Compare commits
173 Commits
@ -0,0 +1,52 @@
|
||||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "add_workspace_client_to_contexts",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "A workspace client is made Member of all the contexts passed as input by calling the add_workspace_client_to_context sub-workflow",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["client_id", "context_list"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"root_vo": "{{ root_vo }}",
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"id" : "${workflow.input.client_id}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_tasks_to_add_ws_client_to_all_contexts",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"context_list" : "${workflow.input.context_list}",
|
||||
"client_id" : "${workflow.input.client_id}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_build_tasks_to_add_ws_client_to_all_contexts",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.tasks}",
|
||||
"inputs" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_build_tasks_to_add_ws_client_to_all_contexts"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -0,0 +1,656 @@
|
||||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "create_vre",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "Handle workflow related to Portal event group_created",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["context", "folder_owner", "folder_admins"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"root_vo": "{{ root_vo }}",
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"group" : "${workflow.input.context}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.group)) throw('Group must not be empty'); var tree = $.group.startsWith('%2F') ? $.group.split('%2F') : [$.group]; return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/'), encoded_root_vo : encodeURI($.root_vo)}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_join",
|
||||
"taskReferenceName" : "preliminary_fork",
|
||||
"type" : "FORK_JOIN",
|
||||
"forkTasks" : [
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "create_client",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients",
|
||||
"body" : {
|
||||
"clientId": "${init.input.group}",
|
||||
"name": "${init.output.result.name}",
|
||||
"description": "Client representation for ${init.output.result.name} context",
|
||||
"rootUrl": "http://localhost${init.output.result.name}",
|
||||
"enabled": true,
|
||||
"serviceAccountsEnabled": true,
|
||||
"standardFlowEnabled": true,
|
||||
"authorizationServicesEnabled": true,
|
||||
"publicClient": false,
|
||||
"fullScopeAllowed" : false,
|
||||
"protocol": "openid-connect"
|
||||
},
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "extract_client_id",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"client_location" : "${create_client.output.headers.location}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_id' : client_id}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "list_kc_groups",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/groups",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "prepare",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"append": "${init.output.result.append}",
|
||||
"groups": "${list_kc_groups.output.body}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; function f(){return {'group' : $.append == '' ? '' : recurse($.groups)}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "decide_task",
|
||||
"taskReferenceName": "decide1",
|
||||
"inputParameters": {
|
||||
"groupid": "${prepare.output.result.group}"
|
||||
},
|
||||
"type": "SWITCH",
|
||||
"evaluatorType" : "value-param",
|
||||
"expression": "groupid",
|
||||
"decisionCases": {
|
||||
"": [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "dummy",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "1"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"defaultCase": [
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "create_kc_group",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
|
||||
"body": {
|
||||
"name": "${init.output.result.child}"
|
||||
},
|
||||
"method": "POST",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type": "application/json"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE"
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"type": "INLINE",
|
||||
"taskReferenceName": "prepare2",
|
||||
"inputParameters": {
|
||||
"location": "${create_kc_group.output.headers.location}",
|
||||
"client_location": "${create_client.output.headers.location}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function f(){return {'newid' : newid, 'client_id' : client_id}} f()"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_default_policies",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_default_resource",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/resource",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "delete_default_policy1",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[0].id}",
|
||||
"method" : "DELETE",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "delete_default_policy2",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[1].id}",
|
||||
