{
	"ownerApp" : "Orchestrator",
	"name" : "group_created",
	"createBy" : "Marco Lettere",
	"description": "Handle workflow related to Portal event group_created",
	"version" : 1,
	"ownerEmail" : "marco.lettere@nubisware.com",
	"inputParameters" : ["user", "group"],
	"tasks" : [
    {
		  "name": "LAMBDA_TASK",
		  "taskReferenceName": "init",
		  "type": "LAMBDA",
		  "inputParameters": {
			  "root_vo": "{{ root_vo }}",
			  "keycloak": "{{ keycloak }}/{{ keycloak_realm }}",
			  "keycloak_admin" : "{{ keycloak_admin }}/{{ keycloak_realm }}",
			  "clientId" : "${workflow.input.group}",
			  "scriptExpression": "var tree = $.clientId.split('%2F'); return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/'), encoded_root_vo : encodeURI($.root_vo)}"
		  }
		},
		{
			"name" : "pyrest",
			"taskReferenceName" : "authorize",
			"type" : "SIMPLE",
			"inputParameters" : {
				"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
				"method" : "POST",
				"headers" : {
					"Accept" : "application/json"
				},
				"body" : {
					"client_id" : "orchestrator", 
					"client_secret" : "{{ keycloak_auth_master }}",
					"grant_type" : "client_credentials"
				}
			}
		},
		{
        "name" : "fork_join",
        "taskReferenceName" : "preliminary_fork",
        "type" : "FORK_JOIN",
        "forkTasks" : [
          [
		        {
			        "name" : "pyrest",
			        "taskReferenceName" : "create_client",
			        "type" : "SIMPLE",
			        "inputParameters" : {
				        "url" : "${init.input.keycloak_admin}/clients",
				        "body" : { 
					        "clientId": "${init.input.clientId}",
					        "name": "${init.output.result.name}",
					        "description": "Client representation for ${init.output.result.name} context",
					        "rootUrl": "http://localhost${init.output.result.name}",
					        "enabled": true,
					        "serviceAccountsEnabled": true,
					        "standardFlowEnabled": true,
					        "authorizationServicesEnabled": true,
					        "publicClient": false,
					        "fullScopeAllowed" : false,
					        "protocol": "openid-connect"
				        },
				        "method" : "POST",
				        "headers" : {
					        "Authorization" : "Bearer ${authorize.output.body.access_token}",
					        "Content-Type" : "application/json"
				        }
			        }
		        },
            {
                "name": "LAMBDA_TASK",
                "taskReferenceName": "extract_client_id",
                "type": "LAMBDA",
                "inputParameters": {
                        "client_location" : "${create_client.output.headers.location}",
                        "scriptExpression": "var client_id = $.client_location.split('/').pop(); return {'client_id' : client_id}"
                }
            },
		        {
                "name" : "pyrest",
                "taskReferenceName" : "get_default_policies",
                "type" : "SIMPLE",
                "inputParameters" : {
                        "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy",
                        "method" : "GET",
                        "headers" : {
                                "Authorization" : "Bearer ${authorize.output.body.access_token}",
                                "Accept" : "application/json"
                        }
                }
            },
            {
                "name" : "pyrest",
                "taskReferenceName" : "get_default_resource",
                "type" : "SIMPLE",
                "inputParameters" : {
                        "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/resource",
                        "method" : "GET",
                        "headers" : {
                                "Authorization" : "Bearer ${authorize.output.body.access_token}",
                                "Accept" : "application/json"
                        }
                }
            },
		        {
                "name" : "pyrest",
                "taskReferenceName" : "delete_default_policy1",
                "type" : "SIMPLE",
                "inputParameters" : {
                        "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[0].id}",
                        "method" : "DELETE",
                        "headers" : {
                                "Authorization" : "Bearer ${authorize.output.body.access_token}",
                                "Accept" : "application/json"
                        }
                }
            },
		        {
                "name" : "pyrest",
                "taskReferenceName" : "delete_default_policy2",
