Move workflow examples from main repo to quickstart repo

workflows/analyze_url/README.md

@@ -0,0 +1,48 @@
+# Analyze URL Using VirusTotal
+
+The workflow uses VirusTotal to analyze a URL.
+
+## Required Secrets
+
+To use this workflow, the following secret is required. To set it up, please follow the respective guide on the linked documentation page.
+
+- [VirusTotal](https://docs.admyral.dev/integrations/virus_total/virus_total)
+
+> [!IMPORTANT]
+> The workflow currently expects the following secret name: \
+> **VirusTotal**: `virus_total` \
+> If your secret has a different name, please adjust the secret mapping in the workflow function accordingly \
+> e.g `secrets = {"VIRUS_TOTAL_SECRET": "your_secret_name"}`
+
+## Set Up Workflow
+
+Use the CLI to push the workflow:
+
+```bash
+poetry run admyral workflow push analyze_url -f workflows/analyze_url/analyze_url.py --activate
+```
+
+## Expected Payload
+
+The workflow expects the following payload schema:
+
+```json
+{
+  "url": "your_url_to_analyze"
+}
+```
+
+## Run Workflow
+
+Use the Admyral UI:
+
+1. Open the workflow in the workflow No-Code editor
+2. Click on **Run**
+3. Input the payload following the expected schema
+4. Click on **Run Workflow**
+
+Or use the CLI to trigger the workflow:
+
+```bash
+poetry run admyral workflow trigger analyze_url -p '{"url": "your_url_to_analyze"}'
+```

workflows/jira_notification_user_created/README.md

@@ -0,0 +1,48 @@
+# Jira Notify On User Creation
+
+This workflow monitors Jira for newly created user accounts and sends a Slack notification with relevant details.
+
+## Required Secrets
+
+To use this workflow, the following secrets are required. To set them up, please follow the respective guide on the linked documentation page.
+
+- [Jira](https://docs.admyral.dev/integrations/jira/jira)
+- [Slack](https://docs.admyral.dev/integrations/slack/slack)
+
+> [!IMPORTANT]
+> The workflow currently expects the following secret names: \
+> **Slack**: `slack_secret` \
+> **Jira**: `jira_secret` \
+> If your secrets have a different name, please adjust the secret mappings in the workflow function accordingly \
+> e.g `secrets = {"JIRA_SECRET": "your_secret_name"}` \
+> and for **Slack** respectively
+
+## Set Up Workflow
+
+1. Open the `jira_notification_user_created.py` file
+2. Adjust the `email` parameter with the email of the person to receive the slack notification
+
+Use the CLI to push the workflow:
+
+```bash
+poetry run admyral workflow push jira_notification_user_created workflows/jira_notification_user_created/jira_notification_user_created.py --activate
+```
+
+## Expected Payload
+
+> [!IMPORTANT]
+> The workflow doesn't expect any payload.
+
+## Run Workflow
+
+Use the Admyral UI:
+
+1. Open the workflow in the workflow No-Code editor
+2. Click on **Run**
+3. Click on **Run Workflow**
+
+Or use the CLI to trigger the workflow:
+
+```bash
+poetry run admyral workflow trigger jira_notification_user_created
+```

workflows/jira_notification_user_created/jira_notification_user_created.py

@@ -0,0 +1,25 @@
+from admyral.workflow import workflow, Webhook, Schedule
+from admyral.typings import JsonValue
+from admyral.actions import get_jira_audit_records, send_slack_message_to_user_by_email
+
+
+@workflow(
+    description="Monitors Jira for newly created user accounts and sends a Slack notification with relevant details. "
+    "This workflow automatically retrieves audit records for user creation events and notifies the specified recipient "
+    "via Slack with the user ID and creation timestamp.",
+    triggers=[Webhook(), Schedule(interval_days=1)],
+)
+def jira_notification_user_created(payload: dict[str, JsonValue]):
+    # jira get audit records for newly created users
+    records = get_jira_audit_records(
+        filter=["User", "created"],
+        start_date="2024-08-01T00:00:00",
+        secrets={"JIRA_SECRET": "jira_secret"},
+    )
+
+    # notify via Slack about changes
+    send_slack_message_to_user_by_email(
+        email="[email protected]",  # TODO: set your Slack email here
+        text=f"*A new user was created*\n\nUser ID: {records[0]['objectItem']['id']}\nCreated on: {records[0]['created']}",
+        secrets={"SLACK_SECRET": "slack_secret"},
+    )

