Commit aee33aff authored by Jose Castro Leon's avatar Jose Castro Leon

Add workbook to cleanup acls on personal projects

parent eeea91b4
Pipeline #1073477 passed with stages
in 6 minutes and 34 seconds
---
version: '2.0'
name: acls_cleanup
workflows:
create_daily_acls_cleanup_job:
type: direct
description: This workflow reacts to an event trigger and prepares the cleanup of personal acls.
tasks:
create_mail_cron:
description: 'Creates the cronjobs for the expiration job'
action: mistral.cron_triggers_create
input:
name: "daily_acls_cleanup"
workflow_identifier: acls_cleanup.daily_global_cleanup
workflow_input: {}
pattern: "0 0 * * *"
daily_global_cleanup:
type: direct
description: This workflow checks all the projects with cleanup and reacts accordingly
tasks:
retrieve_all_projects:
action: keystone.projects_list
input:
domain: "default"
tags_any: "expiration"
enabled: "true"
keep-result: false
publish:
projects: <% task(retrieve_all_projects).result.select(dict(id => $.id, name => $.name)) %>
on-success:
- launch_project_cleanup
launch_project_cleanup:
description: 'Reviews ACLs in the projects'
with-items: project in <% $.projects %>
concurrency: 400
workflow: acls_cleanup.daily_project_cleanup
input:
project: <% $.project %>
daily_project_cleanup:
type: direct
description: This workflow checks the ACLs of the projects and cleanups everything that's not an owner.
input:
- project
tasks:
fetch_assignments:
description: 'Fetch the assignments of the project mapped to Member'
action: keystone.role_assignments_list
keep-result: false
input:
project: <% $.project.id %>
role: "635d3bb896d84465b4452656cb4e4da6"
publish:
assignments: <% task(fetch_assignments).result %>
on-success:
- remove_extra_acls: <% $.assignments %>
remove_extra_acls:
description: Removes the additional acls
with-items: assignment in <% $.assignments %>
action: keystone.roles_revoke
input:
role: "635d3bb896d84465b4452656cb4e4da6"
user: <% switch($.assignment.containsKey('user') => $.assignment.user.id, not $.assignment.containsKey('user') => null) %>
group: <% switch($.assignment.containsKey('group') => $.assignment.group.id, not $.assignment.containsKey('group') => null) %>
project: <% $.project.id %>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment