Compare commits

...

173 Commits

Author SHA1 Message Date
Marco Lettere 88ac5e5233 fixed typo 4 months ago
Marco Lettere 9efc8caabe re-enable all workflows 4 months ago
Marco Lettere e5fe4ee663 translated policy_perm script to ansible 4 months ago
Marco Lettere 037a06cbb1 fixed JS bugs 5 months ago
Marco Lettere a60d6e2e41 fixed typo 5 months ago
Marco Lettere bfaf8ebabb fixed typo 5 months ago
Marco Lettere 0e2b9ef289 added one more check to avoid loosing data 5 months ago
Marco Lettere 0181349228 fixed transformation to array 5 months ago
Marco Lettere 9c22c6f617 modernized create_vre, create_vre_folder_for_context, record_context_to_is 6 months ago
Marco Lettere 6fbdb2d7bb modernized create_vre, create_vre_folder_for_context, record_context_to_is 6 months ago
Marco Lettere 900fa993ba modernized all the ghn workflows 6 months ago
Marco Lettere ab1010c417 modernized create_workspace_client and add_workspace_clients_tocontext 6 months ago
Marco Lettere e0028de1f0 modernized system_service workflows 6 months ago
Marco Lettere 2d953718c0 modernized system_service workflows 6 months ago
Marco Lettere 3febc0751b modernized group_created, group_deleted, jupyterhub_add_resources and enable_workspace_clients_for_context 6 months ago
Marco Lettere d775a774f9 modernize group_created and deleted 6 months ago
Marco Lettere 584b3ef940 modernize add_all_member_roles 6 months ago
Marco Lettere e648baf5bd modernize delete-user-account 6 months ago
Marco Lettere 35ce4dc32e modernize create-user-add-to-vre 6 months ago
Marco Lettere 021304f651 modernize create-user-add-to-vre 6 months ago
Marco Lettere 6599eca219 modernize create-user-add-to-vre 6 months ago
Marco Lettere 4e046ad847 modernize role_created and role_deleted workflows and add_role_policy_permission 6 months ago
Marco Lettere 746998fafd modernize role_created and role_deleted workflows and add_role_policy_permission 6 months ago
Marco Lettere cb677a7924 modernize role_created and role_deleted workflows and add_role_policy_permission 6 months ago
Marco Lettere 09494eb668 modernize role_created and role_deleted workflows 6 months ago
Marco Lettere f6e3e0f250 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 730c7f7f43 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 488fa4bff7 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 4ac9f1189b modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 8196cf0cc6 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 0a54a69bda modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 4f6b9698f5 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 1927fe6df8 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 8a798e72d5 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere 6514aa22f6 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere b1e27b9891 modernize group_add/delete and invitation accepted 6 months ago
Marco Lettere e0a5c8beac moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 1ed26efdb8 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 8c032509b2 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 47a09e155d moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 7ca6e1e022 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 7dadef708e moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 347476e792 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 787d1d7272 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere f0c3e9ab12 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere d61e893a8b moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere bd35f5aded moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 20025bad84 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 0f593d5b8d moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere de4416c842 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere b6b49d4500 moved from decision to switch for compatibility with new conductor 6 months ago
Marco Lettere 2cf8a62be4 enable publish of all wfs 6 months ago
Marco Lettere a719a05734 fixed 8 months ago
Marco Lettere 064c554c25 fixed issues and add first member additions 8 months ago
Marco Lettere c8ba9dc1cc correctly renamed workflow 8 months ago
Marco Lettere 8f3901216a enable deployment of create_vre 8 months ago
Marco Lettere ce3ef27b17 added new workflow create_vre and modified create_vre_folder to set also admins 8 months ago
Marco Lettere 94c9eeeda7 fixed query to extract correct infrastructure id 8 months ago
Marco Lettere 5b308bf8cd fixed url to IS 8 months ago
Marco Lettere f54792e117 fixed ET find and corrected validation code 8 months ago
Marco Lettere 1306b1bdfe added ID extraction and check 8 months ago
Marco Lettere 2cc42d9e6d fix minor issues 8 months ago
Marco Lettere ce66259343 added queries to IC proxy 8 months ago
Marco Lettere 517ced19c6 new taskdef for multipart/form-data 9 months ago
Marco Lettere 66d00bd06b added back root_vo 9 months ago
Marco Lettere 00782d90e1 fixed workflow 9 months ago
Marco Lettere 0846edfb75 added missing comma 9 months ago
Marco Lettere 9dc0af9e73 enable deploy of only new workflows 9 months ago
Marco Lettere 6a6fbca118 added two new subworkflows of group_created 9 months ago
Marco Lettere ec6969f626 enabled all workflows 9 months ago
Marco Lettere 4d1021f699 upload only invitation accepted 11 months ago
Marco Lettere 5a01d339ca accept 409 for avoiding unnecessary reexecutions 11 months ago
Marco Lettere 46234973e8 deploy all 1 year ago
Marco Lettere e66f146432 replaced hardcoded value with variable 1 year ago
Marco Lettere 37c7bdb070 anticipated group creation even more 1 year ago
Marco Lettere c0a770c864 anticipated group creation even more 1 year ago
Marco Lettere 6f94ff6125 anticipated group creation even more 1 year ago
Marco Lettere 5d6a17d2f5 multiple reinforced authorize for reducing expiration risks 1 year ago
Marco Lettere be6a71b283 multiple reinforced authorize for reducing expiration risks 1 year ago
Marco Lettere ad0c83c83c anticipated reinforced authorize for reducing expiration risks 1 year ago
Marco Lettere d53ad6b8fe reinforced authorize for reducing expiration risks 1 year ago
Marco Lettere 3409b5f392 reinforced authorize for reducing expiration risks 1 year ago
Marco Lettere 49f80b4cc6 fixed JS code 1 year ago
Marco Lettere 13bb81a85c sequenzialed to complete group creation asap 1 year ago
Marco Lettere cea8698929 sequenzialed to complete group creation asap 1 year ago
Marco Lettere 51be38cd57 create group directly under parent 1 year ago
Marco Lettere 72d4ba9799 patched according to new API requirements 1 year ago
Marco Lettere 887bf83277 removed unnecessary and wrong tasks at the end of workflow 1 year ago
Marco Lettere b88837df53 reenabled all workflows' deployment 1 year ago
Marco Lettere b9807d1450 removed task as per https://support.d4science.org/issues/23886 1 year ago
Marco Lettere 4cf2610cdd disable all workflows from deployment 1 year ago
Marco Lettere 1ab8b20811 renabled deploy for all workflows 2 years ago
Marco Lettere 2d8c576160 added scope link to Member role of context 2 years ago
Marco Lettere 362ab27344 added jupyterhub related workflow to group created 2 years ago
Marco Lettere 82b4d2ecf2 added jupyterhub related workflow to group created 2 years ago
Marco Lettere b0e83cc47d added jupyterhub related workflow to group created 2 years ago
Marco Lettere 18cb707053 reconfigured for jupyterhub-prod 2 years ago
Marco Lettere ee85e5cfd8 fix 2 years ago
Marco Lettere 8081b9ecf0 prepared for prod 2 years ago
Marco Lettere 38f48f558e authorization is required on master 2 years ago
Marco Lettere a5599b4311 authorization is required on master 2 years ago
Marco Lettere ac6b325486 added workflow for jh resource enablement 2 years ago
Marco Lettere 3bd3eefd4b removed dangerous role_deletion before addition 2 years ago
Marco Lettere e68a2845b5 disabled group_deleted 2 years ago
Marco Lettere 069ac7295e enabled all workflow for upload 2 years ago
Marco Lettere d4b94a2bc6 recommit 2 years ago
Marco Lettere 430047d4c5 reenabled all workflows 2 years ago
Marco Lettere dffdeeaa94 expect 204 on make-admin task 2 years ago
Marco Lettere 25bbf13a24 enable deploy for workspace clients 2 years ago
Marco Lettere 757b03003c undo emergency fix 2 years ago
Marco Lettere 2bc1d78b9c temporarily remove last task because not supported on prod 2 years ago
Marco Lettere 22fc70aec2 name fixed 2 years ago
Marco Lettere dc323102a2 name fixed 2 years ago
Marco Lettere 9ca9ad4e54 refactoring plus addition of delete ghn from contexts 2 years ago
Marco Lettere 65e1c2709e added ghn_client delete 2 years ago
Marco Lettere ff546c3405 improved join 2 years ago
Marco Lettere 83724be1ab remove wrongly named 2 years ago
Marco Lettere bb729c86d6 remove wrongly named 2 years ago
Marco Lettere bdfb3f2ca9 remove wrongly named 2 years ago
Marco Lettere 39eab850e4 fix 2 years ago
Marco Lettere 210482df25 added first ghn workflows 2 years ago
Marco Lettere 87af670d4f removed paging from add role 2 years ago
Marco Lettere fbfac80eb8 deploy workflows for gateway related support 2 years ago
Marco Lettere a4807d24e8 early termination when no user found 2 years ago
Marco Lettere 67435074ad handle gateway 2 years ago
Marco Lettere 04c7bb0ba6 handle gateway 2 years ago
Marco Lettere a03e924045 handle gateway 2 years ago
Marco Lettere 9e8e374f6d handle gateway 2 years ago
Marco Lettere 8805ceb944 adapted delete user from group to also handle gateways 2 years ago
Marco Lettere 0f2023bb62 adapted delete user from group to also handle gateways 2 years ago
Marco Lettere 24e190c957 adapted delete user from group to also handle gateways 2 years ago
Marco Lettere 3b6c49edce rewriting to manage also gateways 2 years ago
Marco Lettere 36026d6a4f rewriting to manage also gateways 2 years ago
Marco Lettere eb93fe1421 rewriting to manage also gateways 2 years ago
Marco Lettere 264aee6580 rewriting to manage also gateways 2 years ago
Marco Lettere 14a4698a92 rewriting to manage also gateways 2 years ago
Marco Lettere 2a790c7233 rewriting to manage also gateways 2 years ago
Marco Lettere 079eaaf63c rewriting to manage also gateways 2 years ago
Marco Lettere 2b85ac6e7c enabled workspace client workflows 2 years ago
Marco Lettere 64cb191730 added task for making ws client also admin of its workspace folder 2 years ago
Marco Lettere bd895d4583 removed regression 2 years ago
Marco Lettere 5685e29d49 even more resilient plus fix 2 years ago
Marco Lettere e659207019 more resilient to return type from shub 2 years ago
Marco Lettere 604a78af89 fix 2 years ago
Marco Lettere 51edaa1675 upload only that flow 2 years ago
Marco Lettere a0defed409 support also not encoded contexts 2 years ago
Marco Lettere 85051056be fix 2 years ago
Marco Lettere 3e2e2d460d fix 2 years ago
Marco Lettere 263c12db0f added new workflow 2 years ago
Marco Lettere 553f2aa357 added add_workspace_client_to_contexts 2 years ago
Marco Lettere c2e98f6faf fix call to rigth workflow 2 years ago
Marco Lettere f4ee98c531 deploy group_created fix 2 years ago
Marco Lettere 5d2a945047 deploy group_created 2 years ago
Marco Lettere a64ea6f2a5 removed unnecessary parameters, make workspace_to_vre more resilient to already member, hooked enable_workspace_clients workflow to group_created 2 years ago
Marco Lettere 7f39fde127 call to add_ws_client subworkflow fix 2 years ago
Marco Lettere 9a86ba6ee4 call to add_ws_client subworkflow fix 2 years ago
Marco Lettere a11bf6a057 call to add_ws_client subworkflow fix 2 years ago
Marco Lettere 6fd9e3c590 call to add_ws_client subworkflow 2 years ago
Marco Lettere 4c57be3f45 apply filter fix 2 years ago
Marco Lettere c6a0a1e0b7 apply filter fix 2 years ago
Marco Lettere 7864b81016 apply filter fix 2 years ago
Marco Lettere f8e1fff6d4 apply filter fix 2 years ago
Marco Lettere 7dc2aacfc6 apply filter 2 years ago
Marco Lettere e95442434c extract ws client names 2 years ago
Marco Lettere f438b0e0b1 added query to IC Proxy 2 years ago
Marco Lettere 7190e25c84 fixing validation 2 years ago
Marco Lettere 4682b3c575 fixing validation 2 years ago
Marco Lettere 6736647f91 fixing validation 2 years ago
Marco Lettere db238a9d44 fixing validation 2 years ago
Marco Lettere 37f465df65 fixing validation 2 years ago
Marco Lettere f12108aaf1 fixing validation 2 years ago
Marco Lettere 9fc54797c6 fixing validation 2 years ago
Marco Lettere 212990557f first stub for enable_workspace_clients_for_context 2 years ago

