 | |
Marco Lettere | d43557f275 | |
Marco Lettere | 88ac5e5233 | |
Marco Lettere | 9efc8caabe | |
Marco Lettere | e5fe4ee663 | |
Marco Lettere | 037a06cbb1 | |
Marco Lettere | a60d6e2e41 | |
Marco Lettere | bfaf8ebabb | |
Marco Lettere | 0e2b9ef289 | |
Marco Lettere | 0181349228 | |
Marco Lettere | 9c22c6f617 | |
Marco Lettere | 6fbdb2d7bb | |
Marco Lettere | 900fa993ba | |
Marco Lettere | ab1010c417 | |
Marco Lettere | e0028de1f0 | |
Marco Lettere | 2d953718c0 | |
Marco Lettere | 3febc0751b | |
Marco Lettere | d775a774f9 | |
Marco Lettere | 584b3ef940 | |
Marco Lettere | e648baf5bd | |
Marco Lettere | 35ce4dc32e | |
Marco Lettere | 021304f651 | |
Marco Lettere | 6599eca219 | |
Marco Lettere | 4e046ad847 | |
Marco Lettere | 746998fafd | |
Marco Lettere | cb677a7924 | |
Marco Lettere | 09494eb668 | |
Marco Lettere | f6e3e0f250 | |
Marco Lettere | 730c7f7f43 | |
Marco Lettere | 488fa4bff7 | |
Marco Lettere | 4ac9f1189b | |
Marco Lettere | 8196cf0cc6 | |
Marco Lettere | 0a54a69bda | |
Marco Lettere | 4f6b9698f5 | |
Marco Lettere | 1927fe6df8 | |
Marco Lettere | 8a798e72d5 | |
Marco Lettere | 6514aa22f6 | |
Marco Lettere | b1e27b9891 | |
Marco Lettere | e0a5c8beac | |
Marco Lettere | 1ed26efdb8 | |
Marco Lettere | 8c032509b2 | |
Marco Lettere | 47a09e155d | |
Marco Lettere | 7ca6e1e022 | |
Marco Lettere | 7dadef708e | |
Marco Lettere | 347476e792 | |
Marco Lettere | 787d1d7272 | |
Marco Lettere | f0c3e9ab12 | |
Marco Lettere | d61e893a8b | |
Marco Lettere | bd35f5aded | |
Marco Lettere | 20025bad84 | |
Marco Lettere | 0f593d5b8d | |
Marco Lettere | de4416c842 | |
Marco Lettere | b6b49d4500 | |
Marco Lettere | 2cf8a62be4 | |
Marco Lettere | a719a05734 | |
Marco Lettere | 064c554c25 | |
Marco Lettere | c8ba9dc1cc | |
Marco Lettere | 8f3901216a | |
Marco Lettere | ce3ef27b17 | |
Marco Lettere | 94c9eeeda7 | |
Marco Lettere | 5b308bf8cd | |
Marco Lettere | f54792e117 | |
Marco Lettere | 1306b1bdfe | |
Marco Lettere | 2cc42d9e6d | |
Marco Lettere | ce66259343 | |
Marco Lettere | 517ced19c6 | |
Marco Lettere | 66d00bd06b | |
Marco Lettere | 00782d90e1 | |
Marco Lettere | 0846edfb75 | |
Marco Lettere | 9dc0af9e73 | |
Marco Lettere | 6a6fbca118 | |
Marco Lettere | ec6969f626 | |
Marco Lettere | 4d1021f699 | |
Marco Lettere | 5a01d339ca | |
Marco Lettere | 46234973e8 | |
Marco Lettere | e66f146432 | |
Marco Lettere | 37c7bdb070 | |
Marco Lettere | c0a770c864 | |
Marco Lettere | 6f94ff6125 | |
Marco Lettere | 5d6a17d2f5 | |
Marco Lettere | be6a71b283 | |
Marco Lettere | ad0c83c83c | |
Marco Lettere | d53ad6b8fe | |
Marco Lettere | 3409b5f392 | |
Marco Lettere | 49f80b4cc6 | |
Marco Lettere | 13bb81a85c | |
Marco Lettere | cea8698929 | |
Marco Lettere | 51be38cd57 | |
Marco Lettere | 72d4ba9799 | |
Marco Lettere | 887bf83277 | |
Marco Lettere | b88837df53 | |
Marco Lettere | b9807d1450 | |
Marco Lettere | 4cf2610cdd | |
Marco Lettere | 1ab8b20811 | |
Marco Lettere | 2d8c576160 | |
Marco Lettere | 362ab27344 | |
Marco Lettere | 82b4d2ecf2 | |
Marco Lettere | b0e83cc47d | |
Marco Lettere | 18cb707053 | |
Marco Lettere | ee85e5cfd8 | |
Marco Lettere | 8081b9ecf0 | |
Marco Lettere | 38f48f558e | |
Marco Lettere | a5599b4311 | |
Marco Lettere | ac6b325486 | |
Marco Lettere | 3bd3eefd4b | |
Marco Lettere | e68a2845b5 | |
Marco Lettere | 069ac7295e | |
Marco Lettere | d4b94a2bc6 | |
Marco Lettere | 430047d4c5 | |
Marco Lettere | dffdeeaa94 | |
Marco Lettere | 25bbf13a24 | |
Marco Lettere | 757b03003c | |
Marco Lettere | 2bc1d78b9c | |
Marco Lettere | 22fc70aec2 | |
Marco Lettere | dc323102a2 | |
Marco Lettere | 9ca9ad4e54 | |
Marco Lettere | 65e1c2709e | |
Marco Lettere | ff546c3405 | |
Marco Lettere | 83724be1ab | |
Marco Lettere | bb729c86d6 | |
Marco Lettere | bdfb3f2ca9 | |
Marco Lettere | 39eab850e4 | |
Marco Lettere | 210482df25 | |
Marco Lettere | 87af670d4f | |
Marco Lettere | fbfac80eb8 | |
Marco Lettere | a4807d24e8 | |
Marco Lettere | 67435074ad | |
Marco Lettere | 04c7bb0ba6 | |
Marco Lettere | a03e924045 | |
Marco Lettere | 9e8e374f6d | |
Marco Lettere | 8805ceb944 | |
Marco Lettere | 0f2023bb62 | |
Marco Lettere | 24e190c957 | |
Marco Lettere | 3b6c49edce | |
Marco Lettere | 36026d6a4f | |
Marco Lettere | eb93fe1421 | |
Marco Lettere | 264aee6580 | |
Marco Lettere | 14a4698a92 | |
Marco Lettere | 2a790c7233 | |
Marco Lettere | 079eaaf63c | |
Marco Lettere | 2b85ac6e7c | |
Marco Lettere | 64cb191730 | |
Marco Lettere | bd895d4583 | |
Marco Lettere | 5685e29d49 | |
Marco Lettere | e659207019 | |
Marco Lettere | 604a78af89 | |
Marco Lettere | 51edaa1675 | |
Marco Lettere | a0defed409 | |
Marco Lettere | 85051056be | |
Marco Lettere | 3e2e2d460d | |
Marco Lettere | 263c12db0f | |
Marco Lettere | 553f2aa357 | |
Marco Lettere | c2e98f6faf | |
Marco Lettere | f4ee98c531 | |
Marco Lettere | 5d2a945047 | |
Marco Lettere | a64ea6f2a5 | |
Marco Lettere | 7f39fde127 | |
Marco Lettere | 9a86ba6ee4 | |
Marco Lettere | a11bf6a057 | |
Marco Lettere | 6fd9e3c590 | |
Marco Lettere | 4c57be3f45 | |
Marco Lettere | c6a0a1e0b7 | |
Marco Lettere | 7864b81016 | |
Marco Lettere | f8e1fff6d4 | |
Marco Lettere | 7dc2aacfc6 | |
Marco Lettere | e95442434c | |
Marco Lettere | f438b0e0b1 | |
Marco Lettere | 7190e25c84 | |
Marco Lettere | 4682b3c575 | |
Marco Lettere | 6736647f91 | |
Marco Lettere | db238a9d44 | |
Marco Lettere | 37f465df65 | |
Marco Lettere | f12108aaf1 | |
Marco Lettere | 9fc54797c6 | |
Marco Lettere | 212990557f | |
Marco Lettere | b88c4ac153 | |
Marco Lettere | e6ec1c4195 | |
Marco Lettere | ab8f573ac9 | |
Marco Lettere | 0d09523675 | |
Marco Lettere | 46cc74e6ff | |
Marco Lettere | 43b68fe755 | |
Marco Lettere | f128a3670a | |
Marco Lettere | 7b0f83abd1 | |
Marco Lettere | fda78741db | |
Marco Lettere | ad6c4b7f03 | |
Marco Lettere | 79ded74f4d | |
Marco Lettere | e6e7e486f3 | |
Marco Lettere | ecb01a8e08 | |
Marco Lettere | cd14ab34bb | |
Marco Lettere | 08511adf6b | |
Marco Lettere | fd42f668f8 | |
Marco Lettere | 6bc808207d | |
Marco Lettere | 57cc977921 | |
Marco Lettere | 2e7b427ea1 | |
Marco Lettere | fe64b1261d | |
Marco Lettere | 112680ae36 | |
Marco Lettere | 0daf406aaf | |
Marco Lettere | 812692c37e | |
Marco Lettere | b3ca00aafe | |
Marco Lettere | 2653e8547e | |
Marco Lettere | 4d93c95f84 | |
Marco Lettere | d7b099bdec | |
Marco Lettere | 13c8d6ee44 | |
Marco Lettere | 88868587e5 | |
Marco Lettere | 06dbbe39d2 | |
Marco Lettere | a0be8131dd | |
Marco Lettere | 57fc634b8d | |
Marco Lettere | 58a6b2da12 | |
Marco Lettere | fb2cbb2247 | |
Marco Lettere | 442eb8fa59 | |
Marco Lettere | 93410cf895 | |
Marco Lettere | 6020c16367 | |
Marco Lettere | 0cd1700bd6 | |
Marco Lettere | 676f684630 | |
Marco Lettere | 779612ac12 | |
Marco Lettere | b9cf7dbb89 | |
Marco Lettere | 96cad42acc | |
Marco Lettere | 50c5669a2e | |
Marco Lettere | bc9db28bfd | |
Marco Lettere | 0a7b4788cf | |
Marco Lettere | 15de441715 | |
Marco Lettere | caaf863f73 | |
Marco Lettere | e37091f43d | |
Marco Lettere | 390d826a15 | |
Marco Lettere | 7c6f28ea62 | |
Marco Lettere | ad7db3f8ef | |
Marco Lettere | bd5f59d5c9 | |
Marco Lettere | 41c7ead616 | |
Marco Lettere | 592fd97bef | |
Marco Lettere | 54ba635108 | |
Marco Lettere | 779d1dbfab | |
Marco Lettere | 21fc7423e9 | |
Marco Lettere | 5f2a9c6671 | |
Marco Lettere | a808251924 | |
Marco Lettere | 3463b65d4c | |
Marco Lettere | 5d11f97187 | |
Marco Lettere | 6b8c2fb1dc | |
Marco Lettere | 5e3264aebb | |
Marco Lettere | 78a7612306 | |
Marco Lettere | 4d90cbc045 | |
Marco Lettere | c0bd29d44b | |
Marco Lettere | bd23d0b65f | |
Marco Lettere | 3050f0d2f5 | |
Marco Lettere | 01cdce661c | |
Marco Lettere | a6a2f7a367 | |
Marco Lettere | 2674901cec | |
Marco Lettere | f14e338e6e | |
Marco Lettere | 4db9a865cc | |
Marco Lettere | a5d4dd75ad | |
Marco Lettere | eb915933f6 | |
Marco Lettere | c079c695b7 | |
Marco Lettere | 51eae66ec6 | |
Marco Lettere | 90dcb4dc83 | |
Marco Lettere | b9646e4069 | |
Marco Lettere | 97289e10a0 | |
Marco Lettere | 728cdd2484 | |
Marco Lettere | 0a916e2c50 | |
Marco Lettere | 27518cfbdc | |
Marco Lettere | eb84cf5e15 | |
Marco Lettere | 38d8602c3b | |
Marco Lettere | 586bbc0234 | |
Marco Lettere | 66d6881eed | |
Marco Lettere | 94e479ad2b | |
Marco Lettere | 8cc4efaac0 | |
Marco Lettere | 011f6eb0ed | |
Marco Lettere | e9a4c2e46f | |
Marco Lettere | fc41e2f4e5 | |
Marco Lettere | b4aef34d3b | |
Marco Lettere | 768e965305 | |
Marco Lettere | b6fda3975d | |
Marco Lettere | 050990db34 | |
Marco Lettere | 597ba693d9 | |
Marco Lettere | d8a47e00a2 | |
Marco Lettere | feda23ebda | |
Marco Lettere | debef2b479 | |
Marco Lettere | d729118dbd | |
Marco Lettere | 988804480e | |
Marco Lettere | 2d3cfc69d9 | |
Marco Lettere | 7dcd18f438 | |
Marco Lettere | 096f082a47 | |
Marco Lettere | 55db5d7d39 | |
Marco Lettere | 899621e6a3 | |
Marco Lettere | 6561d96531 | |
Marco Lettere | d23b12de3c | |
Marco Lettere | 3bf7363f3a | |
Marco Lettere | 52448711c4 | |
Marco Lettere | 48275c4a2d | |
Marco Lettere | b0f341d61a | |
Marco Lettere | e4690e8cf5 | |
Marco Lettere | 31c09e1ae7 | |
Marco Lettere | e3bc4c24e0 | |
Marco Lettere | 148f8894fe | |
Marco Lettere | b4489912fd | |
Marco Lettere | 4e2d074d60 | |
Marco Lettere | 88c3429082 | |
Marco Lettere | 63dcb10efb | |
dcore94 | d2d3f1b56f | |
dcore94 | 90d23511d1 | |
dcore94 | b1494e6c5d | |
dcore94 | 5a0541a969 | |
dcore94 | 24281986f7 | |
dcore94 | 8625fc3f67 | |
dcore94 | 4cd68edad7 | |
dcore94 | 68bb27c159 | |
dcore94 | 88a462ef4b | |
dcore94 | ade0ecf98f | |
dcore94 | 6f984675c8 | |
dcore94 | 9747e34dad | |
dcore94 | 72049edb6a | |
dcore94 | 49f8ce1123 | |
dcore94 | 4a15b3a7e0 | |
dcore94 | 3399483ac5 | |
dcore94 | 4c7dab8913 | |
dcore94 | 930ed0760f | |
dcore94 | 2408d37373 | |
dcore94 | fdf375e984 | |
dcore94 | 3c3bbf4e3c | |
dcore94 | fa3c99482f | |
dcore94 | 4267480a1c | |
dcore94 | 7dce372bd4 | |
dcore94 | 2fb8b37c7f | |
dcore94 | 587c491b99 | |
dcore94 | cb5c4b5c47 | |
dcore94 | 71b2d26a0d | |
dcore94 | 32ee1a7bb6 | |
dcore94 | 1f78bc5325 | |
dcore94 | 5e74d09c73 | |
dcore94 | cb1ccd069d | |
dcore94 | dbfc3ed884 | |
dcore94 | ad79ea2353 | |
dcore94 | 70470f352d | |
dcore94 | 2238e8fb4d | |
dcore94 | 651110dd3f | |
dcore94 | 24f1de5f3c | |
dcore94 | f99244b85a | |
dcore94 | 659e8bb231 | |
dcore94 | a447d919b5 | |
dcore94 | 7733542eba | |
dcore94 | 253733e698 | |
dcore94 | 9bc84b40ec | |
dcore94 | ca48efb788 | |
dcore94 | 9e15bbf00b | |
dcore94 | 2652e9c635 | |
dcore94 | 8e46177f07 | |
dcore94 | 151599a81a | |
dcore94 | b5aeb10af4 | |
dcore94 | 6715bc1a4a | |
dcore94 | bf41e1ee48 | |
dcore94 | 21328cdb5f | |
dcore94 | ddce625c0f | |
dcore94 | b2faf6497a | |
dcore94 | 98539d1a71 | |
dcore94 | 873beff0f1 | |
dcore94 | 2f33dceef0 | |
dcore94 | 95bd73561f | |
dcore94 | bd777eb402 | |
dcore94 | e5d5ba4818 | |
dcore94 | 51e3d8599c | |
dcore94 | 508742daa9 | |
dcore94 | d6e7688c48 | |
dcore94 | cfd6114d92 | |
dcore94 | 23ec6e8388 | |
dcore94 | 68568602ec | |
dcore94 | 4f238b49e7 | |
dcore94 | 7f01bffe5e | |
dcore94 | 7d30255cf5 | |
dcore94 | a99a24720a | |
dcore94 | d3a99f5bf6 | |
dcore94 | 1abe2d835d | |
dcore94 | 8f4d35c2d5 | |
dcore94 | 25bf4e537d | |
dcore94 | 33b2df507e | |
dcore94 | 2b20e70da2 | |
dcore94 | ea9cecb070 | |
dcore94 | ae510805eb | |
dcore94 | da134f43be | |
dcore94 | c05a90a311 | |
dcore94 | c3f5762c44 | |
dcore94 | e058ca2be5 | |
dcore94 | ba6bc9bf85 | |
dcore94 | b99719a63d | |
dcore94 | 0bcbba23c7 | |
dcore94 | 3cddf7ec46 | |
dcore94 | 11fe723b9b | |
dcore94 | 971cf38a5f | |
dcore94 | c007896a55 | |
dcore94 | 7658af52f8 | |
dcore94 | 91b1515d9c | |
dcore94 | fc167a6af8 | |
dcore94 | d18d910e45 | |
dcore94 | cc4aaafab7 | |
dcore94 | 77875b904b | |
dcore94 | 63066ca1e6 | |
dcore94 | 1cdb9e68eb | |
dcore94 | b90e84f84a | |
dcore94 | 9a342dc5e7 |
|
@ -1,18 +1,45 @@
|
||||||
---
|
---
|
||||||
workflows:
|
workflows:
|
||||||
- create-user-add-to-vre
|
# - create-user-add-to-vre
|
||||||
- group_deleted
|
# - group_deleted
|
||||||
- user-group_created
|
# - user-group_created
|
||||||
- user-group-role_created
|
# - user-group-role_created
|
||||||
- group_created
|
# - group_created
|
||||||
- invitation-accepted
|
# - invitation-accepted
|
||||||
- user-group_deleted
|
# - user-group_deleted
|
||||||
- user-group-role_deleted
|
# - user-group-role_deleted
|
||||||
- delete-user-account
|
# - delete-user-account
|
||||||
|
# - keycloak_delete_account
|
||||||
|
# - role_deleted
|
||||||
|
# - role_created
|
||||||
|
# - add_role_policy_permission
|
||||||
|
# - add_all_member_roles
|
||||||
|
# - create_system_service
|
||||||
|
# - delete_system_service
|
||||||
|
# - add_all_system_services_to_vre
|
||||||
|
# - create_workspace_client
|
||||||
|
- add_workspace_client_to_context
|
||||||
|
# - enable_workspace_clients_for_context
|
||||||
|
# - add_workspace_client_to_contexts
|
||||||
|
# - ghn_client_add_to_context
|
||||||
|
# - ghn_client_add_to_contexts
|
||||||
|
# - ghn_client_create
|
||||||
|
# - ghn_client_delete
|
||||||
|
# - ghn_client_remove_from_contexts
|
||||||
|
# - ghn_client_remove_from_context
|
||||||
|
# - jupyterhub_add_serveroptions_to_context
|
||||||
|
# - record_context_to_is
|
||||||
|
# - create_vre_folder_for_context
|
||||||
|
# - create_vre
|
||||||
|
|
||||||
keycloak_host: "https://accounts.dev.d4science.org/auth"
|
keycloak_host: "https://accounts.dev.d4science.org/auth"
|
||||||
keycloak: "{{ keycloak_host }}/realms"
|
keycloak: "{{ keycloak_host }}/realms"
|
||||||
keycloak_realm: "d4science"
|
keycloak_realm: "d4science"
|
||||||
keycloak_admin: "{{ keycloak_host }}/admin/realms"
|
keycloak_admin: "{{ keycloak_host }}/admin/realms"
|
||||||
keycloak_auth: "c93501bd-abeb-4228-bc28-afac38877338"
|
keycloak_auth: "c93501bd-abeb-4228-bc28-afac38877338"
|
||||||
liferay: "https://next.d4science.org/api/jsonws"
|
keycloak_auth_master: "7a64deb5-e8ea-4add-ba8d-26b339994cc9"
|
||||||
|
liferay: "https://next.dev.d4science.org/api/jsonws"
|
||||||
liferay_auth: "bm90aWZpY2F0aW9uc0BkNHNjaWVuY2Uub3JnOmdjdWJlcmFuZG9tMzIx"
|
liferay_auth: "bm90aWZpY2F0aW9uc0BkNHNjaWVuY2Uub3JnOmdjdWJlcmFuZG9tMzIx"
|
||||||
|
root_vo: "%2Fgcube"
|
||||||
|
ic_proxy: "https://node10-d-d4s.d4science.org"
|
||||||
|
is_url: "https://url.gcube.d4science.org"
|
||||||
|
|
|
@ -15,6 +15,9 @@
|
||||||
uri:
|
uri:
|
||||||
url: "{{ conductor_workflowdef_endpoint }}/{{ item }}/1"
|
url: "{{ conductor_workflowdef_endpoint }}/{{ item }}/1"
|
||||||
method: DELETE
|
method: DELETE
|
||||||
|
force_basic_auth: yes
|
||||||
|
url_username: "{{ user }}"
|
||||||
|
url_password: "{{ password }}"
|
||||||
follow_redirects: yes
|
follow_redirects: yes
|
||||||
status_code: [200, 204, 404, 500]
|
status_code: [200, 204, 404, 500]
|
||||||
loop:
|
loop:
|
||||||
|
@ -26,6 +29,9 @@
|
||||||
method: POST
|
method: POST
|
||||||
src: "{{ target.path }}/{{ item }}.json"
|
src: "{{ target.path }}/{{ item }}.json"
|
||||||
body_format: json
|
body_format: json
|
||||||
|
force_basic_auth: yes
|
||||||
|
url_username: "{{ user }}"
|
||||||
|
url_password: "{{ password }}"
|
||||||
follow_redirects: yes
|
follow_redirects: yes
|
||||||
status_code: [200, 204]
|
status_code: [200, 204]
|
||||||
loop:
|
loop:
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "add_all_member_roles",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Add all member roles of every context to the KC system service client identified by client",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["context","client"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "1 == 1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "retrieve_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.context.id}/roles/Member",
|
||||||
|
"method" :"GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "to_array",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${retrieve_member_role.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "assign_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${workflow.input.client}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
|
||||||
|
"method" :"POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept":"application/json"
|
||||||
|
},
|
||||||
|
"body" : "${to_array.output.resultList}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,190 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "add_all_system_services_to_vre",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "All system services retrieved from the IS through IC Proxy are added as Member to a VRE",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_resource_id"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"iC_proxy" : "{{ ic_proxy }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"scriptExpression": "1 == 1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize_on_realm",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize_with_uma_rpt",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json",
|
||||||
|
"Authorization" : "Bearer ${authorize_on_realm.output.body.access_token}"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"audience" : "{{ root_vo }}",
|
||||||
|
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "retrieve_system_services",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ ic_proxy }}/icproxy/gcube/service/ServiceEndpoint/SystemService",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/xml",
|
||||||
|
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyeval",
|
||||||
|
"taskReferenceName" : "extract_system_service_names",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Name')))",
|
||||||
|
"xmlstring" : "${retrieve_system_services.output.body}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_vre",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.client_resource_id}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_get_system_services_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients?search=true&clientId=",