"method" : "DELETE",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "create_permission",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource",
|
||||
"body" : {
|
||||
"name": "Default Permission",
|
||||
"description": "",
|
||||
"type" : "resource",
|
||||
"logic": "POSITIVE",
|
||||
"decisionStrategy": "AFFIRMATIVE",
|
||||
"resources" : ["${get_default_resource.output.body[0]._id}"]
|
||||
},
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type" : "application/json",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_rootvo",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_rootvo_roles",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "preliminary_fork_join",
|
||||
"joinOn": [ "create_permission", "get_rootvo_roles"]
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize1",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "create_role_member",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${create_client.output.headers.location}/roles",
|
||||
"body" : {
|
||||
"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
|
||||
},
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||
"Content-Type" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_back_role_member",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${create_role_member.output.headers.location}",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "jq_1",
|
||||
"taskReferenceName": "to_array",
|
||||
"type": "JSON_JQ_TRANSFORM",
|
||||
"inputParameters": {
|
||||
"role": "${get_back_role_member.output.body}",
|
||||
"queryExpression" : ".role"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "add_role_member_as_component_of_infrastructure_member",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member/composites",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||
"Content-Type" : "application/json"
|
||||
},
|
||||
"body" : "${to_array.output.resultList}"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "create_role_policy_member",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
|
||||
"body" : {
|
||||
"name": "Member_policy",
|
||||
"description": "",
|
||||
"type" : "role",
|
||||
"logic": "POSITIVE",
|
||||
"decisionStrategy": "UNANIMOUS",
|
||||
"roles" : [
|
||||
{
|
||||
"id" : "${get_back_role_member.output.body.id}",
|
||||
"required" : true
|
||||
}
|
||||
]
|
||||
},
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||
"Content-Type" : "application/json",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "decide_task",
|
||||
"taskReferenceName": "decide2",
|
||||
"inputParameters": {
|
||||
"groupid": "${prepare.output.result.group}"
|
||||
},
|
||||
"type": "SWITCH",
|
||||
"evaluatorType" : "value-param",
|
||||
"expression": "groupid",
|
||||
"decisionCases": {
|
||||
"": [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "dummy2",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "1"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"defaultCase": [
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "assign_client_member_role_to_kc_group",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/groups/${prepare2.output.result.newid}/role-mappings/clients/${prepare2.output.result.client_id}",
|
||||
"method" : "POST",
|
||||
"body" : ["${get_back_role_member.output.body}"],
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
|
||||
"Accept" : "application/json",
|
||||
"Content-Type" : "application/json"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize2",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_add_role_tasks",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"roles" : "${get_rootvo_roles.output.body}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k); function f(){return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_add_role",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_add_role_tasks.output.result.tasks}",
|
||||
"inputs" : "${build_add_role_tasks.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_parallel_role_addition"
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize3",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_get_back_role_tasks",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_get_back_role",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
|
||||
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_parallel_getting_back"
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize4",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_add_policy_tasks",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"roles" : "${join_parallel_getting_back.output[*].body}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_add_policy_role",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_add_policy_tasks.output.result.tasks}",
|
||||
"inputs" : "${build_add_policy_tasks.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_parallel_policy_addition"
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "policy_list",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"memberpolicy" : "${create_role_policy_member.output.body.id}",
|
||||
"otherpolicies" : "${join_parallel_policy_addition.output[*].body.id}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function f(){return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize5",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "finalize_permission",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource/${create_permission.output.body.id}",
