From e777216fcd1c208d91ad4cbbacac04ad55eedaa2 Mon Sep 17 00:00:00 2001
From: Janis Streib <me@janis-streib.de>
Date: Fri, 29 Sep 2023 19:31:04 +0200
Subject: [PATCH] FIX: correct workflow for ACME
---
json_templates/acme_serviceaccount.json | 167 +++++++++++-------------
1 file changed, 73 insertions(+), 94 deletions(-)
diff --git a/json_templates/acme_serviceaccount.json b/json_templates/acme_serviceaccount.json
index 32e66d8..a47f478 100644
--- a/json_templates/acme_serviceaccount.json
+++ b/json_templates/acme_serviceaccount.json
@@ -11,118 +11,78 @@
"en": "Create an service account for ACME4NETVS"
},
"list_display_name": {
- "de": "Service-Account für ACME anlegen. TBD: Templating",
- "en": "Create Service-Account for ACME"
+ "de": "Service-Account für ACME anlegen in der OE {{ ou_short_name }} für den Dienst {{ name }}.",
+ "en": "Create service account for ACME in the OU {{ ou_short_name }} for the service {{ name }}."
},
"display_variant": "create",
"variables": {
- "name": {
+ "ou_short_name": {
"friendly_name": {
- "de": "Service-Name",
- "en": "Service-Name"
+ "de": "OE-Name",
+ "en": "OU name"
},
"optional": false,
"default": "",
"nullable": false,
"description": {
- "de": "Name des Services",
- "en": "Name of the service"
- },
- "type": "str"
- },
- "description": {
- "friendly_name": {
- "de": "Service-Description",
- "en": "Service-Description"
- },
- "optional": false,
- "nullable": false,
- "default": "",
- "description": {
- "de": "Beschreibung des Services",
- "en": "Human readable description of the service"
- },
- "type": "str"
- },
- "ou_shortcode": {
- "friendly_name": {
- "de": "OE-Kürzel",
- "en": "OU Short Name"
- },
- "optional": false,
- "nullable": false,
- "default": "",
- "description": {
- "de": "OE-Kürzel",
- "en": "OE Short Name"
+ "de": "Unter dieser OE wird ein Serviceaccount und eine Gruppe angelegt, der der Serviceaccount zugeordnet wird. Hierfür müssen Sie Betreuer der angegebenen OE sein.",
+ "en": "Under this OU, a service account and a group will be created, which will be assigned to the service account. For this you must be a manager of the specified OU."
},
"type": "typeahead",
"type_params": {
"query": [
{"idx":"own_mgr2ou_list","name":"cntl.mgr2ou.list","old":{"is_own":true}},
{"idx":"unit_list","name":"org.unit.list","inner_join_ref":{"own_mgr2ou_list":"default"},"old":{"sorting_params_list":["sub_position"]}},
- {"idx":"unit_list_superset","name":"org.unit.list","inner_join_ref":{"unit_list":"api_func_org_unit_is_superset_of_root_node_set"}},
- {"idx":"mgr2ou_list","name":"cntl.mgr2ou.list","inner_join_ref":{"unit_list_superset":"default"}},
- {"idx":"mgr_list","name":"cntl.mgr.list","inner_join_ref":{"mgr2ou_list":"default"}},
- {"idx":"fqdn2ou_list","name":"dns.fqdn2ou.list","inner_join_ref":{"unit_list_superset":"default"}},
- {"idx":"bcd2ou_list","name":"nd.bcd2ou.list","inner_join_ref":{"unit_list_superset":"default"}},
- {"idx":"bcd_list","name":"nd.bcd.list","inner_join_ref":{"bcd2ou_list":"default"}},
- {"idx":"unit_type_list","name":"org.unit_type.list","inner_join_ref":{"unit_list":"default"}}
+ {"idx":"unit_list_superset","name":"org.unit.list","inner_join_ref":{"unit_list":"api_func_org_unit_is_superset_of_root_node_set"}}
],
"query_path": "unit_list_superset",
"display_value": "short_name",
"return_value": "short_name"
}
},
- "fqdn": {
+ "name": {
"friendly_name": {
- "de": "FQDN",
- "en": "FQDN"
+ "de": "Dienstname",
+ "en": "Service name"
},
"optional": false,
- "nullable": false,
"default": "",
+ "nullable": false,
"description": {
- "de": "FQDNs für die Zertifikate ausgestellt werden sollen.",
- "en": "FQDN"
+ "de": "Name des Dienstes. Hieraus werden automatisch die Dienstkennung des Serviceaccounts und der Gruppenname abgeleitet.",
+ "en": "Name of the service. From this, the service identifier of the service account and the group name are automatically derived."
