README.md 3.91 KB
Newer Older
lukas.burgey's avatar
lukas.burgey committed
1
FEUDAL Scripts Version 3
ubedv's avatar
ubedv committed
2 3
=

lukas.burgey's avatar
lukas.burgey committed
4
FEUDAL scripts (also called adapters) are used to deploy feudal users in a customizable fashion. They are executed by a [feudalClient](https://git.scc.kit.edu/feudal/feudalClient) and have a specific input and output.
ubedv's avatar
ubedv committed
5

lukas.burgey's avatar
lukas.burgey committed
6 7
This go library can be used as a basis to implement such a script.
Examples can be found here: [a simple stub](stubScript/stub-script.go), [creating SSH access](sshScript/ssh-script.go), and [handling questionnaires](questionnaireScript/questionnaire-script.go).
ubedv's avatar
ubedv committed
8

lukas.burgey's avatar
lukas.burgey committed
9 10
The scripts use json for input and output. The specific formats are outlined
below. The input is passed to the scripts via stdin.
lukas.burgey's avatar
lukas.burgey committed
11 12

The [feudalClient](https://git.scc.kit.edu/feudal/feudalClient) can be used to generate and validate json schema for input
Lukas Burgey's avatar
Lukas Burgey committed
13 14 15 16 17
and output, see:
```
   feudalClient schema --help
   feudalClient validate --help
```
ubedv's avatar
ubedv committed
18

lukas.burgey's avatar
lukas.burgey committed
19
Input Format
ubedv's avatar
ubedv committed
20
-
ubedv's avatar
ubedv committed
21
```
ubedv's avatar
ubedv committed
22
{
ubedv's avatar
ubedv committed
23 24 25
    // The state which is to be reached by this script execution
    //
    // deployed     -> the script is supposed to deploy the user
Lukas Burgey's avatar
Lukas Burgey committed
26
    // not_deployed -> the script is supposed to remove the user
ubedv's avatar
ubedv committed
27
    "state_target": "deployed" or "not_deployed",
Lukas Burgey's avatar
Lukas Burgey committed
28 29 30


    // The user which is requesting access
ubedv's avatar
ubedv committed
31 32
    "user": {
        "userinfo": <OpenID Connect userinfo as json dict>
Lukas Burgey's avatar
Lukas Burgey committed
33 34 35 36 37 38 39 40 41 42 43

        // The credentials from the user, which need to be deployed
        // The dict maps a credential type to a list of credentials of this type.
        "credentials": {
            "ssh_key": [
                {
                    "name": "unity_key",
                    "value": "ssh-... ..."
                }
            ]
        },
ubedv's avatar
ubedv committed
44
    },
Lukas Burgey's avatar
Lukas Burgey committed
45 46 47


    // Answers to a previously requested questionnaire, may not be present
Lukas Burgey's avatar
Lukas Burgey committed
48
    "answers": {
lukas.burgey's avatar
lukas.burgey committed
49 50 51 52 53
      "question_name": "user answer to this question",
      "age_question": 18,
      "list_question": "person_a",
      "list_question_2": 2,
      "are_you_sure": true
ubedv's avatar
ubedv committed
54 55
    }
}
ubedv's avatar
ubedv committed
56
```
ubedv's avatar
ubedv committed
57 58


lukas.burgey's avatar
lukas.burgey committed
59
Output Format
ubedv's avatar
ubedv committed
60
-
ubedv's avatar
ubedv committed
61
```
ubedv's avatar
ubedv committed
62
{
ubedv's avatar
ubedv committed
63 64 65 66 67 68 69
    // The state as of now (after the script run)
    //
    // deployed     -> The deployment was processed successfully
    // not_deployed -> The removal of the user was processed successfully
    // failed       -> An error occured and the script could not reach the 'state_target' from the Input
    // rejected     -> The user is not permitted to use this service, for whatever reason
    // questionnaire-> The script needs more information to deploy the user
ubedv's avatar
ubedv committed
70
    "state": "deployed" or "not_deployed" or "failed" or "rejected" or "questionnaire",
Lukas Burgey's avatar
Lukas Burgey committed
71 72 73 74 75


    "message": "<message for the user describing what happened. Must not be empty.",

    // In case we need more info from the user: set state to "questionnaire" and put
ubedv's avatar
ubedv committed
76
    // questions in this dictionary.
Lukas Burgey's avatar
Lukas Burgey committed
77
    // The user can answer these questions (and we will receive the answers some input in the future)
ubedv's avatar
ubedv committed
78
    "questionnaire": {
lukas.burgey's avatar
lukas.burgey committed
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
        "question_name": "question",
        "age_question": "How old are you?",
        "list_question": "Who are you?",
        "list_question_2": "How many do you want?",
        "are_you_sure": "What you are trying is wrong. Are you sure?"
    },

    // By default questions in questionnaire expect answers are strings. You can change this here:
    // Add a mapping with the same key here
    "questionnaire_answers": {
        "question_name": "question",                    // string default value
        "age_question": 18,                             // age_question must be an integer, defaulting to 18
        "list_question": ["person_a", "person_b"],      // list_question must be one of the listed options
        "list_question_2": [1, 2],                      // list_question_2 must be one of the listed options
        "are_you_sure": false                          // are_you_sure must be a boolean, with false being the default value
ubedv's avatar
ubedv committed
94
    },
Lukas Burgey's avatar
Lukas Burgey committed
95

ubedv's avatar
ubedv committed
96
    // additional credentials and instructions, the user needs to access the service (in addition to her credentials from the Input)
ubedv's avatar
ubedv committed
97 98 99 100 101
    // an example would be the user name of the provisioned user.
    "credentials": {
        "key": "value"
    }
}
102
```