workflows/list_okta_admins/README.md

@@ -0,0 +1,47 @@
+# List Okta Admins
+
+This workflow retrieves specifc or all user types and lists all admin users.
+
+## Required Secrets
+
+To use this workflow, the following secrets are required. To set them up, please follow the respective guide on the linked documentation page.
+
+- [Okta](https://docs.admyral.dev/integrations/okta/okta)
+
+> [!IMPORTANT]
+> The workflow currently expects the following secret names: \
+> **Okta**: `okta_secret` \
+> If your secrets have a different name, please adjust the secret mappings in the workflow function accordingly \
+> e.g `secrets = {"OKTA_SECRET": "your_secret_name"}` \
+
+## Set Up Workflow
+
+There are no adjustments required for the workflow to work, but you can optionally:
+
+1. Open the `list_okta_admins.py` file
+2. Adjust the search query for the user type of interest
+
+Use the CLI to push the workflow:
+
+```bash
+poetry run admyral workflow push list_okta_admins -f workflows/list_okta_admins/list_okta_admins.py --activate
+```
+
+## Expected Payload
+
+> [!IMPORTANT]
+> The workflow doesn't expect any payload.
+
+## Run Workflow
+
+Use the Admyral UI:
+
+1. Open the workflow in the workflow No-Code editor
+2. Click on **Run**
+3. Click on **Run Workflow**
+
+Or use the CLI to trigger the workflow:
+
+```bash
+poetry run admyral workflow trigger list_okta_admins
+```

workflows/list_okta_admins/list_okta_admins.py

@@ -0,0 +1,18 @@
+from admyral.workflow import workflow
+from admyral.typings import JsonValue
+from admyral.actions import okta_search_users, okta_get_all_user_types
+
+
+@workflow(
+    description="Retrieves all user types from Okta and lists the corresponding admin users.",
+)
+def list_okta_admins(payload: dict[str, JsonValue]):
+    # Step 1: Get all user types
+    user_types = okta_get_all_user_types(secrets={"OKTA_SECRET": "okta_secret"})
+
+    # Step 2: Return admin user type
+    # TODO: Adjust the search query to match the wished user type
+    okta_search_users(
+        search=f"type.id eq \"{user_types[0]['id']}\"",
+        secrets={"OKTA_SECRET": "okta_secret"},
+    )

workflows/monitor_github_org_owner_changes/README.md

@@ -0,0 +1,60 @@
+# Monitor GitHub Org Owner Changes
+
+This workflow analyzes the GitHub Audit logs for a specified enterprise.
+It is scheduled to run at every full hour and analyze the previous hour.
+In case there were changes, a notification via Slack is being sent.
+
+## Required Secrets
+
+To use this workflow, the following secrets are required. To set them up, please follow the respective guide on the linked documentation page.
+
+- [GitHub Enterprise](https://docs.admyral.dev/integrations/github/github)
+- [Slack](https://docs.admyral.dev/integrations/slack/slack)
+
+> [!IMPORTANT]
+> The workflow currently expects the following secret names: \
+> **Slack**: `slack_secret` \
+> **GitHub Enterprise**: `github_enterprise_secret` \
+> If your secrets have a different name, please adjust the secret mappings in the workflow function accordingly \
+> e.g `secrets = {"GITHUB_ENTERPRISE_SECRET": "your_secret_name"}` \
+> and for **Slack** respectively
+
+## Set Up Workflow
+
+1. Open the `monitor_github_org_owner_changes.py` file
+2. Adjust the `enterprise` and `email` with your enterprise slug and the email of the person to be notified of the respective events via slack
+
+Use the CLI to push the custom actions:
+
+```bash
+poetry run admyral action push get_time_range_of_last_full_hour -a workflows/monitor_github_org_owner_changes/monitor_github_org_owner_changes.py
+```
+
+```bash
+poetry run admyral action push build_info_message_owner_changes -a workflows/monitor_github_org_owner_changes/monitor_github_org_owner_changes.py
+```
+
+Use the CLI to push the workflow:
+
+```bash
+poetry run admyral workflow push monitor_github_org_owner_changes -f workflows/monitor_github_org_owner_changes/monitor_github_org_owner_changes.py --activate
+```
+
+## Expected Payload
+
+> [!IMPORTANT]
+> The workflow doesn't expect any payload.
+
+## Run Workflow
+
+Use the Admyral UI:
+
+1. Open the workflow in the workflow No-Code editor
+2. Click on **Run**
+3. Click on **Run Workflow**
+
+Or use the CLI to trigger the workflow:
+
+```bash
+poetry run admyral workflow trigger monitor_github_org_owner_changes
+```