|
||||||
|
"services" : "${extract_system_service_names.output.result}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service' + i});inputs['get_system_service' + i] = {url: $.url + s,method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_get_system_services_tasks",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_get_system_services_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_get_system_services_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_get_system_services_tasks"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_get_system_services_useraccount_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"services" : "${join_parallel_get_system_services_tasks.output..body.*.id}",
|
||||||
|
"scriptExpression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service_useraccount' + i});inputs['get_system_service_useraccount' + i] = {url: $.url + '/' + s + '/service-account-user',method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_get_system_services_useraccount_tasks",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_get_system_services_useraccount_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_get_system_services_useraccount_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_get_system_services_useraccount_tasks"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "LAMBDA_TASK",
|
||||||
|
"taskReferenceName": "build_member_roles_assignment_tasks",
|
||||||
|
"type": "LAMBDA",
|
||||||
|
"inputParameters": {
|
||||||
|
"context" : "${get_vre.output.body}",
|
||||||
|
"service_ids" : "${join_parallel_get_system_services_useraccount_tasks.output..body.id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];for(var i=0;i<$.service_ids.length;i++)c=$.context,tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.service_ids[i]};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_build_member_roles_assignment_tasks",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_member_roles_assignment_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_member_roles_assignment_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_build_member_roles_assignment_tasks"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,152 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "add_role_policy_permission",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Atomically add a policy and a update client permission with new role",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["role"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "1 == 1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "prepare_policy_and_permission",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "add_policy",
|
||||||
|
"retryCount" : 1,
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/policy/role",
|
||||||
|
"method" :"POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"name":"${workflow.input.role.name}_policy",
|
||||||
|
"description" : "Policy for having ${workflow.input.role.name} role",
|
||||||
|
"type":"role",
|
||||||
|
"logic" : "POSITIVE",
|
||||||
|
"decisionStrategy" : "UNANIMOUS",
|
||||||
|
"roles" : [{ "id" : "${workflow.input.role.id}", "required" : true}]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "retrieve_default_permission",
|
||||||
|
"retryCount" : 1,
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission?name=Default Permission",
|
||||||
|
"method" :"GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "retrieve_default_permission_policies",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body[0].id}/associatedPolicies",
|
||||||
|
"method" :"GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_prepare_policy_and_permission",
|
||||||
|
"joinOn" : ["retrieve_default_permission_policies","add_policy"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "to_policy_array",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"newpolicy": "${add_policy.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"prevpolicies" : "${retrieve_default_permission_policies.output.body}",
|
||||||
|
"expression": "Java.from($.prevpolicies).concat($.newpolicy)"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "count_check",
|
||||||
|
"inputParameters": {
|
||||||
|
"tocount": "${to_policy_array.output.result[*].id}",
|
||||||
|
"tocompare": "${retrieve_default_permission_policies.output.body}",
|
||||||
|
"evaluatorType": "javascript",
|
||||||
|
"expression": "if($.tocount.length < $.tocompare.length) throw 'Unexpected low value'; else $.tocount.length < $.tocompare.length"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "finalize_permission",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission/${retrieve_default_permission.output.body[0].id}",
|
||||||
|
"method" : "PUT",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"name": "Default Permission",
|
||||||
|
"description": "",
|
||||||
|
"type" : "resource",
|
||||||
|
"logic": "POSITIVE",
|
||||||
|
"decisionStrategy": "AFFIRMATIVE",
|
||||||
|
"policies" : "${to_policy_array.output.result[*].id}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,235 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "add_workspace_client_to_context",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "A workspace client is made Member of a context and it's workspace folder is linked to context's shared folder",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "context"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"root_vo": "{{ root_vo }}",
|
||||||
|
"storagehub" : "{{ storagehub }}",
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"ctx" : "${workflow.input.context}",
|
||||||
|
"evaluatorType": "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_root_vo : encodeURI($.root_vo), encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "fork1",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_ws_client",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client" : "${lookup_client.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_service_account_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_ws_client.output.result.id}/service-account-user",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_context",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"params" : { "clientId" : "${init.output.result.encoded_context}"},
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "switch_task",
|
||||||
|
"taskReferenceName": "check_for_exactly_one__context",
|
||||||
|
"inputParameters": {
|
||||||
|
"count": "${lookup_context.output.body.length}"
|
||||||
|
},
|
||||||
|
"type": "SWITCH",
|
||||||
|
"decisionCases": {
|
||||||
|
"fail": [
|
||||||
|
{
|
||||||
|
"name": "terminate_on_wrong_context_number_1",
|
||||||
|
"taskReferenceName": "terminate_on_wrong_context_number_1",
|
||||||
|
"inputParameters": {
|
||||||
|
"terminationStatus": "COMPLETED"
|
||||||
|
},
|
||||||
|
"type": "TERMINATE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"evaluatorType": "javascript",
|
||||||
|
"expression": "$.count !== 1 ? 'fail' : 'success'",
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_context",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client" : "${lookup_context.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "retrieve_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
|
||||||
|
"method" :"GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "roles_to_assign",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${retrieve_member_role.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "shubify_context_name",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"context_name" : "${extract_context.output.result.client.name}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "var s = $.context_name; function f(){return { shubified_context_name : (s[0] === '/' ? s.replace('/', '') : s).split('/').join('-')}} f()"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "join1",
|
||||||
|
"type": "JOIN",
|
||||||
|
"joinOn": [
|
||||||
|
"get_service_account_user",
|
||||||
|
"shubify_context_name"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "assign_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
|
||||||
|
"method" :"POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept":"application/json"
|
||||||
|
},
|
||||||
|
"body" : "${roles_to_assign.output.resultList}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize_with_uma_rpt",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"audience" : "${init.input.root_vo}",
|
||||||
|
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "workspace_to_vre_folder",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.storagehub}/workspace/groups/${shubify_context_name.output.result.shubified_context_name}/users",
|
||||||
|
"method" : "PUT",
|
||||||
|
"expect" : [200, 400, 500],
|
||||||
|
"body" :{
|
||||||
|
"userId" : "${get_service_account_user.output.body.username}"
|
||||||
|
},
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,52 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "add_workspace_client_to_contexts",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "A workspace client is made Member of all the contexts passed as input by calling the add_workspace_client_to_context sub-workflow",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "context_list"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"root_vo": "{{ root_vo }}",
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_tasks_to_add_ws_client_to_all_contexts",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"context_list" : "${workflow.input.context_list}",
|
||||||
|
"client_id" : "${workflow.input.client_id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_build_tasks_to_add_ws_client_to_all_contexts",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.tasks}",
|
||||||
|
"inputs" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_build_tasks_to_add_ws_client_to_all_contexts"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
|
@ -8,14 +8,15 @@
|
||||||
"inputParameters" : ["user", "first-name", "last-name", "email", "password", "group"],
|
"inputParameters" : ["user", "first-name", "last-name", "email", "password", "group"],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
"group" : "${workflow.input.group}",
|
"group" : "${workflow.input.group}",
|
||||||
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function f(){var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}} f()"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -79,15 +80,16 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "select_user",
|
"taskReferenceName": "select_user",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"foundusers": "${lookup_user.output.body}",
|
"foundusers": "${lookup_user.output.body}",
|
||||||
"username": "${workflow.input.user}",
|
"username": "${workflow.input.user}",
|
||||||
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
|
"evaluatorType" : "javascript",
|
||||||
},
|
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
|
||||||
"type": "LAMBDA"
|
},
|
||||||
},
|
"type": "INLINE"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "pyrest",
|
||||||
"taskReferenceName" : "lookup_client",
|
"taskReferenceName" : "lookup_client",
|
||||||
|
@ -119,21 +121,23 @@
|
||||||
{
|
{
|
||||||
"name" : "check_role_existance",
|
"name" : "check_role_existance",
|
||||||
"taskReferenceName" : "check_role_existance",
|
"taskReferenceName" : "check_role_existance",
|
||||||
"type" : "DECISION",
|
"type" : "SWITCH",
|
||||||
"inputParameters" :{
|
"inputParameters" :{
|
||||||
"previous_outcome" : "${get_client_roles.output.status}"
|
"previous_outcome" : "${get_client_roles.output.status}"
|
||||||
},
|
},
|
||||||
"caseValueParam" : "previous_outcome",
|
"evaluatorType" : "value-param",
|
||||||
|
"expression" : "previous_outcome",
|
||||||
"decisionCases" : {
|
"decisionCases" : {
|
||||||
"200" : [
|
"200" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "select_role",
|
"taskReferenceName": "select_role",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
"role": "${workflow.input.role}",
|
"role": "${workflow.input.role}",
|
||||||
"roles" : "${get_client_roles.output.body}",
|
"roles" : "${get_client_roles.output.body}",
|
||||||
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}"
|
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return $.roles[i]}} f()"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -149,26 +153,43 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "extract_group",
|
"taskReferenceName": "extract_groups",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
"tree" : "${init.output.result.tree}",
|
"tree" : "${init.output.result.tree}",
|
||||||
"groups" : "${look_up_groups.output.body}",
|
"groups" : "${look_up_groups.output.body}",
|
||||||
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
|
"expression": "function selectByPath(groups, path, level, acc){ for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {acc.push(groups[i]); if (level === path.length - 1) return acc;return selectByPath(groups[i].subGroups, path, level+1, acc)}} return []; } function f(){ return { 'groups' : Java.to(selectByPath($.groups, $.tree, 0, []),'java.util.Map[]')}} f()"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName" : "assign_user_to_group",
|
"taskReferenceName": "build_add_to_all_groups_tasks",
|
||||||
"type" : "SIMPLE",
|
"type": "INLINE",
|
||||||
"inputParameters" : {
|
"inputParameters": {
|
||||||
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/groups/${extract_group.output.result.group.id}",
|
"evaluatorType" : "javascript",
|
||||||
"method" : "PUT",
|
"groups" : "${extract_groups.output.result.groups}",
|
||||||
"headers" : {
|
"auth" : "Bearer ${authorize.output.body.access_token}",
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
"kc_user_url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/",
|
||||||
}
|
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.groups.length;i++)group=$.groups[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'user_to_group_'+i}),inputs['user_to_group_'+i]={ url : $.kc_user_url + group.id, method : 'PUT', headers: { Authorization : $.auth} };return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f();"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_user_to_groups",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_to_all_groups_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_to_all_groups_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_user_to_groups"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,116 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "create_system_service",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Create a confidential client for software procedures that need to be members of each VO and VRE",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "client_secret", "description"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"secret" : "${workflow.input.client_secret}",
|
||||||
|
"description" : "${workflow.input.description}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){ if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}}; f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"body" : "${init.output.result.client}",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_client_id",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"client_location" : "${create_client.output.headers.location}",
|
||||||
|
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_id' : client_id}}; f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_service_account_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/service-account-user",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "retrieve_infra_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member",
|
||||||
|
"method" :"GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "to_array",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${retrieve_infra_member_role.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "assign_infra_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/realm",
|
||||||
|
"method" :"POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept":"application/json"
|
||||||
|
},
|
||||||
|
"body" : "${to_array.output.resultList}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,656 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "create_vre",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Handle workflow related to Portal event group_created",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["context", "folder_owner", "folder_admins"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"root_vo": "{{ root_vo }}",
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"group" : "${workflow.input.context}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.group)) throw('Group must not be empty'); var tree = $.group.startsWith('%2F') ? $.group.split('%2F') : [$.group]; return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/'), encoded_root_vo : encodeURI($.root_vo)}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "preliminary_fork",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"body" : {
|
||||||
|
"clientId": "${init.input.group}",
|
||||||
|
"name": "${init.output.result.name}",
|
||||||
|
"description": "Client representation for ${init.output.result.name} context",
|
||||||
|
"rootUrl": "http://localhost${init.output.result.name}",
|
||||||
|
"enabled": true,
|
||||||
|
"serviceAccountsEnabled": true,
|
||||||
|
"standardFlowEnabled": true,
|
||||||
|
"authorizationServicesEnabled": true,
