gCubeSystem
/
ansible-role-conductor-workflows-user-management
14
0
Fork 0
Code Issues Pull Requests Releases 5 Wiki Activity
Conductor workflows for managing user base between LR62 instances and Keycloak 10 IAM.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
5 Tags
1.0 MiB
 
Tree: 5d1fe1b178
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5d1fe1b178'
${ noResults }
ansible-role-conductor-work.../templates/user-group_deleted.json.j2

149 lines
4.7 KiB
Raw Blame History

{
"ownerApp" : "Orchestrator",
"name" : "user-group_deleted",
"createBy" : "Marco Lettere",
"description": "Handle workflow related to Portal event user-group_deleted",
"version" : 1,
"ownerEmail" : "m.lettere@gmail.com",
"inputParameters" : ["role", "user", "group"],
"tasks" : [
{
"name": "LAMBDA_TASK",
"taskReferenceName": "init",
"type": "LAMBDA",
"inputParameters": {
"keycloak": "{{ keycloak }}",
"keycloak_admin" : "{{ keycloak_admin }}",
"group" : "${workflow.input.group}",
"scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "authorize",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak}/protocol/openid-connect/token",
"method" : "POST",
"headers" : {
"Accept" : "application/json"
},
"body" : {
"client_id" : "orchestrator",
"client_secret" : "{{ keycloak_auth }}",
"grant_type" : "client_credentials"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "check_user_existance",
"taskReferenceName": "check_user_existance",
"inputParameters": {
"user": "${lookup_user.output.body[0]}"
},
"type": "DECISION",
"caseExpression": "($.user == null ? 'true' : 'false')",
"decisionCases": {
"true": [
{
"name" : "terminate",
"taskReferenceName" : "terminate_when_no_user",
"type" : "TERMINATE",
"inputParameters" : {
"terminationStatus" : "COMPLETED"
}
}
]
}
},
{
"name" : "pyrest",
"taskReferenceName" : "lookup_client",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients",
"params" : { "clientId" : "${workflow.input.group}"},
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "get_client_roles",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
"method" : "GET",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "remove_all_roles_from_user",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
"expect" : 204,
"method" : "DELETE",
"body" : "${get_client_roles.body}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Content-Type" : "application/json"
}
}
},
{
"name" : "pyrest",
"taskReferenceName" : "look_up_groups",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}",
"Accept" : "application/json"
}
}
},
{
"name": "LAMBDA_TASK",
"taskReferenceName": "extract_group",
"type": "LAMBDA",
"inputParameters": {
"tree" : "${init.output.result.tree}",
"groups" : "${look_up_groups.output.body}",
"scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
}
},
{
"name" : "pyrest",
"taskReferenceName" : "assign_user_to_group",
"type" : "SIMPLE",
"inputParameters" : {
"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}",
"method" : "DELETE",
"headers" : {
"Authorization" : "Bearer ${authorize.output.body.access_token}"
}
}
}
]
}