|
||||
"body" : {
|
||||
"name": "Default Permission",
|
||||
"description": "",
|
||||
"type" : "resource",
|
||||
"logic": "POSITIVE",
|
||||
"decisionStrategy": "AFFIRMATIVE",
|
||||
"policies" : "${policy_list.output.result}"
|
||||
},
|
||||
"method" : "PUT",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize5.output.body.access_token}",
|
||||
"Content-Type" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_subworkflows",
|
||||
"type" : "FORK_JOIN",
|
||||
"taskReferenceName" : "parallel_call_subworkflows",
|
||||
"forkTasks" : [
|
||||
[
|
||||
{
|
||||
"name": "sub_workflow_task",
|
||||
"taskReferenceName": "call_enable_workspace_clients_for_context",
|
||||
"subWorkflowParam": {
|
||||
"name": "enable_workspace_clients_for_context"
|
||||
},
|
||||
"inputParameters": {
|
||||
"context" : "${workflow.input.context}"
|
||||
},
|
||||
"type": "SUB_WORKFLOW"
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name": "sub_workflow_task",
|
||||
"taskReferenceName": "call_jupyterhub_add_serveroptions_to_context",
|
||||
"subWorkflowParam": {
|
||||
"name": "jupyterhub_add_serveroptions_to_context"
|
||||
},
|
||||
"inputParameters": {
|
||||
"context" : "${workflow.input.context}"
|
||||
},
|
||||
"type": "SUB_WORKFLOW"
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name": "sub_workflow_task",
|
||||
"taskReferenceName": "call_record_context_to_is",
|
||||
"subWorkflowParam": {
|
||||
"name": "record_context_to_is"
|
||||
},
|
||||
"inputParameters": {
|
||||
"context" : "${workflow.input.context}"
|
||||
},
|
||||
"type": "SUB_WORKFLOW"
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name": "sub_workflow_task",
|
||||
"taskReferenceName": "call_create_vre_folder_for_context",
|
||||
"subWorkflowParam": {
|
||||
"name": "create_vre_folder_for_context"
|
||||
},
|
||||
"inputParameters": {
|
||||
"context" : "${workflow.input.context}",
|
||||
"folder_owner" : "${workflow.input.folder_owner}",
|
||||
"folder_admins" : "${workflow.input.folder_admins}"
|
||||
},
|
||||
"type": "SUB_WORKFLOW"
|
||||
}
|
||||
]
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_parallel_call_subworkflows",
|
||||
"joinOn" :[
|
||||
"call_enable_workspace_clients_for_context",
|
||||
"call_jupyterhub_add_serveroptions_to_context",
|
||||
"call_record_context_to_is",
|
||||
"call_create_vre_folder_for_context"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,141 @@
|
||||
{
|
||||
"createTime": 1689260185434,
|
||||
"updateTime": 1689259167761,
|
||||
"name": "create_vre_folder_for_context",
|
||||
"description": "Upon creation of a new context, create also a vre folder on the workspace",
|
||||
"version": 1,
|
||||
"tasks": [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"type": "INLINE",
|
||||
"taskReferenceName": "init",
|
||||
"inputParameters": {
|
||||
"root_vo": "{{ root_vo }}",
|
||||
"base_url": "https://url.gcube.d4science.org/",
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"storagehub" : "{{ storagehub }}/workspace",
|
||||
"ctx": "${workflow.input.context}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); return { shubified_context_name : ($.ctx[0] === '%' ? $.ctx.replace('%2F', '') : $.ctx).split('%2F').join('-') }} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize_with_uma_rpt",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"audience" : "${init.input.root_vo}",
|
||||
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth }}"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "create_vre_folder",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.storagehub}/groups",
|
||||
"method": "POST",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}",
|
||||
"Accept": "text/plain",
|
||||
"Content-Type": "multipart/form-data"
|
||||
},
|
||||
"body": {
|
||||
"accessType": [
|
||||
"WRITE_OWNER",
|
||||
"application/json"
|
||||
],
|
||||
"group": "${init.output.result.shubified_context_name}",
|
||||
"folderOwner": "${workflow.input.folder_owner}"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_add_vre_folder_users_tasks",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"admins" : "${workflow.input.folder_admins}",
|
||||
"url": "${init.input.storagehub}/groups/${init.output.result.shubified_context_name}/users",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.admins.length;i++)a=$.admins[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'tu_'+i}),inputs['tu_'+i]={url:$.url,body:{userId:a},method:'PUT',headers:{Authorization:'Bearer ${authorize_with_uma_rpt.output.body.access_token}', Accept: 'text/plain'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_add_vre_folder_users",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_add_vre_folder_users_tasks.output.result.tasks}",
|
||||
"inputs" : "${build_add_vre_folder_users_tasks.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_parallel_add_vre_folder_users"
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_add_vre_folder_admins_tasks",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"admins" : "${workflow.input.folder_admins}",
|
||||