|
||||||
|
"publicClient": false,
|
||||||
|
"fullScopeAllowed" : false,
|
||||||
|
"protocol": "openid-connect"
|
||||||
|
},
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_client_id",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client_location" : "${create_client.output.headers.location}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_id' : client_id}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "list_kc_groups",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/groups",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "prepare",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"append": "${init.output.result.append}",
|
||||||
|
"groups": "${list_kc_groups.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; function f(){return {'group' : $.append == '' ? '' : recurse($.groups)}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "decide_task",
|
||||||
|
"taskReferenceName": "decide1",
|
||||||
|
"inputParameters": {
|
||||||
|
"groupid": "${prepare.output.result.group}"
|
||||||
|
},
|
||||||
|
"type": "SWITCH",
|
||||||
|
"evaluatorType" : "value-param",
|
||||||
|
"expression": "groupid",
|
||||||
|
"decisionCases": {
|
||||||
|
"": [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "dummy",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"defaultCase": [
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "create_kc_group",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
|
||||||
|
"body": {
|
||||||
|
"name": "${init.output.result.child}"
|
||||||
|
},
|
||||||
|
"method": "POST",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"type": "INLINE",
|
||||||
|
"taskReferenceName": "prepare2",
|
||||||
|
"inputParameters": {
|
||||||
|
"location": "${create_kc_group.output.headers.location}",
|
||||||
|
"client_location": "${create_client.output.headers.location}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function f(){return {'newid' : newid, 'client_id' : client_id}} f()"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_default_policies",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_default_resource",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/resource",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_default_policy1",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[0].id}",
|
||||||
|
"method" : "DELETE",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_default_policy2",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[1].id}",
|
||||||
|
"method" : "DELETE",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_permission",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource",
|
||||||
|
"body" : {
|
||||||
|
"name": "Default Permission",
|
||||||
|
"description": "",
|
||||||
|
"type" : "resource",
|
||||||
|
"logic": "POSITIVE",
|
||||||
|
"decisionStrategy": "AFFIRMATIVE",
|
||||||
|
"resources" : ["${get_default_resource.output.body[0]._id}"]
|
||||||
|
},
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo_roles",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "preliminary_fork_join",
|
||||||
|
"joinOn": [ "create_permission", "get_rootvo_roles"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize1",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_role_member",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${create_client.output.headers.location}/roles",
|
||||||
|
"body" : {
|
||||||
|
"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
|
||||||
|
},
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_back_role_member",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${create_role_member.output.headers.location}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "to_array",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${get_back_role_member.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "add_role_member_as_component_of_infrastructure_member",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member/composites",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : "${to_array.output.resultList}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_role_policy_member",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
|
||||||
|
"body" : {
|
||||||
|
"name": "Member_policy",
|
||||||
|
"description": "",
|
||||||
|
"type" : "role",
|
||||||
|
"logic": "POSITIVE",
|
||||||
|
"decisionStrategy": "UNANIMOUS",
|
||||||
|
"roles" : [
|
||||||
|
{
|
||||||
|
"id" : "${get_back_role_member.output.body.id}",
|
||||||
|
"required" : true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "decide_task",
|
||||||
|
"taskReferenceName": "decide2",
|
||||||
|
"inputParameters": {
|
||||||
|
"groupid": "${prepare.output.result.group}"
|
||||||
|
},
|
||||||
|
"type": "SWITCH",
|
||||||
|
"evaluatorType" : "value-param",
|
||||||
|
"expression": "groupid",
|
||||||
|
"decisionCases": {
|
||||||
|
"": [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "dummy2",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"defaultCase": [
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "assign_client_member_role_to_kc_group",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/groups/${prepare2.output.result.newid}/role-mappings/clients/${prepare2.output.result.client_id}",
|
||||||
|
"method" : "POST",
|
||||||
|
"body" : ["${get_back_role_member.output.body}"],
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Accept" : "application/json",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize2",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_add_role_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"roles" : "${get_rootvo_roles.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k); function f(){return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_add_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_role_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_role_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_role_addition"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize3",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_get_back_role_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_get_back_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_getting_back"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize4",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_add_policy_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"roles" : "${join_parallel_getting_back.output[*].body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_add_policy_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_policy_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_policy_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_policy_addition"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "policy_list",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"memberpolicy" : "${create_role_policy_member.output.body.id}",
|
||||||
|
"otherpolicies" : "${join_parallel_policy_addition.output[*].body.id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function f(){return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize5",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "finalize_permission",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource/${create_permission.output.body.id}",
|
||||||
|
"body" : {
|
||||||
|
"name": "Default Permission",
|
||||||
|
"description": "",
|
||||||
|
"type" : "resource",
|
||||||
|
"logic": "POSITIVE",
|
||||||
|
"decisionStrategy": "AFFIRMATIVE",
|
||||||
|
"policies" : "${policy_list.output.result}"
|
||||||
|
},
|
||||||
|
"method" : "PUT",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize5.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_subworkflows",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"taskReferenceName" : "parallel_call_subworkflows",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "sub_workflow_task",
|
||||||
|
"taskReferenceName": "call_enable_workspace_clients_for_context",
|
||||||
|
"subWorkflowParam": {
|
||||||
|
"name": "enable_workspace_clients_for_context"
|
||||||
|
},
|
||||||
|
"inputParameters": {
|
||||||
|
"context" : "${workflow.input.context}"
|
||||||
|
},
|
||||||
|
"type": "SUB_WORKFLOW"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "sub_workflow_task",
|
||||||
|
"taskReferenceName": "call_jupyterhub_add_serveroptions_to_context",
|
||||||
|
"subWorkflowParam": {
|
||||||
|
"name": "jupyterhub_add_serveroptions_to_context"
|
||||||
|
},
|
||||||
|
"inputParameters": {
|
||||||
|
"context" : "${workflow.input.context}"
|
||||||
|
},
|
||||||
|
"type": "SUB_WORKFLOW"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "sub_workflow_task",
|
||||||
|
"taskReferenceName": "call_record_context_to_is",
|
||||||
|
"subWorkflowParam": {
|
||||||
|
"name": "record_context_to_is"
|
||||||
|
},
|
||||||
|
"inputParameters": {
|
||||||
|
"context" : "${workflow.input.context}"
|
||||||
|
},
|
||||||
|
"type": "SUB_WORKFLOW"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "sub_workflow_task",
|
||||||
|
"taskReferenceName": "call_create_vre_folder_for_context",
|
||||||
|
"subWorkflowParam": {
|
||||||
|
"name": "create_vre_folder_for_context"
|
||||||
|
},
|
||||||
|
"inputParameters": {
|
||||||
|
"context" : "${workflow.input.context}",
|
||||||
|
"folder_owner" : "${workflow.input.folder_owner}",
|
||||||
|
"folder_admins" : "${workflow.input.folder_admins}"
|
||||||
|
},
|
||||||
|
"type": "SUB_WORKFLOW"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_call_subworkflows",
|
||||||
|
"joinOn" :[
|
||||||
|
"call_enable_workspace_clients_for_context",
|
||||||
|
"call_jupyterhub_add_serveroptions_to_context",
|
||||||
|
"call_record_context_to_is",
|
||||||
|
"call_create_vre_folder_for_context"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,141 @@
|
||||||
|
{
|
||||||
|
"createTime": 1689260185434,
|
||||||
|
"updateTime": 1689259167761,
|
||||||
|
"name": "create_vre_folder_for_context",
|
||||||
|
"description": "Upon creation of a new context, create also a vre folder on the workspace",
|
||||||
|
"version": 1,
|
||||||
|
"tasks": [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"type": "INLINE",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"inputParameters": {
|
||||||
|
"root_vo": "{{ root_vo }}",
|
||||||
|
"base_url": "https://url.gcube.d4science.org/",
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"storagehub" : "{{ storagehub }}/workspace",
|
||||||
|
"ctx": "${workflow.input.context}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); return { shubified_context_name : ($.ctx[0] === '%' ? $.ctx.replace('%2F', '') : $.ctx).split('%2F').join('-') }} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize_with_uma_rpt",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"audience" : "${init.input.root_vo}",
|
||||||
|
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "create_vre_folder",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.storagehub}/groups",
|
||||||
|
"method": "POST",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}",
|
||||||
|
"Accept": "text/plain",
|
||||||
|
"Content-Type": "multipart/form-data"
|
||||||
|
},
|
||||||
|
"body": {
|
||||||
|
"accessType": [
|
||||||
|
"WRITE_OWNER",
|
||||||
|
"application/json"
|
||||||
|
],
|
||||||
|
"group": "${init.output.result.shubified_context_name}",
|
||||||
|
"folderOwner": "${workflow.input.folder_owner}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_add_vre_folder_users_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"admins" : "${workflow.input.folder_admins}",
|
||||||
|
"url": "${init.input.storagehub}/groups/${init.output.result.shubified_context_name}/users",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.admins.length;i++)a=$.admins[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'tu_'+i}),inputs['tu_'+i]={url:$.url,body:{userId:a},method:'PUT',headers:{Authorization:'Bearer ${authorize_with_uma_rpt.output.body.access_token}', Accept: 'text/plain'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_add_vre_folder_users",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_vre_folder_users_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_vre_folder_users_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_add_vre_folder_users"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_add_vre_folder_admins_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"admins" : "${workflow.input.folder_admins}",
|
||||||
|
"url": "${init.input.storagehub}/groups/${init.output.result.shubified_context_name}/admins",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.admins.length;i++)a=$.admins[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'ta_'+i}),inputs['ta_'+i]={url:$.url,body:{userId:a},method:'PUT',headers:{Authorization:'Bearer ${authorize_with_uma_rpt.output.body.access_token}', Accept: 'text/plain'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_add_vre_folder_admins",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_vre_folder_admins_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_vre_folder_admins_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_add_vre_folder_admins"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"inputParameters": [
|
||||||
|
"context",
|
||||||
|
"folder_owner",
|
||||||
|
"folder_admins"
|
||||||
|
],
|
||||||
|
"outputParameters": {},
|
||||||
|
"schemaVersion": 2,
|
||||||
|
"restartable": true,
|
||||||
|
"workflowStatusListenerEnabled": false,
|
||||||
|
"ownerEmail": "example@email.com",
|
||||||
|
"timeoutPolicy": "ALERT_ONLY",
|
||||||
|
"timeoutSeconds": 0,
|
||||||
|
"variables": {},
|
||||||
|
"inputTemplate": {}
|
||||||
|
}
|
|
@ -0,0 +1,259 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "create_workspace_client",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Create a WorkSpace Client and hook it up to optional list ov contexts. Check or create the settings on Shub.",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "client_secret", "description", "context_list"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"root_vo": "{{ root_vo }}",
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"storagehub" : "{{ storagehub }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"secret" : "${workflow.input.client_secret}",
|
||||||
|
"description" : "${workflow.input.description}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "fork1",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"body" : "${init.output.result.client}",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_client_id",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client_location" : "${create_client.output.headers.location}",
|
||||||
|
"evaluatorType" :"javascript",
|
||||||
|
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_resource_id' : client_id}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_service_account_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_resource_id}/service-account-user",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo_member_role",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Member",
|
||||||
|
"method" : "GET",
|
||||||
|
"expect" : [200, 404],
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "join1",
|
||||||
|
"type": "JOIN",
|
||||||
|
"joinOn": [
|
||||||
|
"get_service_account_user",
|
||||||
|
"get_rootvo_member_role"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "to_array",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${get_rootvo_member_role.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "assign_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${get_rootvo_member_role.output.body.containerId}",
|
||||||
|
"method" :"POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept":"application/json"
|
||||||
|
},
|
||||||
|
"body" : "${to_array.output.resultList}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize_with_uma_rpt",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"audience" : "${init.input.root_vo}",
|
||||||
|
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||||
|
"client_id" : "${workflow.input.client_id}",
|
||||||
|
"client_secret" : "${init.output.result.client.secret}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "check_workspace",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.storagehub}/workspace",
|
||||||
|
"method" : "GET",
|
||||||
|
"expect" : [200, 406],
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json",
|
||||||
|
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "decision",
|
||||||
|
"taskReferenceName": "check_workspace_existance",
|
||||||
|
"inputParameters": {
|
||||||
|
"status": "${check_workspace.output.status}"
|
||||||
|
},
|
||||||
|
"type": "SWITCH",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "($.status === 406 ? 'create' : 'exists')",
|
||||||
|
"decisionCases": {
|
||||||
|
"create": [
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "upgrade_orchestrator_token_to_uma",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json",
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"audience" : "${init.input.root_vo}",
|
||||||
|
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_jcr_account",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.storagehub}/workspace/users",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${upgrade_orchestrator_token_to_uma.output.body.access_token}"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"user" : "${get_service_account_user.output.body.username}",
|
||||||
|
"password" : "r3u4h-ewrqwli!_m"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_tasks_to_add_ws_client_to_all_contexts",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"context_list" : "${workflow.input.context_list}",
