{ "ownerApp" : "Orchestrator", "name" : "user-group_deleted", "createBy" : "Marco Lettere", "description": "Handle workflow related to Portal event user-group_deleted", "version" : 1, "ownerEmail" : "m.lettere@gmail.com", "inputParameters" : ["user", "group"], "tasks" : [ { "name": "INLINE_TASK", "taskReferenceName": "init", "type": "INLINE", "inputParameters": { "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}", "group" : "${workflow.input.group}", "user" : "${workflow.input.user}", "evaluatorType" : "javascript", "expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; if(e($.user) || e($.group)) throw('User and Group must not be empty'); function f(){var path = $.group.startsWith('%2F') ? $.group.split('%2F').slice(1) : [$.group]; return { 'tree' : Java.to(path, 'java.lang.String[]'), 'name' : path.slice(path.length-1)[0], search : encodeURIComponent(path.slice(path.length-1)[0])}} f()" } }, { "name" : "pyrest", "taskReferenceName" : "authorize", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak}/protocol/openid-connect/token", "method" : "POST", "headers" : { "Accept" : "application/json" }, "body" : { "client_id" : "orchestrator", "client_secret" : "{{ keycloak_auth }}", "grant_type" : "client_credentials" } } }, { "name" : "pyrest", "taskReferenceName" : "lookup_user", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}", "method" : "GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } }, { "name": "INLINE_TASK", "taskReferenceName": "select_user", "inputParameters": { "foundusers": "${lookup_user.output.body}", "username": "${workflow.input.user}", "evaluatorType" : "javascript", "expression": "function f(){for(var i=0; i < $.foundusers.length;i++){if($.foundusers[i]['username'] == $.username) return $.foundusers[i]}} f()" }, "type": "INLINE" }, { "name": "check_user_existance", "taskReferenceName": "check_user_existance", "inputParameters": { "user": "${select_user.output.result}" }, "type": "SWITCH", "evaluatorType" : "javascript", "expression": "($.user == null ? 'true' : 'false')", "decisionCases": { "true": [ { "name" : "terminate", "taskReferenceName" : "terminate_when_no_user", "type" : "TERMINATE", "inputParameters" : { "terminationStatus" : "COMPLETED" } } ] } }, { "name" : "pyrest", "taskReferenceName" : "look_up_groups", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.search}", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } }, { "name": "INLINE_TASK", "taskReferenceName": "extract_group", "type": "INLINE", "inputParameters": { "tree" : "${init.output.result.tree}", "groups" : "${look_up_groups.output.body}", "evaluatorType" : "javascript", "expression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } function f() { return { 'group' : selectByPath($.groups, $.tree, 0)}} f()" } }, { "name" : "check_group_existance", "taskReferenceName" : "check_group_existance", "type" : "SWITCH", "inputParameters" :{ "group" : "${extract_group.output.result.group}" }, "evaluatorType" : "javascript", "expression": "(($.group != null) ? 'delete' : 'skip')", "decisionCases" : { "skip" : [ { "name" : "terminate", "taskReferenceName" : "terminate_when_no_group", "type" : "TERMINATE", "inputParameters" : { "terminationStatus" : "COMPLETED" } } ] } }, { "name" : "pyrest", "taskReferenceName" : "delete_user_from_group", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/groups/${extract_group.output.result.group.id}", "method" : "DELETE", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}" } } }, { "name" : "pyrest", "taskReferenceName" : "lookup_client", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients", "params" : { "clientId" : "${workflow.input.group}"}, "method" : "GET", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } }, { "name" : "pyrest", "taskReferenceName" : "get_client_roles", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles", "method" : "GET", "expect" : [200, 404], "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Accept" : "application/json" } } }, { "name" : "check_role_existance", "taskReferenceName" : "check_role_existance", "type" : "SWITCH", "evaluatorType" : "value-param", "inputParameters" :{ "previous_outcome" : "${get_client_roles.output.status}" }, "expression" : "previous_outcome", "decisionCases" : { "200" : [ { "name" : "pyrest", "taskReferenceName" : "remove_all_roles_from_user", "type" : "SIMPLE", "inputParameters" : { "url" : "${init.input.keycloak_admin}/users/${select_user.output.result.id}/role-mappings/clients/${lookup_client.output.body[0].id}", "expect" : 204, "method" : "DELETE", "body" : "${get_client_roles.body}", "headers" : { "Authorization" : "Bearer ${authorize.output.body.access_token}", "Content-Type" : "application/json" } } } ] } } ] }