{ "createTime": 1657617957794, "updateTime": 1657639881455, "name": "jupyterhub_add_serveroptions_to_context", "description": "Reflects the JupyterHub ServerOptions from a given IS Context to the AuthZ on the IAM", "version": 1, "tasks": [ { "name": "INLINE_TASK", "taskReferenceName": "init", "inputParameters": { "keycloak": "{{ keycloak }}/{{ keycloak_realm }}", "keycloak_admin": "{{ keycloak_admin }}/{{ keycloak_realm }}", "ctx": "${workflow.input.context}", "jupyterhub_clientid" : "jupyterhub1", "evaluatorType" : "javascript", "expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.ctx)) throw('Context must not be empty'); else return { encoded_context : $.ctx.replaceAll('/', '%2F')}} f()" }, "type": "INLINE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "pyrest", "taskReferenceName": "authorize", "inputParameters": { "url": "{{ keycloak }}/master/protocol/openid-connect/token", "method": "POST", "headers": { "Accept": "application/json" }, "body": { "client_id": "orchestrator", "client_secret": "{{ keycloak_auth_master }}", "grant_type": "client_credentials" } }, "type": "SIMPLE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "fork_join", "taskReferenceName": "pre-query", "inputParameters": {}, "type": "FORK_JOIN", "decisionCases": {}, "defaultCase": [], "forkTasks": [ [ { "name": "pyrest", "taskReferenceName": "lookup_client", "inputParameters": { "url": "${init.input.keycloak_admin}/clients", "params": { "clientId": "${init.output.result.encoded_context}" }, "method": "GET", "headers": { "Authorization": "Bearer ${authorize.output.body.access_token}", "Accept": "application/json" } }, "type": "SIMPLE" }, { "name": "pyrest", "taskReferenceName": "get_client_member_role", "inputParameters": { "url": "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles/Member", "method": "GET", "headers": { "Authorization": "Bearer ${authorize.output.body.access_token}", "Accept": "application/json" } }, "type": "SIMPLE" }, { "name": "jq_1", "taskReferenceName": "role_to_array", "type": "JSON_JQ_TRANSFORM", "inputParameters": { "role": "${get_client_member_role.output.body}", "queryExpression" : ".role" } } ], [ { "name": "pyrest", "taskReferenceName": "lookup_jupyterhub", "inputParameters": { "url": "${init.input.keycloak_admin}/clients", "params": { "clientId": "${init.input.jupyterhub_clientid}" }, "method": "GET", "headers": { "Authorization": "Bearer ${authorize.output.body.access_token}", "Accept": "application/json" } }, "type": "SIMPLE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "pyrest", "taskReferenceName": "lookup_jupyterhub_resources", "inputParameters": { "url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource", "params": { "clientId": "${init.input.jupyterhub_clientid}" }, "method": "GET", "headers": { "Authorization": "Bearer ${authorize.output.body.access_token}", "Accept": "application/json" } }, "type": "SIMPLE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] } ], [ { "name": "pyrest", "taskReferenceName": "authorize_with_uma_rpt", "inputParameters": { "url": "{{ keycloak }}/{{ keycloak_realm }}/protocol/openid-connect/token", "method": "POST", "headers": { "Accept": "application/json" }, "body": { "audience": "${init.output.result.encoded_context}", "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket", "client_id": "orchestrator", "client_secret": "{{ keycloak_auth }}" } }, "type": "SIMPLE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "pyrest", "taskReferenceName": "lookup_resources_on_icproxy", "inputParameters": { "url": "{{ ic_proxy }}/icproxy/gcube/service/GenericResource/JupyterHub", "method": "GET", "headers": { "Authorization": "Bearer ${authorize_with_uma_rpt.output.body.access_token}" } }, "type": "SIMPLE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "pyeval", "taskReferenceName": "extract_authids", "inputParameters": { "code": "exec('import xml.etree.ElementTree as ET') or