|
||||||
|
"client_id" : "${workflow.input.client_id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_build_tasks_to_add_ws_client_to_all_contexts",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.tasks}",
|
||||||
|
"inputs" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_build_tasks_to_add_ws_client_to_all_contexts"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
|
@ -7,175 +7,233 @@
|
||||||
"ownerEmail" : "m.lettere@gmail.com",
|
"ownerEmail" : "m.lettere@gmail.com",
|
||||||
"inputParameters" : [ "userid" ],
|
"inputParameters" : [ "userid" ],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/${workflow.input.realm}",
|
"root_vo": "{{ root_vo }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/${workflow.input.realm}",
|
"keycloak": "{{ keycloak }}/${workflow.input.realm}",
|
||||||
"liferay": "{{ liferay }}",
|
"keycloak_admin" : "{{ keycloak_admin }}/${workflow.input.realm}",
|
||||||
"liferay_auth": "{{ liferay_auth }}",
|
"liferay": "{{ liferay }}",
|
||||||
"keycloak_userid" : "${workflow.input.userid}",
|
"liferay_auth": "{{ liferay_auth }}",
|
||||||
"scriptExpression": "1 == 1"
|
"keycloak_userid" : "${workflow.input.userid}",
|
||||||
}
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function f(){ return { 'decoded_root_vo' : $.root_vo.replace('%2F','/'), 'encoded_root_vo' : encodeURIComponent($.root_vo)}} f()"
|
||||||
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "pyrest",
|
||||||
"taskReferenceName" : "authorize",
|
"taskReferenceName" : "authorize",
|
||||||
"type" : "SIMPLE",
|
"type" : "SIMPLE",
|
||||||
"inputParameters" : {
|
"inputParameters" : {
|
||||||
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
"method" : "POST",
|
"method" : "POST",
|
||||||
"headers" : {
|
"headers" : {
|
||||||
"Accept" : "application/json"
|
"Accept" : "application/json"
|
||||||
},
|
},
|
||||||
"body" : {
|
"body" : {
|
||||||
"client_id" : "orchestrator",
|
"client_id" : "orchestrator",
|
||||||
"client_secret" : "{{ keycloak_auth }}",
|
"client_secret" : "{{ keycloak_auth }}",
|
||||||
"grant_type" : "client_credentials"
|
"grant_type" : "client_credentials"
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "lookup_user",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
|
|
||||||
"method" : "GET",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "fork_join",
|
|
||||||
"taskReferenceName" : "global_delete_user",
|
|
||||||
"type" : "FORK_JOIN",
|
|
||||||
"forkTasks" : [
|
|
||||||
[
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "lookup_lr_company",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.liferay}/company/get-company-by-web-id",
|
|
||||||
"method" : "GET",
|
|
||||||
"params" : { "webId" : "liferay.com"},
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Basic ${init.input.liferay_auth}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "lookup_lr_user_by_screenname",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.liferay}/user/get-user-by-screen-name",
|
|
||||||
"method" : "GET",
|
|
||||||
"params" : {
|
|
||||||
"companyId" : "${lookup_lr_company.output.body.companyId}",
|
|
||||||
"screenName" : "${lookup_user.output.body.username}"
|
|
||||||
},
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Basic ${init.input.liferay_auth}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "lookup_lr_user_groups",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.liferay}/group/get-user-sites-groups",
|
|
||||||
"method" : "GET",
|
|
||||||
"params" : {
|
|
||||||
"classNames" : "[\"com.liferay.portal.model.Group\"]",
|
|
||||||
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
|
|
||||||
"max" : "-1"
|
|
||||||
},
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Basic ${init.input.liferay_auth}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "LAMBDA_TASK",
|
|
||||||
"taskReferenceName": "build_delete_group_tasks",
|
|
||||||
"type": "LAMBDA",
|
|
||||||
"inputParameters": {
|
|
||||||
"groups" : "${lookup_lr_user_groups.output.body.*.groupId}",
|
|
||||||
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
|
|
||||||
"scriptExpression": "inputs = {}; tasks = []; for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs};"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "fork_dynamic",
|
|
||||||
"type" : "FORK_JOIN_DYNAMIC",
|
|
||||||
"taskReferenceName" : "parallel_delete_group",
|
|
||||||
"inputParameters" : {
|
|
||||||
"tasks" : "${build_delete_group_tasks.output.result.tasks}",
|
|
||||||
"inputs" : "${build_delete_group_tasks.output.result.inputs}"
|
|
||||||
},
|
|
||||||
"dynamicForkTasksParam": "tasks",
|
|
||||||
"dynamicForkTasksInputParamName": "inputs"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "join",
|
|
||||||
"type" : "JOIN",
|
|
||||||
"taskReferenceName" : "join_parallel_group_deletion"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "delete_lr_user",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.liferay}/user/delete-user",
|
|
||||||
"method" : "POST",
|
|
||||||
"params" : {
|
|
||||||
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}"
|
|
||||||
},
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Basic ${init.input.liferay_auth}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "LAMBDA_TASK",
|
|
||||||
"taskReferenceName": "lr_final_task",
|
|
||||||
"type": "LAMBDA",
|
|
||||||
"inputParameters" : {
|
|
||||||
"scriptExpression" : "1 == 1"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "join",
|
|
||||||
"type" : "JOIN",
|
|
||||||
"taskReferenceName" : "global_delete_user_join",
|
|
||||||
"joinOn": [ "lr_final_task"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "delete_keycloak_user",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
|
|
||||||
"method" : "DELETE",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "global_delete_user",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_lr_company",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.liferay}/company/get-company-by-web-id",
|
||||||
|
"method" : "GET",
|
||||||
|
"params" : { "webId" : "liferay.com"},
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Basic ${init.input.liferay_auth}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_lr_user_by_screenname",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.liferay}/user/get-user-by-screen-name",
|
||||||
|
"method" : "GET",
|
||||||
|
"params" : {
|
||||||
|
"companyId" : "${lookup_lr_company.output.body.companyId}",
|
||||||
|
"screenName" : "${lookup_user.output.body.username}"
|
||||||
|
},
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Basic ${init.input.liferay_auth}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_lr_user_groups",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.liferay}/group/get-user-sites-groups",
|
||||||
|
"method" : "GET",
|
||||||
|
"params" : {
|
||||||
|
"classNames" : "[\"com.liferay.portal.model.Group\"]",
|
||||||
|
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
|
||||||
|
"max" : "-1"
|
||||||
|
},
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Basic ${init.input.liferay_auth}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_delete_group_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"groups" : "${lookup_lr_user_groups.output.body.*.groupId}",
|
||||||
|
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
|
||||||
|
"expression": "inputs = {}; tasks = []; function f(){ for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_delete_group",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_delete_group_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_delete_group_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_group_deletion"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_lr_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.liferay}/user/delete-user",
|
||||||
|
"method" : "POST",
|
||||||
|
"params" : {
|
||||||
|
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}"
|
||||||
|
},
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Basic ${init.input.liferay_auth}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "lr_final_task",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression" : "1 == 1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo_roles",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
|
||||||
|
"method" : "GET",
|
||||||
|
"expect" : [200, 404],
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo_infra_managers",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Infrastructure-Manager/users",
|
||||||
|
"method" : "GET",
|
||||||
|
"expect" : [200, 404],
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "global_delete_user_join",
|
||||||
|
"joinOn": [ "lr_final_task", "get_rootvo_infra_managers"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_keycloak_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
|
||||||
|
"method" : "DELETE",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pymail",
|
||||||
|
"taskReferenceName" : "notify_infra_managers",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"subject" : "User account REMOVAL notification",
|
||||||
|
"from" : "noreply@d4science.org",
|
||||||
|
"to" : "${get_rootvo_infra_managers.output.body.*.email}",
|
||||||
|
"html" : "<html><body><p>Dear ${init.output.result.decoded_root_vo} Infrastructure Manager,</p><p>${lookup_user.output.body.firstName} ${lookup_user.output.body.lastName} (${lookup_user.output.body.username}) removed his/her account from the portal with the following email: ${lookup_user.output.body.email}</p><p>You received this email because you are an Infrastructure Manager.</p><p>WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.</p></body></html>"
|
||||||
|
}
|
||||||
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "delete_system_service",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Delete a system service from KC and IS",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "check",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"list" : "${lookup_client.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression" : "function f(){if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}",
|
||||||
|
"method" : "DELETE",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,101 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "enable_workspace_clients_for_context",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "All workspace clients registered on Information system for given context are enabled for VRE by calling add_workspace_client_to_context",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["filter", "context"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"ctx" : "${workflow.input.context}",
|
||||||
|
"filter" : "${workflow.input.filter}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); f=$.filter; if(e(f)) f = []; else if(typeof(f) === 'string') f=[f]; else f=Java.from(f); return { encoded_root_vo : encodeURI($.root_vo), filter : Java.to(f,'java.lang.String[]')}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize_with_uma_rpt",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"audience" : "${workflow.input.context}",
|
||||||
|
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "query_workspace_clients_on_icproxy",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ ic_proxy }}/icproxy/gcube/service/ServiceEndpoint/SystemWorkspaceClient",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyeval",
|
||||||
|
"taskReferenceName" : "extract_workspace_client_names",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Name')))",
|
||||||
|
"xmlstring" : "${query_workspace_clients_on_icproxy.output.body}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "filtered_workspace_client_names",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"names" : "${extract_workspace_client_names.output.result}",
|
||||||
|
"filter" : "${init.output.result.filter}",
|
||||||
|
"expression": "names=Java.from($.names); filt=Java.from($.filter); function f(){if(filt.length === 0) output=names; else { output=[]; for(i=0;i<names.length;i++){ if(filt.indexOf(names[i]) !== -1) output.push(names[i])}} return { 'names' : Java.to(output, 'java.lang.String[]')}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_add_workspace_client_to_context_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"context" : "${workflow.input.context}",
|
||||||
|
"names" : "${filtered_workspace_client_names.output.result.names}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.names.length;i++){tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_ws_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}});inputs['call_add_ws_client_to_context_'+i]={client_id:$.names[i], context:$.context}} return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_add_workspace_client_to_context_tasks",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_workspace_client_to_context_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_workspace_client_to_context_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_add_workspace_client_to_context_tasks"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,159 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "ghn_client_add_to_context",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "A GHN client is made Member of a context and it's workspace folder is linked to context's shared folder",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "context"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"ctx" : "${workflow.input.context}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "fork1",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_ghn_client",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client" : "${lookup_client.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_service_account_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_context",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"params" : { "clientId" : "${init.output.result.encoded_context}"},
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_context",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client" : "${lookup_context.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "retrieve_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
|
||||||
|
"method" :"GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "roles_to_assign",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${retrieve_member_role.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "join1",
|
||||||
|
"type": "JOIN",
|
||||||
|
"joinOn": [
|
||||||
|
"get_service_account_user",
|
||||||
|
"roles_to_assign"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "assign_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
|
||||||
|
"method" :"POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept":"application/json"
|
||||||
|
},
|
||||||
|
"body" : "${roles_to_assign.output.resultList}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,51 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "ghn_client_add_to_contexts",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "A client for a GHN is made Member of all the contexts passed as input by calling the ghn_client_add_to_context sub-workflow",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "context_list"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_tasks_to_add_ghn_client_to_all_contexts",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"context_list" : "${workflow.input.context_list}",
|
||||||
|
"client_id" : "${workflow.input.client_id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_ghn_client_to_context_'+i, subWorkflowParam:{ name:'ghn_client_add_to_context'}}),inputs['add_ghn_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_build_tasks_to_add_ghn_client_to_all_contexts",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.tasks}",
|
||||||
|
"inputs" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_build_tasks_to_add_ghn_client_to_all_contexts"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,180 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "ghn_client_create",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Create a client on IAM to represent SmartGears based GHNodes",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "client_secret", "description", "context_list"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"root_vo": "{{ root_vo }}",
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"storagehub" : "{{ storagehub }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"secret" : "${workflow.input.client_secret}",
|
||||||
|
"description" : "${workflow.input.description}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "fork1",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"body" : "${init.output.result.client}",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_client_id",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client_location" : "${create_client.output.headers.location}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_resource_id' : client_id}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_service_account_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_resource_id}/service-account-user",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo_member_role",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Member",
|
||||||
|
"method" : "GET",
|
||||||
|
"expect" : [200, 404],
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "join1",
|
||||||
|
"type": "JOIN",
|
||||||
|
"joinOn": [
|
||||||
|
"get_service_account_user",
|
||||||
|