                "type" : "SIMPLE",
                "inputParameters" : {
                        "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/${get_default_policies.output.body[1].id}",
                        "method" : "DELETE",
                        "headers" : {
                                "Authorization" : "Bearer ${authorize.output.body.access_token}",
                                "Accept" : "application/json"
                        }
                }
            },
            {
		          "name" : "pyrest",
		          "taskReferenceName" : "create_permission",
		          "type" : "SIMPLE",
		          "inputParameters" : {
			          "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource",
			          "body" : {
                   "name": "Default Permission",
                   "description": "",
                   "type" : "resource",
                   "logic": "POSITIVE",
                   "decisionStrategy": "AFFIRMATIVE",
                   "resources" : ["${get_default_resource.output.body[0]._id}"]
                },
			          "method" : "POST",
			          "headers" : {
				          "Authorization" : "Bearer ${authorize.output.body.access_token}",
				          "Content-Type" : "application/json",
					        "Accept" : "application/json"
			          }
		          }
	          }
        ],
        [
          {
              "name" : "pyrest",
              "taskReferenceName" : "get_rootvo",
              "type" : "SIMPLE",
              "inputParameters" : {
                  "url" : "${init.input.keycloak_admin}/clients?clientId=${init.output.result.encoded_root_vo}",
                  "method" : "GET",
                  "headers" : {
                      "Authorization" : "Bearer ${authorize.output.body.access_token}",
                      "Accept" : "application/json"
                  }
              }
          },
          {
              "name" : "pyrest",
              "taskReferenceName" : "get_rootvo_roles",
              "type" : "SIMPLE",
              "inputParameters" : {
                  "url" : "${init.input.keycloak_admin}/clients/${get_rootvo.output.body[0].id}/roles",
                  "method" : "GET",
                  "headers" : {
                      "Authorization" : "Bearer ${authorize.output.body.access_token}",
                      "Accept" : "application/json"
                  }
              }
          }
        ]
      ]
    },
    {
      "name" : "join",
      "type" : "JOIN",
      "taskReferenceName" : "preliminary_fork_join",
      "joinOn": [ "create_permission", "get_rootvo_roles"]
    },
		{
			"name" : "fork_join",
			"taskReferenceName" : "fork_role_creation",
			"type" : "FORK_JOIN",
			"forkTasks" : [
				[{
					"name" : "pyrest",
					"taskReferenceName" : "create_role_member",
					"type" : "SIMPLE",
					"inputParameters" : {
						"url" : "${create_client.output.headers.location}/roles",
						"body" : { 
							"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
						},
						"method" : "POST",
						"headers" : {
							"Authorization" : "Bearer ${authorize.output.body.access_token}",
							"Content-Type" : "application/json"
						}
					}
				},
				{
					"name" : "pyrest",
					"taskReferenceName" : "get_back_role_member",
					"type" : "SIMPLE",
					"inputParameters" : {
						"url" : "${create_role_member.output.headers.location}",
						"method" : "GET",
						"headers" : {
							"Authorization" : "Bearer ${authorize.output.body.access_token}",
							"Accept" : "application/json"
						}
					}
				},
				{
					"name": "jq_1",
					"taskReferenceName": "to_array",
					"type": "JSON_JQ_TRANSFORM",
					"inputParameters": {
						"role": "${get_back_role_member.output.body}",
				        "queryExpression" : ".role"
				    }
				},
				{
					"name" : "pyrest",
					"taskReferenceName" : "add_role_member_as_component_of_infrastructure_member",
					"type" : "SIMPLE",
					"inputParameters" : {
						"url" : "${init.input.keycloak_admin}/roles/Infrastructure-Member/composites",
						"method" : "POST",
						"headers" : {
							"Authorization" : "Bearer ${authorize.output.body.access_token}",
							"Content-Type" : "application/json"
						},
						"body" : "${to_array.output.resultList}"
					}
				},
				{
					  "name" : "pyrest",
					  "taskReferenceName" : "create_role_policy_member",
					  "type" : "SIMPLE",
					  "inputParameters" : {
						  "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role",
						  "body" : {
						     "name": "Member_policy",
