I have a very simple workflow. two stages and it just assigns variables internally. I can not run this workflow from a user in the visitors group. The workflow is on a custom list of which the user has contribute rights. The task and history lists associated to this flow is also at the contribute level. I also added the first stage of the workflow to be an app step.
The workflow runs fine for members and owners, but for visitors it does not. I have the following error on the workflow:
Retrying last request. Next attempt scheduled in less than one minute. Details of last request: HTTP Unauthorized to .https://share.health.wisconsin.gov/hc/teams/BSM/DMSDataManagement/_api/web/lists(guid'447d7c22-464a-477d-892b-61025e2dc210') Correlation Id: 1baeb324-b14a-43fa-9f1f-40531a44565c Instance Id: 95085cb3-c116-4a03-b0f7-`1ff8ae2fb8ba
If I try to have the user manually run the workflow, the workflows do not show.
I really do not know what else to try. Any ideas why a workflow is not working in this case?
After a lot of researching and testing I have found the solution. It might not be the solution in all cases, but it works for me.
For a workflow to auto start with a new or an update, the user must have the following minimum security access. Contribute (edit and delete) on the following lists:
The list/library in question and
the associated Tasks and History for the workflow
The workflow will auto fire. The user can not manually start the workflow, or see the status of the workflows, but they will run.
Related
I have an airflow instance with many tenants that have DAGs. They want to extract metadata on their dagruns like DagRun.end_date. However I want to restrict each tenant so they can only access data related to their own dagruns and be unable to access data of other people's dagruns. How can this be done?
This is what I imagine the DAG to look like
# custom macro function
def get_last_dag_run(dag):
last_dag_run = dag.get_last_dagrun()
return last_dag_run.end_date
I found these resources which explain how to extract data but not how to restrict it.
Getting the date of the most recent successful DAG execution
Apache airflow macro to get last dag run execution time
How to get last two successful execution dates of Airflow job?
how to get latest execution time of a dag run in airflow
How to find the start date and end date of a particular task in dag in airflow?
How to get dag status like running or success or failure
NB: I am a contributor to Airflow.
This is not possible with the current Airflow architecture.
We are slowly working to make Airflow multi-tenant capable, but for now we are half-way through and it will be several major releases to get there I believe.
Currently the only way to isolate tenants is to give every tenant separate Airflow instance, which is not as bad as you might initially think. If you run them in separate namespaces on the same auto-scaling Kubernetes cluster and add KEDA autoscaling, and use same database server (but give each tenant a separate schema), this might be rather efficient (especially if you use Terraform to setup/teardown such Airflow instances for example).
I'm using an AWS Lambda function to kick off a build in AWS CodeBuild when a Pull Request is created or updated in AWS CodeComimit, which is working well.
However, I'd like to be able to prevent the merging of that Pull Request in to the master branch of the repository, until the latest build for that PR has completed successfully.
Does anyone know if there's a way that can be done in AWS? E.g. so that the Merge button is disabled or not available, like when not enough approvers have been obtained?
I was looking into this myself and from what I understand, it is currently not possible to directly create this rule, but I think it should be doable with a different approach.
Instead of requiring a custom rule that disables merging (which doesn't exist today), you could make it so that the PR requires review from a specific IAM user. With that, you could probably use a fixed "build" user, and fire an automatic approval request for the PR once the build finishes successfully. This will in turn "approve" that rule in the PR and allow it to be merged after the build succeeds.
Since approval can be done via the CLI interface, I'm sure it should also be possible via API. For example, you could use this API to automatically mark any given PR as approved by the calling user, then ensure the service that is calling it is the same user registered in the "build" approval template.
Besides the HTTP WebApi, there are also other ways to call into these CodeCommit actions, like the AWS SDK library (C# example: https://www.nuget.org/packages/AWSSDK.CodeCommit/).
I'm working on implementing a three step workflow for my company's Sitecore 8.2 installation.
Originally I had the final step set up to not have any action or command because we want to manually publish. But, manually publishing does not seem to remove the final workflow state.
Screenshot of the items workflow state after manually publishing
Then when I edit the item, it doesn't move back to the draft state. It's my understanding that when you publish an item that made it to the final workflow state version 1 is created, and editing that item should create a new version and restart the workflow. Is this correct?
After realizing that manually publishing does nothing, I tried setting up a command and action on the final workflow step:
Screenshot of final workflow step command & action
But this does nothing. Is it possible to set up a workflow action to publish? Or is the out of box auto-publish action the only option?
Why are the items getting stuck in this final step and how do I fix this?
Edit: The workflow was getting stuck because I am an admin. When using the roles I set up for Content Author and Approver, I was finally able to get the item to start version 2. I would still like to know if it's possible to set up a command and action to publish? Or is this not necessary if we want to manually publish anyway?
I think i know the issue. I had similar issue while setting up my sitecore workflow and i solved it with some changes in the security settings.
I wrote a blog just now about how to setup Sitecore Workflow. Here is the link for that:
https://tectraveleat.wordpress.com/2018/06/01/sitecore-workflow-setup-v8u2-v9-0-1/
In your case, since you have already setup everything. You might want to take a look at the "Assign security permissions to the roles" section of the blog.
Also, it is necessary to give the roles/users permissions to the datasource. From what i understand, you have setup everything properly, except a minor security permission at the workflow level.
Let me know if this helps. If not, can you share your workflow setup and permissions for the roles? I can take a look at it and see it i can help.
You can follow sample workflow of sitecore. Workflow publish state is final state. It can not move to draft. This process of workflow like this: Draft -> Approved -> Published. Workflow done at here.
If you wanna create version or make page to draft you have to edit it. If you still wanna your page published -> draft, you can custom pipeline of command in workflow. But this solution have many risks, I asked Sitecore support before and they answer it just their logic and you can custom if you want.
I am working on a testing automation project and I am able to automate end to end test cases but in my scope I have to enable functionality to run test-case when a workflow is checked-in to repository. For this I need a trigger with information like what workflow and in which folder is checked it's checked in. Unfortunately I am unable to get anything till now and my admins are also not sure if this can be achieved. Any lead will be a great help.
Even if I can get the logs of workflow check-in, I can process them in real-time to get this information.
While items that have reached a final workflow state can be easily published to the WEB database using, for example, a scheduled task that calls PublishManager.PublishSmart, I would like to be able to publish the latest version of all items that are in any workflow state to a different publishing target (for internal preview), essentially bypassing workflow.
What would you recommend to be the most efficient way to perform this, keeping in mind that this needs to happen a few times a day on a schedule and not every time an item is modified and/or changes workflow state?
How would that recommendation change if I changed the requirement by saying that only items that are in some (final and/or not final) specific workflow state (e.g. pending approval and approved) need to be published to the preview publishing target on a schedule?
See this blog post by Alex Shyba: http://sitecoreblog.alexshyba.com/2010/09/publish-to-pre-production-web-database.html. That workflow provider plus a standard publish agent should get you what you are looking for.
You may just want to configure a site that points at the Master database. See this stackoverflow answer on setting up a preview site: Preview site for Sitecore editors
Publish in the context of a site (as defined in web.config under <sites>) that has enableworkflows=false.
Untested, but something like:
using (new SiteContextSwitcher(SiteContextFactory.GetSiteContext("system"))) // workflows not enabled
{
var options = new PublishOptions(Context.ContentDatabase, Factory.GetDatabase("web"), PublishMode.Smart, null, DateTime.Now);
options.PublishingTargets.Clear();
options.PublishingTargets.Add("internal preview");
new Sitecore.Publishing.Publisher(options).Publish();
}
See this answer to the opposite problem!