"get_rootvo_member_role"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "to_array",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${get_rootvo_member_role.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "assign_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${get_rootvo_member_role.output.body.containerId}",
|
||||||
|
"method" :"POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept":"application/json"
|
||||||
|
},
|
||||||
|
"body" : "${to_array.output.resultList}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_tasks_to_add_ghn_client_to_all_contexts",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"context_list" : "${workflow.input.context_list}",
|
||||||
|
"client_id" : "${workflow.input.client_id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_ghn_client_to_context_'+i, subWorkflowParam:{ name:'ghn_client_add_to_context'}}),inputs['add_ghn_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_build_tasks_to_add_ghn_client_to_all_contexts",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.tasks}",
|
||||||
|
"inputs" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_build_tasks_to_add_ghn_client_to_all_contexts"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "ghn_client_delete",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Delete a GHN client from IAM",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "check",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"list" : "${lookup_client.output.body}",
|
||||||
|
"expression" : "if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}",
|
||||||
|
"method" : "DELETE",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,159 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "ghn_client_remove_from_context",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "The role Memeber of the give context is removed from a GHN client on IAM.",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "context"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"ctx" : "${workflow.input.context}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "fork1",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_ghn_client",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client" : "${lookup_client.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_service_account_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "lookup_context",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"params" : { "clientId" : "${init.output.result.encoded_context}"},
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_context",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client" : "${lookup_context.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "retrieve_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
|
||||||
|
"method" :"GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "roles_to_remove",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${retrieve_member_role.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "join1",
|
||||||
|
"type": "JOIN",
|
||||||
|
"joinOn": [
|
||||||
|
"get_service_account_user",
|
||||||
|
"roles_to_remove"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"taskReferenceName": "remove_member_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
|
||||||
|
"method" :"DELETE",
|
||||||
|
"expect" : 204,
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : "${roles_to_remove.output.resultList}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,51 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "ghn_client_remove_from_contexts",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "The role Member for of all the passed contexts is removed from a GHN client",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["client_id", "context_list"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"id" : "${workflow.input.client_id}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE",
|
||||||
|
"taskReferenceName": "build_tasks_to_remove_ghn_client_from_all_contexts",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"context_list" : "${workflow.input.context_list}",
|
||||||
|
"client_id" : "${workflow.input.client_id}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={},tasks=[]; function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'remove_ghn_client_from_context_'+i, subWorkflowParam:{ name:'ghn_client_remove_from_context'}}),inputs['remove_ghn_client_from_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_build_tasks_to_remove_ghn_client_from_all_contexts",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.tasks}",
|
||||||
|
"inputs" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_build_tasks_to_remove_ghn_client_from_all_contexts"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
|
@ -7,338 +7,659 @@
|
||||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
"inputParameters" : ["user", "group"],
|
"inputParameters" : ["user", "group"],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
"root_vo": "{{ root_vo }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
"clientId" : "${workflow.input.group}",
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
"scriptExpression": "var tree = $.clientId.split('%2F'); return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/')}"
|
"group" : "${workflow.input.group}",
|
||||||
}
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.group)) throw('Group must not be empty'); var tree = $.group.startsWith('%2F') ? $.group.split('%2F') : [$.group]; return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/'), encoded_root_vo : encodeURI($.root_vo)}} f()"
|
||||||
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "pyrest",
|
||||||
"taskReferenceName" : "authorize",
|
"taskReferenceName" : "authorize",
|
||||||
"type" : "SIMPLE",
|
"type" : "SIMPLE",
|
||||||
"inputParameters" : {
|
"inputParameters" : {
|
||||||
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
"method" : "POST",
|
"method" : "POST",
|
||||||
"headers" : {
|
"headers" : {
|
||||||
"Accept" : "application/json"
|
"Accept" : "application/json"
|
||||||
},
|
},
|
||||||
"body" : {
|
"body" : {
|
||||||
"client_id" : "orchestrator",
|
"client_id" : "orchestrator",
|
||||||
"client_secret" : "{{ keycloak_auth }}",
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
"grant_type" : "client_credentials"
|
"grant_type" : "client_credentials"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "check_is_gateway",
|
||||||
"taskReferenceName" : "lookup_user",
|
"taskReferenceName" : "check_is_gateway",
|
||||||
"type" : "SIMPLE",
|
"type" : "SWITCH",
|
||||||
"inputParameters" : {
|
"evaluatorType" : "javascript",
|
||||||
"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
|
"inputParameters" :{
|
||||||
"method" : "GET",
|
"group" : "${workflow.input.group}"
|
||||||
"headers" : {
|
},
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
"expression": "$.group.toLowerCase().endsWith('gateway') ? 'gateway' : ''",
|
||||||
"Accept" : "application/json"
|
"decisionCases" : {
|
||||||
}
|
"gateway" : [
|
||||||
}
|
{
|
||||||
},
|
"name" : "pyrest",
|
||||||
{
|
"taskReferenceName" : "create_gateway_group",
|
||||||
"name" : "pyrest",
|
"type" : "SIMPLE",
|
||||||
"taskReferenceName" : "create_client",
|
"inputParameters" : {
|
||||||
"type" : "SIMPLE",
|
"url" : "${init.input.keycloak_admin}/groups",
|
||||||
"inputParameters" : {
|
"body" : {
|
||||||
"url" : "${init.input.keycloak_admin}/clients",
|
"name" : "${init.output.result.child}"
|
||||||
"body" : {
|
},
|
||||||
"clientId": "${init.input.clientId}",
|
"method" : "POST",
|
||||||
"name": "${init.output.result.name}",
|
"headers" : {
|
||||||
"description": "Client representation for ${init.output.result.name} context",
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
"rootUrl": "http://localhost${init.output.result.name}",
|
"Content-Type" : "application/json"
|
||||||
"enabled": true,
|
|
||||||
"serviceAccountsEnabled": true,
|
|
||||||
"standardFlowEnabled": true,
|
|
||||||
"authorizationServicesEnabled": true,
|
|
||||||
"publicClient": false,
|
|
||||||
"fullScopeAllowed" : false,
|
|
||||||
"protocol": "openid-connect"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "fork_join",
|
|
||||||
"taskReferenceName" : "fork_role_creation",
|
|
||||||
"type" : "FORK_JOIN",
|
|
||||||
"forkTasks" : [
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_member",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "get_back_role_member",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_role_member.output.headers.location}",
|
|
||||||
"method" : "GET",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_kc_group",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.keycloak_admin}/groups",
|
|
||||||
"body" : {
|
|
||||||
"name" : "${init.output.result.child}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "list_kc_groups",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.keycloak_admin}/groups",
|
|
||||||
"method" : "GET",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "LAMBDA_TASK",
|
|
||||||
"taskReferenceName": "prepare",
|
|
||||||
"type": "LAMBDA",
|
|
||||||
"inputParameters": {
|
|
||||||
"append" : "${init.output.result.append}",
|
|
||||||
"location" : "${create_kc_group.output.headers.location}",
|
|
||||||
"client_location" : "${create_client.output.headers.location}",
|
|
||||||
"groups" : "${list_kc_groups.output.body}",
|
|
||||||
"scriptExpression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; return {'group' : $.append == '' ? '' : recurse($.groups), 'newid' : newid, 'client_id' : client_id}"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "decide_task",
|
|
||||||
"taskReferenceName": "decide1",
|
|
||||||
"inputParameters": {
|
|
||||||
"groupid": "${prepare.output.result.group}"
|
|
||||||
},
|
|
||||||
"type": "DECISION",
|
|
||||||
"caseValueParam": "groupid",
|
|
||||||
"decisionCases": {
|
|
||||||
"": [
|
|
||||||
{
|
|
||||||
"name": "LAMBDA_TASK",
|
|
||||||
"taskReferenceName": "dummy",
|
|
||||||
"type": "LAMBDA",
|
|
||||||
"inputParameters": {
|
|
||||||
"scriptExpression": "1"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
},
|
},
|
||||||
"defaultCase": [
|
{
|
||||||
|
"name" : "terminate",
|
||||||
|
"taskReferenceName" : "terminate_when_gateway",
|
||||||
|
"type" : "TERMINATE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"terminationStatus" : "COMPLETED"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_join",
|
||||||
|
"taskReferenceName" : "preliminary_fork",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_client",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients",
|
||||||
|
"body" : {
|
||||||
|
"clientId": "${init.input.group}",
|
||||||
|
"name": "${init.output.result.name}",
|
||||||
|
"description": "Client representation for ${init.output.result.name} context",
|
||||||
|
"rootUrl": "http://localhost${init.output.result.name}",
|
||||||
|
"enabled": true,
|
||||||
|
"serviceAccountsEnabled": true,
|
||||||
|
"standardFlowEnabled": true,
|
||||||
|
"authorizationServicesEnabled": true,
|
||||||
|
"publicClient": false,
|
||||||
|
"fullScopeAllowed" : false,
|
||||||
|
"protocol": "openid-connect"
|
||||||
|
},
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_client_id",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"client_location" : "${create_client.output.headers.location}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function f(){var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "list_kc_groups",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/groups",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "prepare",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"append": "${init.output.result.append}",
|
||||||
|
"groups": "${list_kc_groups.output.body}",
|
||||||
|
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; function f(){return {'group' : $.append == '' ? '' : recurse($.groups)}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "decide_task",
|
||||||
|
"taskReferenceName": "decide1",
|
||||||
|
"inputParameters": {
|
||||||
|
"groupid": "${prepare.output.result.group}"
|
||||||
|
},
|
||||||
|
"type": "SWITCH",
|
||||||
|
"evaluatorType" : "value-param",
|
||||||
|
"expression": "groupid",
|
||||||
|
"decisionCases": {
|
||||||
|
"": [
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName" : "move_new_kc_group_to_parent",
|
"taskReferenceName": "dummy",
|
||||||
"type" : "SIMPLE",
|
"type": "INLINE",
|
||||||
"inputParameters" : {
|
"inputParameters": {
|
||||||
"url" : "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
|
"evaluatorType" :"javascript",
|
||||||
"method" : "POST",
|
"expression": "1"
|
||||||
"body" : {
|
|
||||||
"id" : "${prepare.output.result.newid}"
|
|
||||||
},
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"defaultCase": [
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "create_kc_group",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
|
||||||
|
"body": {
|
||||||
|
"name": "${init.output.result.child}"
|
||||||
|
},
|
||||||
|
"method": "POST",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "prepare2",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"location": "${create_kc_group.output.headers.location}",
|
||||||
|
"client_location": "${create_client.output.headers.location}",
|
||||||
|
|
||||||
|
"expression": "function f(){var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); return {'newid' : newid, 'client_id' : client_id}} f()"
|
||||||
|
},
|
||||||
|
"type": "INLINE"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_default_policies",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_default_resource",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/resource",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_default_policy1",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[0].id}",
|
||||||
|
"method" : "DELETE",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_default_policy2",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[1].id}",
|
||||||
|
"method" : "DELETE",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_permission",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource",
|
||||||
|
"body" : {
|
||||||
|
"name": "Default Permission",
|
||||||
|
"description": "",
|
||||||
|
"type" : "resource",
|
||||||
|
"logic": "POSITIVE",
|
||||||
|
"decisionStrategy": "AFFIRMATIVE",
|
||||||
|
"resources" : ["${get_default_resource.output.body[0]._id}"]
|
||||||
|
},
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_rootvo_roles",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "preliminary_fork_join",
|
||||||
|
"joinOn": [ "create_permission", "get_rootvo_roles"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize1",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_role_member",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${create_client.output.headers.location}/roles",
|
||||||
|
"body" : {
|
||||||
|
"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
|
||||||
|
},
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_back_role_member",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${create_role_member.output.headers.location}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "to_array",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${get_back_role_member.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "add_role_member_as_component_of_infrastructure_member",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member/composites",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : "${to_array.output.resultList}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "create_role_policy_member",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
|
||||||
|
"body" : {
|
||||||
|
"name": "Member_policy",
|
||||||
|
"description": "",
|
||||||
|
"type" : "role",
|
||||||
|
"logic": "POSITIVE",
|
||||||
|
"decisionStrategy": "UNANIMOUS",
|
||||||
|
"roles" : [
|
||||||
|
{
|
||||||
|
"id" : "${get_back_role_member.output.body.id}",
|
||||||
|
"required" : true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "decide_task",
|
||||||
|
"taskReferenceName": "decide2",
|
||||||
|
"inputParameters": {
|
||||||
|
"groupid": "${prepare.output.result.group}"
|
||||||
|
},
|
||||||
|
"type": "SWITCH",
|
||||||
|
"evaluatorType" : "value-param",
|
||||||
|
"expression": "groupid",
|
||||||
|
"decisionCases": {
|
||||||
|
"": [
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName" : "assign_client_member_role_to_kc_group",
|
"taskReferenceName": "dummy2",
|
||||||
"type" : "SIMPLE",
|
"type": "INLINE",
|
||||||
"inputParameters" : {
|
"inputParameters": {
|
||||||
"url" : "${init.input.keycloak_admin}/groups/${prepare.output.result.newid}/role-mappings/clients/${prepare.output.result.client_id}",
|
"evaluatorType" : "javascript",
|
||||||
"method" : "POST",
|
"expression": "1"
|
||||||
"body" : ["${get_back_role_member.output.body}"],
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_accountingmanager",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "Accounting-Manager", "description" : "Accounting-Manager for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_catalogueadmin",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "Catalogue-Admin", "description" : "Catalogue-Admin for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_catalogueeditor",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "Catalogue-Editor", "description" : "Catalogue-Editor for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_datamanager",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "Data-Manager", "description" : "Data-Manager for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_dataminermanager",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "Dataminer-Manager", "description" : "Dataminer-Manager for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_voadmin",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "VO-Admin", "description" : "VO-Admin for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_vredesigner",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "VRE-Designer", "description" : "VRE-Designer for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}],