"url": "${init.input.storagehub}/groups/${init.output.result.shubified_context_name}/admins",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.admins.length;i++)a=$.admins[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'ta_'+i}),inputs['ta_'+i]={url:$.url,body:{userId:a},method:'PUT',headers:{Authorization:'Bearer ${authorize_with_uma_rpt.output.body.access_token}', Accept: 'text/plain'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_add_vre_folder_admins",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_add_vre_folder_admins_tasks.output.result.tasks}",
|
||||
"inputs" : "${build_add_vre_folder_admins_tasks.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_parallel_add_vre_folder_admins"
|
||||
}
|
||||
],
|
||||
"inputParameters": [
|
||||
"context",
|
||||
"folder_owner",
|
||||
"folder_admins"
|
||||
],
|
||||
"outputParameters": {},
|
||||
"schemaVersion": 2,
|
||||
"restartable": true,
|
||||
"workflowStatusListenerEnabled": false,
|
||||
"ownerEmail": "example@email.com",
|
||||
"timeoutPolicy": "ALERT_ONLY",
|
||||
"timeoutSeconds": 0,
|
||||
"variables": {},
|
||||
"inputTemplate": {}
|
||||
}
|
@ -0,0 +1,159 @@
|
||||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "ghn_client_add_to_context",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "A GHN client is made Member of a context and it's workspace folder is linked to context's shared folder",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["client_id", "context"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"id" : "${workflow.input.client_id}",
|
||||
"ctx" : "${workflow.input.context}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_join",
|
||||
"taskReferenceName" : "fork1",
|
||||
"type" : "FORK_JOIN",
|
||||
"forkTasks" : [
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "lookup_client",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients",
|
||||
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "extract_ghn_client",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"client" : "${lookup_client.output.body}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_service_account_user",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "lookup_context",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients",
|
||||
"params" : { "clientId" : "${init.output.result.encoded_context}"},
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "extract_context",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"client" : "${lookup_context.output.body}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"type" : "SIMPLE",
|
||||
"taskReferenceName": "retrieve_member_role",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
|
||||
"method" :"GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "jq_1",
|
||||
"taskReferenceName": "roles_to_assign",
|
||||
"type": "JSON_JQ_TRANSFORM",
|
||||
"inputParameters": {
|
||||
"role": "${retrieve_member_role.output.body}",
|
||||
"queryExpression" : ".role"
|
||||
}
|
||||
}
|
||||
]
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "join",
|
||||
"taskReferenceName": "join1",
|
||||
"type": "JOIN",
|
||||
"joinOn": [
|
||||
"get_service_account_user",
|
||||
"roles_to_assign"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"type" : "SIMPLE",
|
||||
"taskReferenceName": "assign_member_role",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
|
||||
"method" :"POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type" : "application/json",
|
||||
"Accept":"application/json"
|
||||
},
|
||||
"body" : "${roles_to_assign.output.resultList}"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,51 @@
|
||||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "ghn_client_add_to_contexts",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "A client for a GHN is made Member of all the contexts passed as input by calling the ghn_client_add_to_context sub-workflow",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["client_id", "context_list"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"id" : "${workflow.input.client_id}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_tasks_to_add_ghn_client_to_all_contexts",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"context_list" : "${workflow.input.context_list}",
|
||||
"client_id" : "${workflow.input.client_id}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_ghn_client_to_context_'+i, subWorkflowParam:{ name:'ghn_client_add_to_context'}}),inputs['add_ghn_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_build_tasks_to_add_ghn_client_to_all_contexts",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.tasks}",
|
||||
"inputs" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_build_tasks_to_add_ghn_client_to_all_contexts"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -0,0 +1,180 @@
|
||||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "ghn_client_create",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "Create a client on IAM to represent SmartGears based GHNodes",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["client_id", "client_secret", "description", "context_list"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"root_vo": "{{ root_vo }}",
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"storagehub" : "{{ storagehub }}",
|
||||
"id" : "${workflow.input.client_id}",
|
||||
"secret" : "${workflow.input.client_secret}",
