User's Guide: Create, Update, Clone, and Delete Workflows

1.0 Introduction

Workflow graphs are maps that show how generic applications are connected to datasets and other generic applications. These are collaborative objects where multiple users can provide their own objects and approvals.

There are two types of workflows - draft and final.

• Draft workflows are unapproved/in-progress items that do not grant any permissions to applications.

• Final workflows are versioned and quorum approval protected objects. These workflows grant the applications access to datasets if they have requested and received certificates that confirm they are running in the required approved workflow.

An application running inside a final workflow is allowed to access all connected datasets, this means:

• The enclave will have access to the protected data guarded by input datasets.

• It can upload data to the protected locations defined by output datasets.

To move from a draft workflow to a final workflow, you require approvals. For approvals:

• A Fortanix CCM Account Administrator will invite other users to join the account.

• The users join the account and provide data in the form of datasets and applications/application configurations.

For example, in this article we have the following users:

• Account Owner

• Data Owner

• Application Owner

Data Owners and Application Owners collaborate on a graph. After the graph is completed, the Administrator will submit it for approval. A workflow graph must be approved by all the users of the graph.

2.0 Create a Workflow

Perform the following steps to create a workflow:

1. Click the Workflows from the menu list in the Fortanix CCM UI.

2. In the Workflows page, click + WORKFLOW to create a new workflow.  

   

3. In the CREATE NEW WORKFLOW dialog box, enter the Workflow Name, assign it to a Group and provide a Description (optional). Click CREATE WORKFLOW to access the Workflow graph.

   

4. To add an application to the Workflow graph, drag the "App" icon and drop it into the graph area. Click the + APPLICATION. In the ADD APPLICATION dialog box, select an existing application name and image. For example: /simple-python-sgx:latest from the list of available application images.
   Where, <my-registry>is the location of your registry.

   

5. Click the + ADD NEW CONFIGURATION button to either add a new application configuration or select an existing one.  

   

6. Add input and output datasets to the workflow graph by dragging the dataset icon and placing it in the graph area. Click the + DATASET. In the ADD DATASET dialog box, select from an existing dataset or create a new dataset. Click CREATE DATASET to create the dataset.  

   

7. Establish connections between the applications and input/output datasets. To do this, connect the Input Dataset to the Application by selecting the "Input" Target Port. Repeat this process to connect the Application to the Output Dataset with the "Output" Target Port.

   

8. After the Workflow is complete, click the REQUEST APPROVAL button to initiate the approval process for the Workflow.  

   

   WARNING

   When a draft Workflow is submitted for approval, it will be removed from the drafts list and editing it directly will no longer be possible once it is in a "pending" or "approved" state.

9. The workflow remains in a pending state until it receives approval from all users. In the Pending menu item, click SHOW APPROVAL REQUEST to approve a Workflow.  

   

10. In the APPROVAL REQUEST - CREATE WORKFLOW dialog box, you can either APPROVE or DECLINE a workflow.  

    

    NOTE

    • A user can also approve/decline a Workflow from the CCM Tasks menu item.

    • Notice that the users who have approved the workflow have a green tick   against their icon.

11. All the users of a Workflow must approve the Workflow to finalize it. If a user declines a Workflow, the Workflow is rejected. When all the users approve the Workflow, it is deployed.

    1. CCM configures apps to access the datasets.

    2. CCM creates the Workflow Application Configs.

    3. CCM returns the list of hashes needed to start the apps.

3.0 Edit Workflow Graphs

Perform the following steps to edit a workflow:

1. In the Approved menu item, click the overflow menu for a workflow and select EDIT WORKFLOW to edit the workflow. When a workflow is edited, a new version of the workflow is created for editing in “draft” state. The existing version stays unchanged. For example, if the first version (Version 1) of an approved workflow “Workflow 1.0” is edited, a new version (Version 2) of “Workflow 1.0” is created.  

   

2. Update the workflow graph with the required changes and click REQUEST APPROVAL to submit the workflow for approval.  

   

3. A new version (Version 2) of the workflow is created in “pending” state. Click SHOW APPROVAL REQUEST to approve the workflow.  

   

4. Click APPROVE to approve the workflow.  

   

5. After the workflow Version 2 is approved, it will be linked to Version 1. Now, the user can either delete workflow Version 1 or restore it.  

   

4.0 Clone Workflow Graphs

A workflow is cloned when you want to create a copy of an existing workflow instead of creating it from scratch.

Perform the following steps to create a workflow clone:

1. For an approved or draft workflow, click the overflow menu on the right and select CLONE WORKFLOW to copy the workflow. When a workflow is cloned, the new workflow is created with a modified name. For example, if the approved workflow “Workflow 1.0” is cloned, a new workflow “Workflow 1.0 (clone)” is created. The user can modify the workflow name using the Edit   icon next to the name.  

   

2. Update the workflow graph with the required changes and click REQUEST APPROVAL to submit the workflow for approval.

3. A new workflow is created in “pending” state.

5.0 Delete Workflow Graphs

Perform the following steps to delete a workflow:

1. For an approved workflow, click the overflow menu on the right and select DELETE WORKFLOW to delete the workflow.  

   

2. In the DELETE WORKFLOW dialog box, click DELETE to confirm.

3. The workflow is deleted.