Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: adjust process worker documentation #383

Merged
merged 2 commits into from
Aug 14, 2024
Merged

docs: adjust process worker documentation #383

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
aff7775
docs: adjust process worker documentation
Phil91 Aug 9, 2024
c912b47
docs: adjust dim pronunciation
Phil91 Aug 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
105 changes: 72 additions & 33 deletions docs/developer/09. Process Workers/01. application_checklist.md
View file
Open in desktop

Large diffs are not rendered by default.

26 changes: 19 additions & 7 deletions docs/developer/09. Process Workers/02. dim_user_creation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# Summary
# DIM User Creation

The dim user creation handles the creation of technical users in the dim middle layer. The process steps are the following:
## Summary

The DIM (Decentralized Identity Management) user creation handles the creation of technical users in the DIM middle layer. The process steps are the following:

```mermaid
flowchart TD
Expand All @@ -14,15 +16,25 @@ flowchart TD

## External dependencies

The process worker communicates with the dim middle layer to create the technical users
The process worker communicates with the DIM middle layer to create the technical users

## Process Steps

### CREATE_DIM_TECHNICAL_USER

The process step `CREATE_DIM_TECHNICAL_USER` retrieves service account details from the database, those are the business partner number and the name of the service account and calls the DIM middle layer to create a technical user on the DIM side. A process id is send in the request to the DIM to be able to set the service account data in the `AWAIT_CREATE_DIM_TECHNICAL_USER_RESPONSE`.

## CREATE_DIM_TECHNICAL_USER
### AWAIT_CREATE_DIM_TECHNICAL_USER_RESPONSE

The process step `CREATE_DIM_TECHNICAL_USER` retrieves service account details from the database, those are the business partner number and the name of the service account and calls the dim middle layer to create a technical user on the dim side. A process id is send in the request to the dim to be able to set the service account data in the `AWAIT_CREATE_DIM_TECHNICAL_USER_RESPONSE`.
The process step is just a placeholder to retrieve the service account data on api level from the DIM. The technical user will than be extended with the data that are retrieved from the DIM middle layer.

## AWAIT_CREATE_DIM_TECHNICAL_USER_RESPONSE
## Retrigger

The process step is just a placeholder to retrieve the service account data on api level from the dim. The technical user will than be extended with the data that are retrieved from the dim middle layer.
| Step Name | Retrigger Possible | Retrigger Endpoint |
| ---------------------------------------- | ------------------ | ------------------ |
| CREATE_DIM_TECHNICAL_USER | YES | missing |
| AWAIT_CREATE_DIM_TECHNICAL_USER_RESPONSE | YES | missing |
| RETRIGGER_CREATE_DIM_TECHNICAL_USER | NO | |

## NOTICE

Expand Down
26 changes: 21 additions & 5 deletions docs/developer/09. Process Workers/03. identity_provider_provisioning.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
# Summary
# Identity Provider Provisioning Process

## Summary

The identity provider provisioning process cleans up the identity provider in the shared and central idp. The process steps are the following:

Expand All @@ -17,22 +19,36 @@ flowchart TD

The process worker communicates with the shared and central idp.

## DELETE_IDP_SHARED_REALM
## Process Steps

### DELETE_IDP_SHARED_REALM

The process step `DELETE_IDP_SHARED_REALM` deletes the shared realm based on the iam alias.

## DELETE_IDP_SHARED_SERVICEACCOUNT
## #DELETE_IDP_SHARED_SERVICEACCOUNT

The process step `DELETE_IDP_SHARED_SERVICEACCOUNT` deletes the service account of the identity provider from the shared idp.

## DELETE_CENTRAL_IDENTITY_PROVIDER
### DELETE_CENTRAL_IDENTITY_PROVIDER

The process step `DELETE_CENTRAL_IDENTITY_PROVIDER` deletes the identity provider from the central idp based on the iam alias.

## DELETE_IDENTITY_PROVIDER
### DELETE_IDENTITY_PROVIDER

The process step `DELETE_IDENTITY_PROVIDER` deletes the identity provider from the database.

## Retrigger

| Step Name | Retrigger Possible | Retrigger Endpoint |
| ------------------------------------------ | ------------------ | ------------------------------------------------------------------------------------ |
| DELETE_IDP_SHARED_REALM | YES | api/administration/registration/{processId}/retrigger-delete-idpSharedRealm |
| RETRIGGER_DELETE_IDP_SHARED_REALM | NO | |
| DELETE_IDP_SHARED_SERVICEACCOUNT | YES | api/administration/registration/{processId}/retrigger-delete-idpSharedServiceAccount |
| RETRIGGER_DELETE_IDP_SHARED_SERVICEACCOUNT | NO | |
| DELETE_CENTRAL_IDENTITY_PROVIDER | YES | |
| RETRIGGER_DELETE_CENTRAL_IDENTITY_PROVIDER | NO | api/administration/registration/{processId}/retrigger-delete-centralIdentityProvider |
| DELETE_IDENTITY_PROVIDER | NO | |