|
||||
"description" : "${workflow.input.description}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_join",
|
||||
"taskReferenceName" : "fork1",
|
||||
"type" : "FORK_JOIN",
|
||||
"forkTasks" : [
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "create_client",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients",
|
||||
"body" : "${init.output.result.client}",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "extract_client_id",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"client_location" : "${create_client.output.headers.location}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_resource_id' : client_id}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_service_account_user",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_resource_id}/service-account-user",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_rootvo",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_rootvo_member_role",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Member",
|
||||
"method" : "GET",
|
||||
"expect" : [200, 404],
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "join",
|
||||
"taskReferenceName": "join1",
|
||||
"type": "JOIN",
|
||||
"joinOn": [
|
||||
"get_service_account_user",
|
||||
"get_rootvo_member_role"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "jq_1",
|
||||
"taskReferenceName": "to_array",
|
||||
"type": "JSON_JQ_TRANSFORM",
|
||||
"inputParameters": {
|
||||
"role": "${get_rootvo_member_role.output.body}",
|
||||
"queryExpression" : ".role"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"type" : "SIMPLE",
|
||||
"taskReferenceName": "assign_member_role",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${get_rootvo_member_role.output.body.containerId}",
|
||||
"method" :"POST",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type" : "application/json",
|
||||
"Accept":"application/json"
|
||||
},
|
||||
"body" : "${to_array.output.resultList}"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_tasks_to_add_ghn_client_to_all_contexts",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"context_list" : "${workflow.input.context_list}",
|
||||
"client_id" : "${workflow.input.client_id}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_ghn_client_to_context_'+i, subWorkflowParam:{ name:'ghn_client_add_to_context'}}),inputs['add_ghn_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_build_tasks_to_add_ghn_client_to_all_contexts",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.tasks}",
|
||||
"inputs" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_build_tasks_to_add_ghn_client_to_all_contexts"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -0,0 +1,76 @@
|
||||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "ghn_client_delete",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "Delete a GHN client from IAM",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["client_id"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"id" : "${workflow.input.client_id}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "lookup_client",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients",
|
||||
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "check",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"evaluatorType" : "javascript",
|
||||
"list" : "${lookup_client.output.body}",
|
||||
"expression" : "if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "delete_client",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}",
|
||||
"method" : "DELETE",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,159 @@
|
||||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "ghn_client_remove_from_context",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "The role Memeber of the give context is removed from a GHN client on IAM.",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["client_id", "context"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"id" : "${workflow.input.client_id}",
|
||||
"ctx" : "${workflow.input.context}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth_master }}",
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_join",
|
||||
"taskReferenceName" : "fork1",
|
||||
"type" : "FORK_JOIN",
|
||||
"forkTasks" : [
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "lookup_client",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients",
|
||||
"params" : { "clientId" : "${workflow.input.client_id}"},
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "extract_ghn_client",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"client" : "${lookup_client.output.body}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "get_service_account_user",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "lookup_context",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients",
|
||||
"params" : { "clientId" : "${init.output.result.encoded_context}"},
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "extract_context",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"client" : "${lookup_context.output.body}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"type" : "SIMPLE",
|
||||
"taskReferenceName": "retrieve_member_role",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
|
||||
"method" :"GET",