workflows/monitor_github_org_owner_changes/monitor_github_org_owner_changes.py

@@ -0,0 +1,85 @@
+from typing import Annotated
+from datetime import datetime, timedelta, UTC
+
+from admyral.workflow import workflow, Schedule
+from admyral.typings import JsonValue
+from admyral.action import action, ArgumentMetadata
+from admyral.actions import (
+    search_github_enterprise_audit_logs,
+    batched_send_slack_message_to_user_by_email,
+)
+
+
+@action(
+    display_name="Calculate Time Range for Last Full Hour",
+    display_namespace="Utilities",
+    description="Calculate the time range for the last full hour",
+)
+def get_time_range_of_last_full_hour() -> tuple[str, str]:
+    end_time = datetime.now(UTC).replace(minute=0, second=0, microsecond=0)
+    start_time = (end_time - timedelta(hours=1)).isoformat().replace("+00:00", "Z")
+    return (start_time, end_time.isoformat().replace("+00:00", "Z"))
+
+
+@action(
+    display_name="Build Info message",
+    display_namespace="GitHub",
+    description="Builds a message for the slack notification",
+)
+def build_info_message_owner_changes(
+    logs: Annotated[
+        list[dict[str, JsonValue]],
+        ArgumentMetadata(
+            display_name="Logs",
+            description="The logs to build the message from",
+        ),
+    ],
+    email: Annotated[
+        str,
+        ArgumentMetadata(
+            display_name="Email",
+            description="The email to send the message to",
+        ),
+    ],
+) -> list[tuple[str, str | None, JsonValue]]:
+    messages = []
+    for log in logs:
+        timestamp = datetime.fromtimestamp(int(log["created_at"]) / 1000).strftime(
+            "%Y-%m-%d %H:%M:%S"
+        )
+        if log["action"] == "org.update_member":
+            messages.append(
+                (
+                    email,
+                    f"Owner change detected in enterprise {log['business']} at {timestamp} by {log['actor']}:\nChanged Permission for {log['user']}: {log['old_permission']} -> {log['permission']}\n",
+                    None,
+                )
+            )
+    return messages
+
+
+@workflow(
+    description="Alert on GitHub Orga Owner Changes",
+    triggers=[Schedule(cron="0 * * * *")],
+)
+def monitor_github_org_owner_changes(payload: dict[str, JsonValue]):
+    start_and_end_time = get_time_range_of_last_full_hour()
+
+    logs = search_github_enterprise_audit_logs(
+        enterprise="admyral",  # TODO: set your enterprise slug here
+        filter="action:org.update_member",
+        start_time=start_and_end_time[0],
+        end_time=start_and_end_time[1],
+        secrets={"GITHUB_ENTERPRISE_SECRET": "github_enterprise_secret"},
+    )
+
+    if logs:
+        messages = build_info_message_owner_changes(
+            logs=logs,
+            email="[email protected]",  # TODO: set your Slack email here
+        )
+
+        batched_send_slack_message_to_user_by_email(
+            messages=messages,
+            secrets={"SLACK_SECRET": "slack_secret"},
+        )

workflows/okta_password_policy_monitoring/README.md

@@ -0,0 +1,61 @@
+# Monitor Okta Password Policy Changes
+
+This workflow monitors changes to the password policies in Okta and sends notifications via Slack with relevant details. The workflow runs at every full hour and checks for updates made during the previous hour.
+
+## Required Secrets
+
+To use this workflow, the following secrets are required. To set them up, please follow the respective guide on the linked documentation page.
+
+- [Okta](https://docs.admyral.dev/integrations/okta/okta)
+- [Slack](https://docs.admyral.dev/integrations/slack/slack)
+
+> [!IMPORTANT]
+> The workflow currently expects the following secret names: \
+> **Okta**: `okta_secret` \
+> **Slack**: `slack_secret` \
+> If your secrets have a different name, please adjust the secret mappings in the workflow function accordingly. \
+> e.g. `secrets = {"OKTA_SECRET": "your_secret_name"}` and similarly for Slack.
+
+## Set Up Workflow
+
+1. Open the `okta_password_policy_monitoring.py` file
+2. Adjust the email address in the `send_slack_message_to_user_by_email` action with the email of the Slack user to receive notifications
+
+Use the CLI to push the custom actions:
+
+```bash
+poetry run admyral action push get_time_range_of_last_full_hour -a workflows/okta_password_policy_monitoring/okta_password_policy_monitoring.py
+```
+
+```bash
+poetry run admyral action push get_okta_password_policy_update_logs -a workflows/okta_password_policy_monitoring/okta_password_policy_monitoring.py
+```
+
+```bash
+poetry run admyral action push format_okta_policy_update_message -a workflows/okta_password_policy_monitoring/okta_password_policy_monitoring.py
+```
+
+Use the CLI to push the workflow:
+
+```bash
+poetry run admyral workflow push okta_password_policy_monitoring -f workflows/okta_password_policy_monitoring/okta_password_policy_monitoring.py --activate
+```
+
+## Expected Payload
+
+> [!IMPORTANT]
+> The workflow doesn't expect any payload.
+
+## Run Workflow
+
+Use the Admyral UI:
+
+1. Open the workflow in the workflow No-Code editor
+2. Click on **Run**
+3. Click on **Run Workflow**
+
+Or use the CLI to trigger the workflow:
+
+```bash
+poetry run admyral workflow trigger okta_password_policy_monitoring
+```