@ -1,24 +1,36 @@
---
workflows:
# - create-user-add-to-vre
# - group_deleted
# - user-group_created
# - user-group-role_created
# - group_created
# - invitation-accepted
# - user-group_deleted
# - user-group-role_deleted
# - delete-user-account
# - role_deleted
# - role_created
# - add_role_policy_permission
# - add_all_member_roles
# - create_system_service
# - delete_system_service
# - add_all_system_services_to_vre
- create_workspace_client
- add_workspace_client_to_context
- enable_workspace_clients_for_context
# - create-user-add-to-vre
# - group_deleted
# - user-group_created
# - user-group-role_created
# - group_created
# - invitation-accepted
# - user-group_deleted
# - user-group-role_deleted
# - delete-user-account
# - role_deleted
# - role_created
# - add_role_policy_permission
# - add_all_member_roles
# - create_system_service
# - delete_system_service
# - add_all_system_services_to_vre
# - create_workspace_client
# - add_workspace_client_to_context
# - enable_workspace_clients_for_context
- add_workspace_client_to_contexts
# - ghn_client_add_to_context
# - ghn_client_add_to_contexts
# - ghn_client_create
# - ghn_client_delete
# - ghn_client_remove_from_contexts
# - ghn_client_remove_from_context
# - jupyterhub_add_serveroptions_to_context
# - record_context_to_is
# - create_vre_folder_for_context
# - create_vre
keycloak_host: "https://accounts.dev.d4science.org/auth"
keycloak: "{{ keycloak_host }}/realms"
keycloak_realm: "d4science"
@ -28,4 +40,5 @@ keycloak_auth_master: "7a64deb5-e8ea-4add-ba8d-26b339994cc9"
liferay: "https://next.d4science.org/api/jsonws"
liferay_auth: "bm90aWZpY2F0aW9uc0BkNHNjaWVuY2Uub3JnOmdjdWJlcmFuZG9tMzIx"
root_vo: "%2Fgcube"
ic_proxy: "https://node10-d-d4s.d4science.org"
ic_proxy: "https://node10-d-d4s.d4science.org"
is_url: "https://url.gcube.d4science.org"

@ -8,13 +8,14 @@
"inputParameters" : ["context","client"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1 == 1"
"evaluatorType" : "javascript",
"expression": "1 == 1"
}
},
{

@ -8,13 +8,14 @@
"inputParameters" : ["client_resource_id"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"iC_proxy" : "{{ ic_proxy }}",
"evaluatorType" : "javascript",
"scriptExpression": "1 == 1"
}
},
@ -105,13 +106,14 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_get_system_services_tasks",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"url" : "${init.input.keycloak_admin}/clients?search=true&clientId=",
"services" : "${extract_system_service_names.output.result}",
"scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service' + i});inputs['get_system_service' + i] = {url: $.url + s,method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};"
"evaluatorType" : "javascript",
"expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service' + i});inputs['get_system_service' + i] = {url: $.url + s,method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()"
}
},
{
@ -131,13 +133,14 @@
"taskReferenceName" : "join_parallel_get_system_services_tasks"
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_get_system_services_useraccount_tasks",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"url" : "${init.input.keycloak_admin}/clients",
"services" : "${join_parallel_get_system_services_tasks.output..body.*.id}",
"scriptExpression": "inputs = {}, tasks = [];for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service_useraccount' + i});inputs['get_system_service_useraccount' + i] = {url: $.url + '/' + s + '/service-account-user',method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};"
"scriptExpression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.services.length; i++){s = $.services[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 'get_system_service_useraccount' + i});inputs['get_system_service_useraccount' + i] = {url: $.url + '/' + s + '/service-account-user',method: 'GET',headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', Accept: 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};"
}
},
{
@ -163,7 +166,8 @@
"inputParameters": {
"context" : "${get_vre.output.body}",
"service_ids" : "${join_parallel_get_system_services_useraccount_tasks.output..body.id}",
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.service_ids.length;i++)c=$.context,tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.service_ids[i]};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];for(var i=0;i<$.service_ids.length;i++)c=$.context,tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_all_member_roles_'+i, subWorkflowParam:{ name:'add_all_member_roles'}}),inputs['call_add_all_member_roles_'+i]={context:c, client:$.service_ids[i]};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{

@ -8,13 +8,14 @@
"inputParameters" : ["role"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1 == 1"
"evaluatorType" : "javascript",
"expression": "1 == 1"
}
},
{
@ -44,6 +45,7 @@
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "add_policy",
"retryCount" : 1,
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/policy/role",
"method" :"POST",
@ -52,7 +54,6 @@
"Content-Type" : "application/json",
"Accept" : "application/json"
},
"expect" : [201, 409],
"body" : {
"name":"${workflow.input.role.name}_policy",
"description" : "Policy for having ${workflow.input.role.name} role",
@ -69,6 +70,7 @@
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_default_permission",
"retryCount" : 1,
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${workflow.input.role.containerId}/authz/resource-server/permission?name=Default Permission",
"method" :"GET",
@ -101,15 +103,30 @@
"joinOn" : ["retrieve_default_permission_policies","add_policy"]
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "to_policy_array",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"newpolicy": "${add_policy.output.body}",
"evaluatorType" : "javascript",
"prevpolicies" : "${retrieve_default_permission_policies.output.body}",
"scriptExpression": "return Java.to(Java.from($.prevpolicies).concat($.newpolicy),'java.util.Map[]')"
"expression": "Java.from($.prevpolicies).concat($.newpolicy)"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "count_check",
"inputParameters": {
"tocount": "${to_policy_array.output.result[*].id}",
"tocompare": "${retrieve_default_permission_policies.output.body}",
"evaluatorType": "javascript",
"expression": "if($.tocount.length < $.tocompare.length) throw 'Unexpected low value'; else $.tocount.length < $.tocompare.length"
},
"type": "INLINE",
"startDelay": 0,
"optional": false,
"asyncComplete": false
},
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",

@ -8,9 +8,9 @@
"inputParameters" : ["client_id", "context"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"storagehub" : "{{ storagehub }}",
@ -18,7 +18,8 @@
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"ctx" : "${workflow.input.context}",
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_root_vo : encodeURI($.root_vo)}"
"evaluatorType": "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_root_vo : encodeURI($.root_vo), encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
}
},
{
@ -59,12 +60,13 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "extract_ws_client",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_client.output.body}",
"scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}"
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
}
},
{
@ -88,7 +90,7 @@
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.context}"},
"params" : { "clientId" : "${init.output.result.encoded_context}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
@ -97,12 +99,13 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "extract_context",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_context.output.body}",
"scriptExpression": "function e(v){ return (v.length === 0)}; if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id: $.client[0].id }"
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
}
},
{
@ -128,12 +131,13 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "shubify_context_name",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"context_name" : "${extract_context.output.result.client.name}",
"scriptExpression": "var s = $.context_name; return { shubified_context_name : (s[0] === '/' ? s.replace('/', '') : s).split('/').join('-')}"
"evaluatorType" : "javascript",
"expression": "var s = $.context_name; function f(){return { shubified_context_name : (s[0] === '/' ? s.replace('/', '') : s).split('/').join('-')}} f()"
}
}
]
@ -188,11 +192,11 @@
"inputParameters" : {
"url" : "${init.input.storagehub}/workspace/groups/${shubify_context_name.output.result.shubified_context_name}/users",
"method" : "PUT",
"expect" : [200, 400, 500],
"body" :{
"userId" : "${get_service_account_user.output.body.username}"
},
"headers" : {
"Accept" : "application/json",
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
}

@ -0,0 +1,52 @@
{
"ownerApp" : "Orchestrator",
"name" : "add_workspace_client_to_contexts",
"createBy" : "Marco Lettere",
"description": "A workspace client is made Member of all the contexts passed as input by calling the add_workspace_client_to_context sub-workflow",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_tasks_to_add_ws_client_to_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_add_ws_client_to_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_add_ws_client_to_all_contexts"
}
]
}

