{ "ownerApp" : "Orchestrator", "name" : "add_workspace_client_to_context", "createBy" : "Marco Lettere", "description": "A workspace client is made Member of a context and it's workspace folder is linked to context's shared folder", "version" : 1, "ownerEmail" : "marco.lettere@nubisware.com", "inputParameters" : ["client_id", "context"], "tasks" : [ { "name": "INLINE_TASK", "taskReferenceName": "init", "type": "INLINE", "inputParameters": { "root_vo": "{{ root_vo }}", "storagehub" : "{{ storagehub }}", "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "id" : "${workflow.input.client_id}", "ctx" : "${workflow.input.context}", "evaluatorType": "javascript", "expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id) || e($.ctx)) throw('Client ID and Context must not be empty'); else return { encoded_root_vo : encodeURI($.root_vo), encoded_context : $.ctx.replaceAll('/', '%2F')}} f()" } }, { "name" : "pyrest", "taskReferenceName" : "authorize", "type" : "SIMPLE", "inputParameters" : { "url" : "{{ keycloak }}/master/protocol/openid-connect/token", "method" : "POST", "headers" : { "Accept" : "application/json" }, "body" : { "client_id" : "orchestrator", "client_secret" : "{{ keycloak_auth_master }}", "grant_type" : "client_credentials" } } }, { "name" : "fork_join", "taskReferenceName" : "fork1", "type" : "FORK_JOIN", "forkTasks" : [ [ { "name" : "pyrest", "taskReferenceName" : "lookup_client", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients", "params" : { "clientId" : "${workflow.input.client_id}"}, "method" : "GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } }, { "name": "INLINE_TASK", "taskReferenceName": "extract_ws_client", "type": "INLINE", "inputParameters": { "client" : "${lookup_client.output.body}", "evaluatorType" : "javascript", "expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id : $.client[0].id}} f()" } }, { "name" : "pyrest", "taskReferenceName" : "get_service_account_user", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients/${extract_ws_client.output.result.id}/service-account-user", "method" : "GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } } ], [ { "name" : "pyrest", "taskReferenceName" : "lookup_context", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients", "params" : { "clientId" : "${init.output.result.encoded_context}"}, "method" : "GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } }, { "name": "INLINE_TASK", "taskReferenceName": "extract_context", "type": "INLINE", "inputParameters": { "client" : "${lookup_context.output.body}", "evaluatorType" : "javascript", "expression": "function e(v){ return (v.length === 0)}; function f(){if(e($.client)) throw('Workspace client not found'); else return { client : $.client[0], id: $.client[0].id }} f()" } }, { "name" : "pyrest", "type" : "SIMPLE", "taskReferenceName": "retrieve_member_role", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients/${extract_context.output.result.id}/roles/Member", "method" :"GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } }, { "name": "jq_1", "taskReferenceName": "roles_to_assign", "type": "JSON_JQ_TRANSFORM", "inputParameters": { "role": "${retrieve_member_role.output.body}", "queryExpression" : ".role" } }, { "name": "INLINE_TASK", "taskReferenceName": "shubify_context_name", "type": "INLINE", "inputParameters": { "context_name" : "${extract_context.output.result.client.name}", "evaluatorType" : "javascript", "expression": "var s = $.context_name; function f(){return { shubified_context_name : (s[0] === '/' ? s.replace('/', '') : s).split('/').join('-')}} f()" } } ] ] }, { "name": "join", "taskReferenceName": "join1", "type": "JOIN", "joinOn": [ "get_service_account_user", "shubify_context_name" ] }, { "name" : "pyrest", "type" : "SIMPLE", "taskReferenceName": "assign_member_role", "inputParameters" : { "url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${retrieve_member_role.output.body.containerId}", "method" :"POST", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Content-Type" : "application/json", "Accept":"application/json" }, "body" : "${roles_to_assign.output.resultList}" } }, { "name" : "pyrest", "taskReferenceName" : "authorize_with_uma_rpt", "type" : "SIMPLE", "inputParameters" : { "url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token", "method" : "POST", "headers" : { "Accept" : "application/json" }, "body" : { "audience" : "${init.input.root_vo}", "grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket", "client_id" : "orchestrator", "client_secret" : "{{ keycloak_auth }}" } } }, { "name" : "pyrest", "taskReferenceName" : "workspace_to_vre_folder", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.storagehub}/workspace/groups/${shubify_context_name.output.result.shubified_context_name}/users", "method" : "PUT", "expect" : [200, 400, 500], "body" :{ "userId" : "${get_service_account_user.output.body.username}" }, "headers" : { "Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}" } } } ] }