},
- "type": "typeahead",
- "type_params": {
- "query": [
- {"idx":"mgr2ou_list","name":"cntl.mgr2ou.list","old":{"is_own":true}},
- {"idx":"mgr2group_list","name":"cntl.mgr2group.list","old":{"is_own":true}},
- {"idx":"unit_list","name":"org.unit.list","inner_join_ref":{"mgr2ou_list":"default"}},
- {"idx":"group_list","name":"cntl.group.list","inner_join_ref":{"mgr2group_list":"default"}},
- {"idx":"fqdn2ou_list","name":"dns.fqdn2ou.list","inner_join_ref":{"unit_list":"default"}},
- {"idx":"fqdn2group_list","name":"dns.fqdn2group.list","inner_join_ref":{"group_list":"default"}},
- {"idx":"ou_fqdns","name":"dns.fqdn.list","inner_join_ref":{"fqdn2ou_list":"default"}},
- {"idx":"group_fqdns","name":"dns.fqdn.list","inner_join_ref":{"fqdn2group_list":"default"}}
- ],
- "query_path": "group_fqdns",
- "display_value": "value",
- "return_value": "value"
- },
- "list": true
+ "type": "str"
},
- "svc_managers": {
+ "domains": {
"friendly_name": {
- "de": "SVC Managers",
- "en": "SVC Managers"
+ "de": "Domains",
+ "en": "Domains"
},
"optional": false,
+ "default": "",
"nullable": false,
+ "description": {
+ "de": "Domains, für die Zertifikate bestellt werden können sollen. Subdomains dieser Domains sind automatisch mit eingeschlossen.",
+ "en": "Domains for which certificates should be ordered. Subdomains of these domains are automatically included."
+ },
+ "list": true,
+ "type": "str"
+ },
+ "mgrs": {
+ "friendly_name": {
+ "de": "Verwaltende Accounts",
+ "en": "Managing accounts"
+ },
+ "optional": false,
"default": "",
+ "nullable": false,
"description": {
- "de": "Manager Accounts für SVC. TBD: multiselect",
- "en": "Manager Accounts for the SVC"
+ "de": "KIT-Accounts, die operativ für den Dienst zuständig sind. Diese können Aktionen im namen des Serviceaccounts ausführen.",
+ "en": "KIT accounts that are operationally responsible for the service. These can perform actions on behalf of the service account."
},
- "type": "typeahead",
- "type_params": {
- "query": [{"idx":"svc_managers","name":"cntl.mgr.list","old":{"is_own":true}}],
- "query_path": "svc_managers",
- "display_value": "login_name",
- "return_value": "login_name"
- }
+ "list": true,
+ "type": "str"
}
},
"transaction": [
@@ -130,16 +90,15 @@
"idx": "createMgr",
"name": "cntl.mgr.create",
"new": {
- "description": "{{ description }}",
"is_svc": true,
- "svc_id": "{{ ou_shortcode }}_acme_{{ name }}"
+ "svc_id": "{{ ou_short_name }}-acme-{{ name }}"
}
},
{
- "idx": "mgr2ou",
+ "idx": "add_svc_to_ou",
"name": "cntl.mgr2ou.create",
"new": {
- "ou_short_name": "{{ ou_shortcode }}"
+ "ou_short_name": "{{ou_short_name}}"
},
"new_ref_params": [
{
@@ -154,9 +113,9 @@
"idx": "createGroup",
"name": "cntl.group.create",
"new": {
- "description": "{{ description }}",
- "name": "{{ ou_shortcode }}_acme_{{ name }}",
- "ou_short_name": "{{ ou_shortcode }}"
+ "description": "ACME for {{ name }}",
+ "name": "{{ ou_short_name }}-acme-{{ name }}",
+ "ou_short_name": "{{ ou_short_name }}"
}
},
{
@@ -178,28 +137,50 @@
}
]
},
+ {
+ "idx": "getFQDNS",
+ "name": "dns.fqdn.list",
+ "old": {
+ "value_list": "{{ domains }}"
+ }
+ },
{
"idx": "fqdn2group",
"name": "dns.fqdn2group.create",
- "new": {
- "fqdn_value": "{{ fqdn }}"
- },
"new_ref_params": [
{
"idx": "createGroup",
"params": {
"group_name": "name"
}
+ },
+ {
+ "idx": "getFQDNS",
+ "params": {
+ "fqdn_value": "value"
+ },
+ "join_type": "cross"
}
]
},
{
- "idx": "mgr2group",
+ "idx": "defineTmpMgrList",
+ "name": "tmp.generic_object.list",
+ "old": {
+ "_dict_list": "{{ mgrs }}"
+ }
+ },
+ {
+ "idx": "mgrs2group",
"name": "cntl.mgr2group.create",
- "new": {
- "mgr_login_name": "{{ svc_managers }}"
- },
"new_ref_params": [
+ {
+ "idx": "defineTmpMgrList",
+ "params": {
+ "mgr_login_name": "item"
+ },
+ "join_type": "cross"
+ },
{
"idx": "createGroup",
"params": {
@@ -209,7 +190,5 @@
]
}
],
- "returning": [
- "createMgr"
- ]
+ "returning": []
}
\ No newline at end of file
--
GitLab