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept" : "application/json"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "jq_1",
|
||||
"taskReferenceName": "roles_to_remove",
|
||||
"type": "JSON_JQ_TRANSFORM",
|
||||
"inputParameters": {
|
||||
"role": "${retrieve_member_role.output.body}",
|
||||
"queryExpression" : ".role"
|
||||
}
|
||||
}
|
||||
]
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "join",
|
||||
"taskReferenceName": "join1",
|
||||
"type": "JOIN",
|
||||
"joinOn": [
|
||||
"get_service_account_user",
|
||||
"roles_to_remove"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"type" : "SIMPLE",
|
||||
"taskReferenceName": "remove_member_role",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
|
||||
"method" :"DELETE",
|
||||
"expect" : 204,
|
||||
"headers" : {
|
||||
"Authorization" : "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type" : "application/json"
|
||||
},
|
||||
"body" : "${roles_to_remove.output.resultList}"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,51 @@
|
||||
{
|
||||
"ownerApp" : "Orchestrator",
|
||||
"name" : "ghn_client_remove_from_contexts",
|
||||
"createBy" : "Marco Lettere",
|
||||
"description": "The role Member for of all the passed contexts is removed from a GHN client",
|
||||
"version" : 1,
|
||||
"ownerEmail" : "marco.lettere@nubisware.com",
|
||||
"inputParameters" : ["client_id", "context_list"],
|
||||
"tasks" : [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"id" : "${workflow.input.client_id}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "INLINE",
|
||||
"taskReferenceName": "build_tasks_to_remove_ghn_client_from_all_contexts",
|
||||
"type": "INLINE",
|
||||
"inputParameters": {
|
||||
"context_list" : "${workflow.input.context_list}",
|
||||
"client_id" : "${workflow.input.client_id}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "inputs={},tasks=[]; function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'remove_ghn_client_from_context_'+i, subWorkflowParam:{ name:'ghn_client_remove_from_context'}}),inputs['remove_ghn_client_from_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "fork_dynamic",
|
||||
"type" : "FORK_JOIN_DYNAMIC",
|
||||
"taskReferenceName" : "parallel_build_tasks_to_remove_ghn_client_from_all_contexts",
|
||||
"inputParameters" : {
|
||||
"tasks" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.tasks}",
|
||||
"inputs" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.inputs}"
|
||||
},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs"
|
||||
},
|
||||
{
|
||||
"name" : "join",
|
||||
"type" : "JOIN",
|
||||
"taskReferenceName" : "join_build_tasks_to_remove_ghn_client_from_all_contexts"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -0,0 +1,385 @@
|
||||
{
|
||||
"createTime": 1657617957794,
|
||||
"updateTime": 1657639881455,
|
||||
"name": "jupyterhub_add_serveroptions_to_context",
|
||||
"description": "Reflects the JupyterHub ServerOptions from a given IS Context to the AuthZ on the IAM",
|
||||
"version": 1,
|
||||
"tasks": [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "init",
|
||||
"inputParameters": {
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin": "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"ctx": "${workflow.input.context}",
|
||||
"jupyterhub_clientid" : "jupyterhub1",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.ctx)) throw('Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
|
||||
},
|
||||
"type": "INLINE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "authorize",
|
||||
"inputParameters": {
|
||||
"url": "{{ keycloak }}/master/protocol/openid-connect/token",
|
||||
"method": "POST",
|
||||
"headers": {
|
||||
"Accept": "application/json"
|
||||
},
|
||||
"body": {
|
||||
"client_id": "orchestrator",
|
||||
"client_secret": "{{ keycloak_auth_master }}",
|
||||
"grant_type": "client_credentials"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "fork_join",
|
||||
"taskReferenceName": "pre-query",
|
||||
"inputParameters": {},
|
||||
"type": "FORK_JOIN",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [
|
||||
[
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "lookup_client",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.keycloak_admin}/clients",
|
||||
"params": {
|
||||
"clientId": "${init.output.result.encoded_context}"
|
||||
},
|
||||
"method": "GET",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept": "application/json"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE"
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "get_client_member_role",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles/Member",
|
||||
"method": "GET",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept": "application/json"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE"
|
||||
},
|
||||
{
|
||||
"name": "jq_1",
|
||||
"taskReferenceName": "role_to_array",
|
||||
"type": "JSON_JQ_TRANSFORM",
|
||||
"inputParameters": {
|
||||
"role": "${get_client_member_role.output.body}",
|
||||
"queryExpression" : ".role"
|
||||
}
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "lookup_jupyterhub",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.keycloak_admin}/clients",
|
||||
"params": {
|
||||
"clientId": "${init.input.jupyterhub_clientid}"
|
||||
},
|