@ -8,14 +8,15 @@
"inputParameters" : ["user", "first-name", "last-name", "email", "password", "group"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"group" : "${workflow.input.group}",
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
"group" : "${workflow.input.group}",
"evaluatorType" : "javascript",
"expression": "function f(){var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}} f()"
}
},
{
@ -79,15 +80,16 @@
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "LAMBDA"
},
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
},
"type": "INLINE"
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
@ -119,21 +121,23 @@
{
"name" : "check_role_existance",
"taskReferenceName" : "check_role_existance",
"type" : "DECISION",
"type" : "SWITCH",
"inputParameters" :{
"previous_outcome" : "${get_client_roles.output.status}"
},
"caseValueParam" : "previous_outcome",
"evaluatorType" : "value-param",
"expression" : "previous_outcome",
"decisionCases" : {
"200" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "select_role",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"role": "${workflow.input.role}",
"roles" : "${get_client_roles.output.body}",
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}"
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return $.roles[i]}} f()"
}
},
{
@ -149,24 +153,26 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "extract_groups",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"scriptExpression": "function selectByPath(groups, path, level, acc){ for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {acc.push(groups[i]); if (level === path.length - 1) return acc;return selectByPath(groups[i].subGroups, path, level+1, acc)}} return []; } return { 'groups' : Java.to(selectByPath($.groups, $.tree, 0, []),'java.util.Map[]')}"
"expression": "function selectByPath(groups, path, level, acc){ for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {acc.push(groups[i]); if (level === path.length - 1) return acc;return selectByPath(groups[i].subGroups, path, level+1, acc)}} return []; } function f(){ return { 'groups' : Java.to(selectByPath($.groups, $.tree, 0, []),'java.util.Map[]')}} f()"
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_add_to_all_groups_tasks",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"groups" : "${extract_groups.output.result.groups}",
"auth" : "Bearer ${authorize.output.body.access_token}",
"kc_user_url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/groups/",
"scriptExpression": "inputs={};tasks=[];for(var i=0;i<$.groups.length;i++)group=$.groups[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'user_to_group_'+i}),inputs['user_to_group_'+i]={ url : $.kc_user_url + group.id, method : 'PUT', headers: { Authorization : $.auth} };return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
"kc_user_url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/",
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.groups.length;i++)group=$.groups[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'user_to_group_'+i}),inputs['user_to_group_'+i]={ url : $.kc_user_url + group.id, method : 'PUT', headers: { Authorization : $.auth} };return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f();"
}
},
{

@ -8,16 +8,17 @@
"inputParameters" : ["client_id", "client_secret", "description"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"secret" : "${workflow.input.client_secret}",
"description" : "${workflow.input.description}",
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }"
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){ if(e($.id)) throw('Client ID must not be empty'); return { client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}}; f()"
}
},
{
@ -52,12 +53,13 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"client_location" : "${create_client.output.headers.location}",
"scriptExpression": "var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}"
"evaluatorType" : "javascript",
"client_location" : "${create_client.output.headers.location}",
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_id' : client_id}}; f()"
}
},
{

@ -0,0 +1,656 @@
{
"ownerApp" : "Orchestrator",
"name" : "create_vre",
"createBy" : "Marco Lettere",
"description": "Handle workflow related to Portal event group_created",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["context", "folder_owner", "folder_admins"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"group" : "${workflow.input.context}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.group)) throw('Group must not be empty'); var tree = $.group.startsWith('%2F') ? $.group.split('%2F') : [$.group]; return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/'), encoded_root_vo : encodeURI($.root_vo)}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "preliminary_fork",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "create_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"body" : {
"clientId": "${init.input.group}",
"name": "${init.output.result.name}",
"description": "Client representation for ${init.output.result.name} context",
"rootUrl": "http://localhost${init.output.result.name}",
"enabled": true,
"serviceAccountsEnabled": true,
"standardFlowEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"fullScopeAllowed" : false,
"protocol": "openid-connect"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "INLINE",
"inputParameters": {
"client_location" : "${create_client.output.headers.location}",
"evaluatorType" : "javascript",
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_id' : client_id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "list_kc_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "prepare",
"type": "INLINE",
"inputParameters": {
"append": "${init.output.result.append}",
"groups": "${list_kc_groups.output.body}",
"evaluatorType" : "javascript",
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; function f(){return {'group' : $.append == '' ? '' : recurse($.groups)}} f()"
}
},
{
"name": "decide_task",
"taskReferenceName": "decide1",
"inputParameters": {
"groupid": "${prepare.output.result.group}"
},
"type": "SWITCH",
"evaluatorType" : "value-param",
"expression": "groupid",
"decisionCases": {
"": [
{
"name": "INLINE_TASK",
"taskReferenceName": "dummy",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"expression": "1"
}
}
]
},
"defaultCase": [
{
"name": "pyrest",
"taskReferenceName": "create_kc_group",
"inputParameters": {
"url": "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
"body": {
"name": "${init.output.result.child}"
},
"method": "POST",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Content-Type": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "INLINE_TASK",
"type": "INLINE",
"taskReferenceName": "prepare2",
"inputParameters": {
"location": "${create_kc_group.output.headers.location}",
"client_location": "${create_client.output.headers.location}",
"evaluatorType" : "javascript",
"expression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function f(){return {'newid' : newid, 'client_id' : client_id}} f()"
}
}
]
},
{
"name" : "pyrest",
"taskReferenceName" : "get_default_policies",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_default_resource",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/resource",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_default_policy1",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[0].id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_default_policy2",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[1].id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource",
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"resources" : ["${get_default_resource.output.body[0]._id}"]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo_roles",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "preliminary_fork_join",
"joinOn": [ "create_permission", "get_rootvo_roles"]
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize1",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_member.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_back_role_member.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "add_role_member_as_component_of_infrastructure_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member/composites",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : "${to_array.output.resultList}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "Member_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_member.output.body.id}",
"required" : true
}
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
}
}
},
{
"name": "decide_task",
"taskReferenceName": "decide2",
"inputParameters": {
"groupid": "${prepare.output.result.group}"
},
"type": "SWITCH",
"evaluatorType" : "value-param",
"expression": "groupid",
"decisionCases": {
"": [
{
"name": "INLINE_TASK",
"taskReferenceName": "dummy2",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"expression": "1"
}
}
]
},
"defaultCase": [
{
"name" : "pyrest",
"taskReferenceName" : "assign_client_member_role_to_kc_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups/${prepare2.output.result.newid}/role-mappings/clients/${prepare2.output.result.client_id}",
"method" : "POST",
"body" : ["${get_back_role_member.output.body}"],
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Accept" : "application/json",
"Content-Type" : "application/json"
}
}
}
]
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize2",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_role_tasks",
"type": "INLINE",
"inputParameters": {
"roles" : "${get_rootvo_roles.output.body}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k); function f(){return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_role",
"inputParameters" : {
"tasks" : "${build_add_role_tasks.output.result.tasks}",
"inputs" : "${build_add_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_role_addition"
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize3",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_get_back_role_tasks",
"type": "INLINE",
"inputParameters": {
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_get_back_role",
"inputParameters" : {
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_getting_back"
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize4",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_policy_tasks",
"type": "INLINE",
"inputParameters": {
"roles" : "${join_parallel_getting_back.output[*].body}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_policy_role",
"inputParameters" : {
"tasks" : "${build_add_policy_tasks.output.result.tasks}",
"inputs" : "${build_add_policy_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_policy_addition"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "policy_list",
"type": "INLINE",
"inputParameters": {
"memberpolicy" : "${create_role_policy_member.output.body.id}",
"otherpolicies" : "${join_parallel_policy_addition.output[*].body.id}",
"evaluatorType" : "javascript",
"expression": "function f(){return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize5",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource/${create_permission.output.body.id}",
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"policies" : "${policy_list.output.result}"
},
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize5.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "fork_subworkflows",
"type" : "FORK_JOIN",
"taskReferenceName" : "parallel_call_subworkflows",
"forkTasks" : [
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_enable_workspace_clients_for_context",
"subWorkflowParam": {
"name": "enable_workspace_clients_for_context"
},
"inputParameters": {
"context" : "${workflow.input.context}"
},
"type": "SUB_WORKFLOW"
}
],
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_jupyterhub_add_serveroptions_to_context",
"subWorkflowParam": {
"name": "jupyterhub_add_serveroptions_to_context"
},
"inputParameters": {
"context" : "${workflow.input.context}"
},
"type": "SUB_WORKFLOW"
}
],
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_record_context_to_is",
"subWorkflowParam": {
"name": "record_context_to_is"
},
"inputParameters": {
"context" : "${workflow.input.context}"
},
"type": "SUB_WORKFLOW"
}
],
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_create_vre_folder_for_context",
"subWorkflowParam": {
"name": "create_vre_folder_for_context"
},
"inputParameters": {
"context" : "${workflow.input.context}",
"folder_owner" : "${workflow.input.folder_owner}",
"folder_admins" : "${workflow.input.folder_admins}"
},
"type": "SUB_WORKFLOW"
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_call_subworkflows",
"joinOn" :[
"call_enable_workspace_clients_for_context",
"call_jupyterhub_add_serveroptions_to_context",
"call_record_context_to_is",
"call_create_vre_folder_for_context"
]
}
]
}

@ -0,0 +1,141 @@
{
"createTime": 1689260185434,
"updateTime": 1689259167761,
"name": "create_vre_folder_for_context",
"description": "Upon creation of a new context, create also a vre folder on the workspace",
"version": 1,
"tasks": [
{
"name": "INLINE_TASK",
"type": "INLINE",
"taskReferenceName": "init",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"base_url": "https://url.gcube.d4science.org/",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"storagehub" : "{{ storagehub }}/workspace",
"ctx": "${workflow.input.context}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); return { shubified_context_name : ($.ctx[0] === '%' ? $.ctx.replace('%2F', '') : $.ctx).split('%2F').join('-') }} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize_with_uma_rpt",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${init.input.root_vo}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name": "pyrest",
"taskReferenceName": "create_vre_folder",
"inputParameters": {
"url": "${init.input.storagehub}/groups",
"method": "POST",
"headers": {
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}",
"Accept": "text/plain",
"Content-Type": "multipart/form-data"
},
"body": {
"accessType": [
"WRITE_OWNER",
"application/json"
],
"group": "${init.output.result.shubified_context_name}",
"folderOwner": "${workflow.input.folder_owner}"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_vre_folder_users_tasks",
"type": "INLINE",
"inputParameters": {
"admins" : "${workflow.input.folder_admins}",
"url": "${init.input.storagehub}/groups/${init.output.result.shubified_context_name}/users",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.admins.length;i++)a=$.admins[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'tu_'+i}),inputs['tu_'+i]={url:$.url,body:{userId:a},method:'PUT',headers:{Authorization:'Bearer ${authorize_with_uma_rpt.output.body.access_token}', Accept: 'text/plain'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_vre_folder_users",
"inputParameters" : {
"tasks" : "${build_add_vre_folder_users_tasks.output.result.tasks}",
"inputs" : "${build_add_vre_folder_users_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_add_vre_folder_users"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_vre_folder_admins_tasks",
"type": "INLINE",
"inputParameters": {
"admins" : "${workflow.input.folder_admins}",
"url": "${init.input.storagehub}/groups/${init.output.result.shubified_context_name}/admins",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.admins.length;i++)a=$.admins[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'ta_'+i}),inputs['ta_'+i]={url:$.url,body:{userId:a},method:'PUT',headers:{Authorization:'Bearer ${authorize_with_uma_rpt.output.body.access_token}', Accept: 'text/plain'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_vre_folder_admins",
"inputParameters" : {
"tasks" : "${build_add_vre_folder_admins_tasks.output.result.tasks}",
"inputs" : "${build_add_vre_folder_admins_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_add_vre_folder_admins"
}
],
"inputParameters": [
"context",
"folder_owner",
"folder_admins"
],
"outputParameters": {},
"schemaVersion": 2,
"restartable": true,
"workflowStatusListenerEnabled": false,
"ownerEmail": "example@email.com",
"timeoutPolicy": "ALERT_ONLY",
"timeoutSeconds": 0,
"variables": {},
"inputTemplate": {}
}