list(map(lambda n: n.text, ET.fromstring(data['xmlstring']).findall('Resource/Profile/Body/ServerOption/AuthId')))", "xmlstring": "${lookup_resources_on_icproxy.output.body}" }, "type": "SIMPLE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] } ] ], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "join", "taskReferenceName": "join-pre-query", "inputParameters": {}, "type": "JOIN", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [ "lookup_jupyterhub_resources", "extract_authids" ], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "INLINE_TASK", "taskReferenceName": "check", "inputParameters": { "evaluatorType" : "javascript", "param": "ok", "expression": "function e(v){ return (v == null || (v.trim && v.trim() === ''))}; function f(){if(e($.param)) throw('Param must not be empty'); else return $.param} f()" }, "type": "INLINE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "INLINE_TASK", "taskReferenceName": "filter_and_update", "inputParameters": { "evaluatorType" : "javascript", "allowed": "${extract_authids.output.result}", "res": "${lookup_jupyterhub_resources.output.body}", "ctx": "${init.output.result.encoded_context}", "expression": "var ret = []; function f(){for(var r=0; r < $.res.length; r++){ if($.allowed.indexOf($.res[r].name) !== -1){ $.res[r].attributes[$.ctx] = Java.to(['true'], 'java.lang.String[]'); ret.push($.res[r]) } } return Java.to(ret, 'java.util.Map[]')} f()" }, "type": "INLINE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "INLINE_TASK", "taskReferenceName": "build_parallel_tasks", "inputParameters": { "evaluatorType" : "javascript", "res": "${filter_and_update.output.result}", "url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/authz/resource-server/resource/", "expression": "inputs = {}, tasks = [];function f(){for (var i = 0; i < $.res.length; i++){s = $.res[i];tasks.push({name: 'pyrest',type: 'SIMPLE',taskReferenceName: 't' + i});inputs['t' + i] = {url: $.url + $.res[i]._id,method: 'PUT', body: $.res[i], headers: {Authorization: 'Bearer ${authorize.output.body.access_token}', 'Content-Type': 'application/json'}}};return {tasks: Java.to(tasks, 'java.util.Map[]'),inputs: inputs};} f()" }, "type": "INLINE", "decisionCases": {}, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "fork_dynamic", "taskReferenceName": "parallel_tasks", "inputParameters": { "tasks": "${build_parallel_tasks.output.result.tasks}", "inputs": "${build_parallel_tasks.output.result.inputs}" }, "type": "FORK_JOIN_DYNAMIC", "decisionCases": {}, "dynamicForkTasksParam": "tasks", "dynamicForkTasksInputParamName": "inputs", "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] }, { "name": "join", "taskReferenceName": "join_parallel_tasks", "inputParameters": {}, "type": "JOIN" }, { "name": "check_at_least_one", "taskReferenceName": "check_at_least_one", "inputParameters": { "tasks": "${join_parallel_tasks.input.*}" }, "type": "SWITCH", "evaluatorType" : "javascript", "expression": "($.tasks.length > 0 ? 'true' : 'false')", "decisionCases": { "true": [ { "name": "pyrest", "taskReferenceName": "enable_jupyterhub_scope_for_context", "inputParameters": { "url": "${init.input.keycloak_admin}/clients/${lookup_jupyterhub.output.body[0].id}/scope-mappings/clients/${lookup_client.output.body[0].id}", "method": "POST", "headers": { "Authorization": "Bearer ${authorize.output.body.access_token}", "Content-Type": "application/json" }, "body": "${role_to_array.output.resultList}" }, "type": "SIMPLE" } ] }, "defaultCase": [], "forkTasks": [], "startDelay": 0, "joinOn": [], "optional": false, "defaultExclusiveJoinTask": [], "asyncComplete": false, "loopOver": [] } ], "inputParameters": [ "context" ], "outputParameters": {}, "schemaVersion": 2, "restartable": true, "workflowStatusListenerEnabled": false, "ownerEmail": "example@email.com", "timeoutPolicy": "ALERT_ONLY", "timeoutSeconds": 0, "variables": {}, "inputTemplate": {} }