||||
"method": "GET",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept": "application/json"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "lookup_jupyterhub_resources",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource",
|
||||
"params": {
|
||||
"clientId": "${init.input.jupyterhub_clientid}"
|
||||
},
|
||||
"method": "GET",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||
"Accept": "application/json"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "authorize_with_uma_rpt",
|
||||
"inputParameters": {
|
||||
"url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
|
||||
"method": "POST",
|
||||
"headers": {
|
||||
"Accept": "application/json"
|
||||
},
|
||||
"body": {
|
||||
"audience": "${init.output.result.encoded_context}",
|
||||
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||
"client_id": "orchestrator",
|
||||
"client_secret": "{{ keycloak_auth }}"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "lookup_resources_on_icproxy",
|
||||
"inputParameters": {
|
||||
"url": "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/JupyterHub",
|
||||
"method": "GET",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "pyeval",
|
||||
"taskReferenceName": "extract_authids",
|
||||
"inputParameters": {
|
||||
"code": "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/ServerOption/AuthId')))",
|
||||
"xmlstring": "${lookup_resources_on_icproxy.output.body}"
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
}
|
||||
]
|
||||
],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "join",
|
||||
"taskReferenceName": "join-pre-query",
|
||||
"inputParameters": {},
|
||||
"type": "JOIN",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [
|
||||
"lookup_jupyterhub_resources",
|
||||
"extract_authids"
|
||||
],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "check",
|
||||
"inputParameters": {
|
||||
"evaluatorType" : "javascript",
|
||||
"param": "ok",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.param)) throw('Param must not be empty'); else return $.param} f()"
|
||||
},
|
||||
"type": "INLINE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "filter_and_update",
|
||||
"inputParameters": {
|
||||
"evaluatorType" : "javascript",
|
||||
"allowed": "${extract_authids.output.result}",
|
||||
"res": "${lookup_jupyterhub_resources.output.body}",
|
||||
"ctx": "${init.output.result.encoded_context}",
|
||||
"expression": "var ret = []; function f(){for(var r=0; r < $.res.length; r++){ if($.allowed.indexOf($.res[r].name) !== -1){ $.res[r].attributes[$.ctx] = Java.to(['true'], 'java.lang.String[]'); ret.push($.res[r]) } } return Java.to(ret, 'java.util.Map[]')} f()"
|
||||
},
|
||||
"type": "INLINE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "build_parallel_tasks",
|
||||
"inputParameters": {
|
||||
"evaluatorType" : "javascript",
|
||||
"res": "${filter_and_update.output.result}",
|
||||
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource/",
|
||||
"expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.res.length; i++){s = $.res[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 't' + i});inputs['t' + i] = {url: $.url + $.res[i]._id,method: 'PUT', body: $.res[i], headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', 'Content-Type': 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()"
|
||||
},
|
||||
"type": "INLINE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "fork_dynamic",
|
||||
"taskReferenceName": "parallel_tasks",
|
||||
"inputParameters": {
|
||||
"tasks": "${build_parallel_tasks.output.result.tasks}",
|
||||
"inputs": "${build_parallel_tasks.output.result.inputs}"
|
||||
},
|
||||
"type": "FORK_JOIN_DYNAMIC",
|
||||
"decisionCases": {},
|
||||
"dynamicForkTasksParam": "tasks",
|
||||
"dynamicForkTasksInputParamName": "inputs",
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
},
|
||||
{
|
||||
"name": "join",
|
||||
"taskReferenceName": "join_parallel_tasks",
|
||||
"inputParameters": {},
|
||||
"type": "JOIN"
|
||||
},
|
||||
{
|
||||
"name": "check_at_least_one",
|
||||
"taskReferenceName": "check_at_least_one",
|
||||
"inputParameters": {
|
||||
"tasks": "${join_parallel_tasks.input.*}"
|
||||
},
|
||||
"type": "SWITCH",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "($.tasks.length > 0 ? 'true' : 'false')",
|
||||
"decisionCases": {
|
||||
"true": [
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "enable_jupyterhub_scope_for_context",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/scope-mappings/clients/${lookup_client.output.body[0].id}",
|
||||
"method": "POST",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize.output.body.access_token}",
|
||||
"Content-Type": "application/json"
|
||||
},
|
||||
"body": "${role_to_array.output.resultList}"
|
||||
},
|
||||
"type": "SIMPLE"
|
||||
}
|
||||
]
|
||||
},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
}
|
||||
],
|
||||
"inputParameters": [
|
||||
"context"
|
||||
],
|
||||
"outputParameters": {},
|
||||
"schemaVersion": 2,
|
||||
"restartable": true,
|
||||
"workflowStatusListenerEnabled": false,
|
||||
"ownerEmail": "example@email.com",
|
||||
"timeoutPolicy": "ALERT_ONLY",
|
||||
"timeoutSeconds": 0,
|
||||
"variables": {},
|
||||
"inputTemplate": {}
|
||||
}
|
@ -0,0 +1,179 @@
|
||||