|
|
||||||
[{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "create_role_vremanager",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${create_client.output.headers.location}/roles",
|
|
||||||
"body" : {
|
|
||||||
"clientRole" : true, "name" : "VRE-Manager", "description" : "VRE-Manager for ${init.output.result.name}"
|
|
||||||
},
|
|
||||||
"method" : "POST",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Content-Type" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}]
|
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
"defaultCase": [
|
||||||
"name" : "join",
|
{
|
||||||
"taskReferenceName" : "join_role_creation",
|
"name" : "pyrest",
|
||||||
"type" : "JOIN"
|
"taskReferenceName" : "assign_client_member_role_to_kc_group",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/groups/${prepare2.output.result.newid}/role-mappings/clients/${prepare2.output.result.client_id}",
|
||||||
|
"method" : "POST",
|
||||||
|
"body" : ["${get_back_role_member.output.body}"],
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||||
|
"Accept" : "application/json",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize2",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_add_role_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"roles" : "${get_rootvo_roles.output.body}",
|
||||||
|
"expression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k); function f(){return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_add_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_role_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_role_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_role_addition"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize3",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_get_back_role_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_get_back_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_getting_back"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize4",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_add_policy_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"roles" : "${join_parallel_getting_back.output[*].body}",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_add_policy_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_policy_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_policy_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_policy_addition"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "policy_list",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"memberpolicy" : "${create_role_policy_member.output.body.id}",
|
||||||
|
"otherpolicies" : "${join_parallel_policy_addition.output[*].body.id}",
|
||||||
|
"expression": "function f(){return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize5",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "finalize_permission",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource/${create_permission.output.body.id}",
|
||||||
|
"body" : {
|
||||||
|
"name": "Default Permission",
|
||||||
|
"description": "",
|
||||||
|
"type" : "resource",
|
||||||
|
"logic": "POSITIVE",
|
||||||
|
"decisionStrategy": "AFFIRMATIVE",
|
||||||
|
"policies" : "${policy_list.output.result}"
|
||||||
|
},
|
||||||
|
"method" : "PUT",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize5.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_subworkflows",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"taskReferenceName" : "parallel_call_subworkflows",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "sub_workflow_task",
|
||||||
|
"taskReferenceName": "call_enable_workspace_clients_for_context",
|
||||||
|
"subWorkflowParam": {
|
||||||
|
"name": "enable_workspace_clients_for_context"
|
||||||
|
},
|
||||||
|
"inputParameters": {
|
||||||
|
"context" : "${workflow.input.group}"
|
||||||
|
},
|
||||||
|
"type": "SUB_WORKFLOW"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "sub_workflow_task",
|
||||||
|
"taskReferenceName": "call_jupyterhub_add_serveroptions_to_context",
|
||||||
|
"subWorkflowParam": {
|
||||||
|
"name": "jupyterhub_add_serveroptions_to_context"
|
||||||
|
},
|
||||||
|
"inputParameters": {
|
||||||
|
"context" : "${workflow.input.group}"
|
||||||
|
},
|
||||||
|
"type": "SUB_WORKFLOW"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_call_subworkflows",
|
||||||
|
"joinOn" :[
|
||||||
|
"call_enable_workspace_clients_for_context",
|
||||||
|
"call_jupyterhub_add_serveroptions_to_context"
|
||||||
|
]
|
||||||
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,14 +8,15 @@
|
||||||
"inputParameters" : ["user", "group"],
|
"inputParameters" : ["user", "group"],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
"group" : "${workflow.input.group}",
|
"group" : "${workflow.input.group}",
|
||||||
"scriptExpression" : "return $.group.split('%2F').join('/')"
|
"evaluatorType" : "javascript",
|
||||||
|
"expression" : "function f(){return $.group.split('%2F').join('/')} f()"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -75,13 +76,14 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "find_group_by_path",
|
"taskReferenceName": "find_group_by_path",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
"path" : "${init.output.result}",
|
"path" : "${init.output.result}",
|
||||||
"groups" : "${list_kc_groups.output.body}",
|
"groups" : "${list_kc_groups.output.body}",
|
||||||
"scriptExpression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.path) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; return recurse($.groups)"
|
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.path) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; recurse($.groups)"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -8,13 +8,14 @@
|
||||||
"inputParameters" : ["user", "first-name", "last-name", "email", "password"],
|
"inputParameters" : ["user", "first-name", "last-name", "email", "password"],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
"scriptExpression": "1"
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "1"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -40,7 +41,7 @@
|
||||||
"type" : "SIMPLE",
|
"type" : "SIMPLE",
|
||||||
"inputParameters" : {
|
"inputParameters" : {
|
||||||
"url" : "${init.input.keycloak_admin}/users",
|
"url" : "${init.input.keycloak_admin}/users",
|
||||||
"expect" : 201,
|
"expect" : [201, 409],
|
||||||
"method" : "POST",
|
"method" : "POST",
|
||||||
"body" : {
|
"body" : {
|
||||||
"username": "${workflow.input.user}",
|
"username": "${workflow.input.user}",
|
||||||
|
|
|
@ -0,0 +1,385 @@
|
||||||
|
{
|
||||||
|
"createTime": 1657617957794,
|
||||||
|
"updateTime": 1657639881455,
|
||||||
|
"name": "jupyterhub_add_serveroptions_to_context",
|
||||||
|
"description": "Reflects the JupyterHub ServerOptions from a given IS Context to the AuthZ on the IAM",
|
||||||
|
"version": 1,
|
||||||
|
"tasks": [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin": "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"ctx": "${workflow.input.context}",
|
||||||
|
"jupyterhub_clientid" : "jupyterhub1",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.ctx)) throw('Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "authorize",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method": "POST",
|
||||||
|
"headers": {
|
||||||
|
"Accept": "application/json"
|
||||||
|
},
|
||||||
|
"body": {
|
||||||
|
"client_id": "orchestrator",
|
||||||
|
"client_secret": "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type": "client_credentials"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "fork_join",
|
||||||
|
"taskReferenceName": "pre-query",
|
||||||
|
"inputParameters": {},
|
||||||
|
"type": "FORK_JOIN",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "lookup_client",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/clients",
|
||||||
|
"params": {
|
||||||
|
"clientId": "${init.output.result.encoded_context}"
|
||||||
|
},
|
||||||
|
"method": "GET",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "get_client_member_role",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles/Member",
|
||||||
|
"method": "GET",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "jq_1",
|
||||||
|
"taskReferenceName": "role_to_array",
|
||||||
|
"type": "JSON_JQ_TRANSFORM",
|
||||||
|
"inputParameters": {
|
||||||
|
"role": "${get_client_member_role.output.body}",
|
||||||
|
"queryExpression" : ".role"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "lookup_jupyterhub",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/clients",
|
||||||
|
"params": {
|
||||||
|
"clientId": "${init.input.jupyterhub_clientid}"
|
||||||
|
},
|
||||||
|
"method": "GET",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "lookup_jupyterhub_resources",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource",
|
||||||
|
"params": {
|
||||||
|
"clientId": "${init.input.jupyterhub_clientid}"
|
||||||
|
},
|
||||||
|
"method": "GET",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "authorize_with_uma_rpt",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||||
|
"method": "POST",
|
||||||
|
"headers": {
|
||||||
|
"Accept": "application/json"
|
||||||
|
},
|
||||||
|
"body": {
|
||||||
|
"audience": "${init.output.result.encoded_context}",
|
||||||
|
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||||
|
"client_id": "orchestrator",
|
||||||
|
"client_secret": "{{ keycloak_auth }}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "lookup_resources_on_icproxy",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/JupyterHub",
|
||||||
|
"method": "GET",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyeval",
|
||||||
|
"taskReferenceName": "extract_authids",
|
||||||
|
"inputParameters": {
|
||||||
|
"code": "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/ServerOption/AuthId')))",
|
||||||
|
"xmlstring": "${lookup_resources_on_icproxy.output.body}"
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
}
|
||||||
|
]
|
||||||
|
],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "join-pre-query",
|
||||||
|
"inputParameters": {},
|
||||||
|
"type": "JOIN",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [
|
||||||
|
"lookup_jupyterhub_resources",
|
||||||
|
"extract_authids"
|
||||||
|
],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "check",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"param": "ok",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.param)) throw('Param must not be empty'); else return $.param} f()"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "filter_and_update",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"allowed": "${extract_authids.output.result}",
|
||||||
|
"res": "${lookup_jupyterhub_resources.output.body}",
|
||||||
|
"ctx": "${init.output.result.encoded_context}",
|
||||||
|
"expression": "var ret = []; function f(){for(var r=0; r < $.res.length; r++){ if($.allowed.indexOf($.res[r].name) !== -1){ $.res[r].attributes[$.ctx] = Java.to(['true'], 'java.lang.String[]'); ret.push($.res[r]) } } return Java.to(ret, 'java.util.Map[]')} f()"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_parallel_tasks",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"res": "${filter_and_update.output.result}",
|
||||||
|
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource/",
|
||||||
|
"expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.res.length; i++){s = $.res[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 't' + i});inputs['t' + i] = {url: $.url + $.res[i]._id,method: 'PUT', body: $.res[i], headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', 'Content-Type': 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "fork_dynamic",
|
||||||
|
"taskReferenceName": "parallel_tasks",
|
||||||
|
"inputParameters": {
|
||||||
|
"tasks": "${build_parallel_tasks.output.result.tasks}",
|
||||||
|
"inputs": "${build_parallel_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"type": "FORK_JOIN_DYNAMIC",
|
||||||
|
"decisionCases": {},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs",
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "join_parallel_tasks",
|
||||||
|
"inputParameters": {},
|
||||||
|
"type": "JOIN"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "check_at_least_one",
|
||||||
|
"taskReferenceName": "check_at_least_one",
|
||||||
|
"inputParameters": {
|
||||||
|
"tasks": "${join_parallel_tasks.input.*}"
|
||||||
|
},
|
||||||
|
"type": "SWITCH",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "($.tasks.length > 0 ? 'true' : 'false')",
|
||||||
|
"decisionCases": {
|
||||||
|
"true": [
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "enable_jupyterhub_scope_for_context",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/scope-mappings/clients/${lookup_client.output.body[0].id}",
|
||||||
|
"method": "POST",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type": "application/json"
|
||||||
|
},
|
||||||
|
"body": "${role_to_array.output.resultList}"
|
||||||
|
},
|
||||||
|
"type": "SIMPLE"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"inputParameters": [
|
||||||
|
"context"
|
||||||
|
],
|
||||||
|
"outputParameters": {},
|
||||||
|
"schemaVersion": 2,
|
||||||
|
"restartable": true,
|
||||||
|
"workflowStatusListenerEnabled": false,
|
||||||
|
"ownerEmail": "example@email.com",
|
||||||
|
"timeoutPolicy": "ALERT_ONLY",
|
||||||
|
"timeoutSeconds": 0,
|
||||||
|
"variables": {},
|
||||||
|
"inputTemplate": {}
|
||||||
|
}
|
|
@ -0,0 +1,303 @@
|
||||||
|
{
|
||||||
|
"ownerApp": "Orchestrator",
|
||||||
|
"createTime": 1712929588891,
|
||||||
|
"updateTime": 1712930905661,
|
||||||
|
"accessPolicy": {},
|
||||||
|
"name": "keycloak_delete_account",
|
||||||
|
"description": "Handle Admin events from Keycloak",
|
||||||
|
"version": 1,
|
||||||
|
"tasks": [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"inputParameters": {
|
||||||
|
"root_vo": "{{ root_vo }}",
|
||||||
|
"keycloak": "{{ keycloak }}/${workflow.input.realm}",
|
||||||
|
"keycloak_admin": "{{ keycloak_admin }}/${workflow.input.realm}",
|
||||||
|
"liferay": "{{ liferay }}",
|
||||||
|
"liferay_auth": "{{ liferay_auth }}",
|
||||||
|
"keycloak_username": "${workflow.input.username}",
|
||||||
|
"evaluatorType": "javascript",
|
||||||
|
"expression": "function f(){ return { 'decoded_root_vo' : $.root_vo.replace('%2F','/'), 'encoded_root_vo' : encodeURIComponent($.root_vo)}} f()"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "authorize",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method": "POST",
|
||||||
|
"headers": {
|
||||||
|
"Accept": "application/json"
|
||||||
|
},
|
||||||
|
"body": {
|
||||||
|
"client_id": "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}",
|
||||||
|
"grant_type": "client_credentials"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "fork_join",
|
||||||
|
"taskReferenceName": "global_delete_user",
|
||||||
|
"inputParameters": {},
|
||||||
|
"type": "FORK_JOIN",
|
||||||
|
"forkTasks": [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "lookup_lr_company",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.liferay}/company/get-company-by-web-id",
|
||||||
|
"method": "GET",
|
||||||
|
"params": {
|
||||||
|
"webId": "liferay.com"
|
||||||
|
},
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Basic ${init.input.liferay_auth}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "lookup_lr_user_by_screenname",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.liferay}/user/get-user-by-screen-name",
|
||||||
|
"method": "GET",
|
||||||
|
"params": {
|
||||||
|
"companyId": "${lookup_lr_company.output.body.companyId}",
|
||||||
|
"screenName": "${init.input.keycloak_username}"
|
||||||
|
},
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Basic ${init.input.liferay_auth}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "lookup_lr_user_groups",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.liferay}/group/get-user-sites-groups",
|
||||||
|
"method": "GET",
|
||||||
|
"params": {
|
||||||
|
"classNames": "[\"com.liferay.portal.model.Group\"]",
|
||||||
|
"userId": "${lookup_lr_user_by_screenname.output.body.userId}",
|
||||||
|
"max": "-1"
|
||||||
|
},
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Basic ${init.input.liferay_auth}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_delete_group_tasks",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType": "javascript",
|
||||||
|
"groups": "${lookup_lr_user_groups.output.body.*.groupId}",
|
||||||
|
"userId": "${lookup_lr_user_by_screenname.output.body.userId}",
|
||||||
|
"expression": "inputs = {}; tasks = []; function f(){ for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs}} f()"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "fork_dynamic",
|
||||||
|
"taskReferenceName": "parallel_delete_group",
|
||||||
|
"inputParameters": {
|
||||||
|
"tasks": "${build_delete_group_tasks.output.result.tasks}",
|
||||||
|
"inputs": "${build_delete_group_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"type": "FORK_JOIN_DYNAMIC",
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "join_parallel_group_deletion",
|
||||||
|
"inputParameters": {},
|
||||||
|
"type": "JOIN",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "delete_lr_user",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.liferay}/user/delete-user",