						     "description": "",
						     "type" : "role",
						     "logic": "POSITIVE",
						     "decisionStrategy": "UNANIMOUS",
						     "roles" : [
						        {
						          "id" : "${get_back_role_member.output.body.id}",
						          "required" : true
						        }
						     ]
						  },
						  "method" : "POST",
						  "headers" : {
							  "Authorization" : "Bearer ${authorize.output.body.access_token}",
							  "Content-Type" : "application/json",
							  "Accept" : "application/json"
						  }
					  }
			  },
				{
				  "name" : "pyrest",
					"taskReferenceName" : "create_kc_group",
					"type" : "SIMPLE",
					"inputParameters" : {
						"url" : "${init.input.keycloak_admin}/groups",
						"body" : { 
							"name" : "${init.output.result.child}"
						},
						"method" : "POST",
						"headers" : {
							"Authorization" : "Bearer ${authorize.output.body.access_token}",
							"Content-Type" : "application/json"
						}
					}
				},
				{
				  "name" : "pyrest",
					"taskReferenceName" : "list_kc_groups",
					"type" : "SIMPLE",
					"inputParameters" : {
						"url" : "${init.input.keycloak_admin}/groups",
						"method" : "GET",
						"headers" : {
							"Authorization" : "Bearer ${authorize.output.body.access_token}",
							"Accept" : "application/json"
						}
					}
				},
				{
					"name": "LAMBDA_TASK",
					"taskReferenceName": "prepare",
					"type": "LAMBDA",
					"inputParameters": {
						"append" : "${init.output.result.append}",
						"location" : "${create_kc_group.output.headers.location}",
						"client_location" : "${create_client.output.headers.location}",
						"groups" : "${list_kc_groups.output.body}",
						"scriptExpression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; return {'group' : $.append == '' ? '' : recurse($.groups), 'newid' : newid, 'client_id' : client_id}"
					}
				},
				{
					"name": "decide_task",
					"taskReferenceName": "decide1",
					"inputParameters": {
						"groupid": "${prepare.output.result.group}"
					},
					"type": "DECISION",
					"caseValueParam": "groupid",
					"decisionCases": {
						"": [
							{
								"name": "LAMBDA_TASK",
								"taskReferenceName": "dummy",
								"type": "LAMBDA",
								"inputParameters": {
									"scriptExpression": "1"
								}
							}
						]
					},
					"defaultCase": [
						{
							"name" : "pyrest",
							"taskReferenceName" : "move_new_kc_group_to_parent",
							"type" : "SIMPLE",
							"inputParameters" : {
								"url" : "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
								"method" : "POST",
								"body" : {
									"id" : "${prepare.output.result.newid}"
								},
								"headers" : {
									"Authorization" : "Bearer ${authorize.output.body.access_token}",
									"Accept" : "application/json",
									"Content-Type" : "application/json"
								}
							}
						}
					]
				},
				{
				  "name" : "pyrest",
					"taskReferenceName" : "assign_client_member_role_to_kc_group",
					"type" : "SIMPLE",
					"inputParameters" : {
						"url" : "${init.input.keycloak_admin}/groups/${prepare.output.result.newid}/role-mappings/clients/${prepare.output.result.client_id}",
						"method" : "POST",
						"body" : ["${get_back_role_member.output.body}"],
						"headers" : {
							"Authorization" : "Bearer ${authorize.output.body.access_token}",
							"Accept" : "application/json",
							"Content-Type" : "application/json"
						}
					}
				}
				],
				[
				  {
            "name": "LAMBDA_TASK",
            "taskReferenceName": "build_add_role_tasks",
            "type": "LAMBDA",
            "inputParameters": {
              "roles" : "${get_rootvo_roles.output.body[?(@.name != \"uma_protection\" && @.name != \"Member\")]}",
              "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_'+k}),inputs['create_'+k]={url:'${create_client.output.headers.location}/roles',body:{clientRole:true,name:r.name,description:r.description},method:'POST',headers:{Authorization:'Bearer ${authorize.output.body.access_token}','Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
            }
          },
          {
            "name" : "fork_dynamic",
            "type" : "FORK_JOIN_DYNAMIC",
            "taskReferenceName" : "parallel_add_role",
            "inputParameters" : {
                "tasks" : "${build_add_role_tasks.output.result.tasks}",
                "inputs" : "${build_add_role_tasks.output.result.inputs}"
            },
            "dynamicForkTasksParam": "tasks",
            "dynamicForkTasksInputParamName": "inputs"
          },