@ -8,9 +8,9 @@
"inputParameters" : ["client_id", "client_secret", "description", "context_list"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
@ -19,7 +19,8 @@
"id" : "${workflow.input.client_id}",
"secret" : "${workflow.input.client_secret}",
"description" : "${workflow.input.description}",
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'} }"
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}} f()"
}
},
{
@ -60,12 +61,13 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"client_location" : "${create_client.output.headers.location}",
"scriptExpression": "var client_id = $.client_location.split('/').pop(); return {'client_resource_id' : client_id}"
"evaluatorType" :"javascript",
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_resource_id' : client_id}} f()"
}
},
{
@ -184,8 +186,9 @@
"inputParameters": {
"status": "${check_workspace.output.status}"
},
"type": "DECISION",
"caseExpression": "($.status === 406 ? 'create' : 'exists')",
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.status === 406 ? 'create' : 'exists')",
"decisionCases": {
"create": [
{
@ -225,13 +228,14 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_tasks_to_add_ws_client_to_all_contexts",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{

@ -8,17 +8,18 @@
"inputParameters" : [ "userid" ],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/${workflow.input.realm}",
"keycloak_admin" : "{{ keycloak_admin }}/${workflow.input.realm}",
"liferay": "{{ liferay }}",
"liferay_auth": "{{ liferay_auth }}",
"keycloak_userid" : "${workflow.input.userid}",
"scriptExpression": "return { 'decoded_root_vo' : $.root_vo.replace('%2F','/'), 'encoded_root_vo' : encodeURIComponent($.root_vo)}"
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/${workflow.input.realm}",
"keycloak_admin" : "{{ keycloak_admin }}/${workflow.input.realm}",
"liferay": "{{ liferay }}",
"liferay_auth": "{{ liferay_auth }}",
"keycloak_userid" : "${workflow.input.userid}",
"evaluatorType" : "javascript",
"expression": "function f(){ return { 'decoded_root_vo' : $.root_vo.replace('%2F','/'), 'encoded_root_vo' : encodeURIComponent($.root_vo)}} f()"
}
},
{
@ -107,13 +108,14 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_delete_group_tasks",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"groups" : "${lookup_lr_user_groups.output.body.*.groupId}",
"userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
"scriptExpression": "inputs = {}; tasks = []; for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs};"
"expression": "inputs = {}; tasks = []; function f(){ for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs}} f()"
}
},
{
@ -149,11 +151,12 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "lr_final_task",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters" : {
"scriptExpression" : "1 == 1"
"evaluatorType" : "javascript",
"expression" : "1 == 1"
}
}
],

@ -8,14 +8,15 @@
"inputParameters" : ["client_id"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"scriptExpression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.id)) throw('Client ID must not be empty');"
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()"
}
},
{
@ -50,12 +51,13 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "check",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"list" : "${lookup_client.output.body}",
"scriptExpression" : "if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')"
"list" : "${lookup_client.output.body}",
"evaluatorType" : "javascript",
"expression" : "function f(){if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')} f()"
}
},
{

@ -8,18 +8,94 @@
"inputParameters" : ["filter", "context"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"ctx" : "${workflow.input.context}",
"filter" : "${workflow.input.filter}",
"scriptExpression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.ctx)) throw('Context must not be empty'); f=$.filter; if(e(f)) f = []; else if(!(f instanceof Array)) else throw('Filter must be empty or Array'); return { encoded_root_vo : encodeURI($.root_vo), filter : filter}"
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); f=$.filter; if(e(f)) f = []; else if(typeof(f) === 'string') f=[f]; else f=Java.from(f); return { encoded_root_vo : encodeURI($.root_vo), filter : Java.to(f,'java.lang.String[]')}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize_with_uma_rpt",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${workflow.input.context}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "query_workspace_clients_on_icproxy",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ ic_proxy }}/icproxy/gcube/service/ServiceEndpoint/SystemWorkspaceClient",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
}
},
{
"name" : "pyeval",
"taskReferenceName" : "extract_workspace_client_names",
"type" : "SIMPLE",
"inputParameters" : {
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Name')))",
"xmlstring" : "${query_workspace_clients_on_icproxy.output.body}"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "filtered_workspace_client_names",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"names" : "${extract_workspace_client_names.output.result}",
"filter" : "${init.output.result.filter}",
"expression": "names=Java.from($.names); filt=Java.from($.filter); function f(){if(filt.length === 0) output=names; else { output=[]; for(i=0;i<names.length;i++){ if(filt.indexOf(names[i]) !== -1) output.push(names[i])}} return { 'names' : Java.to(output, 'java.lang.String[]')}} f()"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_workspace_client_to_context_tasks",
"type": "INLINE",
"inputParameters": {
"context" : "${workflow.input.context}",
"names" : "${filtered_workspace_client_names.output.result.names}",
"evaluatorType" : "javascript",
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.names.length;i++){tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_add_ws_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}});inputs['call_add_ws_client_to_context_'+i]={client_id:$.names[i], context:$.context}} return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_workspace_client_to_context_tasks",
"inputParameters" : {
"tasks" : "${build_add_workspace_client_to_context_tasks.output.result.tasks}",
"inputs" : "${build_add_workspace_client_to_context_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_add_workspace_client_to_context_tasks"
}
]
}

@ -0,0 +1,159 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_add_to_context",
"createBy" : "Marco Lettere",
"description": "A GHN client is made Member of a context and it's workspace folder is linked to context's shared folder",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"ctx" : "${workflow.input.context}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_ghn_client",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_client.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_context",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${init.output.result.encoded_context}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_context",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_context.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "roles_to_assign",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${retrieve_member_role.output.body}",
"queryExpression" : ".role"
}
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"roles_to_assign"
]
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${roles_to_assign.output.resultList}"
}
}
]
}

@ -0,0 +1,51 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_add_to_contexts",
"createBy" : "Marco Lettere",
"description": "A client for a GHN is made Member of all the contexts passed as input by calling the ghn_client_add_to_context sub-workflow",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_tasks_to_add_ghn_client_to_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_ghn_client_to_context_'+i, subWorkflowParam:{ name:'ghn_client_add_to_context'}}),inputs['add_ghn_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_add_ghn_client_to_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_add_ghn_client_to_all_contexts"
}
]
}

@ -0,0 +1,180 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_create",
"createBy" : "Marco Lettere",
"description": "Create a client on IAM to represent SmartGears based GHNodes",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "client_secret", "description", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"storagehub" : "{{ storagehub }}",
"id" : "${workflow.input.client_id}",
"secret" : "${workflow.input.client_secret}",
"description" : "${workflow.input.description}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "create_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"body" : "${init.output.result.client}",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "INLINE",
"inputParameters": {
"client_location" : "${create_client.output.headers.location}",
"evaluatorType" : "javascript",
"expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_resource_id' : client_id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_resource_id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_rootvo_member_role",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Member",
"method" : "GET",
"expect" : [200, 404],
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"get_rootvo_member_role"
]
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_rootvo_member_role.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "assign_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${get_rootvo_member_role.output.body.containerId}",
"method" :"POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept":"application/json"
},
"body" : "${to_array.output.resultList}"
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_tasks_to_add_ghn_client_to_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_ghn_client_to_context_'+i, subWorkflowParam:{ name:'ghn_client_add_to_context'}}),inputs['add_ghn_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_add_ghn_client_to_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_add_ghn_client_to_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_add_ghn_client_to_all_contexts"
}
]
}

@ -0,0 +1,76 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_delete",
"createBy" : "Marco Lettere",
"description": "Delete a GHN client from IAM",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression" : "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty');} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "check",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"list" : "${lookup_client.output.body}",
"expression" : "if($.list.length === 0 || $.list.length > 1) throw('No client found with client_id or ambiguous query returned multiple clients.')"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
}
]
}

@ -0,0 +1,159 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_remove_from_context",
"createBy" : "Marco Lettere",
"description": "The role Memeber of the give context is removed from a GHN client on IAM.",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"ctx" : "${workflow.input.context}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "fork_join",
"taskReferenceName" : "fork1",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.client_id}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_ghn_client",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_client.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('GHN client not found'); else return { client : $.client[0], id : $.client[0].id}} f()"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_service_account_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_ghn_client.output.result.id}/service-account-user",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "lookup_context",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${init.output.result.encoded_context}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_context",
"type": "INLINE",
"inputParameters": {
"client" : "${lookup_context.output.body}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Context not found'); else return { client : $.client[0], id: $.client[0].id }} f()"
}
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "retrieve_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member",
"method" :"GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "roles_to_remove",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${retrieve_member_role.output.body}",
"queryExpression" : ".role"
}
}
]
]
},
{
"name": "join",
"taskReferenceName": "join1",
"type": "JOIN",
"joinOn": [
"get_service_account_user",
"roles_to_remove"
]
},
{
"name" : "pyrest",
"type" : "SIMPLE",
"taskReferenceName": "remove_member_role",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}",
"method" :"DELETE",
"expect" : 204,
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : "${roles_to_remove.output.resultList}"
}
}
]
}