|
||||||
|
"method": "POST",
|
||||||
|
"params": {
|
||||||
|
"userId": "${lookup_lr_user_by_screenname.output.body.userId}"
|
||||||
|
},
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Basic ${init.input.liferay_auth}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "lr_final_task",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType": "javascript",
|
||||||
|
"expression": "1 == 1"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "get_rootvo",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
|
||||||
|
"method": "GET",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "get_rootvo_roles",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
|
||||||
|
"method": "GET",
|
||||||
|
"expect": [
|
||||||
|
200,
|
||||||
|
404
|
||||||
|
],
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "get_rootvo_infra_managers",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Infrastructure-Manager/users",
|
||||||
|
"method": "GET",
|
||||||
|
"expect": [
|
||||||
|
200,
|
||||||
|
404
|
||||||
|
],
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept": "application/json"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
}
|
||||||
|
]
|
||||||
|
],
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "join",
|
||||||
|
"taskReferenceName": "global_delete_user_join",
|
||||||
|
"inputParameters": {},
|
||||||
|
"type": "JOIN",
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [
|
||||||
|
"lr_final_task",
|
||||||
|
"get_rootvo_infra_managers"
|
||||||
|
],
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pymail",
|
||||||
|
"taskReferenceName": "notify_infra_managers",
|
||||||
|
"inputParameters": {
|
||||||
|
"subject": "User account REMOVAL notification",
|
||||||
|
"from": "noreply@d4science.org",
|
||||||
|
"to": "${get_rootvo_infra_managers.output.body.*.email}",
|
||||||
|
"html": "<html><body><p>Dear ${init.output.result.decoded_root_vo} Infrastructure Manager,</p><p>'${lookup_lr_user_by_screenname.output.body.firstName} ${lookup_lr_user_by_screenname.output.body.lastName} (${lookup_lr_user_by_screenname.output.body.screenName})' removed his/her account from the IAM</p><p>You received this email because you are an Infrastructure Manager.</p><p>WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.</p></body></html>"
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false,
|
||||||
|
"permissive": false
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"inputParameters": [
|
||||||
|
"userid"
|
||||||
|
],
|
||||||
|
"outputParameters": {},
|
||||||
|
"schemaVersion": 2,
|
||||||
|
"restartable": true,
|
||||||
|
"workflowStatusListenerEnabled": false,
|
||||||
|
"ownerEmail": "mauro.mugnaini@nubisware.com",
|
||||||
|
"timeoutPolicy": "ALERT_ONLY",
|
||||||
|
"timeoutSeconds": 0,
|
||||||
|
"variables": {},
|
||||||
|
"inputTemplate": {}
|
||||||
|
}
|
|
@ -0,0 +1,179 @@
|
||||||
|
{
|
||||||
|
"createTime": 1689254203836,
|
||||||
|
"updateTime": 1689259676819,
|
||||||
|
"name": "record_context_to_is",
|
||||||
|
"description": "Upon creation of a new context, record it to the Information System",
|
||||||
|
"version": 1,
|
||||||
|
"tasks": [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"type" : "INLINE",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"inputParameters": {
|
||||||
|
"base_url": "{{is_url}}/resource-registry/contexts",
|
||||||
|
"root_vo": "{{ root_vo }}",
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"ctx": "${workflow.input.context}",
|
||||||
|
"ic_proxy" : "{{ ic_proxy }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); var tree = $.ctx.split('%2F'); return { child : tree[tree.length - 1], parent : tree[tree.length-2], decoded_root_vo : $.root_vo.replace('%2F', '/') }} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "parallel_ic_proxy_queries",
|
||||||
|
"taskReferenceName" : "parallel_ic_proxy_queries",
|
||||||
|
"type" : "FORK_JOIN",
|
||||||
|
"forkTasks" : [
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize_uma_rootvo",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"audience" : "${init.input.root_vo}",
|
||||||
|
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "retrieve_infrastructure",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/INFRASTRUCTURE",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/xml",
|
||||||
|
"Authorization" : "Bearer ${authorize_uma_rootvo.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyeval",
|
||||||
|
"taskReferenceName" : "extract_infrastructure_id",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/infrastructures/infrastructure/vos/vo[scope=\\'${init.output.result.decoded_root_vo}/${init.output.result.parent}\\'].id')))",
|
||||||
|
"xmlstring" : "${retrieve_infrastructure.output.body}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize_uma_parent_vo",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"audience" : "${init.input.root_vo}%2F${init.output.result.parent}",
|
||||||
|
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth }}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "retrieve_vre",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/VRE/${init.output.result.child}",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/xml",
|
||||||
|
"Authorization" : "Bearer ${authorize_uma_parent_vo.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyeval",
|
||||||
|
"taskReferenceName" : "extract_vre_id",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/ID')))",
|
||||||
|
"xmlstring" : "${retrieve_vre.output.body}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "notification_join",
|
||||||
|
"taskReferenceName": "notification_join_ref",
|
||||||
|
"type": "JOIN",
|
||||||
|
"joinOn": ["extract_infrastructure_id", "extract_vre_id"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type" : "INLINE",
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "check",
|
||||||
|
"inputParameters": {
|
||||||
|
"vre": "${extract_vre_id.output.result[0]}",
|
||||||
|
"infra": "${extract_infrastructure_id.output.result[0]}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.vre) || e($.infra)) throw('VRE ID and Infra ID must not be empty');} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pyrest",
|
||||||
|
"taskReferenceName": "write_to_is",
|
||||||
|
"inputParameters": {
|
||||||
|
"url": "${init.input.base_url}/${extract_vre_id.output.result[0]}",
|
||||||
|
"method": "PUT",
|
||||||
|
"headers": {
|
||||||
|
"Authorization": "Bearer ${authorize_uma_rootvo.output.body.access_token}",
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body": {
|
||||||
|
"type": "Context",
|
||||||
|
"id": "${extract_vre_id.output.result[0]}",
|
||||||
|
"name": "${init.output.result.child}",
|
||||||
|
"parent": {
|
||||||
|
"type": "IsParentOf",
|
||||||
|
"source": {
|
||||||
|
"type": "Context",
|
||||||
|
"id": "${extract_infrastructure_id.output.result[0]}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "SIMPLE",
|
||||||
|
"decisionCases": {},
|
||||||
|
"defaultCase": [],
|
||||||
|
"forkTasks": [],
|
||||||
|
"startDelay": 0,
|
||||||
|
"joinOn": [],
|
||||||
|
"optional": false,
|
||||||
|
"defaultExclusiveJoinTask": [],
|
||||||
|
"asyncComplete": false,
|
||||||
|
"loopOver": []
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"inputParameters": [
|
||||||
|
"context"
|
||||||
|
],
|
||||||
|
"outputParameters": {},
|
||||||
|
"schemaVersion": 2,
|
||||||
|
"restartable": true,
|
||||||
|
"workflowStatusListenerEnabled": false,
|
||||||
|
"ownerEmail": "example@email.com",
|
||||||
|
"timeoutPolicy": "ALERT_ONLY",
|
||||||
|
"timeoutSeconds": 0,
|
||||||
|
"variables": {},
|
||||||
|
"inputTemplate": {}
|
||||||
|
}
|
|
@ -0,0 +1,173 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "role_created",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Handle workflow related to Portal event role_created",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["role", "first", "max"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "1 == 1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_all_vres",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients?clientId=%252F&search=true",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize2",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_add_role_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"role" : "${workflow.input.role}",
|
||||||
|
"vres" : "${get_all_vres.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_'+i}),inputs['create_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles',body:{clientRole:true,name:$.role,description: $.role + ' role'},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_add_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_add_role_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_add_role_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_role_addition"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize3",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_get_back_role_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+i}),inputs['get_back_'+i]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_get_back_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_getting_back"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_policy_permission_tasks",
|
||||||
|
"inputParameters": {
|
||||||
|
"evaluatorType": "javascript",
|
||||||
|
"roles": "${join_parallel_getting_back.output[*].body}",
|
||||||
|
"iam_master": "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"iam_admin": "${init.input.keycloak_admin}",
|
||||||
|
"user": "orchestrator",
|
||||||
|
"pass": "{{ keycloak_auth_master }}",
|
||||||
|
"playbook": "LSBuYW1lOiB0ZXN0CiAgaG9zdHM6IGxvY2FsaG9zdAogIHRhc2tzOgogICAgLSBuYW1lOiAiQXV0aG9yaXplIgogICAgICB1cmk6IAogICAgICAgIHVybDogInt7aWFtX21hc3Rlcn19IgogICAgICAgIHVzZXI6ICJ7e3VzZXJ9fSIKICAgICAgICBwYXNzd29yZCA6ICJ7e3Bhc3N3fX0iCiAgICAgICAgZm9yY2VfYmFzaWNfYXV0aDogdHJ1ZQogICAgICAgIG1ldGhvZDogUE9TVAogICAgICAgIGJvZHlfZm9ybWF0OiAiZm9ybS11cmxlbmNvZGVkIiAKICAgICAgICBib2R5OgogICAgICAgICAgLSBbZ3JhbnRfdHlwZSxjbGllbnRfY3JlZGVudGlhbHNdCiAgICAgIHJlZ2lzdGVyOiBhdXRoX3Jlc3AKICAgIAogICAgLSBzZXRfZmFjdDoKICAgICAgICB0b2sgOiAie3sgYXV0aF9yZXNwLmpzb24uYWNjZXNzX3Rva2VuIH19IgoKICAgIC0gbmFtZTogIlJldHJpZXZlIGRlZmF1bHQgcGVybWlzc2lvbiIKICAgICAgdXJpOgogICAgICAgIHVybDogInt7IGlhbV9hZG1pbiB9fS9jbGllbnRzL3t7IHJvbGUuY29udGFpbmVySWQgfX0vYXV0aHovcmVzb3VyY2Utc2VydmVyL3Blcm1pc3Npb24/bmFtZT17eydEZWZhdWx0IFBlcm1pc3Npb24nfHVybGVuY29kZX19IgogICAgICAgIG1ldGhvZDogIkdFVCIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgIHJlZ2lzdGVyOiBkZWZhdWx0X3Blcm1pc3Npb25fcmVzcAoKICAgIC0gc2V0X2ZhY3Q6CiAgICAgICAgZGVmYXVsdF9wZXJtIDogInt7IGRlZmF1bHRfcGVybWlzc2lvbl9yZXNwLmpzb24gfX0iCiAgICAgIGZhaWxlZF93aGVuOgogICAgICAgIGRlZmF1bHRfcGVybWlzc2lvbl9yZXNwLmpzb258bGVuZ3RoICE9IDEKCiAgICAtIG5hbWU6ICJSZXRyaWV2ZSBkZWZhdWx0IHBlcm1pc3Npb24gcG9saWNpZXMiCiAgICAgIHVyaToKICAgICAgICB1cmw6ICJ7eyBpYW1fYWRtaW4gfX0vY2xpZW50cy97eyByb2xlLmNvbnRhaW5lcklkIH19L2F1dGh6L3Jlc291cmNlLXNlcnZlci9wZXJtaXNzaW9uL3t7ZGVmYXVsdF9wZXJtWzBdLmlkfX0vYXNzb2NpYXRlZFBvbGljaWVzIgogICAgICAgIG1ldGhvZDogIkdFVCIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgIHJlZ2lzdGVyOiBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcAoKICAgIC0gc2V0X2ZhY3Q6CiAgICAgICAgcHJldl9wb2xpY2llcyA6ICJ7eyBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcC5qc29uIH19IgogICAgICBmYWlsZWRfd2hlbjoKICAgICAgICBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcC5qc29ufGxlbmd0aCA9PSAwCgogICAgLSBuYW1lOiAiQWRkIHBvbGljeSIKICAgICAgdXJpOgogICAgICAgIHVybDogInt7IGlhbV9hZG1pbiB9fS9jbGllbnRzL3t7IHJvbGUuY29udGFpbmVySWQgfX0vYXV0aHovcmVzb3VyY2Utc2VydmVyL3BvbGljeS9yb2xlIgogICAgICAgIG1ldGhvZDogIlBPU1QiCiAgICAgICAgYm9keV9mb3JtYXQ6ICJqc29uIgogICAgICAgIGJvZHk6ICJ7IFwibmFtZVwiIDogXCJ7eyByb2xlLm5hbWV9fV9wb2xpY3lcIiwgXCJkZXNjcmlwdGlvblwiIDogXCJQb2xpY3kgZm9yIGhhdmluZyB7e3JvbGUubmFtZX19IHJvbGVcIiwgXCJ0eXBlXCIgOiBcInJvbGVcIiwgXCJsb2dpY1wiIDogXCJQT1NJVElWRVwiLCBcImRlY2lzaW9uU3RyYXRlZ3lcIiA6IFwiVU5BTklNT1VTXCIsIFwicm9sZXNcIiA6IFt7IFwiaWRcIiA6IFwie3tyb2xlLmlkfX1cIiwgXCJyZXF1aXJlZFwiIDogdHJ1ZX1dfSIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgICAgc3RhdHVzX2NvZGU6IDIwMQogICAgICByZWdpc3RlcjogYWRkX3BvbGljeV9yZXNwCgogICAgLSBzZXRfZmFjdDoKICAgICAgICBuZXdfcG9saWN5IDogInt7YWRkX3BvbGljeV9yZXNwLmpzb259fSIKCiAgICAtIHNldF9mYWN0OgogICAgICAgIGZpbmFsX3BvbGljaWVzOiAie3sgKHByZXZfcG9saWNpZXMgKyBbbmV3X3BvbGljeV0pIHwgbWFwKGF0dHJpYnV0ZT0naWQnKSB9fSIKCiAgICAtIG5hbWU6ICJGaW5hbGl6ZSBwZXJtaXNzaW9uIgogICAgICB1cmk6CiAgICAgICAgdXJsOiAie3sgaWFtX2FkbWluIH19L2NsaWVudHMve3sgcm9sZS5jb250YWluZXJJZCB9fS9hdXRoei9yZXNvdXJjZS1zZXJ2ZXIvcGVybWlzc2lvbi97e2RlZmF1bHRfcGVybVswXS5pZH19IgogICAgICAgIG1ldGhvZDogIlBVVCIKICAgICAgICBib2R5X2Zvcm1hdDogImpzb24iCiAgICAgICAgYm9keTogInsgXCJuYW1lXCIgOiBcIkRlZmF1bHQgUGVybWlzc2lvblwiLCBcImRlc2NyaXB0aW9uXCIgOiBcIlwiLCBcInR5cGVcIiA6IFwicmVzb3VyY2VcIiwgXCJsb2dpY1wiIDogXCJQT1NJVElWRVwiLCBcImRlY2lzaW9uU3RyYXRlZ3lcIiA6IFwiQUZGSVJNQVRJVkVcIiwgXCJwb2xpY2llc1wiIDoge3tmaW5hbF9wb2xpY2llc319IH0iCiAgICAgICAgaGVhZGVyczoKICAgICAgICAgIEF1dGhvcml6YXRpb246ICJCZWFyZXIge3sgdG9rIH19IgogICAgICAgIHN0YXR1c19jb2RlOiAyMDEKICAgICAgcmVnaXN0ZXI6IGFkZF9wb2xpY3lfcmVzcAoKICAgIAoKCg==",
|
||||||
|
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],tasks.push({name:'pyansible',type:'SIMPLE',taskReferenceName:'call_policy_workflow_'+i}),inputs['call_policy_workflow_'+i]={playbook:$.playbook, extra_vars : {role:r, iam_master:$.iam_master,iam_admin:$.iam_admin,user:$.user,passw:$.pass}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
|
||||||
|
},
|
||||||
|
"type": "INLINE",
|
||||||
|
"startDelay": 0,
|
||||||
|
"optional": false,
|
||||||
|
"asyncComplete": false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_call_policy_permission_workflow",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_policy_permission_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_policy_permission_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_policy_permission_addition"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,79 @@
|
||||||
|
{
|
||||||
|
"ownerApp" : "Orchestrator",
|
||||||
|
"name" : "role_deleted",
|
||||||
|
"createBy" : "Marco Lettere",
|
||||||
|
"description": "Handle workflow related to Portal event role_deleted",
|
||||||
|
"version" : 1,
|
||||||
|
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||||
|
"inputParameters" : ["role"],
|
||||||
|
"tasks" : [
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "init",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "1 == 1"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "authorize",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||||
|
"method" : "POST",
|
||||||
|
"headers" : {
|
||||||
|
"Accept" : "application/json"
|
||||||
|
},
|
||||||
|
"body" : {
|
||||||
|
"client_id" : "orchestrator",
|
||||||
|
"client_secret" : "{{ keycloak_auth_master }}",
|
||||||
|
"grant_type" : "client_credentials"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "get_all_vres",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/clients?clientId=%252F&search=true&first=0&max=500",
|
||||||
|
"method" : "GET",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "build_delete_role_tasks",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"role" : "${workflow.input.role}",
|
||||||
|
"vres" : "${get_all_vres.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'delete_role_'+i}),inputs['delete_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles/' + $.role,method:'DELETE', expect:Java.to([204,404],'int[]'),headers:{Authorization:'Bearer ${authorize.output.body.access_token}'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "fork_dynamic",
|
||||||
|
"type" : "FORK_JOIN_DYNAMIC",
|
||||||
|
"taskReferenceName" : "parallel_delete_role",
|
||||||
|
"inputParameters" : {
|
||||||
|
"tasks" : "${build_delete_role_tasks.output.result.tasks}",
|
||||||
|
"inputs" : "${build_delete_role_tasks.output.result.inputs}"
|
||||||
|
},
|
||||||
|
"dynamicForkTasksParam": "tasks",
|
||||||
|
"dynamicForkTasksInputParamName": "inputs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "join",
|
||||||
|
"type" : "JOIN",
|
||||||
|
"taskReferenceName" : "join_parallel_role_deletion"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -8,13 +8,14 @@
|
||||||
"inputParameters" : ["role", "user", "group"],
|
"inputParameters" : ["role", "user", "group"],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
"scriptExpression": "1"
|
"expression": "1",
|
||||||
|
"evaluatorType" : "javascript"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -48,36 +49,38 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "select_user",
|
"taskReferenceName": "select_user",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"foundusers" : "${lookup_user.output.body}",
|
"foundusers" : "${lookup_user.output.body}",
|
||||||
"username" : "${workflow.input.user}",
|
"username" : "${workflow.input.user}",
|
||||||
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
|
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()",
|
||||||
},
|
"evaluatorType" : "javascript"
|
||||||
"type": "LAMBDA"
|
},
|
||||||
},
|
"type": "INLINE"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "check_user_existance",
|
"name": "check_user_existance",
|
||||||
"taskReferenceName": "check_user_existance",
|
"taskReferenceName": "check_user_existance",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"user": "${select_user.output.result[0]}"
|
"user": "${select_user.output.result}"
|
||||||
},
|
},
|
||||||
"type": "DECISION",
|
"type": "SWITCH",
|
||||||
"caseExpression": "($.user == null ? 'true' : 'false')",
|
"evaluatorType": "javascript",
|
||||||
"decisionCases": {
|