          {
              "name" : "join",
              "type" : "JOIN",
              "taskReferenceName" : "join_parallel_role_addition"
          },
				  {
            "name": "LAMBDA_TASK",
            "taskReferenceName": "build_get_back_role_tasks",
            "type": "LAMBDA",
            "inputParameters": {
              "roleurls" : "${join_parallel_role_addition.output[*]..location}",
              "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roleurls.length;i++)u=$.roleurls[i],k='add-'+i,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'get_back_'+k}),inputs['get_back_'+k]={url:u,method:'GET',headers:{Authorization:'Bearer ${authorize.output.body.access_token}',Accept:'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
            }
          },
          {
            "name" : "fork_dynamic",
            "type" : "FORK_JOIN_DYNAMIC",
            "taskReferenceName" : "parallel_get_back_role",
            "inputParameters" : {
                "tasks" : "${build_get_back_role_tasks.output.result.tasks}",
                "inputs" : "${build_get_back_role_tasks.output.result.inputs}"
            },
            "dynamicForkTasksParam": "tasks",
            "dynamicForkTasksInputParamName": "inputs"
          },
          {
              "name" : "join",
              "type" : "JOIN",
              "taskReferenceName" : "join_parallel_getting_back"
          },
          {
            "name": "LAMBDA_TASK",
            "taskReferenceName": "build_add_policy_tasks",
            "type": "LAMBDA",
            "inputParameters": {
              "roles" : "${join_parallel_getting_back.output[*].body}",
              "scriptExpression": "inputs={},tasks=[];for(var i=0;i<$.roles.length;i++)r=$.roles[i],k='add-'+r.name,tasks.push({name:'pyrest',type:'SIMPLE',taskReferenceName:'create_role_policy_'+k}),inputs['create_role_policy_'+k]={url:'${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/policy/role',body:{name:r.name+'_policy',description:'',type:'role',logic:'POSITIVE',decisionStrategy:'UNANIMOUS',roles:Java.to([{id:r.id,required:true}], 'java.util.Map[]')},method:'POST',headers:{Authorization:'Bearer ${authorize.output.body.access_token}', Accept: 'application/json', 'Content-Type':'application/json'}};return {tasks:Java.to(tasks,'java.util.Map[]'),inputs:inputs};"
            }
          },
          {
            "name" : "fork_dynamic",
            "type" : "FORK_JOIN_DYNAMIC",
            "taskReferenceName" : "parallel_add_policy_role",
            "inputParameters" : {
                "tasks" : "${build_add_policy_tasks.output.result.tasks}",
                "inputs" : "${build_add_policy_tasks.output.result.inputs}"
            },
            "dynamicForkTasksParam": "tasks",
            "dynamicForkTasksInputParamName": "inputs"
          },
          {
              "name" : "join",
              "type" : "JOIN",
              "taskReferenceName" : "join_parallel_policy_addition"
          }
        ]
			]
		},
		{
			"name" : "join",
			"taskReferenceName" : "join_role_creation",
			"type" : "JOIN",
			"joinOn" : [
			  "join_parallel_policy_addition",
        "assign_client_member_role_to_kc_group"
			]
		},
		{
			"name": "LAMBDA_TASK",
		  	"taskReferenceName": "policy_list",
			"type": "LAMBDA",
	 		"inputParameters": {
				"memberpolicy" : "${create_role_policy_member.output.body.id}",
				"otherpolicies" : "${join_parallel_policy_addition.output[*].body.id}",
				"scriptExpression": "return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')"
			  }
		},
		{
		  "name" : "pyrest",
		  "taskReferenceName" : "finalize_permission",
		  "type" : "SIMPLE",
		  "inputParameters" : {
			  "url" : "${init.input.keycloak_admin}/clients/${extract_client_id.output.result.client_id}/authz/resource-server/permission/resource/${create_permission.output.body.id}",
			  "body" : {
           "name": "Default Permission",
           "description": "",
           "type" : "resource",
           "logic": "POSITIVE",
           "decisionStrategy": "AFFIRMATIVE",
           "policies" : "${policy_list.output.result}"
        },
			  "method" : "PUT",
			  "headers" : {
				  "Authorization" : "Bearer ${authorize.output.body.access_token}",
				  "Content-Type" : "application/json"
			  }
		  }
	  },
	  {
		  "name": "sub_workflow_task",
		  "taskReferenceName": "call_enable_workspace_clients_for_context",
		  "subWorkflowParam": {
			"name": "add_workspace_client_to_context"
		  },
		  "inputParameters": {
  			"context" : "${workflow.input.group}"
		  },
		  "type": "SUB_WORKFLOW"
	   }
	]
}