{
|
||||
"createTime": 1689254203836,
|
||||
"updateTime": 1689259676819,
|
||||
"name": "record_context_to_is",
|
||||
"description": "Upon creation of a new context, record it to the Information System",
|
||||
"version": 1,
|
||||
"tasks": [
|
||||
{
|
||||
"name": "INLINE_TASK",
|
||||
"type" : "INLINE",
|
||||
"taskReferenceName": "init",
|
||||
"inputParameters": {
|
||||
"base_url": "{{is_url}}/resource-registry/contexts",
|
||||
"root_vo": "{{ root_vo }}",
|
||||
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
|
||||
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
|
||||
"ctx": "${workflow.input.context}",
|
||||
"ic_proxy" : "{{ ic_proxy }}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); var tree = $.ctx.split('%2F'); return { child : tree[tree.length - 1], parent : tree[tree.length-2], decoded_root_vo : $.root_vo.replace('%2F', '/') }} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "parallel_ic_proxy_queries",
|
||||
"taskReferenceName" : "parallel_ic_proxy_queries",
|
||||
"type" : "FORK_JOIN",
|
||||
"forkTasks" : [
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize_uma_rootvo",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"audience" : "${init.input.root_vo}",
|
||||
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth }}"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "retrieve_infrastructure",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/INFRASTRUCTURE",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Accept" : "application/xml",
|
||||
"Authorization" : "Bearer ${authorize_uma_rootvo.output.body.access_token}"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyeval",
|
||||
"taskReferenceName" : "extract_infrastructure_id",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/infrastructures/infrastructure/vos/vo[scope=\\'${init.output.result.decoded_root_vo}/${init.output.result.parent}\\'].id')))",
|
||||
"xmlstring" : "${retrieve_infrastructure.output.body}"
|
||||
}
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "authorize_uma_parent_vo",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
|
||||
"method" : "POST",
|
||||
"headers" : {
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body" : {
|
||||
"audience" : "${init.input.root_vo}%2F${init.output.result.parent}",
|
||||
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
|
||||
"client_id" : "orchestrator",
|
||||
"client_secret" : "{{ keycloak_auth }}"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyrest",
|
||||
"taskReferenceName" : "retrieve_vre",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"url" : "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/VRE/${init.output.result.child}",
|
||||
"method" : "GET",
|
||||
"headers" : {
|
||||
"Accept" : "application/xml",
|
||||
"Authorization" : "Bearer ${authorize_uma_parent_vo.output.body.access_token}"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"name" : "pyeval",
|
||||
"taskReferenceName" : "extract_vre_id",
|
||||
"type" : "SIMPLE",
|
||||
"inputParameters" : {
|
||||
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/ID')))",
|
||||
"xmlstring" : "${retrieve_vre.output.body}"
|
||||
}
|
||||
}
|
||||
]
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "notification_join",
|
||||
"taskReferenceName": "notification_join_ref",
|
||||
"type": "JOIN",
|
||||
"joinOn": ["extract_infrastructure_id", "extract_vre_id"]
|
||||
},
|
||||
{
|
||||
"type" : "INLINE",
|
||||
"name": "INLINE_TASK",
|
||||
"taskReferenceName": "check",
|
||||
"inputParameters": {
|
||||
"vre": "${extract_vre_id.output.result[0]}",
|
||||
"infra": "${extract_infrastructure_id.output.result[0]}",
|
||||
"evaluatorType" : "javascript",
|
||||
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.vre) || e($.infra)) throw('VRE ID and Infra ID must not be empty');} f()"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "pyrest",
|
||||
"taskReferenceName": "write_to_is",
|
||||
"inputParameters": {
|
||||
"url": "${init.input.base_url}/${extract_vre_id.output.result[0]}",
|
||||
"method": "PUT",
|
||||
"headers": {
|
||||
"Authorization": "Bearer ${authorize_uma_rootvo.output.body.access_token}",
|
||||
"Content-Type": "application/json",
|
||||
"Accept" : "application/json"
|
||||
},
|
||||
"body": {
|
||||
"type": "Context",
|
||||
"id": "${extract_vre_id.output.result[0]}",
|
||||
"name": "${init.output.result.child}",
|
||||
"parent": {
|
||||
"type": "IsParentOf",
|
||||
"source": {
|
||||
"type": "Context",
|
||||
"id": "${extract_infrastructure_id.output.result[0]}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"type": "SIMPLE",
|
||||
"decisionCases": {},
|
||||
"defaultCase": [],
|
||||
"forkTasks": [],
|
||||
"startDelay": 0,
|
||||
"joinOn": [],
|
||||
"optional": false,
|
||||
"defaultExclusiveJoinTask": [],
|
||||
"asyncComplete": false,
|
||||
"loopOver": []
|
||||
}
|
||||
],
|
||||
"inputParameters": [
|
||||
"context"
|
||||
],
|
||||
"outputParameters": {},
|
||||
"schemaVersion": 2,
|
||||
"restartable": true,
|
||||
"workflowStatusListenerEnabled": false,
|
||||
"ownerEmail": "example@email.com",
|
||||
"timeoutPolicy": "ALERT_ONLY",
|
||||
"timeoutSeconds": 0,
|
||||
"variables": {},
|
||||
"inputTemplate": {}
|
||||
}
|
Loading…
Reference in New Issue