@ -0,0 +1,51 @@
{
"ownerApp" : "Orchestrator",
"name" : "ghn_client_remove_from_contexts",
"createBy" : "Marco Lettere",
"description": "The role Member for of all the passed contexts is removed from a GHN client",
"version" : 1,
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["client_id", "context_list"],
"tasks" : [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"id" : "${workflow.input.client_id}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { }} f()"
}
},
{
"name": "INLINE",
"taskReferenceName": "build_tasks_to_remove_ghn_client_from_all_contexts",
"type": "INLINE",
"inputParameters": {
"context_list" : "${workflow.input.context_list}",
"client_id" : "${workflow.input.client_id}",
"evaluatorType" : "javascript",
"expression": "inputs={},tasks=[]; function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'remove_ghn_client_from_context_'+i, subWorkflowParam:{ name:'ghn_client_remove_from_context'}}),inputs['remove_ghn_client_from_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_build_tasks_to_remove_ghn_client_from_all_contexts",
"inputParameters" : {
"tasks" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.tasks}",
"inputs" : "${build_tasks_to_remove_ghn_client_from_all_contexts.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_build_tasks_to_remove_ghn_client_from_all_contexts"
}
]
}

@ -7,16 +7,17 @@
"ownerEmail" : "marco.lettere@nubisware.com",
"inputParameters" : ["user", "group"],
"tasks" : [
{
"name": "LAMBDA_TASK",
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"clientId" : "${workflow.input.group}",
"scriptExpression": "var tree = $.clientId.split('%2F'); return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/'), encoded_root_vo : encodeURI($.root_vo)}"
"group" : "${workflow.input.group}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.group)) throw('Group must not be empty'); var tree = $.group.startsWith('%2F') ? $.group.split('%2F') : [$.group]; return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/'), encoded_root_vo : encodeURI($.root_vo)}} f()"
}
},
{
@ -36,6 +37,44 @@
}
}
},
{
"name" : "check_is_gateway",
"taskReferenceName" : "check_is_gateway",
"type" : "SWITCH",
"evaluatorType" : "javascript",
"inputParameters" :{
"group" : "${workflow.input.group}"
},
"expression": "$.group.toLowerCase().endsWith('gateway') ? 'gateway' : ''",
"decisionCases" : {
"gateway" : [
{
"name" : "pyrest",
"taskReferenceName" : "create_gateway_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups",
"body" : {
"name" : "${init.output.result.child}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_gateway",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "fork_join",
"taskReferenceName" : "preliminary_fork",
@ -49,7 +88,7 @@
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"body" : {
"clientId": "${init.input.clientId}",
"clientId": "${init.input.group}",
"name": "${init.output.result.name}",
"description": "Client representation for ${init.output.result.name} context",
"rootUrl": "http://localhost${init.output.result.name}",
@ -69,15 +108,93 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "extract_client_id",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"client_location" : "${create_client.output.headers.location}",
"scriptExpression": "var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}"
"client_location" : "${create_client.output.headers.location}",
"evaluatorType" : "javascript",
"expression": "function f(){var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}} f()"
}
},
{
{
"name" : "pyrest",
"taskReferenceName" : "list_kc_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "prepare",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"append": "${init.output.result.append}",
"groups": "${list_kc_groups.output.body}",
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; function f(){return {'group' : $.append == '' ? '' : recurse($.groups)}} f()"
}
},
{
"name": "decide_task",
"taskReferenceName": "decide1",
"inputParameters": {
"groupid": "${prepare.output.result.group}"
},
"type": "SWITCH",
"evaluatorType" : "value-param",
"expression": "groupid",
"decisionCases": {
"": [
{
"name": "INLINE_TASK",
"taskReferenceName": "dummy",
"type": "INLINE",
"inputParameters": {
"evaluatorType" :"javascript",
"expression": "1"
}
}
]
},
"defaultCase": [
{
"name": "pyrest",
"taskReferenceName": "create_kc_group",
"inputParameters": {
"url": "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
"body": {
"name": "${init.output.result.child}"
},
"method": "POST",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Content-Type": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "prepare2",
"inputParameters": {
"evaluatorType" : "javascript",
"location": "${create_kc_group.output.headers.location}",
"client_location": "${create_client.output.headers.location}",
"expression": "function f(){var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); return {'newid' : newid, 'client_id' : client_id}} f()"
},
"type": "INLINE"
}
]
},
{
"name" : "pyrest",
"taskReferenceName" : "get_default_policies",
"type" : "SIMPLE",
@ -188,305 +305,361 @@
"taskReferenceName" : "preliminary_fork_join",
"joinOn": [ "create_permission", "get_rootvo_roles"]
},
{
"name" : "fork_join",
"taskReferenceName" : "fork_role_creation",
"type" : "FORK_JOIN",
"forkTasks" : [
[{
"name" : "pyrest",
"taskReferenceName" : "create_role_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_member.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_back_role_member.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "add_role_member_as_component_of_infrastructure_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member/composites",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : "${to_array.output.resultList}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "Member_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_member.output.body.id}",
"required" : true
}
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_kc_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups",
"body" : {
"name" : "${init.output.result.child}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "list_kc_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "prepare",
"type": "LAMBDA",
"inputParameters": {
"append" : "${init.output.result.append}",
"location" : "${create_kc_group.output.headers.location}",
"client_location" : "${create_client.output.headers.location}",
"groups" : "${list_kc_groups.output.body}",
"scriptExpression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; return {'group' : $.append == '' ? '' : recurse($.groups), 'newid' : newid, 'client_id' : client_id}"
{
"name" : "pyrest",
"taskReferenceName" : "authorize1",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_client.output.headers.location}/roles",
"body" : {
"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_back_role_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${create_role_member.output.headers.location}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "jq_1",
"taskReferenceName": "to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_back_role_member.output.body}",
"queryExpression" : ".role"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "add_role_member_as_component_of_infrastructure_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member/composites",
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json"
},
"body" : "${to_array.output.resultList}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "create_role_policy_member",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
"body" : {
"name": "Member_policy",
"description": "",
"type" : "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"roles" : [
{
"id" : "${get_back_role_member.output.body.id}",
"required" : true
}
},
]
},
"method" : "POST",
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Content-Type" : "application/json",
"Accept" : "application/json"
}
}
},
{
"name": "decide_task",
"taskReferenceName": "decide2",
"inputParameters": {
"groupid": "${prepare.output.result.group}"
},
"type": "SWITCH",
"evaluatorType" : "value-param",
"expression": "groupid",
"decisionCases": {
"": [
{
"name": "decide_task",
"taskReferenceName": "decide1",
"name": "INLINE_TASK",
"taskReferenceName": "dummy2",
"type": "INLINE",
"inputParameters": {
"groupid": "${prepare.output.result.group}"
},
"type": "DECISION",
"caseValueParam": "groupid",
"decisionCases": {
"": [
{
"name": "LAMBDA_TASK",
"taskReferenceName": "dummy",
"type": "LAMBDA",
"inputParameters": {
"scriptExpression": "1"
}
}
]
},
"defaultCase": [
{
"name" : "pyrest",
"taskReferenceName" : "move_new_kc_group_to_parent",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
"method" : "POST",
"body" : {
"id" : "${prepare.output.result.newid}"
},
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json",
"Content-Type" : "application/json"
}
}
}
]
},
{
"name" : "pyrest",
"taskReferenceName" : "assign_client_member_role_to_kc_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups/${prepare.output.result.newid}/role-mappings/clients/${prepare.output.result.client_id}",
"method" : "POST",
"body" : ["${get_back_role_member.output.body}"],
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json",
"Content-Type" : "application/json"
}
"evaluatorType" : "javascript",
"expression": "1"
}
}
],
[
{
"name": "LAMBDA_TASK",
"taskReferenceName": "build_add_role_tasks",
"type": "LAMBDA",
"inputParameters": {
"roles" : "${get_rootvo_roles.output.body[?(@.name != \"uma_protection\" && @.name != \"Member\")]}",
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}),inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize.output.body.access_token}','Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_role",
"inputParameters" : {
"tasks" : "${build_add_role_tasks.output.result.tasks}",
"inputs" : "${build_add_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_role_addition"
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "build_get_back_role_tasks",
"type": "LAMBDA",
"inputParameters": {
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_get_back_role",
"inputParameters" : {
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_getting_back"
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "build_add_policy_tasks",
"type": "LAMBDA",
"inputParameters": {
"roles" : "${join_parallel_getting_back.output[*].body}",
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_policy_role",
"inputParameters" : {
"tasks" : "${build_add_policy_tasks.output.result.tasks}",
"inputs" : "${build_add_policy_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_policy_addition"
}
]
]
},
{
"name" : "join",
"taskReferenceName" : "join_role_creation",
"type" : "JOIN",
"joinOn" : [
"join_parallel_policy_addition",
"assign_client_member_role_to_kc_group"
]
"defaultCase": [
{
"name" : "pyrest",
"taskReferenceName" : "assign_client_member_role_to_kc_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups/${prepare2.output.result.newid}/role-mappings/clients/${prepare2.output.result.client_id}",
"method" : "POST",
"body" : ["${get_back_role_member.output.body}"],
"headers" : {
"Authorization" : "Bearer ${authorize1.output.body.access_token}",
"Accept" : "application/json",
"Content-Type" : "application/json"
}
}
}
]
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize2",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_role_tasks",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"roles" : "${get_rootvo_roles.output.body}",
"expression": "inputs={},tasks=[];function add(r, k){ if(r.name != 'uma_protection' && r.name != 'Member'){ tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}); inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}}}};for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name, add(r, k); function f(){return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_role",
"inputParameters" : {
"tasks" : "${build_add_role_tasks.output.result.tasks}",
"inputs" : "${build_add_role_tasks.output.result.inputs}"
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "policy_list",
"type": "LAMBDA",
"inputParameters": {
"memberpolicy" : "${create_role_policy_member.output.body.id}",
"otherpolicies" : "${join_parallel_policy_addition.output[*].body.id}",
"scriptExpression": "return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')"
}
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_role_addition"
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize3",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_get_back_role_tasks",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_get_back_role",
"inputParameters" : {
"tasks" : "${build_get_back_role_tasks.output.result.tasks}",
"inputs" : "${build_get_back_role_tasks.output.result.inputs}"
},
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource/${create_permission.output.body.id}",
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"policies" : "${policy_list.output.result}"
},
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_getting_back"
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize4",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_add_policy_tasks",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"roles" : "${join_parallel_getting_back.output[*].body}",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize4.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_add_policy_role",
"inputParameters" : {
"tasks" : "${build_add_policy_tasks.output.result.tasks}",
"inputs" : "${build_add_policy_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_policy_addition"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "policy_list",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"memberpolicy" : "${create_role_policy_member.output.body.id}",
"otherpolicies" : "${join_parallel_policy_addition.output[*].body.id}",
"expression": "function f(){return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')} f()"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize5",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth_master }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "finalize_permission",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource/${create_permission.output.body.id}",
"body" : {
"name": "Default Permission",
"description": "",
"type" : "resource",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"policies" : "${policy_list.output.result}"
},
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize5.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "fork_subworkflows",
"type" : "FORK_JOIN",
"taskReferenceName" : "parallel_call_subworkflows",
"forkTasks" : [
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_enable_workspace_clients_for_context",
"subWorkflowParam": {
"name": "enable_workspace_clients_for_context"
},
"inputParameters": {
"context" : "${workflow.input.group}"
},
"type": "SUB_WORKFLOW"
}
],
[
{
"name": "sub_workflow_task",
"taskReferenceName": "call_jupyterhub_add_serveroptions_to_context",
"subWorkflowParam": {
"name": "jupyterhub_add_serveroptions_to_context"
},
"inputParameters": {
"context" : "${workflow.input.group}"
},
"type": "SUB_WORKFLOW"
}
]
]
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_call_subworkflows",
"joinOn" :[
"call_enable_workspace_clients_for_context",
"call_jupyterhub_add_serveroptions_to_context"
]
}
]
}

