{ "ownerApp" : "Orchestrator", "name" : "create_workspace_client", "createBy" : "Marco Lettere", "description": "Create a WorkSpace Client and hook it up to optional list ov contexts. Check or create the settings on Shub.", "version" : 1, "ownerEmail" : "marco.lettere@nubisware.com", "inputParameters" : ["client_id", "client_secret", "description", "context_list"], "tasks" : [ { "name": "INLINE_TASK", "taskReferenceName": "init", "type": "INLINE", "inputParameters": { "root_vo": "{{ root_vo }}", "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "storagehub" : "{{ storagehub }}", "id" : "${workflow.input.client_id}", "secret" : "${workflow.input.client_secret}", "description" : "${workflow.input.description}", "evaluatorType" : "javascript", "expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.id)) throw('Client ID must not be empty'); return { encoded_root_vo : encodeURI($.root_vo), client : { clientId : $.id, description : ($.description ? $.description : $.id), secret : ($.secret ? $.secret : Java.type('java.util.UUID').randomUUID().toString()), rootUrl : '', enabled : true, serviceAccountsEnabled : true, standardFlowEnabled : true, authorizationServicesEnabled : false, publicClient : false, fullScopeAllowed : true, protocol : 'openid-connect'}}} f()" } }, { "name" : "pyrest", "taskReferenceName" : "authorize", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak}/protocol/openid-connect/token", "method" : "POST", "headers" : { "Accept" : "application/json" }, "body" : { "client_id" : "orchestrator", "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } }, { "name" : "fork_join", "taskReferenceName" : "fork1", "type" : "FORK_JOIN", "forkTasks" : [ [ { "name" : "pyrest", "taskReferenceName" : "create_client", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients", "body" : "${init.output.result.client}", "method" : "POST", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Content-Type" : "application/json" } } }, { "name": "INLINE_TASK", "taskReferenceName": "extract_client_id", "type": "INLINE", "inputParameters": { "client_location" : "${create_client.output.headers.location}", "evaluatorType" :"javascript", "expression": "var client_id = $.client_location.split('/').pop(); function f(){return {'client_resource_id' : client_id}} f()" } }, { "name" : "pyrest", "taskReferenceName" : "get_service_account_user", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_resource_id}/service-account-user", "method" : "GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } } ], [ { "name" : "pyrest", "taskReferenceName" : "get_rootvo", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}", "method" : "GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } }, { "name" : "pyrest", "taskReferenceName" : "get_rootvo_member_role", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles/Member", "method" : "GET", "expect" : [200, 404], "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } } ] ] }, { "name": "join", "taskReferenceName": "join1", "type": "JOIN", "joinOn": [ "get_service_account_user", "get_rootvo_member_role" ] }, { "name": "jq_1", "taskReferenceName": "to_array", "type": "JSON_JQ_TRANSFORM", "inputParameters": { "role": "${get_rootvo_member_role.output.body}", "queryExpression" : ".role" } }, { "name" : "pyrest", "type" : "SIMPLE", "taskReferenceName": "assign_member_role", "inputParameters" : { "url" : "${init.input.keycloak_admin}/users/${get_service_account_user.output.body.id}/role-mappings/clients/${get_rootvo_member_role.output.body.containerId}", "method" :"POST", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Content-Type" : "application/json", "Accept":"application/json" }, "body" : "${to_array.output.resultList}" } }, { "name" : "pyrest", "taskReferenceName" : "authorize_with_uma_rpt", "type" : "SIMPLE", "inputParameters" : { "url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token", "method" : "POST", "headers" : { "Accept" : "application/json" }, "body" : { "audience" : "${init.input.root_vo}", "grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket", "client_id" : "${workflow.input.client_id}", "client_secret" : "${init.output.result.client.secret}" } } }, { "name" : "pyrest", "taskReferenceName" : "check_workspace", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.storagehub}/workspace", "method" : "GET", "expect" : [200, 406], "headers" : { "Accept" : "application/json", "Authorization" : "Bearer ${authorize_with_uma_rpt.output.body.access_token}" } } }, { "name": "decision", "taskReferenceName": "check_workspace_existance", "inputParameters": { "status": "${check_workspace.output.status}" }, "type": "SWITCH", "evaluatorType" : "javascript", "expression": "($.status === 406 ? 'create' : 'exists')", "decisionCases": { "create": [ { "name" : "pyrest", "taskReferenceName" : "upgrade_orchestrator_token_to_uma", "type" : "SIMPLE", "inputParameters" : { "url" : "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token", "method" : "POST", "headers" : { "Accept" : "application/json", "Authorization" : "Bearer ${authorize.output.body.access_token}" }, "body" : { "audience" : "${init.input.root_vo}", "grant_type" : "urn:ietf:params:oauth:grant-type:uma-ticket" } } }, { "name" : "pyrest", "taskReferenceName" : "create_jcr_account", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.storagehub}/workspace/users", "method" : "POST", "headers" : { "Authorization" : "Bearer ${upgrade_orchestrator_token_to_uma.output.body.access_token}" }, "body" : { "user" : "${get_service_account_user.output.body.username}", "password" : "r3u4h-ewrqwli!_m" } } } ] } }, { "name": "INLINE_TASK", "taskReferenceName": "build_tasks_to_add_ws_client_to_all_contexts", "type": "INLINE", "inputParameters": { "context_list" : "${workflow.input.context_list}", "client_id" : "${workflow.input.client_id}", "evaluatorType" : "javascript", "expression": "inputs={},tasks=[];function f(){for(var i=0;i<$.context_list.length;i++)c=$.context_list[i],tasks.push({name:'sub_workflow_task',type:'SUB_WORKFLOW',taskReferenceName:'add_workspace_client_to_context_'+i, subWorkflowParam:{ name:'add_workspace_client_to_context'}}),inputs['add_workspace_client_to_context_'+i]={client_id : $.client_id, context: c};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};} f()" } }, { "name" : "fork_dynamic", "type" : "FORK_JOIN_DYNAMIC", "taskReferenceName" : "parallel_build_tasks_to_add_ws_client_to_all_contexts", "inputParameters" : { "tasks" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.tasks}", "inputs" : "${build_tasks_to_add_ws_client_to_all_contexts.output.result.inputs}" }, "dynamicForkTasksParam": "tasks", "dynamicForkTasksInputParamName": "inputs" }, { "name" : "join", "type" : "JOIN", "taskReferenceName" : "join_build_tasks_to_add_ws_client_to_all_contexts" } ] }