## NOTICE

This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
Expand Down
49 changes: 39 additions & 10 deletions docs/developer/09. Process Workers/04. invitation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
# Summary
# Invitation Process

## Summary

The invitation process handles the creation of the central and shared idp data and users for a new company. The process steps are the following:

Expand Down Expand Up @@ -28,46 +30,73 @@ flowchart TD

The process worker communicates with the shared and central idp.

## INVITATION_CREATE_CENTRAL_IDP
## Process Steps

### INVITATION_CREATE_CENTRAL_IDP

The process step `INVITATION_CREATE_CENTRAL_IDP` creates the identity provider on the central idp.

## INVITATION_CREATE_SHARED_IDP_SERVICE_ACCOUNT

The process step `INVITATION_CREATE_SHARED_IDP_SERVICE_ACCOUNT` creates a client on the shared idp which is a service account. The clientId and secret is saved in the database for the next process steps until it is cleaned up.

## INVITATION_UPDATE_CENTRAL_IDP_URLS
### INVITATION_UPDATE_CENTRAL_IDP_URLS

The process step `INVITATION_UPDATE_CENTRAL_IDP_URLS` retrieves the information from the created service account client on the shared idp and updates the identity provider on the central idp.

## INVITATION_ADD_REALM_ROLE
### INVITATION_ADD_REALM_ROLE

The process step `INVITATION_ADD_REALM_ROLE` adds the `create-realm` to the created shared service account.

## INVITATION_CREATE_CENTRAL_IDP_ORG_MAPPER
### INVITATION_CREATE_CENTRAL_IDP_ORG_MAPPER

The process step `INVITATION_CREATE_CENTRAL_IDP_ORG_MAPPER` sets the organization name in the central idp

## INVITATION_CREATE_SHARED_REALM
### INVITATION_CREATE_SHARED_REALM

The process step `INVITATION_CREATE_SHARED_REALM` creates the shared realm.

## INVITATION_CREATE_SHARED_CLIENT
### INVITATION_CREATE_SHARED_CLIENT

The process step `INVITATION_CREATE_SHARED_CLIENT` create the client on the shared idp.

## INVITATION_ENABLE_CENTRAL_IDP
### INVITATION_ENABLE_CENTRAL_IDP

The process step `INVITATION_ENABLE_CENTRAL_IDP` enables the central idp client.

## INVITATION_CREATE_DATABASE_IDP
### INVITATION_CREATE_DATABASE_IDP

The process step `INVITATION_CREATE_DATABASE_IDP` handles all write access to the database to create the identity provider and handles the initial application checklist creation.

## INVITATION_CREATE_USER
### INVITATION_CREATE_USER

The process step `INVITATION_CREATE_USER` determines the user roles for newly created users and creates the users in the central idp. After the creation a mail process is added to the database.

## Retrigger

| Step Name | Retrigger Possible | Retrigger Endpoint |
| ------------------------------------------------------ | ------------------ | ---------------------------------------------------------------------------------- |
| INVITATION_CREATE_CENTRAL_IDP | YES | api/administration/invitation/{processId}/retrigger-create-central-idp |
| INVITATION_CREATE_SHARED_IDP_SERVICE_ACCOUNT | YES | api/administration/invitation/{processId}/retrigger-create-shared-idp-sa |
| INVITATION_ADD_REALM_ROLE | YES | missing |
| INVITATION_CREATE_SHARED_REALM | YES | api/administration/invitation/{processId}/retrigger-create-shared-realm-idp-client |
| INVITATION_CREATE_CENTRAL_IDP_ORG_MAPPER | YES | api/administration/invitation/{processId}/retrigger-create-central-idp-org-mapper |
| INVITATION_UPDATE_CENTRAL_IDP_URLS | YES | api/administration/invitation/{processId}/retrigger-update-central-idp-urls |
| INVITATION_CREATE_SHARED_CLIENT | YES | missing |
| INVITATION_ENABLE_CENTRAL_IDP | YES | api/administration/invitation/{processId}/retrigger-enable-central-idp |
| INVITATION_CREATE_DATABASE_IDP | YES | api/administration/invitation/{processId}/retrigger-create-database-idp |
| INVITATION_CREATE_USER | YES | api/administration/invitation/{processId}/retrigger-create-user |
| RETRIGGER_INVITATION_CREATE_CENTRAL_IDP | NO | |
| RETRIGGER_INVITATION_CREATE_SHARED_IDP_SERVICE_ACCOUNT | NO | |
| RETRIGGER_INVITATION_ADD_REALM_ROLE | NO | |
| RETRIGGER_INVITATION_CREATE_SHARED_REALM | NO | |
| RETRIGGER_INVITATION_CREATE_CENTRAL_IDP_ORG_MAPPER | NO | |
| RETRIGGER_INVITATION_UPDATE_CENTRAL_IDP_URLS | NO | |
| RETRIGGER_INVITATION_CREATE_SHARED_CLIENT | NO | |
| RETRIGGER_INVITATION_ENABLE_CENTRAL_IDP | NO | |
| RETRIGGER_INVITATION_CREATE_USER | NO | |
| RETRIGGER_INVITATION_CREATE_DATABASE_IDP | NO | |

## NOTICE

This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
Expand Down
19 changes: 15 additions & 4 deletions docs/developer/09. Process Workers/05. mailing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,32 @@
# Summary
# Mailing Process

The mailing process handles the sending of e-mails to users it therefor retrieves all entries of the `mailing_informations` with status `PENDING`. The process steps are the following:
## Summary

The mailing process is responsible for sending emails to users. Therefore, it retrieves all entries from the `mailing_informations` table with the status `PENDING`. The process steps are the following:

```mermaid
flowchart TD
A[SEND_MAIL]
A --> A
```

## External dependencies
## Process Steps

### External dependencies

The process worker communicates with the email service.

## SEND_MAIL
### SEND_MAIL

The process step `SEND_MAIL` retrieves two entries from the `mailing_informations` table with status `PENDING` if available. The first one will be send as a mail, if there are more than one entry available the process step will create a new `SEND_MAIL` process step.

## Retrigger

| Step Name | Retrigger Possible | Retrigger Endpoint |
| ------------------- | ------------------ | ------------------ |
| SEND_MAIL | YES | missing |
| RETRIGGER_SEND_MAIL | NO | |

## NOTICE

This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
Expand Down
32 changes: 28 additions & 4 deletions docs/developer/09. Process Workers/06. network_registration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
# Summary
# Network Registration Process

## Summary

The network registration process handles the synchronization of users, the handling of the callback logic for the osp and the user removal. The process steps are the following:

Expand All @@ -9,24 +11,46 @@ flowchart TD
D(TRIGGER_CALLBACK_OSP_APPROVED)
E(TRIGGER_CALLBACK_OSP_DECLINED)
F(REMOVE_KEYCLOAK_USERS)
G(Company Application Status Change)
A
G --> |application is submitted|B
G --> |application is approved| D
G --> |application is declined| E
E --> F
```

## External dependencies

The process worker communicates with the shared and central idp.

## SYNCHRONIZE_USER
## Process Steps

### SYNCHRONIZE_USER

The process step `SYNCHRONIZE_USER` gets the identity providers for a specific network registration and creates the user in the central idp.

## TRIGGER_CALLBACK_OSP_SUBMITTED, TRIGGER_CALLBACK_OSP_APPROVED, TRIGGER_CALLBACK_OSP_DECLINED
### TRIGGER_CALLBACK_OSP_SUBMITTED, TRIGGER_CALLBACK_OSP_APPROVED, TRIGGER_CALLBACK_OSP_DECLINED

The process steps `TRIGGER_CALLBACK_OSP_SUBMITTED`, `TRIGGER_CALLBACK_OSP_APPROVED`, `TRIGGER_CALLBACK_OSP_DECLINED` gets the necessary callback data from the database for a specific network registration. It handles the three cases for an application `SUBMITTED`, `APPROVED`, `DECLINED` and sends a callback to the osp. If the osp does not have a callback url configured the process step is skipped.

## REMOVE_KEYCLOAK_USERS
### REMOVE_KEYCLOAK_USERS

The process step `REMOVE_KEYCLOAK_USERS` is created when an network registration is declined. It will remove all Keycloak users. It will proceed one user at a time and if more users are available for deletion it will create the same process step again.

## Retrigger

| Step Name | Retrigger Possible | Retrigger Endpoint |
| -------------------------------- | ------------------ | ------------------------------------------------------------------------------------- |
| SYNCHRONIZE_USER | YES | api/administration/registration/network/{externalId}/retrigger-synchronize-users |
| RETRIGGER_SYNCHRONIZE_USER | NO | |
| TRIGGER_CALLBACK_OSP_SUBMITTED | YES | api/administration/registration/network/{externalId}/retrigger-callback-osp-submitted |
| TRIGGER_CALLBACK_OSP_APPROVED | YES | api/administration/registration/network/{externalId}/retrigger-callback-osp-approve |
| TRIGGER_CALLBACK_OSP_DECLINED | YES | api/administration/registration/network/{externalId}/retrigger-callback-osp-decline |
| RETRIGGER_CALLBACK_OSP_SUBMITTED | NO | |
| RETRIGGER_CALLBACK_OSP_APPROVED | NO | |
| RETRIGGER_CALLBACK_OSP_DECLINED | NO | |
| MANUAL_DECLINE_OSP | NO | |

## NOTICE

This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
Expand Down
Loading