@ -8,14 +8,15 @@
"inputParameters" : ["user", "group"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"group" : "${workflow.input.group}",
"scriptExpression" : "return $.group.split('%2F').join('/')"
"evaluatorType" : "javascript",
"expression" : "function f(){return $.group.split('%2F').join('/')} f()"
}
},
{
@ -75,13 +76,14 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "find_group_by_path",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"path" : "${init.output.result}",
"groups" : "${list_kc_groups.output.body}",
"scriptExpression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.path) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; return recurse($.groups)"
"expression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.path) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; recurse($.groups)"
}
},
{
@ -95,29 +97,6 @@
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "list_realm_components",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/components",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "find_component_by_type",
"type": "LAMBDA",
"inputParameters": {
"path" : "${init.output.result}",
"components" : "${list_realm_components}",
"scriptExpression": ""
}
},
}
]
}

@ -8,13 +8,14 @@
"inputParameters" : ["user", "first-name", "last-name", "email", "password"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1"
"evaluatorType" : "javascript",
"expression": "1"
}
},
{
@ -40,7 +41,7 @@
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users",
"expect" : 201,
"expect" : [201, 409],
"method" : "POST",
"body" : {
"username": "${workflow.input.user}",

@ -0,0 +1,385 @@
{
"createTime": 1657617957794,
"updateTime": 1657639881455,
"name": "jupyterhub_add_serveroptions_to_context",
"description": "Reflects the JupyterHub ServerOptions from a given IS Context to the AuthZ on the IAM",
"version": 1,
"tasks": [
{
"name": "INLINE_TASK",
"taskReferenceName": "init",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin": "{{ keycloak_admin }}/{{ keycloak_realm }}",
"ctx": "${workflow.input.context}",
"jupyterhub_clientid" : "jupyterhub1",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.ctx)) throw('Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()"
},
"type": "INLINE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "authorize",
"inputParameters": {
"url": "{{ keycloak }}/master/protocol/openid-connect/token",
"method": "POST",
"headers": {
"Accept": "application/json"
},
"body": {
"client_id": "orchestrator",
"client_secret": "{{ keycloak_auth_master }}",
"grant_type": "client_credentials"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "fork_join",
"taskReferenceName": "pre-query",
"inputParameters": {},
"type": "FORK_JOIN",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [
[
{
"name": "pyrest",
"taskReferenceName": "lookup_client",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients",
"params": {
"clientId": "${init.output.result.encoded_context}"
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "pyrest",
"taskReferenceName": "get_client_member_role",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles/Member",
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE"
},
{
"name": "jq_1",
"taskReferenceName": "role_to_array",
"type": "JSON_JQ_TRANSFORM",
"inputParameters": {
"role": "${get_client_member_role.output.body}",
"queryExpression" : ".role"
}
}
],
[
{
"name": "pyrest",
"taskReferenceName": "lookup_jupyterhub",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients",
"params": {
"clientId": "${init.input.jupyterhub_clientid}"
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "lookup_jupyterhub_resources",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource",
"params": {
"clientId": "${init.input.jupyterhub_clientid}"
},
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Accept": "application/json"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
],
[
{
"name": "pyrest",
"taskReferenceName": "authorize_with_uma_rpt",
"inputParameters": {
"url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token",
"method": "POST",
"headers": {
"Accept": "application/json"
},
"body": {
"audience": "${init.output.result.encoded_context}",
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id": "orchestrator",
"client_secret": "{{ keycloak_auth }}"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyrest",
"taskReferenceName": "lookup_resources_on_icproxy",
"inputParameters": {
"url": "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/JupyterHub",
"method": "GET",
"headers": {
"Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}"
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "pyeval",
"taskReferenceName": "extract_authids",
"inputParameters": {
"code": "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/ServerOption/AuthId')))",
"xmlstring": "${lookup_resources_on_icproxy.output.body}"
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
]
],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "join",
"taskReferenceName": "join-pre-query",
"inputParameters": {},
"type": "JOIN",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [
"lookup_jupyterhub_resources",
"extract_authids"
],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "INLINE_TASK",
"taskReferenceName": "check",
"inputParameters": {
"evaluatorType" : "javascript",
"param": "ok",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.param)) throw('Param must not be empty'); else return $.param} f()"
},
"type": "INLINE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "INLINE_TASK",
"taskReferenceName": "filter_and_update",
"inputParameters": {
"evaluatorType" : "javascript",
"allowed": "${extract_authids.output.result}",
"res": "${lookup_jupyterhub_resources.output.body}",
"ctx": "${init.output.result.encoded_context}",
"expression": "var ret = []; function f(){for(var r=0; r < $.res.length; r++){ if($.allowed.indexOf($.res[r].name) !== -1){ $.res[r].attributes[$.ctx] = Java.to(['true'], 'java.lang.String[]'); ret.push($.res[r]) } } return Java.to(ret, 'java.util.Map[]')} f()"
},
"type": "INLINE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "INLINE_TASK",
"taskReferenceName": "build_parallel_tasks",
"inputParameters": {
"evaluatorType" : "javascript",
"res": "${filter_and_update.output.result}",
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource/",
"expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.res.length; i++){s = $.res[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 't' + i});inputs['t' + i] = {url: $.url + $.res[i]._id,method: 'PUT', body: $.res[i], headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', 'Content-Type': 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()"
},
"type": "INLINE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "fork_dynamic",
"taskReferenceName": "parallel_tasks",
"inputParameters": {
"tasks": "${build_parallel_tasks.output.result.tasks}",
"inputs": "${build_parallel_tasks.output.result.inputs}"
},
"type": "FORK_JOIN_DYNAMIC",
"decisionCases": {},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs",
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
},
{
"name": "join",
"taskReferenceName": "join_parallel_tasks",
"inputParameters": {},
"type": "JOIN"
},
{
"name": "check_at_least_one",
"taskReferenceName": "check_at_least_one",
"inputParameters": {
"tasks": "${join_parallel_tasks.input.*}"
},
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.tasks.length > 0 ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name": "pyrest",
"taskReferenceName": "enable_jupyterhub_scope_for_context",
"inputParameters": {
"url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/scope-mappings/clients/${lookup_client.output.body[0].id}",
"method": "POST",
"headers": {
"Authorization": "Bearer ${authorize.output.body.access_token}",
"Content-Type": "application/json"
},
"body": "${role_to_array.output.resultList}"
},
"type": "SIMPLE"
}
]
},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
],
"inputParameters": [
"context"
],
"outputParameters": {},
"schemaVersion": 2,
"restartable": true,
"workflowStatusListenerEnabled": false,
"ownerEmail": "example@email.com",
"timeoutPolicy": "ALERT_ONLY",
"timeoutSeconds": 0,
"variables": {},
"inputTemplate": {}
}

@ -0,0 +1,179 @@
{
"createTime": 1689254203836,
"updateTime": 1689259676819,
"name": "record_context_to_is",
"description": "Upon creation of a new context, record it to the Information System",
"version": 1,
"tasks": [
{
"name": "INLINE_TASK",
"type" : "INLINE",
"taskReferenceName": "init",
"inputParameters": {
"base_url": "{{is_url}}/resource-registry/contexts",
"root_vo": "{{ root_vo }}",
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"ctx": "${workflow.input.context}",
"ic_proxy" : "{{ ic_proxy }}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.ctx)) throw('Context must not be empty'); var tree = $.ctx.split('%2F'); return { child : tree[tree.length - 1], parent : tree[tree.length-2], decoded_root_vo : $.root_vo.replace('%2F', '/') }} f()"
}
},
{
"name" : "parallel_ic_proxy_queries",
"taskReferenceName" : "parallel_ic_proxy_queries",
"type" : "FORK_JOIN",
"forkTasks" : [
[
{
"name" : "pyrest",
"taskReferenceName" : "authorize_uma_rootvo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${init.input.root_vo}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "retrieve_infrastructure",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/INFRASTRUCTURE",
"method" : "GET",
"headers" : {
"Accept" : "application/xml",
"Authorization" : "Bearer ${authorize_uma_rootvo.output.body.access_token}"
}
}
},
{
"name" : "pyeval",
"taskReferenceName" : "extract_infrastructure_id",
"type" : "SIMPLE",
"inputParameters" : {
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/infrastructures/infrastructure/vos/vo[scope=\\'${init.output.result.decoded_root_vo}/${init.output.result.parent}\\'].id')))",
"xmlstring" : "${retrieve_infrastructure.output.body}"
}
}
],
[
{
"name" : "pyrest",
"taskReferenceName" : "authorize_uma_parent_vo",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"audience" : "${init.input.root_vo}%2F${init.output.result.parent}",
"grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket",
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "retrieve_vre",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/VRE/${init.output.result.child}",
"method" : "GET",
"headers" : {
"Accept" : "application/xml",
"Authorization" : "Bearer ${authorize_uma_parent_vo.output.body.access_token}"
}
}
},
{
"name" : "pyeval",
"taskReferenceName" : "extract_vre_id",
"type" : "SIMPLE",
"inputParameters" : {
"code" : "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/ID')))",
"xmlstring" : "${retrieve_vre.output.body}"
}
}
]
]
},
{
"name": "notification_join",
"taskReferenceName": "notification_join_ref",
"type": "JOIN",
"joinOn": ["extract_infrastructure_id", "extract_vre_id"]
},
{
"type" : "INLINE",
"name": "INLINE_TASK",
"taskReferenceName": "check",
"inputParameters": {
"vre": "${extract_vre_id.output.result[0]}",
"infra": "${extract_infrastructure_id.output.result[0]}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))} function f(){if(e($.vre) || e($.infra)) throw('VRE ID and Infra ID must not be empty');} f()"
}
},
{
"name": "pyrest",
"taskReferenceName": "write_to_is",
"inputParameters": {
"url": "${init.input.base_url}/${extract_vre_id.output.result[0]}",
"method": "PUT",
"headers": {
"Authorization": "Bearer ${authorize_uma_rootvo.output.body.access_token}",
"Content-Type": "application/json",
"Accept" : "application/json"
},
"body": {
"type": "Context",
"id": "${extract_vre_id.output.result[0]}",
"name": "${init.output.result.child}",
"parent": {
"type": "IsParentOf",
"source": {
"type": "Context",
"id": "${extract_infrastructure_id.output.result[0]}"
}
}
}
},
"type": "SIMPLE",
"decisionCases": {},
"defaultCase": [],
"forkTasks": [],
"startDelay": 0,
"joinOn": [],
"optional": false,
"defaultExclusiveJoinTask": [],
"asyncComplete": false,
"loopOver": []
}
],
"inputParameters": [
"context"
],
"outputParameters": {},
"schemaVersion": 2,
"restartable": true,
"workflowStatusListenerEnabled": false,
"ownerEmail": "example@email.com",
"timeoutPolicy": "ALERT_ONLY",
"timeoutSeconds": 0,
"variables": {},
"inputTemplate": {}
}