"expression": "$.user == null ? 'true' : 'false'",
|
||||||
"true": [
|
"decisionCases": {
|
||||||
{
|
"true": [
|
||||||
"name" : "terminate",
|
{
|
||||||
"taskReferenceName" : "terminate_when_no_user",
|
"name" : "terminate",
|
||||||
"type" : "TERMINATE",
|
"taskReferenceName" : "terminate_when_no_user",
|
||||||
"inputParameters" : {
|
"type" : "TERMINATE",
|
||||||
"terminationStatus" : "COMPLETED"
|
"inputParameters" : {
|
||||||
}
|
"terminationStatus" : "COMPLETED"
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
},
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "pyrest",
|
||||||
"taskReferenceName" : "lookup_client",
|
"taskReferenceName" : "lookup_client",
|
||||||
|
@ -112,18 +115,20 @@
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"prev_status": "${get_client_roles.output.status}"
|
"prev_status": "${get_client_roles.output.status}"
|
||||||
},
|
},
|
||||||
"type": "DECISION",
|
"type": "SWITCH",
|
||||||
"caseValueParam": "prev_status",
|
"evaluatorType": "value-param",
|
||||||
|
"expression": "prev_status",
|
||||||
"decisionCases": {
|
"decisionCases": {
|
||||||
"200": [
|
"200": [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "select_role",
|
"taskReferenceName": "select_role",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"role": "${workflow.input.role}",
|
"role": "${workflow.input.role}",
|
||||||
"roles" : "${get_client_roles.output.body}",
|
"roles" : "${get_client_roles.output.body}",
|
||||||
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}"
|
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}} f()",
|
||||||
|
"evaluatorType" : "javascript"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -131,7 +136,7 @@
|
||||||
"taskReferenceName" : "assign_role_to_user",
|
"taskReferenceName" : "assign_role_to_user",
|
||||||
"type" : "SIMPLE",
|
"type" : "SIMPLE",
|
||||||
"inputParameters" : {
|
"inputParameters" : {
|
||||||
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
|
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}",
|
||||||
"expect" : [204, 404],
|
"expect" : [204, 404],
|
||||||
"method" : "POST",
|
"method" : "POST",
|
||||||
"body" : "${select_role.output.result}",
|
"body" : "${select_role.output.result}",
|
||||||
|
|
|
@ -8,13 +8,14 @@
|
||||||
"inputParameters" : ["role", "user", "group"],
|
"inputParameters" : ["role", "user", "group"],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
"scriptExpression": "1"
|
"expression": "1",
|
||||||
|
"evaluatorType" : "javascript"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -48,36 +49,38 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "select_user",
|
"taskReferenceName": "select_user",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"foundusers": "${lookup_user.output.body}",
|
"foundusers": "${lookup_user.output.body}",
|
||||||
"username": "${workflow.input.user}",
|
"username": "${workflow.input.user}",
|
||||||
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
|
||||||
},
|
},
|
||||||
"type": "LAMBDA"
|
"type": "INLINE"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "check_user_existance",
|
"name": "check_user_existance",
|
||||||
"taskReferenceName": "check_user_existance",
|
"taskReferenceName": "check_user_existance",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"user": "${select_user.output.result[0]}"
|
"user": "${select_user.output.result}"
|
||||||
},
|
},
|
||||||
"type": "DECISION",
|
"type": "SWITCH",
|
||||||
"caseExpression": "($.user == null ? 'true' : 'false')",
|
"evaluatorType" : "javascript",
|
||||||
"decisionCases": {
|
"expression": "($.user == null ? 'true' : 'false')",
|
||||||
"true": [
|
"decisionCases": {
|
||||||
{
|
"true": [
|
||||||
"name" : "terminate",
|
{
|
||||||
"taskReferenceName" : "terminate_when_no_user",
|
"name" : "terminate",
|
||||||
"type" : "TERMINATE",
|
"taskReferenceName" : "terminate_when_no_user",
|
||||||
"inputParameters" : {
|
"type" : "TERMINATE",
|
||||||
"terminationStatus" : "COMPLETED"
|
"inputParameters" : {
|
||||||
}
|
"terminationStatus" : "COMPLETED"
|
||||||
}
|
}
|
||||||
]
|
}
|
||||||
}
|
]
|
||||||
},
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "pyrest",
|
||||||
"taskReferenceName" : "lookup_client",
|
"taskReferenceName" : "lookup_client",
|
||||||
|
@ -106,13 +109,14 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "select_role",
|
"taskReferenceName": "select_role",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"role": "${workflow.input.role}",
|
"role": "${workflow.input.role}",
|
||||||
"roles" : "${get_client_roles.output.body}",
|
"roles" : "${get_client_roles.output.body}",
|
||||||
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}"
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}} f()"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -120,7 +124,7 @@
|
||||||
"taskReferenceName" : "remove_role_from_user",
|
"taskReferenceName" : "remove_role_from_user",
|
||||||
"type" : "SIMPLE",
|
"type" : "SIMPLE",
|
||||||
"inputParameters" : {
|
"inputParameters" : {
|
||||||
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
|
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}",
|
||||||
"expect" : 204,
|
"expect" : 204,
|
||||||
"method" : "DELETE",
|
"method" : "DELETE",
|
||||||
"body" : "${select_role.output.result}",
|
"body" : "${select_role.output.result}",
|
||||||
|
|
|
@ -8,14 +8,16 @@
|
||||||
"inputParameters" : ["user", "group"],
|
"inputParameters" : ["user", "group"],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
|
"user" : "${workflow.input.user}",
|
||||||
"group" : "${workflow.input.group}",
|
"group" : "${workflow.input.group}",
|
||||||
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.user) || e($.group)) throw('User and Group must not be empty'); function f(){ var path = $.group.startsWith('%2F') ? $.group.split('%2F').slice(1) : [$.group]; return { 'tree' : Java.to(path, 'java.lang.String[]'), 'name' : path.slice(path.length-1)[0], 'search' : encodeURIComponent(path.slice(path.length-1)[0])}} f()"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -40,7 +42,7 @@
|
||||||
"taskReferenceName" : "lookup_user",
|
"taskReferenceName" : "lookup_user",
|
||||||
"type" : "SIMPLE",
|
"type" : "SIMPLE",
|
||||||
"inputParameters" : {
|
"inputParameters" : {
|
||||||
"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
|
"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}&exact=true&briefRepresentation=true",
|
||||||
"method" : "GET",
|
"method" : "GET",
|
||||||
"headers" : {
|
"headers" : {
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
@ -49,91 +51,67 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "check_user_existance",
|
||||||
"taskReferenceName": "select_user",
|
"taskReferenceName": "check_user_existance",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"foundusers": "${lookup_user.output.body}",
|
"user": "${lookup_user.output.body[0]}"
|
||||||
"username": "${workflow.input.user}",
|
|
||||||
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
|
|
||||||
},
|
|
||||||
"type": "LAMBDA"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "lookup_client",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.keycloak_admin}/clients",
|
|
||||||
"params" : { "clientId" : "${workflow.input.group}"},
|
|
||||||
"method" : "GET",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "get_client_roles",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
|
|
||||||
"expect" : [200, 404],
|
|
||||||
"method" : "GET",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "check_role_existance",
|
|
||||||
"taskReferenceName" : "check_role_existance",
|
|
||||||
"type" : "DECISION",
|
|
||||||
"inputParameters" :{
|
|
||||||
"previous_outcome" : "${get_client_roles.output.status}"
|
|
||||||
},
|
},
|
||||||
"caseValueParam" : "previous_outcome",
|
"type": "SWITCH",
|
||||||
"decisionCases" : {
|
"evaluatorType" : "javascript",
|
||||||
"200" : [
|
"expression": "($.user == null ? 'true' : 'false')",
|
||||||
|
"decisionCases": {
|
||||||
|
"true": [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name" : "terminate",
|
||||||
"taskReferenceName": "select_role",
|
"taskReferenceName" : "terminate_when_no_user",
|
||||||
"type": "LAMBDA",
|
"type" : "TERMINATE",
|
||||||
"inputParameters": {
|
"inputParameters" : {
|
||||||
"role": "${workflow.input.role}",
|
"terminationStatus" : "COMPLETED"
|
||||||
"roles" : "${get_client_roles.output.body}",
|
|
||||||
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}"
|
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
{
|
]
|
||||||
"name" : "pyrest",
|
}
|
||||||
"taskReferenceName" : "look_up_groups",
|
},
|
||||||
"type" : "SIMPLE",
|
{
|
||||||
"inputParameters" : {
|
"name" : "pyrest",
|
||||||
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
|
"taskReferenceName" : "look_up_groups",
|
||||||
"headers" : {
|
"type" : "SIMPLE",
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
"inputParameters" : {
|
||||||
"Accept" : "application/json"
|
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.search}",
|
||||||
}
|
"headers" : {
|
||||||
}
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
},
|
"Accept" : "application/json"
|
||||||
{
|
}
|
||||||
"name": "LAMBDA_TASK",
|
}
|
||||||
"taskReferenceName": "extract_group",
|
},
|
||||||
"type": "LAMBDA",
|
{
|
||||||
"inputParameters": {
|
"name": "INLINE_TASK",
|
||||||
"tree" : "${init.output.result.tree}",
|
"taskReferenceName": "extract_group",
|
||||||
"groups" : "${look_up_groups.output.body}",
|
"type": "INLINE",
|
||||||
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
|
"inputParameters": {
|
||||||
}
|
"tree" : "${init.output.result.tree}",
|
||||||
},
|
"groups" : "${look_up_groups.output.body}",
|
||||||
|
"expression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } function f() { return { 'group' : selectByPath($.groups, $.tree, 0)}} f()",
|
||||||
|
"evaluatorType" : "javascript"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "check_group_existance",
|
||||||
|
"taskReferenceName" : "check_group_existance",
|
||||||
|
"type" : "SWITCH",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"inputParameters" :{
|
||||||
|
"group" : "${extract_group.output.result.group}"
|
||||||
|
},
|
||||||
|
"expression": "(($.group != null) ? 'assign' : 'skip')",
|
||||||
|
"decisionCases" : {
|
||||||
|
"assign" : [
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "pyrest",
|
||||||
"taskReferenceName" : "assign_user_to_group",
|
"taskReferenceName" : "assign_user_to_group",
|
||||||
"type" : "SIMPLE",
|
"type" : "SIMPLE",
|
||||||
"inputParameters" : {
|
"inputParameters" : {
|
||||||
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/groups/${extract_group.output.result.group.id}",
|
"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}",
|
||||||
"method" : "PUT",
|
"method" : "PUT",
|
||||||
"headers" : {
|
"headers" : {
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
||||||
|
|
|
@ -5,17 +5,19 @@
|
||||||
"description": "Handle workflow related to Portal event user-group_deleted",
|
"description": "Handle workflow related to Portal event user-group_deleted",
|
||||||
"version" : 1,
|
"version" : 1,
|
||||||
"ownerEmail" : "m.lettere@gmail.com",
|
"ownerEmail" : "m.lettere@gmail.com",
|
||||||
"inputParameters" : ["role", "user", "group"],
|
"inputParameters" : ["user", "group"],
|
||||||
"tasks" : [
|
"tasks" : [
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "init",
|
"taskReferenceName": "init",
|
||||||
"type": "LAMBDA",
|
"type": "INLINE",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||||
"group" : "${workflow.input.group}",
|
"group" : "${workflow.input.group}",
|
||||||
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
|
"user" : "${workflow.input.user}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.user) || e($.group)) throw('User and Group must not be empty'); function f(){var path = $.group.startsWith('%2F') ? $.group.split('%2F').slice(1) : [$.group]; return { 'tree' : Java.to(path, 'java.lang.String[]'), 'name' : path.slice(path.length-1)[0], search : encodeURIComponent(path.slice(path.length-1)[0])}} f()"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -48,24 +50,26 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "LAMBDA_TASK",
|
"name": "INLINE_TASK",
|
||||||
"taskReferenceName": "select_user",
|
"taskReferenceName": "select_user",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"foundusers": "${lookup_user.output.body}",
|
"foundusers": "${lookup_user.output.body}",
|
||||||
"username": "${workflow.input.user}",
|
"username": "${workflow.input.user}",
|
||||||
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
|
"evaluatorType" : "javascript",
|
||||||
},
|
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
|
||||||
"type": "LAMBDA"
|
},
|
||||||
},
|
"type": "INLINE"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "check_user_existance",
|
"name": "check_user_existance",
|
||||||
"taskReferenceName": "check_user_existance",
|
"taskReferenceName": "check_user_existance",
|
||||||
"inputParameters": {
|
"inputParameters": {
|
||||||
"user": "${select_user.output.result[0]}"
|
"user": "${select_user.output.result}"
|
||||||
},
|
},
|
||||||
"type": "DECISION",
|
"type": "SWITCH",
|
||||||
"caseExpression": "($.user == null ? 'true' : 'false')",
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "($.user == null ? 'true' : 'false')",
|
||||||
"decisionCases": {
|
"decisionCases": {
|
||||||
"true": [
|
"true": [
|
||||||
{
|
{
|
||||||
|
@ -79,6 +83,63 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "look_up_groups",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.search}",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Accept" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "INLINE_TASK",
|
||||||
|
"taskReferenceName": "extract_group",
|
||||||
|
"type": "INLINE",
|
||||||
|
"inputParameters": {
|
||||||
|
"tree" : "${init.output.result.tree}",
|
||||||
|
"groups" : "${look_up_groups.output.body}",
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } function f() { return { 'group' : selectByPath($.groups, $.tree, 0)}} f()"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "check_group_existance",
|
||||||
|
"taskReferenceName" : "check_group_existance",
|
||||||
|
"type" : "SWITCH",
|
||||||
|
"inputParameters" :{
|
||||||
|
"group" : "${extract_group.output.result.group}"
|
||||||
|
},
|
||||||
|
"evaluatorType" : "javascript",
|
||||||
|
"expression": "(($.group != null) ? 'delete' : 'skip')",
|
||||||
|
"decisionCases" : {
|
||||||
|
"skip" : [
|
||||||
|
{
|
||||||
|
"name" : "terminate",
|
||||||
|
"taskReferenceName" : "terminate_when_no_group",
|
||||||
|
"type" : "TERMINATE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"terminationStatus" : "COMPLETED"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "delete_user_from_group",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/${extract_group.output.result.group.id}",
|
||||||
|
"method" : "DELETE",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "pyrest",
|
||||||
"taskReferenceName" : "lookup_client",
|
"taskReferenceName" : "lookup_client",
|
||||||
|
@ -100,6 +161,7 @@
|
||||||
"inputParameters" : {
|
"inputParameters" : {
|
||||||
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
|
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
|
||||||
"method" : "GET",
|
"method" : "GET",
|
||||||
|
"expect" : [200, 404],
|
||||||
"headers" : {
|
"headers" : {
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
"Accept" : "application/json"
|
"Accept" : "application/json"
|
||||||
|
@ -107,53 +169,33 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name" : "pyrest",
|
"name" : "check_role_existance",
|
||||||
"taskReferenceName" : "remove_all_roles_from_user",
|
"taskReferenceName" : "check_role_existance",
|
||||||
"type" : "SIMPLE",
|
"type" : "SWITCH",
|
||||||
"inputParameters" : {
|
"evaluatorType" : "value-param",
|
||||||
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
|
"inputParameters" :{
|
||||||
"expect" : 204,
|
"previous_outcome" : "${get_client_roles.output.status}"
|
||||||
"method" : "DELETE",
|
},
|
||||||
"body" : "${get_client_roles.body}",
|
"expression" : "previous_outcome",
|
||||||
"headers" : {
|
"decisionCases" : {
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
"200" : [
|
||||||
"Content-Type" : "application/json"
|
{
|
||||||
}
|
"name" : "pyrest",
|
||||||
|
"taskReferenceName" : "remove_all_roles_from_user",
|
||||||
|
"type" : "SIMPLE",
|
||||||
|
"inputParameters" : {
|
||||||
|
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}",
|
||||||
|
"expect" : 204,
|
||||||
|
"method" : "DELETE",
|
||||||
|
"body" : "${get_client_roles.body}",
|
||||||
|
"headers" : {
|
||||||
|
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||||
|
"Content-Type" : "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "look_up_groups",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
|
||||||
"Accept" : "application/json"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "LAMBDA_TASK",
|
|
||||||
"taskReferenceName": "extract_group",
|
|
||||||
"type": "LAMBDA",
|
|
||||||
"inputParameters": {
|
|
||||||
"tree" : "${init.output.result.tree}",
|
|
||||||
"groups" : "${look_up_groups.output.body}",
|
|
||||||
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name" : "pyrest",
|
|
||||||
"taskReferenceName" : "assign_user_to_group",
|
|
||||||
"type" : "SIMPLE",
|
|
||||||
"inputParameters" : {
|
|
||||||
"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}",
|
|
||||||
"method" : "DELETE",
|
|
||||||
"headers" : {
|
|
||||||
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue