This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git
commit e374345db96b3e3c4436d7e095c4544978d44b13 Author: Alex Heneveld <[email protected]> AuthorDate: Mon Oct 24 09:49:16 2022 +0100 add examples, and minor docs for http requests --- .../workflow/example-ansible-and-bash.yaml | 71 +++++++++++++++++++ guide/blueprints/workflow/index.md | 5 ++ guide/blueprints/workflow/oauth.yaml | 80 ++++++++++++++++++++++ guide/blueprints/workflow/steps.md | 4 ++ 4 files changed, 160 insertions(+) diff --git a/guide/blueprints/workflow/example-ansible-and-bash.yaml b/guide/blueprints/workflow/example-ansible-and-bash.yaml new file mode 100644 index 00000000..00e1b048 --- /dev/null +++ b/guide/blueprints/workflow/example-ansible-and-bash.yaml @@ -0,0 +1,71 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +name: Ansible+SSH HTTPD Web App + +# most any CentOS/RHEL environment should work +location: amazon-us-east-1-fast-centos + +services: + - type: org.apache.brooklyn.entity.software.base.WorkflowSoftwareProcess + brooklyn.config: + install.workflow: + steps: + - id: install-ansible + type: workflow + steps: + - ssh sudo yum update -y + - ssh sudo yum install -y epel-release + - ssh sudo yum install -y ansible + - ssh sudo yum install -y unzip + + - id: install-httpd-with-ansible + type: ansible-ssh + input: + playbook_yaml: + - name: Ensure httpd is running + hosts: localhost + become: yes + tasks: + - name: ensure apache is at the latest version + yum: + name: httpd + state: latest + - name: ensure apache is running + service: + name: httpd + state: started + + # confirm it is running and return stdout + - ssh ps aux | grep httpd + - return ${stdout} + + files.runtime: + https://github.com/cloudsoft/hello-world-html/archive/refs/heads/main.zip: hello-world.zip + launch.workflow: + steps: + - ssh rm -rf hello-world-html-main/ + - ssh unzip ${entity.driver.runDir}/hello-world.zip + - ssh sudo cp hello-world-html-main/* /var/www/html/ + - set-sensor main.uri = http://${entity.sensor['host.address']}/ + checkRunning.workflow: + steps: + - s: http ${entity.sensor['main.uri']} + timeout: 10s + on-error: + - return false + - return true diff --git a/guide/blueprints/workflow/index.md b/guide/blueprints/workflow/index.md index 0795ef22..cbbda277 100644 --- a/guide/blueprints/workflow/index.md +++ b/guide/blueprints/workflow/index.md @@ -27,3 +27,8 @@ This can be used to define [effectors, sensors, and policies](defining.md). The syntax supports [longhand, conditions, loops, error-handling](common.md), [variables](variables.md), a large set of [built-in step types](steps.md), and the ability to [define custom step types](nested-workflow.md). + +You can also get started by looking at examples: + +* [Ansible/BASH for a web server](example-ansible-and-bash.yaml) +* [OAuth web request workflow](oauth.yaml) diff --git a/guide/blueprints/workflow/oauth.yaml b/guide/blueprints/workflow/oauth.yaml new file mode 100644 index 00000000..a7dbd230 --- /dev/null +++ b/guide/blueprints/workflow/oauth.yaml @@ -0,0 +1,80 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +name: google_oauth_example + +services: + - type: org.apache.brooklyn.entity.stock.BasicEntity + brooklyn.config: + google_client_id: $brooklyn:external("google-oauth", "google_client_id") + google_client_secret: $brooklyn:external("google-oauth", "google_client_secret") + google_refresh_token: $brooklyn:external("google-oauth", "google_refresh_token") + + brooklyn.initializers: + - type: workflow-effector + brooklyn.config: + name: get-userinfo + + steps: + - step: http www.googleapis.com/oauth2/v2/userinfo + replayable: "yes" + headers: + Authorization: Bearer ${entity.sensor.google_access_token} + on-error: + - step: goto refresh_token + condition: + regex: .*InvalidReference.*google_access_token.*.? # refresh token if there is no token + - step: goto refresh_token + condition: + target: ${status_code} # refresh token if we got a 401 + equals: 401 + - fail rethrow + - # any other error, just retry up to 5 times with exponential backoff, + # resetting after 1m in case the refresh token comes through several minutes later + retry limit 5 in 1m backoff 100ms increasing 2x + + - log Got userinfo ${content} + - let map userinfo = ${content} + - set-sensor discovered-name = ${userinfo.name} + - set-sensor discovered-email = ${userinfo.email} + - return Completed, user confirmed as ${userinfo.name}. + + # if there is an error + - id: refresh_token + step: let refresh_token = ${entity.sensor.google_refresh_token} ?? ${entity.config.google_refresh_token} + - step: http https://oauth2.googleapis.com/token + query: + client_id: ${entity.config.google_client_id} + client_secret: ${entity.config.google_client_secret} + refresh_token: ${refresh_token} + grant_type: refresh_token + method: post + replayable: "yes" + on-error: + - # any error here, we just retry up to 5 times, first rapidly then waiting 1m between requests + # (could be smarter about which errors permit retry or not) + retry limit 5 backoff 100ms 1s 1m + + - let map refresh_result = ${content} + - set-sensor google_access_token = ${refresh_result.access_token} + - let new_refresh_token = ${refresh_result.refresh_token} ?? "" + - step: set-sensor google_refresh_token = ${refresh_result.refresh_token} + condition: + target: ${new_refresh_token} + when: truthy + - # re-run the request + goto start diff --git a/guide/blueprints/workflow/steps.md b/guide/blueprints/workflow/steps.md index 65bf9815..89b646b1 100644 --- a/guide/blueprints/workflow/steps.md +++ b/guide/blueprints/workflow/steps.md @@ -88,6 +88,10 @@ Sends an HTTPS (or HTTP) request and returns the response content and code. * `method`: the HTTP method for the request, defaulting to `get` * `username` and `password`: credentials to set on the request, e.g. for Basic auth (other auth schemes can be implemented using `headers`) +* `config`: allows configuration of HTTPS, specifically a map of booleans `laxRedirect`, `trustAll`, and `trustSelfSigned`; + defaults to entity config or `brooklyn.properties` values of the same keys prefixed with + `brooklyn.https.config.`, and otherwise defaulting to `false` for each for security; + this allows e.g. configuration to work with self-signed hosts where the network is trusted **Output return value**: * `status_code`: integer status code, e.g. 200