@ -8,13 +8,14 @@
"inputParameters" : ["role", "first", "max"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1 == 1"
"evaluatorType" : "javascript",
"expression": "1 == 1"
}
},
{
@ -39,7 +40,7 @@
"taskReferenceName" : "get_all_vres",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients?clientId=%252F&search=true&first=${workflow.input.first}&max=${workflow.input.max}",
"url" : "${init.input.keycloak_admin}/clients?clientId=%252F&search=true",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
@ -47,32 +48,6 @@
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "build_delete_role_tasks",
"type": "LAMBDA",
"inputParameters": {
"role" : "${workflow.input.role}",
"vres" : "${get_all_vres.output.body}",
"scriptExpression": "inputs={};tasks=[];for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'delete_role_'+i}),inputs['delete_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles/' + $.role,method:'DELETE', expect:Java.to([204,404],'int[]'),headers:{Authorization:'Bearer ${authorize.output.body.access_token}'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
}
},
{
"name" : "fork_dynamic",
"type" : "FORK_JOIN_DYNAMIC",
"taskReferenceName" : "parallel_delete_role",
"inputParameters" : {
"tasks" : "${build_delete_role_tasks.output.result.tasks}",
"inputs" : "${build_delete_role_tasks.output.result.inputs}"
},
"dynamicForkTasksParam": "tasks",
"dynamicForkTasksInputParamName": "inputs"
},
{
"name" : "join",
"type" : "JOIN",
"taskReferenceName" : "join_parallel_role_deletion"
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize2",
@ -91,13 +66,14 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_add_role_tasks",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"role" : "${workflow.input.role}",
"vres" : "${get_all_vres.output.body}",
"scriptExpression": "inputs={};tasks=[];for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_'+i}),inputs['create_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles',body:{clientRole:true,name:$.role,description: $.role + ' role'},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
"evaluatorType" : "javascript",
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_'+i}),inputs['create_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles',body:{clientRole:true,name:$.role,description: $.role + ' role'},method:'POST',headers:{Authorization:'Bearer ${authorize2.output.body.access_token}','Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
}
},
{
@ -134,12 +110,13 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_get_back_role_tasks",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"evaluatorType" : "javascript",
"roleurls" : "${join_parallel_role_addition.output[*]..location}",
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+i}),inputs['get_back_'+i]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+i}),inputs['get_back_'+i]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize3.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
}
},
{
@ -159,13 +136,22 @@
"taskReferenceName" : "join_parallel_getting_back"
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_policy_permission_tasks",
"type": "LAMBDA",
"inputParameters": {
"roles" : "${join_parallel_getting_back.output[*].body}",
"scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'call_policy_workflow_'+i, subWorkflowParam:{ name:'add_role_policy_permission'}}),inputs['call_policy_workflow_'+i]={role:r};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
}
"evaluatorType": "javascript",
"roles": "${join_parallel_getting_back.output[*].body}",
"iam_master": "{{ keycloak }}/master/protocol/openid-connect/token",
"iam_admin": "${init.input.keycloak_admin}",
"user": "orchestrator",
"pass": "{{ keycloak_auth_master }}",
"playbook": "LSBuYW1lOiB0ZXN0CiAgaG9zdHM6IGxvY2FsaG9zdAogIHRhc2tzOgogICAgLSBuYW1lOiAiQXV0aG9yaXplIgogICAgICB1cmk6IAogICAgICAgIHVybDogInt7aWFtX21hc3Rlcn19IgogICAgICAgIHVzZXI6ICJ7e3VzZXJ9fSIKICAgICAgICBwYXNzd29yZCA6ICJ7e3Bhc3N3fX0iCiAgICAgICAgZm9yY2VfYmFzaWNfYXV0aDogdHJ1ZQogICAgICAgIG1ldGhvZDogUE9TVAogICAgICAgIGJvZHlfZm9ybWF0OiAiZm9ybS11cmxlbmNvZGVkIiAKICAgICAgICBib2R5OgogICAgICAgICAgLSBbZ3JhbnRfdHlwZSxjbGllbnRfY3JlZGVudGlhbHNdCiAgICAgIHJlZ2lzdGVyOiBhdXRoX3Jlc3AKICAgIAogICAgLSBzZXRfZmFjdDoKICAgICAgICB0b2sgOiAie3sgYXV0aF9yZXNwLmpzb24uYWNjZXNzX3Rva2VuIH19IgoKICAgIC0gbmFtZTogIlJldHJpZXZlIGRlZmF1bHQgcGVybWlzc2lvbiIKICAgICAgdXJpOgogICAgICAgIHVybDogInt7IGlhbV9hZG1pbiB9fS9jbGllbnRzL3t7IHJvbGUuY29udGFpbmVySWQgfX0vYXV0aHovcmVzb3VyY2Utc2VydmVyL3Blcm1pc3Npb24/bmFtZT17eydEZWZhdWx0IFBlcm1pc3Npb24nfHVybGVuY29kZX19IgogICAgICAgIG1ldGhvZDogIkdFVCIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgIHJlZ2lzdGVyOiBkZWZhdWx0X3Blcm1pc3Npb25fcmVzcAoKICAgIC0gc2V0X2ZhY3Q6CiAgICAgICAgZGVmYXVsdF9wZXJtIDogInt7IGRlZmF1bHRfcGVybWlzc2lvbl9yZXNwLmpzb24gfX0iCiAgICAgIGZhaWxlZF93aGVuOgogICAgICAgIGRlZmF1bHRfcGVybWlzc2lvbl9yZXNwLmpzb258bGVuZ3RoICE9IDEKCiAgICAtIG5hbWU6ICJSZXRyaWV2ZSBkZWZhdWx0IHBlcm1pc3Npb24gcG9saWNpZXMiCiAgICAgIHVyaToKICAgICAgICB1cmw6ICJ7eyBpYW1fYWRtaW4gfX0vY2xpZW50cy97eyByb2xlLmNvbnRhaW5lcklkIH19L2F1dGh6L3Jlc291cmNlLXNlcnZlci9wZXJtaXNzaW9uL3t7ZGVmYXVsdF9wZXJtWzBdLmlkfX0vYXNzb2NpYXRlZFBvbGljaWVzIgogICAgICAgIG1ldGhvZDogIkdFVCIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgIHJlZ2lzdGVyOiBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcAoKICAgIC0gc2V0X2ZhY3Q6CiAgICAgICAgcHJldl9wb2xpY2llcyA6ICJ7eyBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcC5qc29uIH19IgogICAgICBmYWlsZWRfd2hlbjoKICAgICAgICBkZWZhdWx0X3Blcm1pc3Npb25fcG9saWNpZXNfcmVzcC5qc29ufGxlbmd0aCA9PSAwCgogICAgLSBuYW1lOiAiQWRkIHBvbGljeSIKICAgICAgdXJpOgogICAgICAgIHVybDogInt7IGlhbV9hZG1pbiB9fS9jbGllbnRzL3t7IHJvbGUuY29udGFpbmVySWQgfX0vYXV0aHovcmVzb3VyY2Utc2VydmVyL3BvbGljeS9yb2xlIgogICAgICAgIG1ldGhvZDogIlBPU1QiCiAgICAgICAgYm9keV9mb3JtYXQ6ICJqc29uIgogICAgICAgIGJvZHk6ICJ7IFwibmFtZVwiIDogXCJ7eyByb2xlLm5hbWV9fV9wb2xpY3lcIiwgXCJkZXNjcmlwdGlvblwiIDogXCJQb2xpY3kgZm9yIGhhdmluZyB7e3JvbGUubmFtZX19IHJvbGVcIiwgXCJ0eXBlXCIgOiBcInJvbGVcIiwgXCJsb2dpY1wiIDogXCJQT1NJVElWRVwiLCBcImRlY2lzaW9uU3RyYXRlZ3lcIiA6IFwiVU5BTklNT1VTXCIsIFwicm9sZXNcIiA6IFt7IFwiaWRcIiA6IFwie3tyb2xlLmlkfX1cIiwgXCJyZXF1aXJlZFwiIDogdHJ1ZX1dfSIKICAgICAgICBoZWFkZXJzOgogICAgICAgICAgQXV0aG9yaXphdGlvbjogIkJlYXJlciB7eyB0b2sgfX0iCiAgICAgICAgc3RhdHVzX2NvZGU6IDIwMQogICAgICByZWdpc3RlcjogYWRkX3BvbGljeV9yZXNwCgogICAgLSBzZXRfZmFjdDoKICAgICAgICBuZXdfcG9saWN5IDogInt7YWRkX3BvbGljeV9yZXNwLmpzb259fSIKCiAgICAtIHNldF9mYWN0OgogICAgICAgIGZpbmFsX3BvbGljaWVzOiAie3sgKHByZXZfcG9saWNpZXMgKyBbbmV3X3BvbGljeV0pIHwgbWFwKGF0dHJpYnV0ZT0naWQnKSB9fSIKCiAgICAtIG5hbWU6ICJGaW5hbGl6ZSBwZXJtaXNzaW9uIgogICAgICB1cmk6CiAgICAgICAgdXJsOiAie3sgaWFtX2FkbWluIH19L2NsaWVudHMve3sgcm9sZS5jb250YWluZXJJZCB9fS9hdXRoei9yZXNvdXJjZS1zZXJ2ZXIvcGVybWlzc2lvbi97e2RlZmF1bHRfcGVybVswXS5pZH19IgogICAgICAgIG1ldGhvZDogIlBVVCIKICAgICAgICBib2R5X2Zvcm1hdDogImpzb24iCiAgICAgICAgYm9keTogInsgXCJuYW1lXCIgOiBcIkRlZmF1bHQgUGVybWlzc2lvblwiLCBcImRlc2NyaXB0aW9uXCIgOiBcIlwiLCBcInR5cGVcIiA6IFwicmVzb3VyY2VcIiwgXCJsb2dpY1wiIDogXCJQT1NJVElWRVwiLCBcImRlY2lzaW9uU3RyYXRlZ3lcIiA6IFwiQUZGSVJNQVRJVkVcIiwgXCJwb2xpY2llc1wiIDoge3tmaW5hbF9wb2xpY2llc319IH0iCiAgICAgICAgaGVhZGVyczoKICAgICAgICAgIEF1dGhvcml6YXRpb246ICJCZWFyZXIge3sgdG9rIH19IgogICAgICAgIHN0YXR1c19jb2RlOiAyMDEKICAgICAgcmVnaXN0ZXI6IGFkZF9wb2xpY3lfcmVzcAoKICAgIAoKCg==",
"expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.roles.length;i++)r=$.roles[i],tasks.push({name:'pyansible',type:'SIMPLE',taskReferenceName:'call_policy_workflow_'+i}),inputs['call_policy_workflow_'+i]={playbook:$.playbook, extra_vars : {role:r, iam_master:$.iam_master,iam_admin:$.iam_admin,user:$.user,passw:$.pass}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
},
"type": "INLINE",
"startDelay": 0,
"optional": false,
"asyncComplete": false
},
{
"name" : "fork_dynamic",

