diff --git a/ansible/roles/ansible-role-lr62-workflows/defaults/main.yaml b/ansible/roles/ansible-role-lr62-workflows/defaults/main.yaml new file mode 100644 index 0000000..5feadba --- /dev/null +++ b/ansible/roles/ansible-role-lr62-workflows/defaults/main.yaml @@ -0,0 +1,18 @@ +--- +target_path: "/tmp/lr62workflows" +conductor_server: "http://conductor-dev.int.d4science.net/api" +conductor_workflowdef_endpoint: "{{ conductor_server }}/metadata/workflow" +conductor_taskdef_endpoint: "{{ conductor_server }}/metadata/taskdefs" +workflows: + - create-user-add-to-vre + - group_deleted + - user-group_created + - user-group-role_created + - group_created + - invitation-accepted + - user-group_deleted + - user-group-role_deleted +keycloak_realm: d4science +keycloak_host: "https://accounts.dev.d4science.org/auth" +keycloak: "{{ keycloak_host }}/realms/{{ keycloak_realm}}" +keycloak_admin: "{{ keycloak_host }}/admin/realms/{{ keycloak_realm }}" diff --git a/ansible/roles/ansible-role-lr62-workflows/tasks/main.yaml b/ansible/roles/ansible-role-lr62-workflows/tasks/main.yaml new file mode 100644 index 0000000..ea62373 --- /dev/null +++ b/ansible/roles/ansible-role-lr62-workflows/tasks/main.yaml @@ -0,0 +1,31 @@ +--- +- name: Generate taskdefs + template: + src: "templates/taskdefs.json.j2" + dest: "{{ target_path }}/taskdefs.json" + +- name: Upload task definitions + uri: + url: "{{ conductor_taskdef_endpoint }}" + method: POST + src: "{{ target_path }}/taskdefs.json" + body_format: json + status_code: 204 + follow_redirects: yes + +- name: Generate workflows + template: + src: "templates/{{ item }}.json.j2" + dest: "{{ target_path }}/{{ item }}.json" + loop: "{{ workflows }}" + +- name: Upload workflows + uri: + url: "{{ conductor_workflowdef_endpoint }}" + method: POST + src: "{{ target_path }}/{{ item }}.json" + body_format: json + follow_redirects: yes + status_code: [200, 204, 409, 500] + loop: + "{{ workflows }}" diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/create-user-add-to-vre.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/create-user-add-to-vre.json.j2 new file mode 100644 index 0000000..5e92bfe --- /dev/null +++ b/ansible/roles/ansible-role-lr62-workflows/templates/create-user-add-to-vre.json.j2 @@ -0,0 +1,167 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "create-user-add-to-vre", + "createBy" : "Marco Lettere", + "description": "Batch create a user with a membership in a specific group", + "version" : 1, + "ownerEmail" : "m.lettere@gmail.com", + "inputParameters" : ["user", "first-name", "last-name", "email", "password", "group"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "keycloak": "{{ keycloak }}", + "keycloak_admin" : "{{ keycloak_admin }}", + "group" : "${workflow.input.group}", + "scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak}/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users", + "expect" : 201, + "method" : "POST", + "body" : { + "username": "${workflow.input.user}", + "firstName": "${workflow.input.first-name}", + "lastName": "${workflow.input.last-name}", + "email": "${workflow.input.email}", + "credentials": [ + { + "temporary": true, + "type": "password", + "value": "${workflow.input.password}" + } + ], + "requiredActions": ["UPDATE_PASSWORD"], + "emailVerified": true, + "enabled": true + }, + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "lookup_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "lookup_client", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients", + "params" : { "clientId" : "${workflow.input.group}"}, + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_client_roles", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles", + "expect" : [200, 404], + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "check_role_existance", + "taskReferenceName" : "check_role_existance", + "type" : "DECISION", + "inputParameters" :{ + "previous_outcome" : "${get_client_roles.output.status}" + }, + "caseValueParam" : "previous_outcome", + "decisionCases" : { + "200" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "select_role", + "type": "LAMBDA", + "inputParameters": { + "role": "${workflow.input.role}", + "roles" : "${get_client_roles.output.body}", + "scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "look_up_groups", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "extract_group", + "type": "LAMBDA", + "inputParameters": { + "tree" : "${init.output.result.tree}", + "groups" : "${look_up_groups.output.body}", + "scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "assign_user_to_group", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}", + "method" : "PUT", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}" + } + } + } + ] + } + } + ] +} diff --git a/ansible/roles/ansible-role-lr62-workflows/templates/group_created.json.j2 b/ansible/roles/ansible-role-lr62-workflows/templates/group_created.json.j2 new file mode 100644 index 0000000..bc1c22b --- /dev/null +++ b/ansible/roles/ansible-role-lr62-workflows/templates/group_created.json.j2 @@ -0,0 +1,343 @@ +{ + "ownerApp" : "Orchestrator", + "name" : "group_created", + "createBy" : "Marco Lettere", + "description": "Handle workflow related to Portal event group_created", + "version" : 1, + "ownerEmail" : "marco.lettere@nubisware.com", + "inputParameters" : ["user", "group"], + "tasks" : [ + { + "name": "LAMBDA_TASK", + "taskReferenceName": "init", + "type": "LAMBDA", + "inputParameters": { + "keycloak": "{{ keycloak }}", + "keycloak_admin" : "{{ keycloak_admin }}", + "clientId" : "${workflow.input.group}", + "scriptExpression": "var tree = $.clientId.split('%2F'); return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/')}" + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "authorize", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak}/protocol/openid-connect/token", + "method" : "POST", + "headers" : { + "Accept" : "application/json" + }, + "body" : { + "client_id" : "orchestrator", + "client_secret" : "c93501bd-abeb-4228-bc28-afac38877338", + "grant_type" : "client_credentials" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "lookup_user", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_client", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/clients", + "body" : { + "clientId": "${init.input.clientId}", + "name": "${init.output.result.name}", + "description": "Client representation for ${init.output.result.name} context", + "rootUrl": "http://localhost${init.output.result.name}", + "enabled": true, + "serviceAccountsEnabled": true, + "standardFlowEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "protocol": "openid-connect" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "fork_join", + "taskReferenceName" : "fork_role_creation", + "type" : "FORK_JOIN", + "forkTasks" : [ + [{ + "name" : "pyrest", + "taskReferenceName" : "create_role_member", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_client.output.headers.location}/roles", + "body" : { + "clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "get_back_role_member", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${create_role_member.output.headers.location}", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "create_kc_group", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/groups", + "body" : { + "name" : "${init.output.result.child}" + }, + "method" : "POST", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Content-Type" : "application/json" + } + } + }, + { + "name" : "pyrest", + "taskReferenceName" : "list_kc_groups", + "type" : "SIMPLE", + "inputParameters" : { + "url" : "${init.input.keycloak_admin}/groups", + "method" : "GET", + "headers" : { + "Authorization" : "Bearer ${authorize.output.body.access_token}", + "Accept" : "application/json" + } + } + }, + { + "name": "LAMBDA_TASK", + "taskReferenceName": "prepare", + "type": "LAMBDA", + "inputParameters": { + "append" : "${init.output.result.append}", + "location" : "${create_kc_group.output.headers.location}", + "client_location" : "${create_client.output.headers.location}", + "groups" : "${list_kc_groups.output.body}", + "scriptExpression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function recurse(inp){for(var i=0;i