@ -8,13 +8,14 @@
"inputParameters" : ["role"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1 == 1"
"evaluatorType" : "javascript",
"expression": "1 == 1"
}
},
{
@ -48,13 +49,14 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "build_delete_role_tasks",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"role" : "${workflow.input.role}",
"vres" : "${get_all_vres.output.body}",
"scriptExpression": "inputs={};tasks=[];for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'delete_role_'+i}),inputs['delete_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles/' + $.role,method:'DELETE', expect:Java.to([204,404],'int[]'),headers:{Authorization:'Bearer ${authorize.output.body.access_token}'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
"evaluatorType" : "javascript",
"expression": "inputs={};tasks=[];function f(){for(var i=0;i<$.vres.length;i++)vre=$.vres[i],tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'delete_role_'+i}),inputs['delete_role_'+i]={url:'${init.input.keycloak_admin}/clients/' + vre.id + '/roles/' + $.role,method:'DELETE', expect:Java.to([204,404],'int[]'),headers:{Authorization:'Bearer ${authorize.output.body.access_token}'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs}} f();"
}
},
{

@ -8,13 +8,14 @@
"inputParameters" : ["role", "user", "group"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1"
"expression": "1",
"evaluatorType" : "javascript"
}
},
{
@ -48,36 +49,38 @@
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers" : "${lookup_user.output.body}",
"username" : "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "LAMBDA"
},
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers" : "${lookup_user.output.body}",
"username" : "${workflow.input.user}",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()",
"evaluatorType" : "javascript"
},
"type": "INLINE"
},
{
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result[0]}"
},
"type": "DECISION",
"caseExpression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result}"
},
"type": "SWITCH",
"evaluatorType": "javascript",
"expression": "$.user == null ? 'true' : 'false'",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
@ -112,18 +115,20 @@
"inputParameters": {
"prev_status": "${get_client_roles.output.status}"
},
"type": "DECISION",
"caseValueParam": "prev_status",
"type": "SWITCH",
"evaluatorType": "value-param",
"expression": "prev_status",
"decisionCases": {
"200": [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "select_role",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"role": "${workflow.input.role}",
"roles" : "${get_client_roles.output.body}",
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}"
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}} f()",
"evaluatorType" : "javascript"
}
},
{

@ -8,13 +8,14 @@
"inputParameters" : ["role", "user", "group"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"scriptExpression": "1"
"expression": "1",
"evaluatorType" : "javascript"
}
},
{
@ -48,36 +49,38 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
},
"type": "LAMBDA"
"type": "INLINE"
},
{
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result[0]}"
},
"type": "DECISION",
"caseExpression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"users": "${select_user.output.result}"
},
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.user != null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
@ -106,13 +109,14 @@
}
},
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "select_role",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"role": "${workflow.input.role}",
"roles" : "${get_client_roles.output.body}",
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}"
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}} f()"
}
},
{
@ -120,7 +124,7 @@
"taskReferenceName" : "remove_role_from_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"expect" : 204,
"method" : "DELETE",
"body" : "${select_role.output.result}",

@ -8,14 +8,16 @@
"inputParameters" : ["user", "group"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"user" : "${workflow.input.user}",
"group" : "${workflow.input.group}",
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.user) || e($.group)) throw('User and Group must not be empty'); function f(){ var path = $.group.startsWith('%2F') ? $.group.split('%2F').slice(1) : [$.group]; return { 'tree' : Java.to(path, 'java.lang.String[]'), 'name' : path.slice(path.length-1)[0], 'search' : encodeURIComponent(path.slice(path.length-1)[0])}} f()"
}
},
{
@ -49,91 +51,78 @@
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "LAMBDA"
},
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
},
"type": "INLINE"
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.group}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result}"
},
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
},
{
"name" : "pyrest",
"taskReferenceName" : "get_client_roles",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
"expect" : [200, 404],
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.search}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_group",
"type": "INLINE",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"expression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } function f() { return { 'group' : selectByPath($.groups, $.tree, 0)}} f()",
"evaluatorType" : "javascript"
}
},
{
"name" : "check_role_existance",
"taskReferenceName" : "check_role_existance",
"type" : "DECISION",
"name" : "check_group_existance",
"taskReferenceName" : "check_group_existance",
"type" : "SWITCH",
"evaluatorType" : "javascript",
"inputParameters" :{
"previous_outcome" : "${get_client_roles.output.status}"
"group" : "${extract_group.output.result.group}"
},
"caseValueParam" : "previous_outcome",
"expression": "(($.group != null) ? 'assign' : 'skip')",
"decisionCases" : {
"200" : [
{
"name": "LAMBDA_TASK",
"taskReferenceName": "select_role",
"type": "LAMBDA",
"inputParameters": {
"role": "${workflow.input.role}",
"roles" : "${get_client_roles.output.body}",
"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "extract_group",
"type": "LAMBDA",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
}
},
"assign" : [
{
"name" : "pyrest",
"taskReferenceName" : "assign_user_to_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/groups/${extract_group.output.result.group.id}",
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/${extract_group.output.result.group.id}",
"method" : "PUT",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"

@ -5,17 +5,19 @@
"description": "Handle workflow related to Portal event user-group_deleted",
"version" : 1,
"ownerEmail" : "m.lettere@gmail.com",
"inputParameters" : ["role", "user", "group"],
"inputParameters" : ["user", "group"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"name": "INLINE_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"type": "INLINE",
"inputParameters": {
"keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
"keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
"group" : "${workflow.input.group}",
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
"group" : "${workflow.input.group}",
"user" : "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.user) || e($.group)) throw('User and Group must not be empty'); function f(){var path = $.group.startsWith('%2F') ? $.group.split('%2F').slice(1) : [$.group]; return { 'tree' : Java.to(path, 'java.lang.String[]'), 'name' : path.slice(path.length-1)[0], search : encodeURIComponent(path.slice(path.length-1)[0])}} f()"
}
},
{
@ -48,24 +50,26 @@
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"scriptExpression": "for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return Java.to([$.foundusers[i]], 'java.lang.Object[]')}"
},
"type": "LAMBDA"
},
{
"name": "INLINE_TASK",
"taskReferenceName": "select_user",
"inputParameters": {
"foundusers": "${lookup_user.output.body}",
"username": "${workflow.input.user}",
"evaluatorType" : "javascript",
"expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()"
},
"type": "INLINE"
},
{
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${select_user.output.result[0]}"
"user": "${select_user.output.result}"
},
"type": "DECISION",
"caseExpression": "($.user == null ? 'true' : 'false')",
"type": "SWITCH",
"evaluatorType" : "javascript",
"expression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
@ -79,6 +83,63 @@
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.search}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "INLINE_TASK",
"taskReferenceName": "extract_group",
"type": "INLINE",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"evaluatorType" : "javascript",
"expression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } function f() { return { 'group' : selectByPath($.groups, $.tree, 0)}} f()"
}
},
{
"name" : "check_group_existance",
"taskReferenceName" : "check_group_existance",
"type" : "SWITCH",
"inputParameters" :{
"group" : "${extract_group.output.result.group}"
},
"evaluatorType" : "javascript",
"expression": "(($.group != null) ? 'delete' : 'skip')",
"decisionCases" : {
"skip" : [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_group",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "delete_user_from_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/${extract_group.output.result.group.id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
@ -100,6 +161,7 @@
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
"method" : "GET",
"expect" : [200, 404],
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
@ -107,53 +169,33 @@
}
},
{
"name" : "pyrest",
"taskReferenceName" : "remove_all_roles_from_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"expect" : 204,
"method" : "DELETE",
"body" : "${get_client_roles.body}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
"name" : "check_role_existance",
"taskReferenceName" : "check_role_existance",
"type" : "SWITCH",
"evaluatorType" : "value-param",
"inputParameters" :{
"previous_outcome" : "${get_client_roles.output.status}"
},
"expression" : "previous_outcome",
"decisionCases" : {
"200" : [
{
"name" : "pyrest",
"taskReferenceName" : "remove_all_roles_from_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"expect" : 204,
"method" : "DELETE",
"body" : "${get_client_roles.body}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "extract_group",
"type": "LAMBDA",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "assign_user_to_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
}
}
]
}

Loading…
Cancel
Save